package net.shibboleth.idp.plugin.authn.duo.admin.impl;

import jakarta.servlet.http.HttpServletRequest;
import java.util.function.Supplier;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.profile.context.RelyingPartyContext;
import net.shibboleth.profile.context.logic.AbstractRelyingPartyPredicate;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.security.AccessControlService;
import org.opensaml.profile.context.ProfileRequestContext;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/admin/impl/AdminAccessPredicate.class */
public class AdminAccessPredicate extends AbstractRelyingPartyPredicate {

    @NonnullAfterInit
    private AccessControlService accessControlService;

    @Nullable
    private Supplier<HttpServletRequest> requestSupplier;

    public void setAccessControlService(@Nonnull AccessControlService accessControlService) {
        this.accessControlService = (AccessControlService) Constraint.isNotNull(accessControlService, "AccessControlService cannot be null");
    }

    public void setHttpServletRequestSupplier(@Nonnull Supplier<HttpServletRequest> supplier) {
        this.requestSupplier = (Supplier) Constraint.isNotNull(supplier, "HttpServletRequest supplier cannot be null");
    }

    public boolean test(@Nullable ProfileRequestContext profileRequestContext) {
        RelyingPartyContext relyingPartyContext;
        String adminPolicyName;
        HttpServletRequest httpServletRequest = this.requestSupplier != null ? this.requestSupplier.get() : null;
        if (httpServletRequest == null || (relyingPartyContext = getRelyingPartyContext(profileRequestContext)) == null) {
            return false;
        }
        AdminFlowDescriptor profileConfig = relyingPartyContext.getProfileConfig();
        if (!(profileConfig instanceof AdminFlowDescriptor) || (adminPolicyName = profileConfig.getAdminPolicyName(profileRequestContext)) == null) {
            return false;
        }
        return this.accessControlService.getInstance(adminPolicyName).checkAccess(httpServletRequest, "write", "cookie");
    }
}
