package org.opensaml.saml.common.profile.logic;

import com.google.common.base.Function;
import com.google.common.base.Predicate;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.component.AbstractInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml1.core.NameIdentifier;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.NameIDType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:addressbookconnector-2.14-jar-with-dependencies.jar:org/opensaml/saml/common/profile/logic/AbstractNameIDPolicyPredicate.class */
public abstract class AbstractNameIDPolicyPredicate extends AbstractInitializableComponent implements Predicate<ProfileRequestContext> {

    @Nullable
    private Function<ProfileRequestContext, String> requesterIdLookupStrategy;

    @Nullable
    private Function<ProfileRequestContext, String> responderIdLookupStrategy;

    @NonnullAfterInit
    private Function<ProfileRequestContext, SAMLObject> objectLookupStrategy;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AbstractNameIDPolicyPredicate.class);

    @NonnullElements
    @Nonnull
    private Set<String> formats = new HashSet(Arrays.asList(NameIDType.TRANSIENT, NameIDType.PERSISTENT));

    public void setRequesterIdLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.requesterIdLookupStrategy = function;
    }

    public void setResponderIdLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.responderIdLookupStrategy = function;
    }

    public void setObjectLookupStrategy(@Nullable Function<ProfileRequestContext, SAMLObject> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.objectLookupStrategy = (Function) Constraint.isNotNull(function, "Object lookup strategy cannot be null");
    }

    public void setFormats(@Nullable Collection<String> collection) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.formats = new HashSet(StringSupport.normalizeStringCollection(collection));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.objectLookupStrategy == null) {
            throw new ComponentInitializationException("Object lookup strategy cannot be null");
        }
    }

    @Override // com.google.common.base.Predicate
    public boolean apply(@Nullable ProfileRequestContext profileRequestContext) {
        SAMLObject apply = this.objectLookupStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.debug("No object to operate on, returning true");
            return true;
        }
        if (apply instanceof NameIdentifier) {
            return doApply(profileRequestContext, (NameIdentifier) apply);
        }
        if (apply instanceof NameID) {
            return doApply(profileRequestContext, (NameID) apply);
        }
        if (apply instanceof NameIDPolicy) {
            return doApply(profileRequestContext, (NameIDPolicy) apply);
        }
        this.log.error("Lookup function returned an object of an unsupported type: {}", apply.getElementQName());
        return false;
    }

    private boolean doApply(@Nullable ProfileRequestContext profileRequestContext, @Nonnull NameIdentifier nameIdentifier) {
        String apply = this.requesterIdLookupStrategy != null ? this.requesterIdLookupStrategy.apply(profileRequestContext) : null;
        String apply2 = this.responderIdLookupStrategy != null ? this.responderIdLookupStrategy.apply(profileRequestContext) : null;
        String format = nameIdentifier.getFormat();
        if (this.formats.contains(format != null ? format : "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified")) {
            this.log.debug("Applying policy to NameIdentifier with Format {}", format != null ? format : "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
            return doApply(apply, apply2, format, nameIdentifier.getNameQualifier(), null);
        }
        this.log.debug("Policy checking disabled for NameIdentifier Format {}", format != null ? format : "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        return true;
    }

    private boolean doApply(@Nullable ProfileRequestContext profileRequestContext, @Nonnull NameID nameID) {
        String apply = this.requesterIdLookupStrategy != null ? this.requesterIdLookupStrategy.apply(profileRequestContext) : null;
        String apply2 = this.responderIdLookupStrategy != null ? this.responderIdLookupStrategy.apply(profileRequestContext) : null;
        String format = nameID.getFormat();
        if (this.formats.contains(format != null ? format : "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified")) {
            this.log.debug("Applying policy to NameID with Format {}", format != null ? format : "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
            return doApply(apply, apply2, format, nameID.getNameQualifier(), nameID.getSPNameQualifier());
        }
        this.log.debug("Policy checking disabled for NameID Format {}", format != null ? format : "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        return true;
    }

    private boolean doApply(@Nullable ProfileRequestContext profileRequestContext, @Nonnull NameIDPolicy nameIDPolicy) {
        return doApply(this.requesterIdLookupStrategy != null ? this.requesterIdLookupStrategy.apply(profileRequestContext) : null, this.responderIdLookupStrategy != null ? this.responderIdLookupStrategy.apply(profileRequestContext) : null, nameIDPolicy.getFormat(), null, nameIDPolicy.getSPNameQualifier());
    }

    protected abstract boolean doApply(@Nullable String str, @Nullable String str2, @Nullable String str3, @Nullable String str4, @Nullable String str5);
}
