package net.shibboleth.idp.saml.saml2.profile.delegation.impl;

import com.google.common.base.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.profile.config.navigate.IdentifierGenerationStrategyLookupFunction;
import net.shibboleth.idp.profile.context.navigate.ResponderIdLookupFunction;
import net.shibboleth.utilities.java.support.annotation.Prototype;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.profile.SAML2ActionSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Prototype
/* loaded from: input_file:BOOT-INF/lib/idp-saml-impl-3.3.2.jar:net/shibboleth/idp/saml/saml2/profile/delegation/impl/AddAuthnStatementToAssertionFromInboundAssertionToken.class */
public class AddAuthnStatementToAssertionFromInboundAssertionToken extends AbstractProfileAction {

    @Nullable
    private IdentifierGenerationStrategy idGenerator;

    @Nullable
    private String issuerId;

    @NonnullAfterInit
    private Function<ProfileRequestContext, Assertion> assertionLookupStrategy;

    @Nullable
    private AuthnStatement sourceStatement;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) AddAuthnStatementToAssertionFromInboundAssertionToken.class);
    private boolean statementInOwnAssertion = false;

    @Nonnull
    private Function<ProfileRequestContext, IdentifierGenerationStrategy> idGeneratorLookupStrategy = new IdentifierGenerationStrategyLookupFunction();

    @Nonnull
    private Function<ProfileRequestContext, String> issuerLookupStrategy = new ResponderIdLookupFunction();

    @Nonnull
    private Function<ProfileRequestContext, Assertion> assertionTokenStrategy = new DelegatedAssertionLookupStrategy();

    /* loaded from: input_file:BOOT-INF/lib/idp-saml-impl-3.3.2.jar:net/shibboleth/idp/saml/saml2/profile/delegation/impl/AddAuthnStatementToAssertionFromInboundAssertionToken$AssertionStrategy.class */
    private class AssertionStrategy implements Function<ProfileRequestContext, Assertion> {
        private AssertionStrategy() {
        }

        @Override // com.google.common.base.Function, java.util.function.Function
        @Nullable
        public Assertion apply(@Nullable ProfileRequestContext profileRequestContext) {
            if (profileRequestContext == null || profileRequestContext.getOutboundMessageContext() == null) {
                return null;
            }
            Object message = profileRequestContext.getOutboundMessageContext().getMessage();
            if (message == null) {
                Assertion buildAssertion = SAML2ActionSupport.buildAssertion(AddAuthnStatementToAssertionFromInboundAssertionToken.this, AddAuthnStatementToAssertionFromInboundAssertionToken.this.getIdGenerator(), AddAuthnStatementToAssertionFromInboundAssertionToken.this.getIssuerId());
                profileRequestContext.getOutboundMessageContext().setMessage(buildAssertion);
                return buildAssertion;
            }
            if (message instanceof Assertion) {
                return (Assertion) message;
            }
            if (message instanceof Response) {
                return (AddAuthnStatementToAssertionFromInboundAssertionToken.this.isStatementInOwnAssertion() || ((Response) message).getAssertions().isEmpty()) ? SAML2ActionSupport.addAssertionToResponse(AddAuthnStatementToAssertionFromInboundAssertionToken.this, (Response) message, AddAuthnStatementToAssertionFromInboundAssertionToken.this.getIdGenerator(), AddAuthnStatementToAssertionFromInboundAssertionToken.this.getIssuerId()) : ((Response) message).getAssertions().get(0);
            }
            return null;
        }
    }

    public boolean isStatementInOwnAssertion() {
        return this.statementInOwnAssertion;
    }

    public void setStatementInOwnAssertion(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.statementInOwnAssertion = z;
    }

    public void setAssertionTokenStrategy(@Nonnull Function<ProfileRequestContext, Assertion> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.assertionTokenStrategy = (Function) Constraint.isNotNull(function, "Assertion token strategy may not be null");
    }

    public void setIdentifierGeneratorLookupStrategy(@Nonnull Function<ProfileRequestContext, IdentifierGenerationStrategy> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.idGeneratorLookupStrategy = (Function) Constraint.isNotNull(function, "IdentifierGenerationStrategy lookup strategy cannot be null");
    }

    public void setIssuerLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.issuerLookupStrategy = (Function) Constraint.isNotNull(function, "Issuer lookup strategy cannot be null");
    }

    @Nonnull
    public IdentifierGenerationStrategy getIdGenerator() {
        Constraint.isNotNull(this.idGenerator, "IdentifierGenerationStrategy has not been initialized yet");
        return this.idGenerator;
    }

    @Nonnull
    public String getIssuerId() {
        Constraint.isNotNull(this.issuerId, "Issuer name has not been initialized yet");
        return this.issuerId;
    }

    public void setAssertionLookupStrategy(@Nonnull Function<ProfileRequestContext, Assertion> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.assertionLookupStrategy = (Function) Constraint.isNotNull(function, "Assertion lookup strategy cannot be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.assertionLookupStrategy == null) {
            this.assertionLookupStrategy = new AssertionStrategy();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractConditionalProfileAction, org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        this.log.debug("{} Attempting to add an AuthnStatement to outgoing Assertion based on inbound Assertion token", getLogPrefix());
        this.idGenerator = this.idGeneratorLookupStrategy.apply(profileRequestContext);
        if (this.idGenerator == null) {
            this.log.debug("{} No identifier generation strategy", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
            return false;
        }
        this.issuerId = this.issuerLookupStrategy.apply(profileRequestContext);
        if (this.issuerId == null) {
            this.log.debug("{} No assertion issuer value", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
            return false;
        }
        Assertion apply = this.assertionTokenStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.debug("{} No inbound assertion token", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
            return false;
        }
        if (!apply.getAuthnStatements().isEmpty()) {
            this.sourceStatement = apply.getAuthnStatements().get(0);
        }
        if (this.sourceStatement != null) {
            return true;
        }
        this.log.debug("{} Inbound assertion token contains no AuthnStatement", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
        return false;
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        Assertion apply = this.assertionLookupStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.error("Unable to obtain Assertion to modify");
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
            return;
        }
        AuthnStatement newAuthnStatement = getNewAuthnStatement();
        if (newAuthnStatement == null) {
            this.log.error("Unable to obtain AuthnStatement to add");
            ActionSupport.buildEvent(profileRequestContext, EventIds.MESSAGE_PROC_ERROR);
        } else {
            apply.getAuthnStatements().add(newAuthnStatement);
            this.log.debug("{} Added AuthenticationStatement to Assertion {}", getLogPrefix(), apply.getID());
        }
    }

    @Nullable
    protected AuthnStatement getNewAuthnStatement() {
        try {
            return (AuthnStatement) XMLObjectSupport.cloneXMLObject(this.sourceStatement);
        } catch (MarshallingException | UnmarshallingException e) {
            this.log.error("{} Error cloning Assertion AuthnStatement", getLogPrefix(), e);
            return null;
        }
    }
}
