package net.shibboleth.idp.saml.profile.config;

import com.google.common.base.Predicates;
import java.time.Duration;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.annotation.constraint.NotLive;
import net.shibboleth.utilities.java.support.annotation.constraint.Unmodifiable;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.logic.FunctionSupport;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-saml-api-4.1.2.jar:net/shibboleth/idp/saml/profile/config/AbstractSAMLProfileConfiguration.class */
public abstract class AbstractSAMLProfileConfiguration extends AbstractConditionalProfileConfiguration implements SAMLProfileConfiguration {

    @Nonnull
    public static final Duration DEFAULT_ASSERTION_LIFETIME = Duration.ofMinutes(5);

    @Nonnull
    private final Logger log;

    @Nonnull
    private Predicate<ProfileRequestContext> signRequestsPredicate;

    @Nonnull
    private Predicate<ProfileRequestContext> signResponsesPredicate;

    @Nonnull
    private Predicate<ProfileRequestContext> signAssertionsPredicate;

    @Nonnull
    private Predicate<ProfileRequestContext> includeNotBeforePredicate;

    @Nonnull
    private Function<ProfileRequestContext, Duration> assertionLifetimeLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, Set<String>> assertionAudiencesLookupStrategy;

    public AbstractSAMLProfileConfiguration(@NotEmpty @Nonnull String str) {
        super(str);
        this.log = LoggerFactory.getLogger((Class<?>) AbstractSAMLProfileConfiguration.class);
        this.signRequestsPredicate = Predicates.alwaysFalse();
        this.signResponsesPredicate = Predicates.alwaysFalse();
        this.signAssertionsPredicate = Predicates.alwaysFalse();
        this.includeNotBeforePredicate = Predicates.alwaysTrue();
        this.assertionLifetimeLookupStrategy = FunctionSupport.constant(DEFAULT_ASSERTION_LIFETIME);
        this.assertionAudiencesLookupStrategy = FunctionSupport.constant(null);
    }

    @Override // net.shibboleth.idp.profile.config.AbstractProfileConfiguration, net.shibboleth.idp.profile.config.ProfileConfiguration
    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public List<String> getInboundInterceptorFlows(@Nullable ProfileRequestContext profileRequestContext) {
        List<String> inboundInterceptorFlows = super.getInboundInterceptorFlows(profileRequestContext);
        if (inboundInterceptorFlows.isEmpty()) {
            this.log.warn("Inbound interceptor collection is empty, this disables default inbound message security checks");
        }
        return inboundInterceptorFlows;
    }

    @Override // net.shibboleth.idp.saml.profile.config.SAMLProfileConfiguration
    public boolean isSignAssertions(@Nullable ProfileRequestContext profileRequestContext) {
        return this.signAssertionsPredicate.test(profileRequestContext);
    }

    public void setSignAssertions(boolean z) {
        this.signAssertionsPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setSignAssertionsPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.signAssertionsPredicate = (Predicate) Constraint.isNotNull(predicate, "Condition cannot be null");
    }

    @Override // net.shibboleth.idp.saml.profile.config.SAMLProfileConfiguration
    public boolean isSignRequests(@Nullable ProfileRequestContext profileRequestContext) {
        return this.signRequestsPredicate.test(profileRequestContext);
    }

    public void setSignRequests(boolean z) {
        this.signRequestsPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setSignRequestsPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.signRequestsPredicate = (Predicate) Constraint.isNotNull(predicate, "Condition cannot be null");
    }

    @Override // net.shibboleth.idp.saml.profile.config.SAMLProfileConfiguration
    public boolean isSignResponses(@Nullable ProfileRequestContext profileRequestContext) {
        return this.signResponsesPredicate.test(profileRequestContext);
    }

    public void setSignResponses(boolean z) {
        this.signResponsesPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setSignResponsesPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.signResponsesPredicate = (Predicate) Constraint.isNotNull(predicate, "Condition cannot be null");
    }

    @Override // net.shibboleth.idp.saml.profile.config.SAMLProfileConfiguration
    @Nonnull
    public Duration getAssertionLifetime(@Nullable ProfileRequestContext profileRequestContext) {
        Duration apply = this.assertionLifetimeLookupStrategy.apply(profileRequestContext);
        Constraint.isNotNull(apply, "Assertion lifetime cannot be null");
        Constraint.isFalse(apply.isNegative() || apply.isZero(), "Assertion lifetime must be greater than 0");
        return apply;
    }

    public void setAssertionLifetime(@Nonnull Duration duration) {
        Constraint.isNotNull(duration, "Assertion lifetime cannot be null");
        Constraint.isFalse(duration.isNegative() || duration.isZero(), "Assertion lifetime must be greater than 0");
        this.assertionLifetimeLookupStrategy = FunctionSupport.constant(duration);
    }

    public void setAssertionLifetimeLookupStrategy(@Nonnull Function<ProfileRequestContext, Duration> function) {
        this.assertionLifetimeLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    @Override // net.shibboleth.idp.saml.profile.config.SAMLProfileConfiguration
    public boolean isIncludeConditionsNotBefore(@Nullable ProfileRequestContext profileRequestContext) {
        return this.includeNotBeforePredicate.test(profileRequestContext);
    }

    public void setIncludeConditionsNotBefore(boolean z) {
        this.includeNotBeforePredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setIncludeConditionsNotBeforePredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.includeNotBeforePredicate = (Predicate) Constraint.isNotNull(predicate, "Condition cannot be null");
    }

    @Override // net.shibboleth.idp.saml.profile.config.SAMLProfileConfiguration
    @NonnullElements
    @Nonnull
    @NotLive
    public Set<String> getAdditionalAudiencesForAssertion(@Nullable ProfileRequestContext profileRequestContext) {
        Set<String> apply = this.assertionAudiencesLookupStrategy.apply(profileRequestContext);
        return apply != null ? Set.copyOf(apply) : Collections.emptySet();
    }

    public void setAdditionalAudiencesForAssertion(@NonnullElements @Nullable Collection<String> collection) {
        if (collection == null || collection.isEmpty()) {
            this.assertionAudiencesLookupStrategy = FunctionSupport.constant(null);
        } else {
            this.assertionAudiencesLookupStrategy = FunctionSupport.constant(Set.copyOf(StringSupport.normalizeStringCollection(collection)));
        }
    }

    public void setAdditionalAudiencesForAssertionLookupStrategy(@Nonnull Function<ProfileRequestContext, Set<String>> function) {
        this.assertionAudiencesLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }
}
