package net.shibboleth.idp.plugin.authn.totp.impl;

import jakarta.servlet.http.HttpServletRequest;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AbstractAuthenticationAction;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.AuthenticationErrorContext;
import net.shibboleth.idp.plugin.authn.totp.context.TOTPContext;
import net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/totp/impl/AbstractTOTPExtractionAction.class */
public abstract class AbstractTOTPExtractionAction extends AbstractAuthenticationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AbstractTOTPExtractionAction.class);

    @Nonnull
    private Function<ProfileRequestContext, String> usernameLookupStrategy = new CanonicalUsernameLookupStrategy();

    @Nonnull
    private Function<AuthenticationContext, TOTPContext> totpContextCreationStrategy = new ChildContextLookup(TOTPContext.class, true);

    public void setUsernameLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        checkSetterPreconditions();
        this.usernameLookupStrategy = (Function) Constraint.isNotNull(function, "Username lookup strategy cannot be null");
    }

    public void setTOTPContextCreationStrategy(@Nonnull Function<AuthenticationContext, TOTPContext> function) {
        checkSetterPreconditions();
        this.totpContextCreationStrategy = (Function) Constraint.isNotNull(function, "TOTPContext creation strategy cannot be null");
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        authenticationContext.removeSubcontext(AuthenticationErrorContext.class);
        TOTPContext apply = this.totpContextCreationStrategy.apply(authenticationContext);
        if (apply == null) {
            this.log.warn("{} Unable to create TOTP context", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
            return;
        }
        apply.setTokenCode(null);
        if (apply.getUsername() == null) {
            String apply2 = this.usernameLookupStrategy.apply(profileRequestContext);
            if (apply2 == null) {
                this.log.warn("{} No principal name available", getLogPrefix());
                ActionSupport.buildEvent(profileRequestContext, "UnknownUsername");
                return;
            }
            apply.setUsername(apply2);
        }
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        if (httpServletRequest == null) {
            this.log.debug("{} Profile action does not contain an HttpServletRequest", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "NoCredentials");
            return;
        }
        String extractCode = extractCode(httpServletRequest);
        if (extractCode == null) {
            ActionSupport.buildEvent(profileRequestContext, "NoCredentials");
            return;
        }
        try {
            apply.setTokenCode(Integer.valueOf(extractCode));
        } catch (NumberFormatException e) {
            this.log.warn("{} Exception converting code string to an integer", getLogPrefix(), e);
            authenticationContext.ensureSubcontext(AuthenticationErrorContext.class).getClassifiedErrors().add("InvalidCredentials");
            ActionSupport.buildEvent(profileRequestContext, "InvalidCredentials");
        }
    }

    @Nullable
    protected abstract String extractCode(@Nonnull HttpServletRequest httpServletRequest);
}
