package net.shibboleth.idp.authn.impl;

import java.util.Collections;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import net.shibboleth.idp.authn.AbstractValidationAction;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.ExternalAuthenticationContext;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/authn/impl/ValidateExternalAuthentication.class */
public class ValidateExternalAuthentication extends AbstractValidationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ValidateExternalAuthentication.class);

    @Nullable
    private ExternalAuthenticationContext extContext;

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        if (authenticationContext.getAttemptedFlow() == null) {
            this.log.debug("{} No attempted flow within authentication context", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
            return false;
        }
        this.extContext = authenticationContext.getSubcontext(ExternalAuthenticationContext.class);
        if (this.extContext != null) {
            return super.doPreExecute(profileRequestContext, authenticationContext);
        }
        this.log.debug("{} No ExternalAuthenticationContext available within authentication context", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, "InvalidAuthenticationContext");
        return false;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        if (this.extContext.getAuthnException() != null) {
            this.log.warn(getLogPrefix() + " External authentication produced exception", this.extContext.getAuthnException());
            handleError(profileRequestContext, authenticationContext, this.extContext.getAuthnException(), "AuthenticationException");
            return;
        }
        if (this.extContext.getAuthnError() != null) {
            this.log.warn("{} External authentication produced error message: {}", getLogPrefix(), this.extContext.getAuthnError());
            handleError(profileRequestContext, authenticationContext, new LoginException(this.extContext.getAuthnError()), "AuthenticationException");
            return;
        }
        if (this.extContext.getSubject() != null) {
            this.log.info("{} External authentication succeeded for Subject: {}", getLogPrefix(), this.extContext.getSubject());
        } else if (this.extContext.getPrincipal() != null) {
            this.log.info("{} External authentication succeeded for Principal: {}", getLogPrefix(), this.extContext.getPrincipal());
            this.extContext.setSubject(new Subject(false, Collections.singleton(this.extContext.getPrincipal()), Collections.emptySet(), Collections.emptySet()));
        } else if (this.extContext.getPrincipalName() == null) {
            this.log.info("{} External authentication failed, no user identity or error information returned", getLogPrefix());
            handleError(profileRequestContext, authenticationContext, new LoginException("No information returned by external authentication"), "NoCredentials");
            return;
        } else {
            this.log.info("{} External authentication succeeded for user: {}", getLogPrefix(), this.extContext.getPrincipalName());
            this.extContext.setSubject(new Subject(false, Collections.singleton(new UsernamePrincipal(this.extContext.getPrincipalName())), Collections.emptySet(), Collections.emptySet()));
        }
        if (this.extContext.doNotCache()) {
            this.log.debug("{} Disabling caching of authentication result", getLogPrefix());
            authenticationContext.setResultCacheable(false);
        }
        buildAuthenticationResult(profileRequestContext, authenticationContext);
    }

    @Nonnull
    protected Subject populateSubject(@Nonnull Subject subject) {
        this.extContext.getSubject().getPrincipals().addAll(subject.getPrincipals());
        return this.extContext.getSubject();
    }
}
