package org.opensaml.saml.saml1.profile.impl;

import java.io.IOException;
import java.util.Iterator;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.messaging.context.navigate.MessageLookup;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.opensaml.profile.context.navigate.OutboundMessageContextLookup;
import org.opensaml.saml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.saml.common.messaging.context.navigate.SAMLMessageContextIssuerFunction;
import org.opensaml.saml.common.profile.SAMLEventIds;
import org.opensaml.saml.saml1.core.Assertion;
import org.opensaml.saml.saml1.core.AssertionArtifact;
import org.opensaml.saml.saml1.core.Request;
import org.opensaml.saml.saml1.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:opensaml-saml-impl-4.0.1.jar:org/opensaml/saml/saml1/profile/impl/ResolveArtifacts.class */
public class ResolveArtifacts extends AbstractProfileAction {

    @NonnullAfterInit
    private Function<ProfileRequestContext, String> issuerLookupStrategy;

    @NonnullAfterInit
    private SAMLArtifactMap artifactMap;

    @Nullable
    private Request request;

    @Nullable
    private Response response;

    @Nullable
    private String issuerId;

    @Nullable
    private String requesterId;

    @Nonnull
    private Logger log = LoggerFactory.getLogger(ResolveArtifacts.class);

    @Nonnull
    private Function<ProfileRequestContext, Request> requestLookupStrategy = new MessageLookup(Request.class).compose(new InboundMessageContextLookup());

    @Nonnull
    private Function<ProfileRequestContext, Response> responseLookupStrategy = new MessageLookup(Response.class).compose(new OutboundMessageContextLookup());

    @Nonnull
    private Function<ProfileRequestContext, String> requesterLookupStrategy = new SAMLMessageContextIssuerFunction().compose(new InboundMessageContextLookup());

    public synchronized void setRequestLookupStrategy(@Nonnull Function<ProfileRequestContext, Request> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.requestLookupStrategy = (Function) Constraint.isNotNull(function, "Request lookup strategy cannot be null");
    }

    public synchronized void setResponseLookupStrategy(@Nonnull Function<ProfileRequestContext, Response> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.responseLookupStrategy = (Function) Constraint.isNotNull(function, "Response lookup strategy cannot be null");
    }

    public synchronized void setIssuerLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.issuerLookupStrategy = (Function) Constraint.isNotNull(function, "Issuer lookup strategy cannot be null");
    }

    public synchronized void setRequesterLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.requesterLookupStrategy = (Function) Constraint.isNotNull(function, "Requester lookup strategy cannot be null");
    }

    public synchronized void setArtifactMap(@Nonnull SAMLArtifactMap sAMLArtifactMap) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.artifactMap = (SAMLArtifactMap) Constraint.isNotNull(sAMLArtifactMap, "SAMLArtifactMap cannot be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.artifactMap == null) {
            throw new ComponentInitializationException("SAMLArtifactMap cannot be null");
        }
        if (this.issuerLookupStrategy == null) {
            throw new ComponentInitializationException("Issuer lookup strategy cannot be null");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        this.request = this.requestLookupStrategy.apply(profileRequestContext);
        if (this.request == null) {
            this.log.debug("{} No request located", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
            return false;
        }
        if (this.request.getAssertionArtifacts().isEmpty()) {
            this.log.debug("{} No AssertionArtifact elements found in request, nothing to do", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
            return false;
        }
        this.response = this.responseLookupStrategy.apply(profileRequestContext);
        if (this.response == null) {
            this.log.debug("{} No response located", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
            return false;
        }
        this.issuerId = this.issuerLookupStrategy.apply(profileRequestContext);
        if (this.issuerId == null) {
            this.log.debug("{} No issuer identity located", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
            return false;
        }
        this.requesterId = this.requesterLookupStrategy.apply(profileRequestContext);
        if (this.requesterId != null) {
            return super.doPreExecute(profileRequestContext);
        }
        this.log.debug("{} No requester identity located", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
        return false;
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        boolean z = true;
        try {
            Iterator<AssertionArtifact> it = this.request.getAssertionArtifacts().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AssertionArtifact next = it.next();
                SAMLArtifactMap.SAMLArtifactMapEntry sAMLArtifactMapEntry = this.artifactMap.get(next.getValue());
                if (sAMLArtifactMapEntry == null) {
                    this.log.warn("{} Unresolvable AssertionArtifact '{}' from relying party '{}'", new Object[]{getLogPrefix(), next.getValue(), this.requesterId});
                    z = false;
                    break;
                }
                this.artifactMap.remove(next.getValue());
                if (!sAMLArtifactMapEntry.getIssuerId().equals(this.issuerId)) {
                    this.log.warn("{} Artifact issuer mismatch, issued by '{}' but IdP has entityID of '{}'", new Object[]{getLogPrefix(), sAMLArtifactMapEntry.getIssuerId(), this.issuerId});
                    z = false;
                    break;
                } else if (!sAMLArtifactMapEntry.getRelyingPartyId().equals(this.requesterId)) {
                    this.log.warn("{} Artifact relying party mismatch, issued to '{}' but requested by '{}'", new Object[]{getLogPrefix(), sAMLArtifactMapEntry.getRelyingPartyId(), this.requesterId});
                    z = false;
                    break;
                } else {
                    if (!(sAMLArtifactMapEntry.getSamlMessage() instanceof Assertion)) {
                        this.log.warn("{} Artifact '{}' resolved to a non-Assertion object", getLogPrefix(), next.getValue());
                        z = false;
                        break;
                    }
                    this.response.getAssertions().add((Assertion) sAMLArtifactMapEntry.getSamlMessage());
                }
            }
        } catch (IOException e) {
            this.log.error("{} Error resolving artifact", getLogPrefix(), e);
            z = false;
        }
        if (z) {
            return;
        }
        this.response.getAssertions().clear();
        for (AssertionArtifact assertionArtifact : this.request.getAssertionArtifacts()) {
            try {
                this.artifactMap.remove(assertionArtifact.getValue());
            } catch (IOException e2) {
                this.log.error("{} Error removing mapping for artifact '{}'", getLogPrefix(), assertionArtifact.getValue());
            }
        }
        ActionSupport.buildEvent(profileRequestContext, SAMLEventIds.UNABLE_RESOLVE_ARTIFACT);
    }
}
