package net.shibboleth.idp.profile.impl;

import com.google.common.base.Function;
import java.util.Collection;
import java.util.Collections;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.context.AttributeContext;
import net.shibboleth.idp.attribute.resolver.AttributeResolver;
import net.shibboleth.idp.attribute.resolver.ResolutionException;
import net.shibboleth.idp.attribute.resolver.context.AttributeResolutionContext;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.relyingparty.RelyingPartyConfiguration;
import net.shibboleth.idp.service.ReloadableService;
import net.shibboleth.idp.service.ServiceableComponent;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/profile/impl/ResolveAttributes.class */
public final class ResolveAttributes extends AbstractProfileAction {

    @Nonnull
    private final ReloadableService<AttributeResolver> attributeResolverService;

    @Nullable
    private RelyingPartyContext rpContext;

    @Nullable
    private SubjectContext subjectContext;

    @Nullable
    private AuthenticationContext authenticationContext;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ResolveAttributes.class);

    @Nonnull
    private Function<ProfileRequestContext, RelyingPartyContext> relyingPartyContextLookupStrategy = new ChildContextLookup(RelyingPartyContext.class, false);

    @Nonnull
    private Function<ProfileRequestContext, SubjectContext> subjectContextLookupStrategy = new ChildContextLookup(SubjectContext.class, false);

    @Nonnull
    private Function<ProfileRequestContext, AuthenticationContext> authnContextLookupStrategy = new ChildContextLookup(AuthenticationContext.class, false);

    @NonnullElements
    @Nonnull
    private Collection<String> attributesToResolve = Collections.emptyList();

    public ResolveAttributes(@Nonnull ReloadableService<AttributeResolver> reloadableService) {
        this.attributeResolverService = (ReloadableService) Constraint.isNotNull(reloadableService, "AttributeResolver cannot be null");
    }

    public void setRelyingPartyContextLookupStrategy(@Nonnull Function<ProfileRequestContext, RelyingPartyContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.relyingPartyContextLookupStrategy = (Function) Constraint.isNotNull(function, "RelyingPartyContext lookup strategy cannot be null");
    }

    public void setSubjectContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SubjectContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.subjectContextLookupStrategy = (Function) Constraint.isNotNull(function, "SubjectContext lookup strategy cannot be null");
    }

    public void setAuthenticationContextLookupStrategy(@Nonnull Function<ProfileRequestContext, AuthenticationContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.authnContextLookupStrategy = (Function) Constraint.isNotNull(function, "AuthenticationContext lookup strategy cannot be null");
    }

    public void setAttributesToResolve(@NonnullElements @Nonnull Collection<String> collection) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        Constraint.isNotNull(collection, "Attribute ID collection cannot be null");
        this.attributesToResolve = StringSupport.normalizeStringCollection(collection);
    }

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        this.rpContext = (RelyingPartyContext) this.relyingPartyContextLookupStrategy.apply(profileRequestContext);
        if (this.rpContext == null) {
            this.log.debug("{} No relying party context available.", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRelyingPartyContext");
            return false;
        }
        this.subjectContext = (SubjectContext) this.subjectContextLookupStrategy.apply(profileRequestContext);
        if (this.subjectContext == null) {
            this.log.debug("{} No subject context available.", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidSubjectContext");
            return false;
        }
        this.authenticationContext = (AuthenticationContext) this.authnContextLookupStrategy.apply(profileRequestContext);
        if (this.authenticationContext == null) {
            this.log.debug("{} No authentication context available.", getLogPrefix());
        }
        return super.doPreExecute(profileRequestContext);
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        AuthenticationResult authenticationResult;
        AttributeResolutionContext subcontext = profileRequestContext.getSubcontext(AttributeResolutionContext.class, true);
        if (subcontext.getRequestedIdPAttributeNames() == null || subcontext.getRequestedIdPAttributeNames().isEmpty()) {
            subcontext.setRequestedIdPAttributeNames(this.attributesToResolve);
        }
        subcontext.setPrincipal(this.subjectContext.getPrincipalName());
        subcontext.setPrincipalAuthenticationMethod((String) null);
        if (null != this.authenticationContext && null != (authenticationResult = this.authenticationContext.getAuthenticationResult())) {
            subcontext.setPrincipalAuthenticationMethod(authenticationResult.getAuthenticationFlowId());
        }
        subcontext.setAttributeRecipientID(this.rpContext.getRelyingPartyId());
        RelyingPartyConfiguration configuration = this.rpContext.getConfiguration();
        if (null != configuration) {
            subcontext.setAttributeIssuerID(configuration.getResponderId());
        } else {
            subcontext.setAttributeIssuerID((String) null);
        }
        ServiceableComponent serviceableComponent = null;
        try {
            try {
                ServiceableComponent serviceableComponent2 = this.attributeResolverService.getServiceableComponent();
                if (null == serviceableComponent2) {
                    this.log.error("{} Error resolving attributes: Invalid Attribute resolver configuration.", getLogPrefix());
                    ActionSupport.buildEvent(profileRequestContext, "UnableToResolveAttributes");
                } else {
                    ((AttributeResolver) serviceableComponent2.getComponent()).resolveAttributes(subcontext);
                    profileRequestContext.removeSubcontext(subcontext);
                    this.rpContext.getSubcontext(AttributeContext.class, true).setIdPAttributes(subcontext.getResolvedIdPAttributes().values());
                }
                if (null != serviceableComponent2) {
                    serviceableComponent2.unpinComponent();
                }
            } catch (ResolutionException e) {
                this.log.error("{} Error resolving attributes", getLogPrefix(), e);
                ActionSupport.buildEvent(profileRequestContext, "UnableToResolveAttributes");
                if (0 != 0) {
                    serviceableComponent.unpinComponent();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                serviceableComponent.unpinComponent();
            }
            throw th;
        }
    }
}
