package net.shibboleth.idp.saml.session.impl;

import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.saml.session.SAML2SPSession;
import net.shibboleth.idp.session.BasicSPSession;
import net.shibboleth.idp.session.SPSession;
import net.shibboleth.utilities.java.support.collection.Pair;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.messaging.context.navigate.MessageLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.OutboundMessageContextLookup;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-saml-impl-4.1.2.jar:net/shibboleth/idp/saml/session/impl/SAML2SPSessionCreationStrategy.class */
public class SAML2SPSessionCreationStrategy implements Function<ProfileRequestContext, SPSession> {

    @Nonnull
    private final Duration sessionLifetime;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) SAML2SPSessionCreationStrategy.class);

    @Nonnull
    private Function<ProfileRequestContext, RelyingPartyContext> relyingPartyContextLookupStrategy = new ChildContextLookup(RelyingPartyContext.class);

    @Nonnull
    private Function<ProfileRequestContext, Response> responseLookupStrategy = new MessageLookup(Response.class).compose(new OutboundMessageContextLookup());

    public SAML2SPSessionCreationStrategy(@Nonnull Duration duration) {
        this.sessionLifetime = (Duration) Constraint.isNotNull(duration, "Lifetime cannot be null");
    }

    public void setRelyingPartyContextLookupStrategy(@Nonnull Function<ProfileRequestContext, RelyingPartyContext> function) {
        this.relyingPartyContextLookupStrategy = (Function) Constraint.isNotNull(function, "RelyingPartyContext lookup strategy cannot be null");
    }

    public void setResponseLookupStrategy(@Nonnull Function<ProfileRequestContext, Response> function) {
        this.responseLookupStrategy = (Function) Constraint.isNotNull(function, "Response lookup strategy cannot be null");
    }

    @Override // java.util.function.Function
    @Nullable
    public SPSession apply(@Nullable ProfileRequestContext profileRequestContext) {
        RelyingPartyContext apply = this.relyingPartyContextLookupStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.debug("No RelyingPartyContext, no SAML2SPSession created");
            return null;
        }
        String relyingPartyId = apply.getRelyingPartyId();
        if (relyingPartyId == null) {
            this.log.debug("No relying party ID, no SAML2SPSession created");
            return null;
        }
        Pair<Assertion, AuthnStatement> assertionAndStatement = getAssertionAndStatement(profileRequestContext);
        if (assertionAndStatement == null) {
            this.log.info("Creating BasicSPSession in the absence of necessary information");
            Instant now = Instant.now();
            return new BasicSPSession(relyingPartyId, now, now.plus((TemporalAmount) this.sessionLifetime));
        }
        Instant now2 = Instant.now();
        Instant sessionNotOnOrAfter = assertionAndStatement.getSecond().getSessionNotOnOrAfter();
        return new SAML2SPSession(relyingPartyId, now2, sessionNotOnOrAfter != null ? sessionNotOnOrAfter : now2.plus((TemporalAmount) this.sessionLifetime), assertionAndStatement.getFirst().getSubject().getNameID(), assertionAndStatement.getSecond().getSessionIndex());
    }

    @Nullable
    private Pair<Assertion, AuthnStatement> getAssertionAndStatement(@Nonnull ProfileRequestContext profileRequestContext) {
        Response apply = this.responseLookupStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.debug("No Response message or Assertions found");
            return null;
        }
        for (Assertion assertion : apply.getAssertions()) {
            if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) {
                for (AuthnStatement authnStatement : assertion.getAuthnStatements()) {
                    if (authnStatement.getSessionIndex() != null) {
                        return new Pair<>(assertion, authnStatement);
                    }
                }
            }
        }
        this.log.debug("No suitable Assertion/AuthnStatement found");
        return null;
    }
}
