package net.shibboleth.idp.plugin.authn.oidc.rp.messaging.impl;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.openid.connect.sdk.Prompt;
import javax.annotation.Nonnull;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/messaging/impl/AddForceAuthenticationPromptHandler.class */
public class AddForceAuthenticationPromptHandler extends AbstractOIDCAuthenticationRequestActionMessageHandler {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AddForceAuthenticationPromptHandler.class);

    protected void doInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException {
        if (!getProfileConfiguration().isForceAuthn(lookupProfileRequestContext(messageContext))) {
            this.log.trace("{} No ForceAuthn requirement, so no prompt set", getLogPrefix());
            return;
        }
        this.log.trace("{} Setting prompt=login (ForceAuthn) for OIDC AuthnRequest", getLogPrefix());
        try {
            getAuthenticationRequest().setPrompt(Prompt.parse(Prompt.Type.LOGIN.toString()));
        } catch (ParseException e) {
            throw new MessageHandlerException("Unable to honour force-authn, setting prompt to 'login' failed", e);
        }
    }
}
