package net.shibboleth.idp.plugin.authn.totp.impl;

import java.util.Collection;
import java.util.Collections;
import java.util.Objects;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.StringAttributeValue;
import net.shibboleth.idp.attribute.resolver.AttributeResolver;
import net.shibboleth.idp.attribute.resolver.context.AttributeResolutionContext;
import net.shibboleth.idp.plugin.authn.totp.context.TOTPContext;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.annotation.constraint.ThreadSafeAfterInit;
import net.shibboleth.shared.codec.Base32Support;
import net.shibboleth.shared.codec.Base64Support;
import net.shibboleth.shared.codec.DecodingException;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import net.shibboleth.shared.service.ReloadableService;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

@ThreadSafeAfterInit
/* loaded from: input_file:net/shibboleth/idp/plugin/authn/totp/impl/AttributeResolverSeedSource.class */
public class AttributeResolverSeedSource extends AbstractSeedSource {

    @Nonnull
    @NotEmpty
    public static final String DEFAULT_ATTRIBUTE_ID = "tokenSeeds";

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AttributeResolverSeedSource.class);

    @NonnullAfterInit
    private ReloadableService<AttributeResolver> attributeResolver;

    @NotEmpty
    @NonnullAfterInit
    private String attributeId;

    public void setAttributeResolver(@Nonnull ReloadableService<AttributeResolver> reloadableService) {
        checkSetterPreconditions();
        this.attributeResolver = (ReloadableService) Constraint.isNotNull(reloadableService, "AttributeResolver cannot be null");
    }

    public void setSourceAttribute(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.attributeId = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Source attribute ID cannot be null or empty");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.attributeResolver == null) {
            throw new ComponentInitializationException("AttributeResolver cannot be null");
        }
        if (this.attributeId == null) {
            throw new ComponentInitializationException("Source attribute ID cannot be null");
        }
    }

    @Override // java.util.function.Consumer
    public void accept(@Nullable ProfileRequestContext profileRequestContext) {
        checkComponentActive();
        TOTPContext apply = getTOTPContextLookupStrategy().apply(profileRequestContext);
        if (apply == null || apply.getUsername() == null) {
            this.log.warn("Unable to locate TOTPContext with username set");
            return;
        }
        AttributeResolutionContext ensureSubcontext = apply.ensureSubcontext(AttributeResolutionContext.class);
        ensureSubcontext.setResolutionLabel("TOTP");
        ensureSubcontext.setPrincipal(apply.getUsername());
        ensureSubcontext.setRequestedIdPAttributeNames(Collections.singletonList(this.attributeId));
        this.log.debug("Resolving attribute {} for '{}'", this.attributeId, apply.getUsername());
        Collection<byte[]> tokenSeeds = apply.getTokenSeeds();
        try {
            ensureSubcontext.resolveAttributes(this.attributeResolver);
            IdPAttribute idPAttribute = (IdPAttribute) ensureSubcontext.getResolvedIdPAttributes().get(this.attributeId);
            if (idPAttribute != null) {
                Stream stream = idPAttribute.getValues().stream();
                Class<StringAttributeValue> cls = StringAttributeValue.class;
                Objects.requireNonNull(StringAttributeValue.class);
                Stream filter = stream.filter((v1) -> {
                    return r1.isInstance(v1);
                });
                Class<StringAttributeValue> cls2 = StringAttributeValue.class;
                Objects.requireNonNull(StringAttributeValue.class);
                filter.map((v1) -> {
                    return r1.cast(v1);
                }).map((v0) -> {
                    return v0.getValue();
                }).forEachOrdered(str -> {
                    try {
                        switch (getEncoding()) {
                            case BASE32:
                                tokenSeeds.add(Base32Support.decode(str));
                                break;
                            case BASE64:
                                tokenSeeds.add(Base64Support.decode(str));
                                break;
                            default:
                                throw new DecodingException("Unknown encoding type");
                        }
                    } catch (DecodingException e) {
                        this.log.error("Unable to decode seed", e);
                    }
                });
            }
            this.log.debug("Resolved {} seed(s) for '{}'", Integer.valueOf(tokenSeeds.size()), apply.getUsername());
        } finally {
            apply.removeSubcontext(ensureSubcontext);
        }
    }
}
