package net.shibboleth.idp.session.impl;

import com.google.common.base.Function;
import java.io.IOException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.session.SPSession;
import net.shibboleth.idp.session.SPSessionSerializerRegistry;
import net.shibboleth.idp.session.context.LogoutContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.security.DataSealer;
import net.shibboleth.utilities.java.support.security.DataSealerException;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.storage.StorageSerializer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/session/impl/PopulateLogoutContextForPropagation.class */
public class PopulateLogoutContextForPropagation extends AbstractProfileAction {

    @NotEmpty
    @Nonnull
    private static final String SPSESSION_PARAM = "SPSession";

    @NonnullAfterInit
    private DataSealer dataSealer;

    @NonnullAfterInit
    private SPSessionSerializerRegistry spSessionSerializerRegistry;

    @Nullable
    private SPSession session;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(PopulateLogoutContextForPropagation.class);

    @Nonnull
    private Function<ProfileRequestContext, LogoutContext> logoutContextCreationStrategy = new ChildContextLookup(LogoutContext.class, true);

    public void setDataSealer(@Nonnull DataSealer dataSealer) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.dataSealer = (DataSealer) Constraint.isNotNull(dataSealer, "DataSealer cannot be null");
    }

    public void setSPSessionSerializerRegistry(@Nonnull SPSessionSerializerRegistry sPSessionSerializerRegistry) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.spSessionSerializerRegistry = (SPSessionSerializerRegistry) Constraint.isNotNull(sPSessionSerializerRegistry, "Registry cannot be null");
    }

    public void setLogoutContextCreationStrategy(@Nonnull Function<ProfileRequestContext, LogoutContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.logoutContextCreationStrategy = (Function) Constraint.isNotNull(function, "LogoutContext creation strategy cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.spSessionSerializerRegistry == null) {
            throw new ComponentInitializationException("SPSessionSerializerRegistry cannot be null");
        }
        if (this.dataSealer == null) {
            throw new ComponentInitializationException("DataSealer cannot be null");
        }
    }

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        if (httpServletRequest == null) {
            this.log.error("{} HttpServletRequest is not set", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "UnableToDecode");
            return false;
        }
        String parameter = httpServletRequest.getParameter(SPSESSION_PARAM);
        if (parameter == null) {
            this.log.warn("{} No {} parameter provided, nothing to do", getLogPrefix(), SPSESSION_PARAM);
            ActionSupport.buildEvent(profileRequestContext, "UnableToDecode");
            return false;
        }
        try {
            String unwrap = this.dataSealer.unwrap(parameter);
            int indexOf = unwrap.indexOf(58);
            if (indexOf <= 0) {
                this.log.warn("{} No class identifier found in decrypted {} parameter", getLogPrefix(), SPSESSION_PARAM);
                ActionSupport.buildEvent(profileRequestContext, "UnableToDecode");
                return false;
            }
            String substring = unwrap.substring(0, indexOf);
            StorageSerializer lookup = this.spSessionSerializerRegistry.lookup(Class.forName(substring).asSubclass(SPSession.class));
            if (lookup != null) {
                this.session = (SPSession) lookup.deserialize(1L, "session", "key", parameter.substring(indexOf + 1), Long.valueOf(System.currentTimeMillis()));
                return true;
            }
            this.log.warn("{} No serializer registered for SPSession type: {}", getLogPrefix(), substring);
            ActionSupport.buildEvent(profileRequestContext, "UnableToDecode");
            return false;
        } catch (IOException | ClassNotFoundException | DataSealerException e) {
            this.log.warn("{} Error deserializing encrypted SPSession", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, "UnableToDecode");
            return false;
        }
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        LogoutContext logoutContext = (LogoutContext) this.logoutContextCreationStrategy.apply(profileRequestContext);
        if (logoutContext != null) {
            logoutContext.getSessionMap().put(this.session.getId(), this.session);
        } else {
            this.log.error("{} Unable to create or locate LogoutContext", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
        }
    }
}
