package net.shibboleth.idp.plugin.authn.webauthn.impl;

import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import net.shibboleth.idp.authn.AbstractAuthenticationAction;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.plugin.authn.webauthn.context.WebAuthnAuthenticationContext;
import net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.logic.PredicateSupport;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/impl/PopulateWebAuthnAuthenticationContext.class */
public class PopulateWebAuthnAuthenticationContext extends AbstractAuthenticationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(PopulateWebAuthnAuthenticationContext.class);

    @Nonnull
    private final Function<ProfileRequestContext, WebAuthnAuthenticationContext> webauthnAuthContextCreationStrategy = new ChildContextLookup(WebAuthnAuthenticationContext.class, true).compose(new ChildContextLookup(AuthenticationContext.class));

    @Nonnull
    private Function<ProfileRequestContext, String> usernameLookupStrategy = new CanonicalUsernameLookupStrategy();

    @Nonnull
    private Predicate<ProfileRequestContext> usernameRequiredPredicate = PredicateSupport.alwaysFalse();

    @Nonnull
    private Consumer<ProfileRequestContext> contextUpdateConsumer = profileRequestContext -> {
    };

    public void setContextUpdateConsumer(@Nonnull Consumer<ProfileRequestContext> consumer) {
        checkSetterPreconditions();
        this.contextUpdateConsumer = (Consumer) Constraint.isNotNull(consumer, "ContextUpdateConsumer can not be null");
    }

    public void setUsernameRequired(boolean z) {
        checkSetterPreconditions();
        this.usernameRequiredPredicate = z ? PredicateSupport.alwaysTrue() : PredicateSupport.alwaysFalse();
    }

    public void setUsernameRequiredPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        checkSetterPreconditions();
        this.usernameRequiredPredicate = (Predicate) Constraint.isNotNull(predicate, "Username required predicate can not be null");
    }

    public void setUsernameLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        checkSetterPreconditions();
        this.usernameLookupStrategy = (Function) Constraint.isNotNull(function, "Username lookup strategy cannot be null");
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        WebAuthnAuthenticationContext apply = this.webauthnAuthContextCreationStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.error("{} Error creating WebauthnAuthenticationContext", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
            return;
        }
        String apply2 = this.usernameLookupStrategy.apply(profileRequestContext);
        if (this.usernameRequiredPredicate.test(profileRequestContext) && apply2 == null) {
            this.log.error("{} Error creating WebauthnAuthenticationContext, no username found", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
        } else {
            if (apply2 != null) {
                apply.setUsername(apply2);
            }
            this.contextUpdateConsumer.accept(profileRequestContext);
            this.log.debug("Created WebAuthn authentication context {}", apply2 != null ? "for user '" + apply2 + "'" : "without existing username");
        }
    }
}
