package com.atlassian.crowd.sso.saml.impl.opensaml.action;

import com.atlassian.crowd.event.user.UserAuthenticatedWithSamlSsoEvent;
import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails;
import com.atlassian.crowd.manager.application.ApplicationService;
import com.atlassian.crowd.manager.authentication.AuthenticatedUserProvider;
import com.atlassian.crowd.manager.sso.ApplicationAccessDeniedException;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.saml.SamlConstants;
import com.atlassian.crowd.service.CrowdRememberMeService;
import com.atlassian.crowd.sso.saml.impl.opensaml.context.ApplicationContext;
import com.atlassian.crowd.sso.saml.impl.opensaml.context.AuthorizationContext;
import com.atlassian.crowd.sso.saml.impl.opensaml.context.ConfigContext;
import com.atlassian.event.api.EventPublisher;
import javax.annotation.Nonnull;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.context.ProfileRequestContext;

/* loaded from: input_file:com/atlassian/crowd/sso/saml/impl/opensaml/action/PrepareAuthorizationContextAction.class */
public class PrepareAuthorizationContextAction extends AbstractProfileAction {
    private final AuthenticatedUserProvider authenticatedUserProvider;
    private final ApplicationService applicationService;
    private final CrowdRememberMeService rememberMeService;
    private final EventPublisher eventPublisher;

    public PrepareAuthorizationContextAction(AuthenticatedUserProvider authenticatedUserProvider, ApplicationService applicationService, CrowdRememberMeService crowdRememberMeService, EventPublisher eventPublisher) {
        this.authenticatedUserProvider = authenticatedUserProvider;
        this.applicationService = applicationService;
        this.rememberMeService = crowdRememberMeService;
        this.eventPublisher = eventPublisher;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        AuthorizationContext authorizationContext = new AuthorizationContext();
        ApplicationContext applicationContext = (ApplicationContext) profileRequestContext.getSubcontext(ApplicationContext.class);
        Application application = applicationContext.getApplication();
        CrowdUserDetails crowdUserDetails = this.authenticatedUserProvider.getCrowdUserDetails();
        if (!((ConfigContext) profileRequestContext.getSubcontext(ConfigContext.class)).isSkipApplicationValidation() && !this.applicationService.isUserAuthorised(application, crowdUserDetails.getRemotePrincipal())) {
            throw new ApplicationAccessDeniedException(application, crowdUserDetails.getRemotePrincipal());
        }
        if (application != null) {
            this.eventPublisher.publish(new UserAuthenticatedWithSamlSsoEvent(application, crowdUserDetails.getRemotePrincipal(), SamlConstants.isPluginConsumerUrl(applicationContext.getAssertionConsumerServiceURL())));
        }
        authorizationContext.setCrowdUserDetails(crowdUserDetails);
        authorizationContext.setRememberMe(((Boolean) this.rememberMeService.authenticate(getHttpServletRequest(), getHttpServletResponse()).map(authentication -> {
            User user = (User) authentication.getPrincipal();
            return Boolean.valueOf(user.getName().equals(crowdUserDetails.getUsername()) && user.getDirectoryId() == crowdUserDetails.getRemotePrincipal().getDirectoryId());
        }).orElse(false)).booleanValue());
        profileRequestContext.addSubcontext(authorizationContext);
    }
}
