package org.opensaml.saml.saml2.profile.impl;

import com.google.common.base.Function;
import com.google.common.base.Functions;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import net.shibboleth.utilities.java.support.collection.Pair;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.messaging.context.navigate.MessageLookup;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.core.EncryptedElementType;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.xmlsec.DecryptionParameters;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opensaml/saml/saml2/profile/impl/AbstractDecryptAction.class */
public abstract class AbstractDecryptAction extends AbstractProfileAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AbstractDecryptAction.class);
    private boolean errorFatal = true;

    @Nonnull
    private Function<ProfileRequestContext, SecurityParametersContext> securityParamsLookupStrategy = Functions.compose(new ChildContextLookup(SecurityParametersContext.class), new InboundMessageContextLookup());

    @Nonnull
    private Function<ProfileRequestContext, Object> messageLookupStrategy = Functions.compose(new MessageLookup(Object.class), new InboundMessageContextLookup());

    @Nonnull
    private Predicate<Pair<ProfileRequestContext, EncryptedElementType>> decryptionPredicate = Predicates.alwaysTrue();

    @Nullable
    private Decrypter decrypter;

    @Nullable
    private SAMLObject message;

    public boolean isErrorFatal() {
        return this.errorFatal;
    }

    public void setErrorFatal(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.errorFatal = z;
    }

    public void setSecurityParametersContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SecurityParametersContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.securityParamsLookupStrategy = (Function) Constraint.isNotNull(function, "SecurityParametersContext lookup strategy cannot be null");
    }

    public void setMessageLookupStrategy(@Nonnull Function<ProfileRequestContext, Object> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.messageLookupStrategy = (Function) Constraint.isNotNull(function, "Message lookup strategy cannot be null");
    }

    @Nonnull
    public Predicate<Pair<ProfileRequestContext, EncryptedElementType>> getDecryptionPredicate() {
        return this.decryptionPredicate;
    }

    public void setDecryptionPredicate(@Nonnull Predicate<Pair<ProfileRequestContext, EncryptedElementType>> predicate) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.decryptionPredicate = (Predicate) Constraint.isNotNull(predicate, "Decryption predicate cannot be null");
    }

    @Nullable
    public Decrypter getDecrypter() {
        return this.decrypter;
    }

    @Nullable
    public SAMLObject getSAMLObject() {
        return this.message;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        Object apply = this.messageLookupStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.debug("{} No message was returned by lookup strategy", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
            return false;
        }
        if (!(apply instanceof SAMLObject)) {
            this.log.debug("{} Message was not a SAML construct, nothing to do", getLogPrefix());
            return false;
        }
        this.message = (SAMLObject) apply;
        SecurityParametersContext securityParametersContext = (SecurityParametersContext) this.securityParamsLookupStrategy.apply(profileRequestContext);
        if (securityParametersContext == null || securityParametersContext.getDecryptionParameters() == null) {
            this.log.debug("{} No security parameter context or decryption parameters", getLogPrefix());
        } else {
            DecryptionParameters decryptionParameters = securityParametersContext.getDecryptionParameters();
            this.decrypter = new Decrypter(decryptionParameters.getDataKeyInfoCredentialResolver(), decryptionParameters.getKEKKeyInfoCredentialResolver(), decryptionParameters.getEncryptedKeyResolver());
        }
        return super.doPreExecute(profileRequestContext);
    }
}
