package net.shibboleth.idp.session.impl;

import com.google.common.base.Predicates;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.session.IdPSession;
import net.shibboleth.idp.session.SessionException;
import net.shibboleth.idp.session.SessionResolver;
import net.shibboleth.idp.session.context.SessionContext;
import net.shibboleth.idp.session.criterion.HttpServletRequestCriterion;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.net.HttpServletSupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/session/impl/PopulateSessionContext.class */
public class PopulateSessionContext extends AbstractProfileAction {

    @NonnullAfterInit
    private SessionResolver sessionResolver;

    @Nullable
    private Function<ProfileRequestContext, String> addressLookupStrategy;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(PopulateSessionContext.class);

    @Nonnull
    private Function<ProfileRequestContext, SessionContext> sessionContextCreationStrategy = new ChildContextLookup(SessionContext.class, true);

    @Nonnull
    private Function<ProfileRequestContext, CriteriaSet> sessionResolverCriteriaStrategy = profileRequestContext -> {
        return new CriteriaSet(new Criterion[]{new HttpServletRequestCriterion()});
    };

    public void setSessionResolver(@Nonnull SessionResolver sessionResolver) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.sessionResolver = (SessionResolver) Constraint.isNotNull(sessionResolver, "SessionResolver cannot be null");
    }

    public void setSessionContextCreationStrategy(@Nonnull Function<ProfileRequestContext, SessionContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.sessionContextCreationStrategy = (Function) Constraint.isNotNull(function, "SessionContext creation strategy cannot be null");
    }

    public void setAddressLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.addressLookupStrategy = function;
    }

    public void setSessionResolverCriteriaStrategy(@Nonnull Function<ProfileRequestContext, CriteriaSet> function) {
        this.sessionResolverCriteriaStrategy = (Function) Constraint.isNotNull(function, "SessionResolver CriteriaSet strategy cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (!getActivationCondition().equals(Predicates.alwaysFalse()) && this.sessionResolver == null) {
            throw new ComponentInitializationException("SessionResolver cannot be null");
        }
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        String remoteAddr;
        IdPSession idPSession = null;
        try {
            IdPSession idPSession2 = (IdPSession) this.sessionResolver.resolveSingle(this.sessionResolverCriteriaStrategy.apply(profileRequestContext));
            if (idPSession2 == null) {
                this.log.debug("{} No session found for client", getLogPrefix());
                return;
            }
            if (!idPSession2.checkTimeout()) {
                this.log.info("{} Session {} no longer valid due to inactivity", getLogPrefix(), idPSession2.getId());
                return;
            }
            if (this.addressLookupStrategy != null) {
                remoteAddr = this.addressLookupStrategy.apply(profileRequestContext);
            } else {
                HttpServletRequest httpServletRequest = getHttpServletRequest();
                remoteAddr = httpServletRequest != null ? HttpServletSupport.getRemoteAddr(httpServletRequest) : null;
            }
            if (remoteAddr == null) {
                this.log.info("{} No client address available, skipping address check for session {}", getLogPrefix(), idPSession2.getId());
            } else if (!idPSession2.checkAddress(remoteAddr)) {
                return;
            }
            SessionContext apply = this.sessionContextCreationStrategy.apply(profileRequestContext);
            if (apply != null) {
                apply.setIdPSession(idPSession2);
            } else {
                this.log.error("{} Unable to create or locate SessionContext", getLogPrefix());
                ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
            }
        } catch (ResolverException e) {
            this.log.error("{} Error resolving a session for the active client", getLogPrefix(), e);
        } catch (SessionException e2) {
            this.log.error("{} Error during timeout or address checking for session {}", new Object[]{getLogPrefix(), idPSession.getId(), e2});
        }
    }
}
