package net.shibboleth.idp.plugin.authn.oidc.rp.config.logic;

import java.util.function.Function;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.oidc.rp.context.AbstractAuthenticatableOIDCContext;
import net.shibboleth.utilities.java.support.annotation.ParameterName;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.messaging.context.MessageContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/config/logic/RequiresSignatureVerificationPredicate.class */
public class RequiresSignatureVerificationPredicate implements Predicate<MessageContext> {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(RequiresSignatureVerificationPredicate.class);
    private boolean tlsServerValidationOnly;

    @Nonnull
    private final Function<MessageContext, AbstractAuthenticatableOIDCContext> authenticatableOIDCContextLookupStrategy;

    public RequiresSignatureVerificationPredicate(@Nonnull @ParameterName(name = "authenticatableOIDCContextLookupStrategy") Function<MessageContext, AbstractAuthenticatableOIDCContext> function) {
        this.authenticatableOIDCContextLookupStrategy = (Function) Constraint.isNotNull(function, "authenticatableOIDCContextLookupStrategy can not be null");
    }

    public void setTlsServerValidationOnly(boolean z) {
        this.tlsServerValidationOnly = z;
    }

    @Override // java.util.function.Predicate
    public boolean test(@Nonnull MessageContext messageContext) {
        AbstractAuthenticatableOIDCContext apply = this.authenticatableOIDCContextLookupStrategy.apply(messageContext);
        if (!this.tlsServerValidationOnly || !apply.isAuthenticated()) {
            return true;
        }
        this.log.debug("TLS server validation was successful and sufficient, no further signature processing performed");
        return false;
    }
}
