package org.opensaml.profile.action.impl;

import com.google.common.base.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.logic.FunctionSupport;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.security.AccessControlService;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-profile-impl-3.4.3.jar:org/opensaml/profile/action/impl/CheckAccess.class */
public class CheckAccess extends AbstractProfileAction {

    @NonnullAfterInit
    private AccessControlService service;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(CheckAccess.class);

    @Nonnull
    private Function<ProfileRequestContext, String> policyNameLookupStrategy = FunctionSupport.constant(null);

    @Nonnull
    private Function<ProfileRequestContext, String> operationLookupStrategy = FunctionSupport.constant(null);

    @Nonnull
    private Function<ProfileRequestContext, String> resourceLookupStrategy = FunctionSupport.constant(null);

    public void setAccessControlService(@Nonnull AccessControlService accessControlService) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.service = (AccessControlService) Constraint.isNotNull(accessControlService, "AccessControlService cannot be null");
    }

    public void setPolicyNameLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.policyNameLookupStrategy = (Function) Constraint.isNotNull(function, "Policy lookup strategy cannot be null");
    }

    public void setPolicyName(@NotEmpty @Nonnull String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.policyNameLookupStrategy = FunctionSupport.constant(Constraint.isNotNull(StringSupport.trimOrNull(str), "Policy name cannot be null or empty"));
    }

    public void setOperationLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.operationLookupStrategy = (Function) Constraint.isNotNull(function, "Policy lookup strategy cannot be null");
    }

    public void setOperation(@Nullable String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.operationLookupStrategy = FunctionSupport.constant(StringSupport.trimOrNull(str));
    }

    public void setResourceLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.resourceLookupStrategy = (Function) Constraint.isNotNull(function, "Policy lookup strategy cannot be null");
    }

    public void setResource(@Nullable String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.resourceLookupStrategy = FunctionSupport.constant(StringSupport.trimOrNull(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.service == null) {
            throw new ComponentInitializationException("AccessControlService cannot be null");
        }
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        if (getHttpServletRequest() != null) {
            return true;
        }
        this.log.warn("{} HttpServletRequest was null, disallowing access", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, EventIds.ACCESS_DENIED);
        return false;
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    public void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        String str = (String) this.policyNameLookupStrategy.apply(profileRequestContext);
        if (str == null) {
            this.log.warn("{} No policy name returned by lookup strategy, disallowing access", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.ACCESS_DENIED);
        } else {
            if (this.service.getInstance(str).checkAccess(getHttpServletRequest(), (String) this.operationLookupStrategy.apply(profileRequestContext), (String) this.resourceLookupStrategy.apply(profileRequestContext))) {
                return;
            }
            ActionSupport.buildEvent(profileRequestContext, EventIds.ACCESS_DENIED);
        }
    }
}
