package net.shibboleth.idp.plugin.authn.duo.impl;

import jakarta.servlet.http.HttpServletRequest;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.plugin.authn.duo.PasswordlessCookieManager;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/impl/CreatePasswordlessCookie.class */
public class CreatePasswordlessCookie extends AbstractProfileAction {

    @Nonnull
    @NotEmpty
    public static final String OPTIN_FIELD_NAME = "optin";

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(CreatePasswordlessCookie.class);

    @NonnullAfterInit
    private PasswordlessCookieManager cookieManager;

    public void setCookieManager(@Nullable PasswordlessCookieManager passwordlessCookieManager) {
        checkSetterPreconditions();
        this.cookieManager = (PasswordlessCookieManager) Constraint.isNotNull(passwordlessCookieManager, "PasswordlessCookieManager cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.cookieManager == null) {
            throw new ComponentInitializationException("PasswordlessCookieManager cannot be null");
        }
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        String parameter;
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        if (httpServletRequest == null) {
            this.log.error("{} HttpServletRequest absent, assuming opt-out", getLogPrefix());
            parameter = "0";
        } else {
            parameter = httpServletRequest.getParameter(OPTIN_FIELD_NAME);
        }
        if (!"1".equals(parameter)) {
            if (this.cookieManager.writeCookie((String) null)) {
                return;
            }
            this.log.warn("{} Failed to create passwordless cookie for opt-out", getLogPrefix());
            return;
        }
        SubjectCanonicalizationContext subcontext = profileRequestContext.getSubcontext(SubjectCanonicalizationContext.class);
        String principalName = subcontext != null ? subcontext.getPrincipalName() : null;
        if (principalName == null) {
            this.log.error("{} No username available", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidSubjectCanonicalizationContext");
        } else {
            this.log.debug("{} Creating passwordless cookie for username '{}'", getLogPrefix(), principalName);
            if (this.cookieManager.writeCookie(principalName)) {
                return;
            }
            this.log.warn("{} Failed to create passwordless cookie for username '{}'", getLogPrefix(), principalName);
        }
    }
}
