package net.shibboleth.idp.attribute.filter.policyrule.impl;

import com.google.common.base.MoreObjects;
import java.util.List;
import java.util.Objects;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.ThreadSafe;
import javax.script.ScriptContext;
import javax.security.auth.Subject;
import net.shibboleth.idp.attribute.filter.PolicyRequirementRule;
import net.shibboleth.idp.attribute.filter.context.AttributeFilterContext;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.component.UnmodifiableComponent;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.scripting.AbstractScriptEvaluator;
import net.shibboleth.utilities.java.support.scripting.EvaluableScript;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.messaging.context.navigate.ParentContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/idp-attribute-filter-impl-4.1.2.jar:net/shibboleth/idp/attribute/filter/policyrule/impl/ScriptedPolicyRule.class */
public class ScriptedPolicyRule extends AbstractIdentifiableInitializableComponent implements PolicyRequirementRule, UnmodifiableComponent {

    @NonnullAfterInit
    private EvaluableScript script;

    @NonnullAfterInit
    private PolicyRuleScriptEvaluator scriptEvaluator;

    @Nullable
    private Object customObject;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) ScriptedPolicyRule.class);

    @Nonnull
    private Function<AttributeFilterContext, ProfileRequestContext> prcLookupStrategy = new ParentContextLookup(ProfileRequestContext.class).compose(new ParentContextLookup(RelyingPartyContext.class));

    @Nonnull
    private Function<ProfileRequestContext, SubjectContext> scLookupStrategy = new ChildContextLookup(SubjectContext.class);

    /* loaded from: input_file:WEB-INF/lib/idp-attribute-filter-impl-4.1.2.jar:net/shibboleth/idp/attribute/filter/policyrule/impl/ScriptedPolicyRule$PolicyRuleScriptEvaluator.class */
    private class PolicyRuleScriptEvaluator extends AbstractScriptEvaluator {
        public PolicyRuleScriptEvaluator(@Nonnull EvaluableScript evaluableScript) {
            super(evaluableScript);
            setOutputType(Boolean.class);
            setReturnOnError(PolicyRequirementRule.Tristate.FAIL);
            setHideExceptions(true);
        }

        @Nonnull
        public PolicyRequirementRule.Tristate execute(@Nonnull AttributeFilterContext attributeFilterContext) {
            Object evaluate = evaluate(attributeFilterContext);
            if (null != evaluate) {
                return evaluate instanceof Boolean ? ((Boolean) evaluate).booleanValue() ? PolicyRequirementRule.Tristate.TRUE : PolicyRequirementRule.Tristate.FALSE : (PolicyRequirementRule.Tristate) evaluate;
            }
            ScriptedPolicyRule.this.log.error("{} Matcher script did not return a result", getLogPrefix());
            return PolicyRequirementRule.Tristate.FAIL;
        }

        @Override // net.shibboleth.utilities.java.support.scripting.AbstractScriptEvaluator
        protected void prepareContext(@Nonnull ScriptContext scriptContext, @Nullable Object... objArr) {
            SubjectContext apply;
            scriptContext.setAttribute("filterContext", objArr[0], 100);
            ProfileRequestContext apply2 = ScriptedPolicyRule.this.prcLookupStrategy.apply((AttributeFilterContext) objArr[0]);
            scriptContext.setAttribute("profileContext", apply2, 100);
            if (null == apply2) {
                ScriptedPolicyRule.this.log.error("{} Could not locate ProfileRequestContext", getLogPrefix());
                apply = null;
            } else {
                apply = ScriptedPolicyRule.this.scLookupStrategy.apply(apply2);
            }
            if (null == apply) {
                ScriptedPolicyRule.this.log.warn("{} Could not locate SubjectContext", getLogPrefix());
                return;
            }
            List<Subject> subjects = apply.getSubjects();
            if (null == subjects) {
                ScriptedPolicyRule.this.log.warn("{} Could not locate Subjects", getLogPrefix());
            } else {
                scriptContext.setAttribute("subjects", subjects.toArray(new Subject[subjects.size()]), 100);
            }
        }
    }

    @Nullable
    public Object getCustomObject() {
        return this.customObject;
    }

    public void setCustomObject(@Nullable Object obj) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.customObject = obj;
    }

    @NonnullAfterInit
    public EvaluableScript getScript() {
        return this.script;
    }

    public void setScript(@Nonnull EvaluableScript evaluableScript) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.script = (EvaluableScript) Constraint.isNotNull(evaluableScript, "Attribute value matching script can not be null");
    }

    public void setProfileRequestContextLookupStrategy(@Nonnull Function<AttributeFilterContext, ProfileRequestContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.prcLookupStrategy = (Function) Constraint.isNotNull(function, "ProfileRequestContext lookup strategy cannot be null");
    }

    public void setSubjectContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SubjectContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.scLookupStrategy = (Function) Constraint.isNotNull(function, "SubjectContext lookup strategy cannot be null");
    }

    @Override // net.shibboleth.idp.attribute.filter.PolicyRequirementRule
    @Nonnull
    public PolicyRequirementRule.Tristate matches(@Nonnull AttributeFilterContext attributeFilterContext) {
        Constraint.isNotNull(attributeFilterContext, "Attribute filter context cannot be null");
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        return this.scriptEvaluator.execute(attributeFilterContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent, net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (null == this.script) {
            throw new ComponentInitializationException("No script has been provided");
        }
        this.scriptEvaluator = new PolicyRuleScriptEvaluator(this.script);
        this.scriptEvaluator.setCustomObject(this.customObject);
        this.scriptEvaluator.setLogPrefix("Scripted Attribute Filter '" + getId() + "':");
    }

    public boolean equals(Object obj) {
        if (obj == null) {
            return false;
        }
        if (obj == this) {
            return true;
        }
        if (obj instanceof ScriptedPolicyRule) {
            return this.script.equals(((ScriptedPolicyRule) obj).getScript());
        }
        return false;
    }

    public int hashCode() {
        return Objects.hash(this.script, getId());
    }

    public String toString() {
        return MoreObjects.toStringHelper(this).add("Script", getScript()).toString();
    }
}
