package net.shibboleth.idp.plugin.authn.oidc.rp.impl;

import com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse;
import com.nimbusds.openid.connect.sdk.AuthenticationResponse;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AbstractAuthenticationAction;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/impl/ValidateAuthenticationResponseResult.class */
public class ValidateAuthenticationResponseResult extends AbstractAuthenticationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ValidateAuthenticationResponseResult.class);

    @Nullable
    private AuthenticationResponse authenticationResponse;

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        MessageContext inboundMessageContext = profileRequestContext.getInboundMessageContext();
        if (inboundMessageContext == null) {
            this.log.debug("{} Inbound message context was null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidMessageContext");
            return false;
        }
        if (inboundMessageContext.getMessage() instanceof AuthenticationResponse) {
            this.authenticationResponse = (AuthenticationResponse) inboundMessageContext.getMessage();
            return true;
        }
        this.log.debug("{} Inbound message was not an authentication response", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, "InvalidMessageContext");
        return false;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        if (this.authenticationResponse.indicatesSuccess()) {
            this.log.debug("{} Upstream OP signalled a successful response", getLogPrefix());
            return;
        }
        this.log.error("{} OIDC Authentication Response contained an error from upstream OP '{}' : {}", new Object[]{getLogPrefix(), authenticationContext.getAuthenticatingAuthority(), buildErrorResponseString(this.authenticationResponse.toErrorResponse())});
        ActionSupport.buildEvent(profileRequestContext, "MessageProcessingError");
    }

    private String buildErrorResponseString(@Nonnull AuthenticationErrorResponse authenticationErrorResponse) {
        StringBuilder sb = new StringBuilder();
        if (authenticationErrorResponse.getErrorObject() != null) {
            sb.append("Code -> '").append(authenticationErrorResponse.getErrorObject().getCode()).append("'");
            sb.append(", ");
            sb.append("Description -> '").append(authenticationErrorResponse.getErrorObject().getDescription()).append("'");
        } else {
            sb.append("Unknown error response");
        }
        return sb.toString();
    }
}
