package org.opensaml.saml.common.binding.security.impl;

import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.apache.http.client.protocol.HttpClientContext;
import org.opensaml.messaging.context.InOutOperationContext;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.context.httpclient.HttpClientRequestContext;
import org.opensaml.messaging.context.navigate.ContextDataLookupFunction;
import org.opensaml.messaging.context.navigate.RecursiveTypedParentContextLookup;
import org.opensaml.messaging.handler.AbstractMessageHandler;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.messaging.context.AbstractAuthenticatableSAMLEntityContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.security.httpclient.HttpClientSecurityConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opensaml/saml/common/binding/security/impl/CheckAndRecordServerTLSEntityAuthenticationtHandler.class */
public class CheckAndRecordServerTLSEntityAuthenticationtHandler extends AbstractMessageHandler {
    private Logger log = LoggerFactory.getLogger(CheckAndRecordServerTLSEntityAuthenticationtHandler.class);

    @Nonnull
    private Class<? extends AbstractAuthenticatableSAMLEntityContext> entityContextClass = SAMLPeerEntityContext.class;

    @Nonnull
    private ContextDataLookupFunction<MessageContext, HttpClientContext> httpClientContextLookup = new DefaultHttpClientContextLookup();

    @Nonnull
    private ContextDataLookupFunction<MessageContext, String> entityIDLookup = new OperationContextEntityIDLookup(this.entityContextClass);

    /* loaded from: input_file:org/opensaml/saml/common/binding/security/impl/CheckAndRecordServerTLSEntityAuthenticationtHandler$DefaultHttpClientContextLookup.class */
    public class DefaultHttpClientContextLookup implements ContextDataLookupFunction<MessageContext, HttpClientContext> {
        public DefaultHttpClientContextLookup() {
        }

        public HttpClientContext apply(@Nullable MessageContext messageContext) {
            InOutOperationContext inOutOperationContext;
            MessageContext outboundMessageContext;
            HttpClientRequestContext httpClientRequestContext;
            if (messageContext == null || (inOutOperationContext = (InOutOperationContext) new RecursiveTypedParentContextLookup(InOutOperationContext.class).apply((RecursiveTypedParentContextLookup) messageContext)) == null || (outboundMessageContext = inOutOperationContext.getOutboundMessageContext()) == null || (httpClientRequestContext = (HttpClientRequestContext) outboundMessageContext.getSubcontext(HttpClientRequestContext.class)) == null) {
                return null;
            }
            return httpClientRequestContext.getHttpClientContext();
        }
    }

    public void setHttpClientContextLookup(@Nonnull ContextDataLookupFunction<MessageContext, HttpClientContext> contextDataLookupFunction) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.httpClientContextLookup = (ContextDataLookupFunction) Constraint.isNotNull(contextDataLookupFunction, "The HttpClientContext lookup strategy may not be null");
    }

    public void setEntityContextClass(@Nonnull Class<? extends AbstractAuthenticatableSAMLEntityContext> cls) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.entityContextClass = (Class) Constraint.isNotNull(cls, "The SAML entity context class may not be null");
    }

    public void setEntityIDLookup(@Nullable ContextDataLookupFunction<MessageContext, String> contextDataLookupFunction) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.entityIDLookup = contextDataLookupFunction;
    }

    @Override // org.opensaml.messaging.handler.AbstractMessageHandler
    protected void doInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException {
        HttpClientContext httpClientContext = (HttpClientContext) this.httpClientContextLookup.apply(messageContext);
        if (httpClientContext == null) {
            this.log.debug("Could not resolve HttpClientContext");
            return;
        }
        Boolean bool = (Boolean) httpClientContext.getAttribute(HttpClientSecurityConstants.CONTEXT_KEY_SERVER_TLS_CREDENTIAL_TRUSTED, Boolean.class);
        if (bool == null) {
            this.log.debug("HttpClientContext attribute not found: {}", HttpClientSecurityConstants.CONTEXT_KEY_SERVER_TLS_CREDENTIAL_TRUSTED);
            return;
        }
        if (!bool.booleanValue()) {
            this.log.debug("HttpClientContext indicates non-successful server TLS");
            return;
        }
        this.log.debug("HttpClientContext indicates successful server TLS, storing result in entity context {}", this.entityContextClass.getName());
        AbstractAuthenticatableSAMLEntityContext abstractAuthenticatableSAMLEntityContext = (AbstractAuthenticatableSAMLEntityContext) messageContext.getSubcontext((Class) this.entityContextClass, true);
        abstractAuthenticatableSAMLEntityContext.setAuthenticated(true);
        if (abstractAuthenticatableSAMLEntityContext.getEntityId() == null && this.entityIDLookup != null) {
            this.log.debug("Context entityID was null, attempting to resolve");
            String str = (String) this.entityIDLookup.apply(messageContext);
            if (str != null) {
                this.log.debug("Resolved authenticated entityID, populating on entity context: {}", str);
                abstractAuthenticatableSAMLEntityContext.setEntityId(str);
            } else {
                this.log.debug("Unable to resolve authenticated entityID");
            }
        }
        this.log.debug("Current authenticated entityID is: {}", abstractAuthenticatableSAMLEntityContext.getEntityId());
    }
}
