package net.shibboleth.idp.saml.nameid.impl;

import com.google.common.base.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.security.auth.Subject;
import net.shibboleth.idp.attribute.resolver.AttributeResolver;
import net.shibboleth.idp.attribute.resolver.LegacyPrincipalDecoder;
import net.shibboleth.idp.attribute.resolver.ResolutionException;
import net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction;
import net.shibboleth.idp.authn.AuthnEventIds;
import net.shibboleth.idp.authn.SubjectCanonicalizationException;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.saml.authn.principal.NameIDPrincipal;
import net.shibboleth.idp.saml.authn.principal.NameIdentifierPrincipal;
import net.shibboleth.utilities.java.support.annotation.ParameterName;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.service.ReloadableService;
import net.shibboleth.utilities.java.support.service.ServiceableComponent;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/idp-saml-impl-3.4.0.jar:net/shibboleth/idp/saml/nameid/impl/LegacyCanonicalization.class */
public class LegacyCanonicalization extends AbstractSubjectCanonicalizationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) LegacyCanonicalization.class);

    @Nonnull
    private final ReloadableService<AttributeResolver> attributeResolverService;

    /* loaded from: input_file:BOOT-INF/lib/idp-saml-impl-3.4.0.jar:net/shibboleth/idp/saml/nameid/impl/LegacyCanonicalization$ActivationCondition.class */
    public static class ActivationCondition implements Predicate<ProfileRequestContext> {

        @Nullable
        private final ReloadableService<AttributeResolver> attributeResolverService;

        public ActivationCondition(@ParameterName(name = "service") ReloadableService<AttributeResolver> reloadableService) {
            this.attributeResolverService = reloadableService;
        }

        @Override // com.google.common.base.Predicate
        public boolean apply(@Nullable ProfileRequestContext profileRequestContext) {
            SubjectCanonicalizationContext subjectCanonicalizationContext;
            Subject subject;
            if (null == profileRequestContext || null == (subjectCanonicalizationContext = (SubjectCanonicalizationContext) profileRequestContext.getSubcontext(SubjectCanonicalizationContext.class)) || null == (subject = subjectCanonicalizationContext.getSubject())) {
                return false;
            }
            if (1 != subject.getPrincipals(NameIDPrincipal.class).size() + subject.getPrincipals(NameIdentifierPrincipal.class).size() || null == this.attributeResolverService) {
                return false;
            }
            ServiceableComponent<AttributeResolver> serviceableComponent = null;
            try {
                serviceableComponent = this.attributeResolverService.getServiceableComponent();
                if (null == serviceableComponent) {
                    if (null != serviceableComponent) {
                        serviceableComponent.unpinComponent();
                    }
                    return false;
                }
                AttributeResolver component = serviceableComponent.getComponent();
                if (!(component instanceof LegacyPrincipalDecoder)) {
                    if (null != serviceableComponent) {
                        serviceableComponent.unpinComponent();
                    }
                    return false;
                }
                boolean hasValidConnectors = ((LegacyPrincipalDecoder) component).hasValidConnectors();
                if (null != serviceableComponent) {
                    serviceableComponent.unpinComponent();
                }
                return hasValidConnectors;
            } catch (Throwable th) {
                if (null != serviceableComponent) {
                    serviceableComponent.unpinComponent();
                }
                throw th;
            }
        }
    }

    public LegacyCanonicalization(@Nonnull @ParameterName(name = "resolverService") ReloadableService<AttributeResolver> reloadableService) {
        this.attributeResolverService = (ReloadableService) Constraint.isNotNull(reloadableService, "AttributeResolver cannot be null");
    }

    @Override // net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) {
        ServiceableComponent serviceableComponent = null;
        try {
            try {
                ServiceableComponent<AttributeResolver> serviceableComponent2 = this.attributeResolverService.getServiceableComponent();
                if (null == serviceableComponent2) {
                    this.log.error("{} Error resolving PrincipalConnector: Invalid Attribute resolver configuration.", getLogPrefix());
                    subjectCanonicalizationContext.setException(new SubjectCanonicalizationException("Error resolving PrincipalConnectore: Invalid Attribute resolver configuration."));
                    ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT);
                    if (null != serviceableComponent2) {
                        serviceableComponent2.unpinComponent();
                        return;
                    }
                    return;
                }
                AttributeResolver component = serviceableComponent2.getComponent();
                if (!(component instanceof LegacyPrincipalDecoder)) {
                    this.log.info("{} Attribute Resolver did not implement LegacyPrincipalDecoder.", getLogPrefix());
                    subjectCanonicalizationContext.setException(new SubjectCanonicalizationException("Attribute Resolver did not implement LegacyPrincipalDecoder."));
                    ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT);
                    if (null != serviceableComponent2) {
                        serviceableComponent2.unpinComponent();
                        return;
                    }
                    return;
                }
                String canonicalize = ((LegacyPrincipalDecoder) component).canonicalize(subjectCanonicalizationContext);
                if (null != canonicalize) {
                    subjectCanonicalizationContext.setPrincipalName(canonicalize);
                    if (null != serviceableComponent2) {
                        serviceableComponent2.unpinComponent();
                        return;
                    }
                    return;
                }
                this.log.info("{} Legacy Principal Decoding returned no value", getLogPrefix());
                subjectCanonicalizationContext.setException(new SubjectCanonicalizationException("Legacy Principal Decoding returned no value"));
                ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT);
                if (null != serviceableComponent2) {
                    serviceableComponent2.unpinComponent();
                }
            } catch (ResolutionException e) {
                subjectCanonicalizationContext.setException(e);
                ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.SUBJECT_C14N_ERROR);
                if (0 != 0) {
                    serviceableComponent.unpinComponent();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                serviceableComponent.unpinComponent();
            }
            throw th;
        }
    }
}
