package net.shibboleth.idp.authn.context;

import com.google.common.base.MoreObjects;
import java.lang.reflect.Constructor;
import java.security.Principal;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AuthenticationFlowDescriptor;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.ExternalAuthentication;
import net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry;
import net.shibboleth.idp.authn.principal.PrincipalSupportingComponent;
import net.shibboleth.idp.authn.principal.ProxyAuthenticationPrincipal;
import net.shibboleth.utilities.java.support.annotation.constraint.Live;
import net.shibboleth.utilities.java.support.annotation.constraint.NonNegative;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.messaging.context.BaseContext;
import org.opensaml.profile.context.ProfileRequestContext;

/* loaded from: input_file:WEB-INF/lib/idp-authn-api-4.0.0.jar:net/shibboleth/idp/authn/context/AuthenticationContext.class */
public final class AuthenticationContext extends BaseContext {
    private boolean forceAuthn;
    private boolean isPassive;

    @Nullable
    private String hintedName;

    @Nullable
    private Duration maxAge;

    @Nullable
    private String authenticatingAuthority;

    @NonNegative
    @Nullable
    private Integer proxyCount;

    @Nullable
    private Function<ProfileRequestContext, String> fixedEventLookupStrategy;

    @Nullable
    private PrincipalEvalPredicateFactoryRegistry evalRegistry;

    @Nullable
    private AuthenticationFlowDescriptor attemptedFlow;

    @Nullable
    private String signaledFlowId;

    @Nullable
    private AuthenticationResult authenticationResult;

    @Nullable
    private Instant completionInstant;

    @Nonnull
    private final Instant initiationInstant = Instant.now();

    @NonnullElements
    @Nonnull
    private final Map<String, AuthenticationFlowDescriptor> availableFlows = new HashMap();

    @NonnullElements
    @Nonnull
    private final Map<String, AuthenticationFlowDescriptor> potentialFlows = new LinkedHashMap();

    @NonnullElements
    @Nonnull
    private final Map<String, AuthenticationResult> activeResults = new HashMap();

    @NonnullElements
    @Nonnull
    private final Map<String, AuthenticationFlowDescriptor> intermediateFlows = new HashMap();

    @Nonnull
    private final Map<String, Object> stateMap = new HashMap();
    private boolean resultCacheable = true;

    @NonnullElements
    @Nullable
    private Set<String> proxiableAuthorities = new HashSet();

    @Nonnull
    public Instant getInitiationInstant() {
        return this.initiationInstant;
    }

    @NonnullElements
    @Live
    @Nonnull
    public Map<String, AuthenticationResult> getActiveResults() {
        return this.activeResults;
    }

    @Nonnull
    public AuthenticationContext setActiveResults(@NonnullElements @Nonnull Iterable<AuthenticationResult> iterable) {
        Constraint.isNotNull(iterable, "AuthenticationResult collection cannot be null");
        this.activeResults.clear();
        for (AuthenticationResult authenticationResult : iterable) {
            this.activeResults.put(authenticationResult.getAuthenticationFlowId(), authenticationResult);
        }
        return this;
    }

    @NonnullElements
    @Live
    @Nonnull
    public Map<String, AuthenticationFlowDescriptor> getAvailableFlows() {
        return this.availableFlows;
    }

    @NonnullElements
    @Live
    @Nonnull
    public Map<String, AuthenticationFlowDescriptor> getPotentialFlows() {
        return this.potentialFlows;
    }

    @NonnullElements
    @Live
    @Nonnull
    public Map<String, AuthenticationFlowDescriptor> getIntermediateFlows() {
        return this.intermediateFlows;
    }

    @Nonnull
    public PrincipalEvalPredicateFactoryRegistry getPrincipalEvalPredicateFactoryRegistry() {
        RequestedPrincipalContext requestedPrincipalContext = (RequestedPrincipalContext) getSubcontext(RequestedPrincipalContext.class);
        return requestedPrincipalContext != null ? requestedPrincipalContext.getPrincipalEvalPredicateFactoryRegistry() : this.evalRegistry != null ? this.evalRegistry : new PrincipalEvalPredicateFactoryRegistry();
    }

    @Nonnull
    public AuthenticationContext setPrincipalEvalPredicateFactoryRegistry(@Nullable PrincipalEvalPredicateFactoryRegistry principalEvalPredicateFactoryRegistry) {
        this.evalRegistry = principalEvalPredicateFactoryRegistry;
        RequestedPrincipalContext requestedPrincipalContext = (RequestedPrincipalContext) getSubcontext(RequestedPrincipalContext.class);
        if (requestedPrincipalContext != null) {
            requestedPrincipalContext.setPrincipalEvalPredicateFactoryRegistry(principalEvalPredicateFactoryRegistry);
        }
        return this;
    }

    public boolean isPassive() {
        return this.isPassive;
    }

    @Nonnull
    public AuthenticationContext setIsPassive(boolean z) {
        this.isPassive = z;
        return this;
    }

    public boolean isForceAuthn() {
        return this.forceAuthn;
    }

    @Nonnull
    public AuthenticationContext setForceAuthn(boolean z) {
        this.forceAuthn = z;
        return this;
    }

    @NotEmpty
    @Nullable
    public String getHintedName() {
        return this.hintedName;
    }

    @Nonnull
    public AuthenticationContext setHintedName(@Nullable String str) {
        this.hintedName = StringSupport.trimOrNull(str);
        return this;
    }

    @Nullable
    public Duration getMaxAge() {
        return this.maxAge;
    }

    @Nonnull
    public AuthenticationContext setMaxAge(@Nullable Duration duration) {
        Constraint.isFalse(duration != null && (duration.isNegative() || duration.isZero()), "MaxAge must be null or greater than 0");
        this.maxAge = duration;
        return this;
    }

    @Nullable
    public String getAuthenticatingAuthority() {
        return this.authenticatingAuthority;
    }

    @Nonnull
    public AuthenticationContext setAuthenticatingAuthority(@Nullable String str) {
        this.authenticatingAuthority = StringSupport.trimOrNull(str);
        return this;
    }

    @NonNegative
    @Nullable
    public Integer getProxyCount() {
        return this.proxyCount;
    }

    @Nonnull
    public AuthenticationContext setProxyCount(@NonNegative @Nullable Integer num) {
        if (num != null) {
            Constraint.isGreaterThanOrEqual(0, num.intValue(), "Proxy count cannot be negative");
        }
        this.proxyCount = num;
        return this;
    }

    @NonnullElements
    @Live
    @Nonnull
    public Set<String> getProxiableAuthorities() {
        return this.proxiableAuthorities;
    }

    @Nullable
    public Function<ProfileRequestContext, String> getFixedEventLookupStrategy() {
        return this.fixedEventLookupStrategy;
    }

    @Nonnull
    public AuthenticationContext setFixedEventLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        this.fixedEventLookupStrategy = function;
        return this;
    }

    @Nullable
    public AuthenticationFlowDescriptor getAttemptedFlow() {
        return this.attemptedFlow;
    }

    @Nonnull
    public AuthenticationContext setAttemptedFlow(@Nullable AuthenticationFlowDescriptor authenticationFlowDescriptor) {
        this.attemptedFlow = authenticationFlowDescriptor;
        return this;
    }

    @NotEmpty
    @Nullable
    public String getSignaledFlowId() {
        return this.signaledFlowId;
    }

    @Nonnull
    public AuthenticationContext setSignaledFlowId(@Nullable String str) {
        this.signaledFlowId = StringSupport.trimOrNull(str);
        return this;
    }

    @Live
    @Nonnull
    public Map<String, Object> getAuthenticationStateMap() {
        return this.stateMap;
    }

    @Nullable
    public AuthenticationResult getAuthenticationResult() {
        return this.authenticationResult;
    }

    @Nonnull
    public AuthenticationContext setAuthenticationResult(@Nullable AuthenticationResult authenticationResult) {
        this.authenticationResult = authenticationResult;
        return this;
    }

    public boolean isResultCacheable() {
        return this.resultCacheable;
    }

    public void setResultCacheable(boolean z) {
        this.resultCacheable = z;
    }

    @Nullable
    public Instant getCompletionInstant() {
        return this.completionInstant;
    }

    @Nonnull
    public AuthenticationContext setCompletionInstant() {
        this.completionInstant = Instant.now();
        return this;
    }

    public boolean isAcceptable(@Nonnull PrincipalSupportingComponent principalSupportingComponent) {
        RequestedPrincipalContext requestedPrincipalContext = (RequestedPrincipalContext) getSubcontext(RequestedPrincipalContext.class);
        return requestedPrincipalContext != null ? requestedPrincipalContext.isAcceptable(principalSupportingComponent) : checkProxyRestrictions(principalSupportingComponent.getSupportedPrincipals(ProxyAuthenticationPrincipal.class));
    }

    public boolean isAcceptable(@NonnullElements @Nonnull Collection<Principal> collection) {
        RequestedPrincipalContext requestedPrincipalContext = (RequestedPrincipalContext) getSubcontext(RequestedPrincipalContext.class);
        if (requestedPrincipalContext != null) {
            return requestedPrincipalContext.isAcceptable(collection);
        }
        Stream<Principal> stream = collection.stream();
        Class<ProxyAuthenticationPrincipal> cls = ProxyAuthenticationPrincipal.class;
        Objects.requireNonNull(ProxyAuthenticationPrincipal.class);
        Stream<Principal> filter = stream.filter((v1) -> {
            return r2.isInstance(v1);
        });
        Class<ProxyAuthenticationPrincipal> cls2 = ProxyAuthenticationPrincipal.class;
        Objects.requireNonNull(ProxyAuthenticationPrincipal.class);
        return checkProxyRestrictions((Collection) filter.map((v1) -> {
            return r2.cast(v1);
        }).collect(Collectors.toUnmodifiableList()));
    }

    public <T extends Principal> boolean isAcceptable(@Nonnull T t) {
        RequestedPrincipalContext requestedPrincipalContext = (RequestedPrincipalContext) getSubcontext(RequestedPrincipalContext.class);
        if (requestedPrincipalContext != null) {
            return requestedPrincipalContext.isAcceptable((RequestedPrincipalContext) t);
        }
        if (t instanceof ProxyAuthenticationPrincipal) {
            return checkProxyRestrictions(Collections.singletonList((ProxyAuthenticationPrincipal) t));
        }
        return true;
    }

    public boolean addRequestedPrincipalContext(@NotEmpty @Nonnull String str, @NotEmpty @Nonnull String str2, @NotEmpty @Nonnull String str3, boolean z) throws Exception {
        return addRequestedPrincipalContext(str, str2, Collections.singletonList(str3), z);
    }

    public boolean addRequestedPrincipalContext(@NotEmpty @Nonnull String str, @NotEmpty @Nonnull String str2, @Nonnull Collection<String> collection, boolean z) throws Exception {
        Constructor constructor = Class.forName(str2).asSubclass(Principal.class).getConstructor(String.class);
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add((Principal) constructor.newInstance(it.next()));
        }
        return addRequestedPrincipalContext(str, arrayList, z);
    }

    public boolean addRequestedPrincipalContext(@NotEmpty @Nonnull String str, @Nonnull Principal principal, boolean z) {
        return addRequestedPrincipalContext(str, Collections.singletonList(principal), z);
    }

    public boolean addRequestedPrincipalContext(@NotEmpty @Nonnull String str, @NonnullElements @Nonnull List<Principal> list, boolean z) {
        if (((RequestedPrincipalContext) getSubcontext(RequestedPrincipalContext.class)) != null && !z) {
            return false;
        }
        RequestedPrincipalContext requestedPrincipalContext = new RequestedPrincipalContext();
        requestedPrincipalContext.setOperator(str).setPrincipalEvalPredicateFactoryRegistry(this.evalRegistry).setRequestedPrincipals(list);
        addSubcontext(requestedPrincipalContext, true);
        return true;
    }

    public String toString() {
        return MoreObjects.toStringHelper(this).add("initiationInstant", this.initiationInstant).add(ExternalAuthentication.PASSIVE_AUTHN_PARAM, this.isPassive).add(ExternalAuthentication.FORCE_AUTHN_PARAM, this.forceAuthn).add("hintedName", this.hintedName).add("maxAge", this.maxAge).add("potentialFlows", this.potentialFlows.keySet()).add("activeResults", this.activeResults.keySet()).add("attemptedFlow", this.attemptedFlow).add("signaledFlowId", this.signaledFlowId).add("authenticationStateMap", this.stateMap).add("resultCacheable", this.resultCacheable).add("authenticationResult", this.authenticationResult).add("completionInstant", this.completionInstant).toString();
    }

    private boolean checkProxyRestrictions(@NonnullElements @Nullable Collection<ProxyAuthenticationPrincipal> collection) {
        if (collection == null || collection.isEmpty()) {
            return true;
        }
        BaseContext parent = getParent();
        if (!(parent instanceof ProfileRequestContext)) {
            return true;
        }
        Iterator<ProxyAuthenticationPrincipal> it = collection.iterator();
        while (it.hasNext()) {
            if (!it.next().test((ProfileRequestContext) parent)) {
                return false;
            }
        }
        return true;
    }
}
