package net.shibboleth.idp.saml.nameid.impl;

import com.google.common.base.Function;
import com.google.common.base.Functions;
import com.google.common.base.Predicates;
import com.google.common.collect.Collections2;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.IdPAttributeValue;
import net.shibboleth.idp.attribute.ScopedStringAttributeValue;
import net.shibboleth.idp.attribute.StringAttributeValue;
import net.shibboleth.idp.attribute.context.AttributeContext;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.context.navigate.RelyingPartyIdLookupFunction;
import net.shibboleth.idp.profile.context.navigate.ResponderIdLookupFunction;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.ThreadSafeAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLException;
import org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafeAfterInit
/* loaded from: input_file:BOOT-INF/lib/idp-saml-impl-3.3.2.jar:net/shibboleth/idp/saml/nameid/impl/PersistentSAML2NameIDGenerator.class */
public class PersistentSAML2NameIDGenerator extends AbstractSAML2NameIDGenerator {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) PersistentSAML2NameIDGenerator.class);

    @Nonnull
    private Function<ProfileRequestContext, SubjectContext> subjectContextLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, AttributeContext> attributeContextLookupStrategy;

    @NonnullElements
    @Nonnull
    private List<String> attributeSourceIds;

    @NonnullAfterInit
    private PersistentIdGenerationStrategy persistentIdStrategy;
    private boolean useUnfilteredAttributes;

    public PersistentSAML2NameIDGenerator() {
        setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        this.subjectContextLookupStrategy = new ChildContextLookup(SubjectContext.class);
        this.attributeContextLookupStrategy = Functions.compose(new ChildContextLookup(AttributeContext.class), new ChildContextLookup(RelyingPartyContext.class));
        this.attributeSourceIds = Collections.emptyList();
        setDefaultIdPNameQualifierLookupStrategy(new ResponderIdLookupFunction());
        setDefaultSPNameQualifierLookupStrategy(new RelyingPartyIdLookupFunction());
        this.useUnfilteredAttributes = true;
    }

    public void setSubjectContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SubjectContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.subjectContextLookupStrategy = (Function) Constraint.isNotNull(function, "SubjectContext lookup strategy cannot be null");
    }

    public void setAttributeContextLookupStrategy(@Nonnull Function<ProfileRequestContext, AttributeContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.attributeContextLookupStrategy = (Function) Constraint.isNotNull(function, "AttributeContext lookup strategy cannot be null");
    }

    public void setAttributeSourceIds(@NonnullElements @Nonnull List<String> list) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        Constraint.isNotNull(list, "Attribute ID collection cannot be null");
        this.attributeSourceIds = new ArrayList(Collections2.filter(list, Predicates.notNull()));
    }

    public void setPersistentIdGenerator(@Nonnull PersistentIdGenerationStrategy persistentIdGenerationStrategy) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.persistentIdStrategy = (PersistentIdGenerationStrategy) Constraint.isNotNull(persistentIdGenerationStrategy, "PersistentIdGenerationStrategy cannot be null");
    }

    public void setUseUnfilteredAttributes(boolean z) {
        this.useUnfilteredAttributes = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.common.profile.AbstractNameIdentifierGenerator, net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent, net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.persistentIdStrategy == null) {
            throw new ComponentInitializationException("PersistentIdGenerationStrategy cannot be null");
        }
        if (this.attributeSourceIds.isEmpty()) {
            throw new ComponentInitializationException("Attribute source ID list cannot be empty");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.common.profile.AbstractNameIdentifierGenerator
    @Nullable
    public String getIdentifier(@Nonnull ProfileRequestContext profileRequestContext) throws SAMLException {
        Function<ProfileRequestContext, String> defaultIdPNameQualifierLookupStrategy = getDefaultIdPNameQualifierLookupStrategy();
        String apply = defaultIdPNameQualifierLookupStrategy != null ? defaultIdPNameQualifierLookupStrategy.apply(profileRequestContext) : null;
        if (apply == null) {
            this.log.debug("No responder identifier, can't generate persistent ID");
            return null;
        }
        String effectiveSPNameQualifier = getEffectiveSPNameQualifier(profileRequestContext);
        if (effectiveSPNameQualifier == null) {
            Function<ProfileRequestContext, String> defaultSPNameQualifierLookupStrategy = getDefaultSPNameQualifierLookupStrategy();
            effectiveSPNameQualifier = defaultSPNameQualifierLookupStrategy != null ? defaultSPNameQualifierLookupStrategy.apply(profileRequestContext) : null;
        }
        if (effectiveSPNameQualifier == null) {
            this.log.debug("No relying party identifier, can't generate persistent ID");
            return null;
        }
        SubjectContext apply2 = this.subjectContextLookupStrategy.apply(profileRequestContext);
        if (apply2 == null || apply2.getPrincipalName() == null) {
            this.log.debug("No principal name, can't generate persistent ID");
            return null;
        }
        AttributeContext apply3 = this.attributeContextLookupStrategy.apply(profileRequestContext);
        if (apply3 == null) {
            this.log.debug("No attribute context, can't generate persistent ID");
            return null;
        }
        Map<String, IdPAttribute> unfilteredIdPAttributes = this.useUnfilteredAttributes ? apply3.getUnfilteredIdPAttributes() : apply3.getIdPAttributes();
        for (String str : this.attributeSourceIds) {
            this.log.debug("Checking for source attribute {}", str);
            IdPAttribute idPAttribute = unfilteredIdPAttributes.get(str);
            if (idPAttribute != null) {
                for (IdPAttributeValue<?> idPAttributeValue : idPAttribute.getValues()) {
                    if (idPAttributeValue instanceof ScopedStringAttributeValue) {
                        this.log.debug("Generating persistent NameID from Scoped String-valued attribute {}", str);
                        return this.persistentIdStrategy.generate(apply, effectiveSPNameQualifier, apply2.getPrincipalName(), ((ScopedStringAttributeValue) idPAttributeValue).getValue() + '@' + ((ScopedStringAttributeValue) idPAttributeValue).getScope());
                    }
                    if (!(idPAttributeValue instanceof StringAttributeValue)) {
                        this.log.info("Unrecognized attribute value type: {}", idPAttributeValue.getClass().getName());
                    } else {
                        if (StringSupport.trimOrNull((String) idPAttributeValue.getValue()) != null) {
                            this.log.debug("Generating persistent NameID from String-valued attribute {}", str);
                            return this.persistentIdStrategy.generate(apply, effectiveSPNameQualifier, apply2.getPrincipalName(), (String) idPAttributeValue.getValue());
                        }
                        this.log.debug("Skipping all-whitespace string value");
                    }
                }
            }
        }
        this.log.info("Attribute sources {} did not produce a usable source identifier", this.attributeSourceIds);
        return null;
    }
}
