package net.shibboleth.idp.plugin.authn.oidc.rp.messaging.impl;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.openid.connect.sdk.Prompt;
import java.time.Duration;
import javax.annotation.Nonnull;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/messaging/impl/AddForceAuthenticationHandler.class */
public class AddForceAuthenticationHandler extends AbstractOIDCAuthenticationRequestActionMessageHandler {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AddForceAuthenticationHandler.class);

    protected void doInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException {
        if (!getProfileConfiguration().isForceAuthn(lookupProfileRequestContext(messageContext))) {
            this.log.trace("{} No ForceAuthn requirement, so no prompt or max_age set", getLogPrefix());
            return;
        }
        this.log.trace("{} Setting prompt=login and max_age=0 (ForceAuthn) for OIDC AuthnRequest", getLogPrefix());
        try {
            getAuthenticationRequest().setPrompt(Prompt.parse(Prompt.Type.LOGIN.toString()));
            getAuthenticationRequest().setMaxAge(Duration.ofSeconds(0L));
        } catch (ParseException e) {
            throw new MessageHandlerException("Unable to honour force-authn, setting prompt to force-login as failed", e);
        }
    }
}
