package org.opensaml.profile.action.impl;

import java.util.List;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.Criterion;
import net.shibboleth.shared.resolver.ResolverException;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.opensaml.security.messaging.ClientTLSSecurityParametersContext;
import org.opensaml.security.x509.tls.ClientTLSValidationConfiguration;
import org.opensaml.security.x509.tls.ClientTLSValidationConfigurationCriterion;
import org.opensaml.security.x509.tls.ClientTLSValidationParameters;
import org.opensaml.security.x509.tls.ClientTLSValidationParametersResolver;
import org.slf4j.Logger;

/* loaded from: input_file:org/opensaml/profile/action/impl/PopulateClientTLSValidationParameters.class */
public class PopulateClientTLSValidationParameters extends AbstractProfileAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(PopulateClientTLSValidationParameters.class);

    @Nonnull
    private Function<ProfileRequestContext, ClientTLSSecurityParametersContext> securityParametersContextLookupStrategy = new ChildContextLookup(ClientTLSSecurityParametersContext.class, true).compose(new InboundMessageContextLookup());

    @NonnullAfterInit
    private Function<ProfileRequestContext, List<ClientTLSValidationConfiguration>> configurationLookupStrategy;

    @NonnullAfterInit
    private ClientTLSValidationParametersResolver resolver;

    public void setSecurityParametersContextLookupStrategy(@Nonnull Function<ProfileRequestContext, ClientTLSSecurityParametersContext> function) {
        checkSetterPreconditions();
        this.securityParametersContextLookupStrategy = (Function) Constraint.isNotNull(function, "ClientTLSSecurityParametersContext lookup strategy cannot be null");
    }

    public void setConfigurationLookupStrategy(@Nonnull Function<ProfileRequestContext, List<ClientTLSValidationConfiguration>> function) {
        checkSetterPreconditions();
        this.configurationLookupStrategy = (Function) Constraint.isNotNull(function, "ClientTLSValidationConfiguration lookup strategy cannot be null");
    }

    public void setClientTLSValidationParametersResolver(@Nonnull ClientTLSValidationParametersResolver clientTLSValidationParametersResolver) {
        checkSetterPreconditions();
        this.resolver = (ClientTLSValidationParametersResolver) Constraint.isNotNull(clientTLSValidationParametersResolver, "ClientTLSValidationParametersResolver cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.resolver == null) {
            throw new ComponentInitializationException("ClientTLSValidationParametersResolver cannot be null");
        }
        if (this.configurationLookupStrategy == null) {
            this.configurationLookupStrategy = new Function<ProfileRequestContext, List<ClientTLSValidationConfiguration>>() { // from class: org.opensaml.profile.action.impl.PopulateClientTLSValidationParameters.1
                @Override // java.util.function.Function
                public List<ClientTLSValidationConfiguration> apply(ProfileRequestContext profileRequestContext) {
                    return CollectionSupport.singletonList((ClientTLSValidationConfiguration) ConfigurationService.ensure(ClientTLSValidationConfiguration.class));
                }
            };
        }
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        this.log.debug("{} Resolving ClientTLSValidationParameters for request", getLogPrefix());
        List<ClientTLSValidationConfiguration> apply = this.configurationLookupStrategy.apply(profileRequestContext);
        if (apply == null || apply.isEmpty()) {
            this.log.error("{} No ClientTLSValidationConfiguration returned by lookup strategy", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidSecurityConfiguration");
            return;
        }
        ClientTLSSecurityParametersContext apply2 = this.securityParametersContextLookupStrategy.apply(profileRequestContext);
        if (apply2 == null) {
            this.log.debug("{} No ClientTLSSecurityParametersContext returned by lookup strategy", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
            return;
        }
        try {
            ClientTLSValidationParameters clientTLSValidationParameters = (ClientTLSValidationParameters) this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new ClientTLSValidationConfigurationCriterion(apply)}));
            apply2.setValidationParameters(clientTLSValidationParameters);
            this.log.debug("{} {} ClientTLSValidationParameters", getLogPrefix(), clientTLSValidationParameters != null ? "Resolved" : "Failed to resolve");
        } catch (ResolverException e) {
            this.log.error("{} Error resolving ClientTLSValidationParameters", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, "InvalidSecurityConfiguration");
        }
    }
}
