package net.shibboleth.idp.plugin.authn.oidc.rp.messaging.context.logic;

import java.util.function.Function;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.oidc.rp.context.AbstractAuthenticatableOIDCContext;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.logic.messaging.AbstractRelyingPartyPredicate;
import net.shibboleth.oidc.profile.config.OIDCAuthenticationRelyingPartyProfileConfiguration;
import net.shibboleth.utilities.java.support.annotation.ParameterName;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.ParentProfileRequestContextLookup;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/messaging/context/logic/RequiresSignatureVerificationPredicate.class */
public class RequiresSignatureVerificationPredicate extends AbstractRelyingPartyPredicate {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(RequiresSignatureVerificationPredicate.class);

    @Nonnull
    private final Function<MessageContext, AbstractAuthenticatableOIDCContext> authenticatableOIDCContextLookupStrategy;

    public RequiresSignatureVerificationPredicate(@Nonnull @ParameterName(name = "authenticatableOIDCContextLookupStrategy") Function<MessageContext, AbstractAuthenticatableOIDCContext> function) {
        this.authenticatableOIDCContextLookupStrategy = (Function) Constraint.isNotNull(function, "authenticatableOIDCContextLookupStrategy can not be null");
    }

    public boolean test(@Nonnull MessageContext messageContext) {
        ProfileRequestContext apply = new ParentProfileRequestContextLookup().apply(messageContext);
        if (apply == null) {
            this.log.warn("Profile request context not found, signature verification will be requred");
            return true;
        }
        boolean z = false;
        RelyingPartyContext relyingPartyContext = (RelyingPartyContext) getRelyingPartyContextLookupStrategy().apply(messageContext);
        if (relyingPartyContext != null && (relyingPartyContext.getProfileConfig() instanceof OIDCAuthenticationRelyingPartyProfileConfiguration)) {
            z = relyingPartyContext.getProfileConfig().isTlsServerValidationSufficient(apply);
        }
        AbstractAuthenticatableOIDCContext apply2 = this.authenticatableOIDCContextLookupStrategy.apply(messageContext);
        if (!z || !apply2.isAuthenticated()) {
            return true;
        }
        this.log.debug("TLS server validation was successful and sufficient, no further signature processing required");
        return false;
    }
}
