package org.opensaml.saml.saml2.profile.impl;

import com.google.common.base.Function;
import com.google.common.base.Functions;
import java.net.URI;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.joda.time.DateTime;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.messaging.context.navigate.MessageLookup;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.OutboundMessageContextLookup;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.common.binding.BindingException;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-saml-impl-3.1.1.jar:org/opensaml/saml/saml2/profile/impl/AddSubjectConfirmationToSubjects.class */
public class AddSubjectConfirmationToSubjects extends AbstractProfileAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) AddSubjectConfirmationToSubjects.class);

    @Nonnull
    private final SAMLObjectBuilder<Subject> subjectBuilder = (SAMLObjectBuilder) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(Subject.DEFAULT_ELEMENT_NAME);

    @Nonnull
    private final SAMLObjectBuilder<SubjectConfirmation> confirmationBuilder = (SAMLObjectBuilder) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(SubjectConfirmation.DEFAULT_ELEMENT_NAME);

    @Nonnull
    private final SAMLObjectBuilder<SubjectConfirmationData> confirmationDataBuilder = (SAMLObjectBuilder) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
    private boolean overwriteExisting = true;

    @Nonnull
    private Function<ProfileRequestContext, Response> responseLookupStrategy = Functions.compose(new MessageLookup(Response.class), new OutboundMessageContextLookup());

    @Nullable
    private Function<ProfileRequestContext, String> addressLookupStrategy = new Function<ProfileRequestContext, String>() { // from class: org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects.1
        @Override // com.google.common.base.Function, java.util.function.Function
        public String apply(ProfileRequestContext profileRequestContext) {
            String remoteAddr = AddSubjectConfirmationToSubjects.this.getHttpServletRequest() != null ? AddSubjectConfirmationToSubjects.this.getHttpServletRequest().getRemoteAddr() : null;
            AddSubjectConfirmationToSubjects.this.log.debug("{} Setting confirmation data Address to {}", AddSubjectConfirmationToSubjects.this.getLogPrefix(), remoteAddr != null ? remoteAddr : "(none)");
            return remoteAddr;
        }
    };

    @Nullable
    private Function<ProfileRequestContext, String> inResponseToLookupStrategy = new Function<ProfileRequestContext, String>() { // from class: org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects.2
        @Override // com.google.common.base.Function, java.util.function.Function
        public String apply(ProfileRequestContext profileRequestContext) {
            if (AddSubjectConfirmationToSubjects.this.response == null || AddSubjectConfirmationToSubjects.this.response.getInResponseTo() == null) {
                AddSubjectConfirmationToSubjects.this.log.debug("{} Setting confirmation data InResponseTo to (none)", AddSubjectConfirmationToSubjects.this.getLogPrefix());
                return null;
            }
            AddSubjectConfirmationToSubjects.this.log.debug("{} Setting confirmation data InResponseTo to {}", AddSubjectConfirmationToSubjects.this.getLogPrefix(), AddSubjectConfirmationToSubjects.this.response.getInResponseTo());
            return AddSubjectConfirmationToSubjects.this.response.getInResponseTo();
        }
    };

    @Nullable
    private Function<ProfileRequestContext, String> recipientLookupStrategy = new Function<ProfileRequestContext, String>() { // from class: org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects.3
        @Override // com.google.common.base.Function, java.util.function.Function
        public String apply(ProfileRequestContext profileRequestContext) {
            if (profileRequestContext.getOutboundMessageContext() != null) {
                try {
                    URI endpointURL = SAMLBindingSupport.getEndpointURL(profileRequestContext.getOutboundMessageContext());
                    if (endpointURL != null) {
                        String uri = endpointURL.toString();
                        AddSubjectConfirmationToSubjects.this.log.debug("{} Setting confirmation data Recipient to {}", AddSubjectConfirmationToSubjects.this.getLogPrefix(), uri);
                        return uri;
                    }
                } catch (BindingException e) {
                    AddSubjectConfirmationToSubjects.this.log.debug("{} Error getting response endpoint", AddSubjectConfirmationToSubjects.this.getLogPrefix(), e);
                }
            }
            AddSubjectConfirmationToSubjects.this.log.debug("{} Setting confirmation data Recipient to (none)", AddSubjectConfirmationToSubjects.this.getLogPrefix());
            return null;
        }
    };

    @Nullable
    private Function<ProfileRequestContext, Long> lifetimeLookupStrategy = new Function<ProfileRequestContext, Long>() { // from class: org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects.4
        @Override // com.google.common.base.Function, java.util.function.Function
        public Long apply(ProfileRequestContext profileRequestContext) {
            AddSubjectConfirmationToSubjects.this.log.debug("{} Setting confirmation data NotOnOrAfter to 5 minutes from now", AddSubjectConfirmationToSubjects.this.getLogPrefix());
            return 300000L;
        }
    };

    @NonnullAfterInit
    private String confirmationMethod;

    @Nullable
    private Response response;

    public void setOverwriteExisting(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.overwriteExisting = z;
    }

    public void setResponseLookupStrategy(@Nonnull Function<ProfileRequestContext, Response> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.responseLookupStrategy = (Function) Constraint.isNotNull(function, "Response lookup strategy cannot be null");
    }

    public void setAddressLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.addressLookupStrategy = function;
    }

    public void setInResponseToLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.inResponseToLookupStrategy = function;
    }

    public void setRecipientLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.recipientLookupStrategy = function;
    }

    public void setLifetimeLookupStrategy(@Nullable Function<ProfileRequestContext, Long> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.lifetimeLookupStrategy = function;
    }

    public void setMethod(@NotEmpty @Nonnull String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.confirmationMethod = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Confirmation method cannot be null or empty");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.confirmationMethod == null) {
            throw new ComponentInitializationException("Confirmation method cannot be null or empty");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        this.log.debug("{} Attempting to add SubjectConfirmation to assertions in outgoing Response", getLogPrefix());
        this.response = this.responseLookupStrategy.apply(profileRequestContext);
        if (this.response == null) {
            this.log.debug("{} No SAML response located in current profile request context", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
            return false;
        }
        if (!this.response.getAssertions().isEmpty()) {
            return super.doPreExecute(profileRequestContext);
        }
        this.log.debug("{} No assertions in response message, nothing to do", getLogPrefix());
        return false;
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        SubjectConfirmation mo11982buildObject = this.confirmationBuilder.mo11982buildObject();
        mo11982buildObject.setMethod(this.confirmationMethod);
        SubjectConfirmationData subjectConfirmationData = null;
        String apply = this.addressLookupStrategy != null ? this.addressLookupStrategy.apply(profileRequestContext) : null;
        if (apply != null) {
            subjectConfirmationData = 0 != 0 ? null : this.confirmationDataBuilder.mo11982buildObject();
            subjectConfirmationData.setAddress(apply);
        }
        String apply2 = this.inResponseToLookupStrategy != null ? this.inResponseToLookupStrategy.apply(profileRequestContext) : null;
        if (apply2 != null) {
            subjectConfirmationData = subjectConfirmationData != null ? subjectConfirmationData : this.confirmationDataBuilder.mo11982buildObject();
            subjectConfirmationData.setInResponseTo(apply2);
        }
        String apply3 = this.recipientLookupStrategy != null ? this.recipientLookupStrategy.apply(profileRequestContext) : null;
        if (apply3 != null) {
            subjectConfirmationData = subjectConfirmationData != null ? subjectConfirmationData : this.confirmationDataBuilder.mo11982buildObject();
            subjectConfirmationData.setRecipient(apply3);
        }
        Long apply4 = this.lifetimeLookupStrategy != null ? this.lifetimeLookupStrategy.apply(profileRequestContext) : null;
        if (apply4 != null) {
            subjectConfirmationData = subjectConfirmationData != null ? subjectConfirmationData : this.confirmationDataBuilder.mo11982buildObject();
            subjectConfirmationData.setNotOnOrAfter(new DateTime().plus(apply4.longValue()));
        }
        if (subjectConfirmationData != null) {
            mo11982buildObject.setSubjectConfirmationData(subjectConfirmationData);
        }
        int i = 0;
        Iterator<Assertion> it = this.response.getAssertions().iterator();
        while (it.hasNext()) {
            Subject assertionSubject = getAssertionSubject(it.next());
            if (this.overwriteExisting) {
                assertionSubject.getSubjectConfirmations().clear();
            }
            assertionSubject.getSubjectConfirmations().add(i > 0 ? cloneConfirmation(mo11982buildObject) : mo11982buildObject);
            i++;
        }
        if (i > 0) {
            this.log.debug("{} Added SubjectConfirmation with method {} to {} assertion(s)", getLogPrefix(), this.confirmationMethod, Integer.valueOf(i));
        }
    }

    @Nonnull
    private Subject getAssertionSubject(@Nonnull Assertion assertion) {
        if (assertion.getSubject() != null) {
            return assertion.getSubject();
        }
        Subject mo11982buildObject = this.subjectBuilder.mo11982buildObject();
        assertion.setSubject(mo11982buildObject);
        return mo11982buildObject;
    }

    @Nonnull
    private SubjectConfirmation cloneConfirmation(@Nonnull SubjectConfirmation subjectConfirmation) {
        SubjectConfirmation mo11982buildObject = this.confirmationBuilder.mo11982buildObject();
        mo11982buildObject.setMethod(subjectConfirmation.getMethod());
        SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
        if (subjectConfirmationData != null) {
            SubjectConfirmationData mo11982buildObject2 = this.confirmationDataBuilder.mo11982buildObject();
            mo11982buildObject2.setAddress(subjectConfirmationData.getAddress());
            mo11982buildObject2.setInResponseTo(subjectConfirmationData.getInResponseTo());
            mo11982buildObject2.setRecipient(subjectConfirmationData.getRecipient());
            mo11982buildObject2.setNotBefore(subjectConfirmationData.getNotBefore());
            mo11982buildObject2.setNotOnOrAfter(subjectConfirmationData.getNotOnOrAfter());
            mo11982buildObject.setSubjectConfirmationData(mo11982buildObject2);
        }
        return mo11982buildObject;
    }
}
