package net.shibboleth.idp.profile.impl;

import com.google.common.base.Function;
import com.google.common.base.Functions;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.context.AttributeContext;
import net.shibboleth.idp.attribute.filter.AttributeFilter;
import net.shibboleth.idp.attribute.filter.AttributeFilterException;
import net.shibboleth.idp.attribute.filter.context.AttributeFilterContext;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.authn.context.navigate.SubjectContextPrincipalLookupFunction;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.profile.IdPEventIds;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.context.navigate.RelyingPartyIdLookupFunction;
import net.shibboleth.idp.profile.context.navigate.ResponderIdLookupFunction;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.service.ReloadableService;
import net.shibboleth.utilities.java.support.service.ServiceableComponent;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.messaging.context.navigate.RootContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.opensaml.saml.common.messaging.context.SAMLMetadataContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/idp-profile-impl-3.3.3.jar:net/shibboleth/idp/profile/impl/FilterAttributes.class */
public class FilterAttributes extends AbstractProfileAction {

    @Nonnull
    private final ReloadableService<AttributeFilter> attributeFilterService;

    @Nullable
    private AuthenticationContext authenticationContext;

    @Nullable
    private AttributeContext attributeContext;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) FilterAttributes.class);

    @Nullable
    private Function<ProfileRequestContext, String> issuerLookupStrategy = new ResponderIdLookupFunction();

    @Nullable
    private Function<ProfileRequestContext, String> recipientLookupStrategy = new RelyingPartyIdLookupFunction();

    @Nonnull
    private Function<ProfileRequestContext, AttributeContext> attributeContextLookupStrategy = Functions.compose(new ChildContextLookup(AttributeContext.class), new ChildContextLookup(RelyingPartyContext.class));

    @Nonnull
    private Function<ProfileRequestContext, String> principalNameLookupStrategy = Functions.compose(new SubjectContextPrincipalLookupFunction(), new ChildContextLookup(SubjectContext.class));

    @Nonnull
    private Function<ProfileRequestContext, AuthenticationContext> authnContextLookupStrategy = new ChildContextLookup(AuthenticationContext.class);

    @Nonnull
    private Function<ProfileRequestContext, SAMLMetadataContext> metadataContextLookupStrategy = Functions.compose(new ChildContextLookup(SAMLMetadataContext.class), Functions.compose(new ChildContextLookup(SAMLPeerEntityContext.class), new InboundMessageContextLookup()));

    @Nonnull
    private Function<AttributeFilterContext, SAMLMetadataContext> metadataFromFilterLookupStrategy = Functions.compose(new Function<ProfileRequestContext, SAMLMetadataContext>() { // from class: net.shibboleth.idp.profile.impl.FilterAttributes.1
        @Override // com.google.common.base.Function, java.util.function.Function
        public SAMLMetadataContext apply(ProfileRequestContext profileRequestContext) {
            return (SAMLMetadataContext) FilterAttributes.this.metadataContextLookupStrategy.apply(profileRequestContext);
        }
    }, new RootContextLookup());

    @Nonnull
    private Function<ProfileRequestContext, AttributeFilterContext> filterContextCreationStrategy = Functions.compose(new ChildContextLookup(AttributeFilterContext.class, true), new ChildContextLookup(RelyingPartyContext.class));
    private boolean maskFailures = true;

    public FilterAttributes(@Nonnull ReloadableService<AttributeFilter> reloadableService) {
        this.attributeFilterService = (ReloadableService) Constraint.isNotNull(reloadableService, "Service cannot be null");
    }

    public void setIssuerLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.issuerLookupStrategy = function;
    }

    public void setRecipientLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.recipientLookupStrategy = function;
    }

    public void setFilterContextCreationStrategy(@Nonnull Function<ProfileRequestContext, AttributeFilterContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.filterContextCreationStrategy = (Function) Constraint.isNotNull(function, "AttributeContext creation strategy cannot be null");
    }

    public void setAttributeContextLookupStrategy(@Nonnull Function<ProfileRequestContext, AttributeContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.attributeContextLookupStrategy = (Function) Constraint.isNotNull(function, "AttributeContext lookup strategy cannot be null");
    }

    public void setPrincipalNameLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.principalNameLookupStrategy = (Function) Constraint.isNotNull(function, "Principal name lookup strategy cannot be null");
    }

    public void setAuthenticationContextLookupStrategy(@Nonnull Function<ProfileRequestContext, AuthenticationContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.authnContextLookupStrategy = (Function) Constraint.isNotNull(function, "AuthenticationContext lookup strategy cannot be null");
    }

    public void setMetadataContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SAMLMetadataContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.metadataContextLookupStrategy = (Function) Constraint.isNotNull(function, "MetadataContext lookup strategy cannot be null");
        this.metadataFromFilterLookupStrategy = Functions.compose(this.metadataContextLookupStrategy, new RootContextLookup());
    }

    public void setMaskFailures(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.maskFailures = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractConditionalProfileAction, org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        this.attributeContext = this.attributeContextLookupStrategy.apply(profileRequestContext);
        if (this.attributeContext == null) {
            this.log.debug("{} No attribute context, no attributes to filter", getLogPrefix());
            return false;
        }
        if (this.attributeContext.getIdPAttributes().isEmpty()) {
            this.log.debug("{} No attributes to filter", getLogPrefix());
            return false;
        }
        this.authenticationContext = this.authnContextLookupStrategy.apply(profileRequestContext);
        if (this.authenticationContext != null) {
            return true;
        }
        this.log.debug("{} No authentication context available.", getLogPrefix());
        return true;
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        AttributeFilterContext apply = this.filterContextCreationStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.error("{} Unable to locate or create AttributeFilterContext", getLogPrefix());
            if (!this.maskFailures) {
                ActionSupport.buildEvent(profileRequestContext, IdPEventIds.UNABLE_FILTER_ATTRIBS);
                return;
            } else {
                this.log.warn("Filter error masked, clearing resolved attributes");
                this.attributeContext.setIdPAttributes(null);
                return;
            }
        }
        populateFilterContext(profileRequestContext, apply);
        ServiceableComponent serviceableComponent = null;
        try {
            try {
                ServiceableComponent<AttributeFilter> serviceableComponent2 = this.attributeFilterService.getServiceableComponent();
                if (null == serviceableComponent2) {
                    this.log.error("{} Error encountered while filtering attributes : Invalid Attribute Filter configuration", getLogPrefix());
                    if (this.maskFailures) {
                        this.log.warn("Filter error masked, clearing resolved attributes");
                        this.attributeContext.setIdPAttributes(null);
                    } else {
                        ActionSupport.buildEvent(profileRequestContext, IdPEventIds.UNABLE_FILTER_ATTRIBS);
                    }
                } else {
                    serviceableComponent2.getComponent().filterAttributes(apply);
                    apply.getParent().removeSubcontext(apply);
                    this.attributeContext.setIdPAttributes(apply.getFilteredIdPAttributes().values());
                }
                if (null != serviceableComponent2) {
                    serviceableComponent2.unpinComponent();
                }
            } catch (AttributeFilterException e) {
                this.log.error("{} Error encountered while filtering attributes", getLogPrefix(), e);
                if (this.maskFailures) {
                    this.log.warn("Filter error masked, clearing resolved attributes");
                    this.attributeContext.setIdPAttributes(null);
                } else {
                    ActionSupport.buildEvent(profileRequestContext, IdPEventIds.UNABLE_FILTER_ATTRIBS);
                }
                if (0 != 0) {
                    serviceableComponent.unpinComponent();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                serviceableComponent.unpinComponent();
            }
            throw th;
        }
    }

    private void populateFilterContext(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AttributeFilterContext attributeFilterContext) {
        AuthenticationResult authenticationResult;
        attributeFilterContext.setPrincipal(this.principalNameLookupStrategy.apply(profileRequestContext));
        attributeFilterContext.setPrincipalAuthenticationMethod(null);
        if (null != this.authenticationContext && null != (authenticationResult = this.authenticationContext.getAuthenticationResult())) {
            attributeFilterContext.setPrincipalAuthenticationMethod(authenticationResult.getAuthenticationFlowId());
        }
        if (this.recipientLookupStrategy != null) {
            attributeFilterContext.setAttributeRecipientID(this.recipientLookupStrategy.apply(profileRequestContext));
        } else {
            attributeFilterContext.setAttributeRecipientID(null);
        }
        if (this.issuerLookupStrategy != null) {
            attributeFilterContext.setAttributeIssuerID(this.issuerLookupStrategy.apply(profileRequestContext));
        } else {
            attributeFilterContext.setAttributeIssuerID(null);
        }
        attributeFilterContext.setRequesterMetadataContextLookupStrategy(this.metadataFromFilterLookupStrategy);
        if (attributeFilterContext.getPrefilteredIdPAttributes().isEmpty()) {
            attributeFilterContext.setPrefilteredIdPAttributes(this.attributeContext.getIdPAttributes().values());
        }
    }
}
