package net.shibboleth.idp.plugin.authn.duo.impl;

import com.nimbusds.jwt.JWT;
import java.text.ParseException;
import javax.annotation.Nonnull;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.plugin.authn.duo.AbstractDuoAuthenticationAction;
import net.shibboleth.idp.plugin.authn.duo.DuoClientException;
import net.shibboleth.idp.plugin.authn.duo.DuoOIDCClient;
import net.shibboleth.idp.plugin.authn.duo.context.DuoOIDCAuthenticationContext;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/impl/ExchangeCodeForDuoToken.class */
public class ExchangeCodeForDuoToken extends AbstractDuoAuthenticationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ExchangeCodeForDuoToken.class);

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext, @Nonnull DuoOIDCAuthenticationContext duoOIDCAuthenticationContext) {
        DuoOIDCClient client = duoOIDCAuthenticationContext.getClient();
        if (client == null) {
            this.log.error("{} Duo client is null, has the context been created correctly?", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "AuthenticationException");
            return;
        }
        String authorizationCode = duoOIDCAuthenticationContext.getAuthorizationCode();
        if (authorizationCode == null) {
            this.log.error("{} Duo 2FA authorization code is not available in the response", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "NoCredentials");
            return;
        }
        String username = duoOIDCAuthenticationContext.getUsername();
        if (username == null) {
            this.log.error("{} Username is not available in the Duo context", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "NoCredentials");
            return;
        }
        try {
            JWT exchangeAuthorizationCodeFor2FAResult = client.exchangeAuthorizationCodeFor2FAResult(authorizationCode, username, duoOIDCAuthenticationContext.getRedirectURIOverride());
            if (this.log.isDebugEnabled()) {
                this.log.debug("{} Duo 2FA token received for subject '{}'", getLogPrefix(), exchangeAuthorizationCodeFor2FAResult.getJWTClaimsSet().getSubject());
            }
            duoOIDCAuthenticationContext.setAuthToken(exchangeAuthorizationCodeFor2FAResult);
        } catch (DuoClientException | ParseException e) {
            this.log.error("{} Unable to exchange authorisation code for 2FA result", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, "AuthenticationException");
        }
    }
}
