package net.shibboleth.idp.authn.impl;

import java.util.Set;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction;
import net.shibboleth.idp.authn.AuthnEventIds;
import net.shibboleth.idp.authn.SubjectCanonicalizationException;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;

/* loaded from: input_file:WEB-INF/lib/idp-authn-impl-4.0.0.jar:net/shibboleth/idp/authn/impl/SimpleSubjectCanonicalization.class */
public class SimpleSubjectCanonicalization extends AbstractSubjectCanonicalizationAction {

    @Nonnull
    private final ActivationCondition embeddedPredicate = new ActivationCondition();

    @Nullable
    private UsernamePrincipal usernamePrincipal;

    /* loaded from: input_file:WEB-INF/lib/idp-authn-impl-4.0.0.jar:net/shibboleth/idp/authn/impl/SimpleSubjectCanonicalization$ActivationCondition.class */
    public static class ActivationCondition implements Predicate<ProfileRequestContext> {
        @Override // java.util.function.Predicate
        public boolean test(@Nullable ProfileRequestContext profileRequestContext) {
            SubjectCanonicalizationContext subjectCanonicalizationContext;
            if (profileRequestContext == null || (subjectCanonicalizationContext = (SubjectCanonicalizationContext) profileRequestContext.getSubcontext(SubjectCanonicalizationContext.class, false)) == null) {
                return false;
            }
            return apply(profileRequestContext, subjectCanonicalizationContext, false);
        }

        public boolean apply(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext, boolean z) {
            Set principals = subjectCanonicalizationContext.getSubject() != null ? subjectCanonicalizationContext.getSubject().getPrincipals(UsernamePrincipal.class) : null;
            if (!z) {
                return principals != null && principals.size() == 1;
            }
            if (principals == null || principals.isEmpty()) {
                subjectCanonicalizationContext.setException(new SubjectCanonicalizationException("No UsernamePrincipals were found"));
                ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT);
                return false;
            }
            if (principals.size() <= 1) {
                return true;
            }
            subjectCanonicalizationContext.setException(new SubjectCanonicalizationException("Multiple UsernamePrincipals were found"));
            ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) {
        if (!this.embeddedPredicate.apply(profileRequestContext, subjectCanonicalizationContext, true)) {
            return false;
        }
        this.usernamePrincipal = (UsernamePrincipal) subjectCanonicalizationContext.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        return super.doPreExecute(profileRequestContext, subjectCanonicalizationContext);
    }

    @Override // net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) {
        subjectCanonicalizationContext.setPrincipalName(applyTransforms(this.usernamePrincipal.getName()));
    }
}
