package net.shibboleth.idp.authn.impl;

import com.google.common.base.Function;
import java.io.IOException;
import java.security.Principal;
import java.util.Collection;
import javax.annotation.Nonnull;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.idp.authn.ExternalAuthentication;
import net.shibboleth.idp.authn.ExternalAuthenticationException;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.ExternalAuthenticationContext;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.joda.time.DateTime;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/authn/impl/ExternalAuthenticationImpl.class */
public class ExternalAuthenticationImpl extends ExternalAuthentication {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ExternalAuthenticationImpl.class);

    @Nonnull
    private Function<ProfileRequestContext, RelyingPartyContext> relyingPartyContextLookupStrategy = new ChildContextLookup(RelyingPartyContext.class);

    @Nonnull
    private final ProfileRequestContext profileRequestContext;

    public ExternalAuthenticationImpl(@Nonnull ProfileRequestContext profileRequestContext) {
        this.profileRequestContext = (ProfileRequestContext) Constraint.isNotNull(profileRequestContext, "ProfileRequestContext cannot be null");
    }

    public void setRelyingPartyContextLookupStrategy(@Nonnull Function<ProfileRequestContext, RelyingPartyContext> function) {
        this.relyingPartyContextLookupStrategy = (Function) Constraint.isNotNull(function, "RelyingPartyContext lookup strategy cannot be null");
    }

    protected void doStart(@Nonnull HttpServletRequest httpServletRequest) throws ExternalAuthenticationException {
        AuthenticationContext subcontext = this.profileRequestContext.getSubcontext(AuthenticationContext.class);
        if (subcontext == null) {
            throw new ExternalAuthenticationException("No AuthenticationContext found");
        }
        if (subcontext.getAttemptedFlow() == null) {
            throw new ExternalAuthenticationException("No attempted authentication flow set");
        }
        httpServletRequest.setAttribute("opensamlProfileRequestContext", this.profileRequestContext);
        httpServletRequest.setAttribute("isPassive", Boolean.valueOf(subcontext.isPassive()));
        httpServletRequest.setAttribute("forceAuthn", Boolean.valueOf(subcontext.isForceAuthn()));
        Collection supportedPrincipals = subcontext.getAttemptedFlow().getSupportedPrincipals();
        if (!supportedPrincipals.isEmpty()) {
            httpServletRequest.setAttribute("authnMethod", ((Principal) supportedPrincipals.iterator().next()).getName());
        }
        RelyingPartyContext relyingPartyContext = (RelyingPartyContext) this.relyingPartyContextLookupStrategy.apply(this.profileRequestContext);
        if (relyingPartyContext != null) {
            httpServletRequest.setAttribute("relyingParty", relyingPartyContext.getRelyingPartyId());
        }
    }

    protected void doFinish(@Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse) throws ExternalAuthenticationException, IOException {
        AuthenticationContext subcontext = this.profileRequestContext.getSubcontext(AuthenticationContext.class);
        if (subcontext == null) {
            throw new ExternalAuthenticationException("No AuthenticationContext found");
        }
        ExternalAuthenticationContext subcontext2 = subcontext.getSubcontext(ExternalAuthenticationContext.class);
        if (subcontext2 == null) {
            throw new ExternalAuthenticationException("No ExternalAuthenticationContext found");
        }
        if (subcontext2.getFlowExecutionUrl() == null) {
            throw new ExternalAuthenticationException("No flow execution URL found to return control");
        }
        Object attribute = httpServletRequest.getAttribute("subject");
        if (attribute == null || !(attribute instanceof Subject)) {
            Object attribute2 = httpServletRequest.getAttribute("principal");
            if (attribute2 == null || !(attribute2 instanceof Principal)) {
                Object attribute3 = httpServletRequest.getAttribute("principal_name");
                if (attribute3 != null && (attribute3 instanceof String)) {
                    subcontext2.setPrincipalName((String) attribute3);
                }
            } else {
                subcontext2.setPrincipal((Principal) attribute2);
            }
        } else {
            subcontext2.setSubject((Subject) attribute);
        }
        Object attribute4 = httpServletRequest.getAttribute("authnInstant");
        if (attribute4 != null && (attribute4 instanceof DateTime)) {
            subcontext2.setAuthnInstant((DateTime) attribute4);
        }
        Object attribute5 = httpServletRequest.getAttribute("authnError");
        if (attribute5 != null && (attribute5 instanceof String)) {
            subcontext2.setAuthnError((String) attribute5);
        }
        Object attribute6 = httpServletRequest.getAttribute("authnException");
        if (attribute6 != null && (attribute6 instanceof Exception)) {
            subcontext2.setAuthnException((Exception) attribute6);
        }
        Object attribute7 = httpServletRequest.getAttribute("doNotCache");
        if (attribute7 != null && (attribute7 instanceof Boolean)) {
            subcontext2.setDoNotCache(((Boolean) attribute7).booleanValue());
        }
        httpServletResponse.sendRedirect(subcontext2.getFlowExecutionUrl());
    }

    protected ProfileRequestContext getProfileRequestContext(@Nonnull HttpServletRequest httpServletRequest) throws ExternalAuthenticationException {
        return this.profileRequestContext;
    }
}
