package net.shibboleth.idp.saml.saml2.profile.config;

import com.google.common.base.Predicates;
import java.security.Principal;
import java.time.Duration;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration;
import net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal;
import net.shibboleth.idp.saml.profile.config.logic.ProxyAwareForceAuthnPredicate;
import net.shibboleth.idp.saml.saml2.profile.config.navigate.ProxyAwareAuthnContextComparisonLookupFunction;
import net.shibboleth.idp.saml.saml2.profile.config.navigate.ProxyAwareDefaultAuthenticationMethodsLookupFunction;
import net.shibboleth.utilities.java.support.annotation.constraint.NonNegative;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.annotation.constraint.NotLive;
import net.shibboleth.utilities.java.support.annotation.constraint.Unmodifiable;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.logic.FunctionSupport;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml2.core.AuthnContext;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;

/* loaded from: input_file:WEB-INF/lib/idp-saml-api-4.1.6.jar:net/shibboleth/idp/saml/saml2/profile/config/BrowserSSOProfileConfiguration.class */
public class BrowserSSOProfileConfiguration extends AbstractSAML2ArtifactAwareProfileConfiguration implements AuthenticationProfileConfiguration {

    @NotEmpty
    @Nonnull
    public static final String PROFILE_ID = "http://shibboleth.net/ns/profiles/saml2/sso/browser";

    @Nonnull
    public static final Long DEFAULT_DELEGATION_CHAIN_LENGTH = 1L;
    public static final int FEATURE_AUTHNCONTEXT = 1;
    public static final int FEATURE_SCOPING = 2;

    @Nonnull
    private Predicate<ProfileRequestContext> resolveAttributesPredicate;

    @Nonnull
    private Predicate<ProfileRequestContext> includeAttributeStatementPredicate;

    @Nonnull
    private Predicate<ProfileRequestContext> ignoreScoping;

    @Nonnull
    private Predicate<ProfileRequestContext> forceAuthnPredicate;

    @Nonnull
    private Predicate<ProfileRequestContext> checkAddressPredicate;

    @Nonnull
    private Predicate<ProfileRequestContext> skipEndpointValidationWhenSignedPredicate;

    @Nonnull
    private Predicate<ProfileRequestContext> proxiedAuthnInstantPredicate;

    @Nonnull
    private Function<ProfileRequestContext, Duration> maximumSPSessionLifetimeLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, Duration> maximumTimeSinceAuthnLookupStrategy;

    @Nonnull
    private Predicate<ProfileRequestContext> allowDelegationPredicate;

    @Nonnull
    private Function<ProfileRequestContext, Long> maximumTokenDelegationChainLengthLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, Function<AuthnContext, Collection<Principal>>> authnContextTranslationStrategyLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, Function<ProfileRequestContext, Collection<Principal>>> authnContextTranslationStrategyExLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, String> authnContextComparisonLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, Collection<AuthnContextClassRefPrincipal>> defaultAuthenticationContextsLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, Set<String>> authenticationFlowsLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, Collection<String>> postAuthenticationFlowsLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, Collection<String>> nameIDFormatPrecedenceLookupStrategy;

    public BrowserSSOProfileConfiguration() {
        this(PROFILE_ID);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BrowserSSOProfileConfiguration(@NotEmpty @Nonnull String str) {
        super(str);
        setSignResponses(true);
        setEncryptAssertions(true);
        this.resolveAttributesPredicate = Predicates.alwaysTrue();
        this.includeAttributeStatementPredicate = Predicates.alwaysTrue();
        this.ignoreScoping = Predicates.alwaysFalse();
        this.forceAuthnPredicate = new ProxyAwareForceAuthnPredicate();
        this.checkAddressPredicate = Predicates.alwaysTrue();
        this.skipEndpointValidationWhenSignedPredicate = Predicates.alwaysFalse();
        this.proxiedAuthnInstantPredicate = Predicates.alwaysTrue();
        this.maximumSPSessionLifetimeLookupStrategy = FunctionSupport.constant(null);
        this.maximumTimeSinceAuthnLookupStrategy = FunctionSupport.constant(null);
        this.maximumTokenDelegationChainLengthLookupStrategy = FunctionSupport.constant(DEFAULT_DELEGATION_CHAIN_LENGTH);
        this.allowDelegationPredicate = Predicates.alwaysFalse();
        this.authenticationFlowsLookupStrategy = FunctionSupport.constant(null);
        this.postAuthenticationFlowsLookupStrategy = FunctionSupport.constant(null);
        this.authnContextTranslationStrategyLookupStrategy = FunctionSupport.constant(null);
        this.authnContextTranslationStrategyExLookupStrategy = FunctionSupport.constant(null);
        this.authnContextComparisonLookupStrategy = new ProxyAwareAuthnContextComparisonLookupFunction();
        this.defaultAuthenticationContextsLookupStrategy = new ProxyAwareDefaultAuthenticationMethodsLookupFunction();
        this.nameIDFormatPrecedenceLookupStrategy = FunctionSupport.constant(null);
    }

    public boolean isResolveAttributes(@Nullable ProfileRequestContext profileRequestContext) {
        return this.resolveAttributesPredicate.test(profileRequestContext);
    }

    public void setResolveAttributes(boolean z) {
        this.resolveAttributesPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setResolveAttributesPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.resolveAttributesPredicate = (Predicate) Constraint.isNotNull(predicate, "Resolve attributes predicate cannot be null");
    }

    public boolean isIncludeAttributeStatement(@Nullable ProfileRequestContext profileRequestContext) {
        return this.includeAttributeStatementPredicate.test(profileRequestContext);
    }

    public void setIncludeAttributeStatement(boolean z) {
        this.includeAttributeStatementPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setIncludeAttributeStatementPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.includeAttributeStatementPredicate = (Predicate) Constraint.isNotNull(predicate, "Include attribute statement predicate cannot be null");
    }

    public boolean isIgnoreScoping(@Nullable ProfileRequestContext profileRequestContext) {
        return this.ignoreScoping.test(profileRequestContext);
    }

    public void setIgnoreScoping(boolean z) {
        this.ignoreScoping = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setIgnoreScopingPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.ignoreScoping = (Predicate) Constraint.isNotNull(predicate, "Ignore Scoping condition cannot be null");
    }

    @Override // net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration
    public boolean isForceAuthn(@Nullable ProfileRequestContext profileRequestContext) {
        return this.forceAuthnPredicate.test(profileRequestContext);
    }

    public void setForceAuthn(boolean z) {
        this.forceAuthnPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setForceAuthnPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.forceAuthnPredicate = (Predicate) Constraint.isNotNull(predicate, "Forced authentication predicate cannot be null");
    }

    public boolean isCheckAddress(@Nullable ProfileRequestContext profileRequestContext) {
        return this.checkAddressPredicate.test(profileRequestContext);
    }

    public void setCheckAddress(boolean z) {
        this.checkAddressPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setCheckAddressPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.checkAddressPredicate = (Predicate) Constraint.isNotNull(predicate, "Address checking predicate cannot be null");
    }

    public boolean isSkipEndpointValidationWhenSigned(@Nullable ProfileRequestContext profileRequestContext) {
        return this.skipEndpointValidationWhenSignedPredicate.test(profileRequestContext);
    }

    public void setSkipEndpointValidationWhenSigned(boolean z) {
        this.skipEndpointValidationWhenSignedPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setSkipEndpointValidationWhenSignedPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.skipEndpointValidationWhenSignedPredicate = (Predicate) Constraint.isNotNull(predicate, "Condition cannot be null");
    }

    public boolean isProxiedAuthnInstant(@Nullable ProfileRequestContext profileRequestContext) {
        return this.proxiedAuthnInstantPredicate.test(profileRequestContext);
    }

    public void setProxiedAuthnInstant(boolean z) {
        this.proxiedAuthnInstantPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setProxiedAuthnInstantPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.proxiedAuthnInstantPredicate = (Predicate) Constraint.isNotNull(predicate, "Condition cannot be null");
    }

    @Nullable
    public Duration getMaximumSPSessionLifetime(@Nullable ProfileRequestContext profileRequestContext) {
        Duration apply = this.maximumSPSessionLifetimeLookupStrategy.apply(profileRequestContext);
        Constraint.isFalse(apply != null && apply.isNegative(), "Maximum SP session lifetime must be greater than or equal to 0");
        return apply;
    }

    public void setMaximumSPSessionLifetime(@Nullable Duration duration) {
        Constraint.isFalse(duration != null && duration.isNegative(), "Maximum SP session lifetime must be greater than or equal to 0");
        this.maximumSPSessionLifetimeLookupStrategy = FunctionSupport.constant(duration);
    }

    public void setMaximumSPSessionLifetimeLookupStrategy(@Nonnull Function<ProfileRequestContext, Duration> function) {
        this.maximumSPSessionLifetimeLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    @Nullable
    public Duration getMaximumTimeSinceAuthn(@Nullable ProfileRequestContext profileRequestContext) {
        Duration apply = this.maximumTimeSinceAuthnLookupStrategy.apply(profileRequestContext);
        Constraint.isFalse(apply != null && apply.isNegative(), "Maximum time since authentication must be greater than or equal to 0");
        return apply;
    }

    public void setMaximumTimeSinceAuthn(@Nullable Duration duration) {
        Constraint.isFalse(duration != null && duration.isNegative(), "Maximum time since authentication must be greater than or equal to 0");
        this.maximumTimeSinceAuthnLookupStrategy = FunctionSupport.constant(duration);
    }

    public void setMaximumTimeSinceAuthnLookupStrategy(@Nonnull Function<ProfileRequestContext, Duration> function) {
        this.maximumTimeSinceAuthnLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    @Nonnull
    public boolean isAllowDelegation(@Nullable ProfileRequestContext profileRequestContext) {
        return this.allowDelegationPredicate.test(profileRequestContext);
    }

    public void setAllowDelegation(boolean z) {
        this.allowDelegationPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setAllowDelegationPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.allowDelegationPredicate = (Predicate) Constraint.isNotNull(predicate, "Allow delegation predicate cannot be null");
    }

    @NonNegative
    public long getMaximumTokenDelegationChainLength(@Nullable ProfileRequestContext profileRequestContext) {
        Long apply = this.maximumTokenDelegationChainLengthLookupStrategy.apply(profileRequestContext);
        Constraint.isNotNull(apply, "Delegation chain length cannot be null");
        Constraint.isGreaterThanOrEqual(0L, apply.longValue(), "Delegation chain length must be greater than or equal to 0");
        return apply.longValue();
    }

    public void setMaximumTokenDelegationChainLength(@NonNegative long j) {
        Constraint.isGreaterThanOrEqual(0L, j, "Delegation chain length must be greater than or equal to 0");
        this.maximumTokenDelegationChainLengthLookupStrategy = FunctionSupport.constant(Long.valueOf(j));
    }

    public void setMaximumTokenDelegationChainLengthLookupStrategy(@Nonnull Function<ProfileRequestContext, Long> function) {
        this.maximumTokenDelegationChainLengthLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    @Nullable
    public Function<AuthnContext, Collection<Principal>> getAuthnContextTranslationStrategy(@Nullable ProfileRequestContext profileRequestContext) {
        return this.authnContextTranslationStrategyLookupStrategy.apply(profileRequestContext);
    }

    public void setAuthnContextTranslationStrategy(@Nullable Function<AuthnContext, Collection<Principal>> function) {
        this.authnContextTranslationStrategyLookupStrategy = FunctionSupport.constant(function);
    }

    public void setAuthnContextTranslationStrategyLookupStrategy(@Nonnull Function<ProfileRequestContext, Function<AuthnContext, Collection<Principal>>> function) {
        this.authnContextTranslationStrategyLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    @Nullable
    public Function<ProfileRequestContext, Collection<Principal>> getAuthnContextTranslationStrategyEx(@Nullable ProfileRequestContext profileRequestContext) {
        return this.authnContextTranslationStrategyExLookupStrategy.apply(profileRequestContext);
    }

    public void setAuthnContextTranslationStrategyEx(@Nullable Function<ProfileRequestContext, Collection<Principal>> function) {
        this.authnContextTranslationStrategyExLookupStrategy = FunctionSupport.constant(function);
    }

    public void setAuthnContextTranslationStrategyExLookupStrategy(@Nonnull Function<ProfileRequestContext, Function<ProfileRequestContext, Collection<Principal>>> function) {
        this.authnContextTranslationStrategyExLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    @Nullable
    public AuthnContextComparisonTypeEnumeration getAuthnContextComparison(@Nullable ProfileRequestContext profileRequestContext) {
        String apply = this.authnContextComparisonLookupStrategy.apply(profileRequestContext);
        if (apply != null) {
            return AuthnContextComparisonTypeEnumeration.valueOf(apply.toUpperCase());
        }
        return null;
    }

    public void setAuthnContextComparison(@Nullable AuthnContextComparisonTypeEnumeration authnContextComparisonTypeEnumeration) {
        this.authnContextComparisonLookupStrategy = FunctionSupport.constant(authnContextComparisonTypeEnumeration != null ? authnContextComparisonTypeEnumeration.toString() : null);
    }

    public void setAuthnContextComparisonLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        this.authnContextComparisonLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    @Override // net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration
    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public List<Principal> getDefaultAuthenticationMethods(@Nullable ProfileRequestContext profileRequestContext) {
        Collection<AuthnContextClassRefPrincipal> apply = this.defaultAuthenticationContextsLookupStrategy.apply(profileRequestContext);
        return apply != null ? List.copyOf(apply) : Collections.emptyList();
    }

    public void setDefaultAuthenticationMethods(@NonnullElements @Nullable Collection<AuthnContextClassRefPrincipal> collection) {
        if (collection != null) {
            this.defaultAuthenticationContextsLookupStrategy = FunctionSupport.constant(List.copyOf(collection));
        } else {
            this.defaultAuthenticationContextsLookupStrategy = FunctionSupport.constant(null);
        }
    }

    public void setDefaultAuthenticationMethodsLookupStrategy(@Nonnull Function<ProfileRequestContext, Collection<AuthnContextClassRefPrincipal>> function) {
        this.defaultAuthenticationContextsLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    @Override // net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration
    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public Set<String> getAuthenticationFlows(@Nullable ProfileRequestContext profileRequestContext) {
        Set<String> apply = this.authenticationFlowsLookupStrategy.apply(profileRequestContext);
        return apply != null ? Set.copyOf(apply) : Collections.emptySet();
    }

    public void setAuthenticationFlows(@NonnullElements @Nullable Collection<String> collection) {
        if (collection != null) {
            this.authenticationFlowsLookupStrategy = FunctionSupport.constant(Set.copyOf(StringSupport.normalizeStringCollection(collection)));
        } else {
            this.authenticationFlowsLookupStrategy = FunctionSupport.constant(null);
        }
    }

    public void setAuthenticationFlowsLookupStrategy(@Nonnull Function<ProfileRequestContext, Set<String>> function) {
        this.authenticationFlowsLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    @Override // net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration
    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public List<String> getPostAuthenticationFlows(@Nullable ProfileRequestContext profileRequestContext) {
        Collection<String> apply = this.postAuthenticationFlowsLookupStrategy.apply(profileRequestContext);
        return apply != null ? List.copyOf(apply) : Collections.emptyList();
    }

    public void setPostAuthenticationFlows(@NonnullElements @Nullable Collection<String> collection) {
        if (collection != null) {
            this.postAuthenticationFlowsLookupStrategy = FunctionSupport.constant(List.copyOf(StringSupport.normalizeStringCollection(collection)));
        } else {
            this.postAuthenticationFlowsLookupStrategy = FunctionSupport.constant(null);
        }
    }

    public void setPostAuthenticationFlowsLookupStrategy(@Nonnull Function<ProfileRequestContext, Collection<String>> function) {
        this.postAuthenticationFlowsLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public List<String> getNameIDFormatPrecedence(@Nullable ProfileRequestContext profileRequestContext) {
        Collection<String> apply = this.nameIDFormatPrecedenceLookupStrategy.apply(profileRequestContext);
        return apply != null ? List.copyOf(apply) : Collections.emptyList();
    }

    public void setNameIDFormatPrecedence(@NonnullElements @Nonnull Collection<String> collection) {
        Constraint.isNotNull(collection, "List of formats cannot be null");
        this.nameIDFormatPrecedenceLookupStrategy = FunctionSupport.constant(List.copyOf(StringSupport.normalizeStringCollection(collection)));
    }

    public void setNameIDFormatPrecedenceLookupStrategy(@Nonnull Function<ProfileRequestContext, Collection<String>> function) {
        this.nameIDFormatPrecedenceLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }
}
