package net.shibboleth.idp.authn.duo.impl;

import java.util.Map;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.idp.authn.AbstractAuthenticationAction;
import net.shibboleth.idp.authn.AuthnEventIds;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.duo.DuoAuthAPI;
import net.shibboleth.idp.authn.duo.context.DuoAuthenticationContext;
import net.shibboleth.idp.ui.context.RelyingPartyUIContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.net.HttpServletSupport;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-authn-impl-4.3.1.jar:net/shibboleth/idp/authn/duo/impl/ExtractDuoAuthenticationFromHeaders.class */
public class ExtractDuoAuthenticationFromHeaders extends AbstractAuthenticationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) ExtractDuoAuthenticationFromHeaders.class);
    private boolean autoAuthenticationSupported = true;
    private boolean clientAddressTrusted = true;

    @NotEmpty
    @Nonnull
    private String factorHeaderName = DuoAuthAPI.DUO_FACTOR_HEADER_NAME;

    @NotEmpty
    @Nonnull
    private String deviceHeaderName = DuoAuthAPI.DUO_DEVICE_HEADER_NAME;

    @NotEmpty
    @Nonnull
    private String passcodeHeaderName = DuoAuthAPI.DUO_PASSCODE_HEADER_NAME;

    @Nullable
    private Function<ProfileRequestContext, Map<String, String>> pushInfoLookupStrategy;

    ExtractDuoAuthenticationFromHeaders() {
    }

    public void setFactorHeader(@NotEmpty @Nonnull String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.factorHeaderName = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Factor header name cannot be null or empty.");
    }

    public void setDeviceHeader(@NotEmpty @Nonnull String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.deviceHeaderName = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Device header name cannot be null or empty.");
    }

    public void setPasscodeHeader(@NotEmpty @Nonnull String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.passcodeHeaderName = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Passcode header name cannot be null or empty.");
    }

    public boolean isClientAddressTrusted() {
        return this.clientAddressTrusted;
    }

    public void setClientAdddressTrusted(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.clientAddressTrusted = z;
    }

    public boolean isAutoAuthenticationSupported() {
        return this.autoAuthenticationSupported;
    }

    public void setAutoAuthenticationSupported(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.autoAuthenticationSupported = z;
    }

    public void setPushInfoLookupStrategy(@Nullable Function<ProfileRequestContext, Map<String, String>> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.pushInfoLookupStrategy = function;
    }

    @Override // net.shibboleth.idp.authn.AbstractAuthenticationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        this.log.debug("{} Checking for Duo authentication headers", getLogPrefix());
        DuoAuthenticationContext duoAuthenticationContext = new DuoAuthenticationContext();
        extractHeaders(duoAuthenticationContext);
        if (duoAuthenticationContext.getFactor() == null) {
            if (!this.autoAuthenticationSupported || profileRequestContext.isBrowserProfile()) {
                this.log.debug("{} No Duo factor specified, auto method will not be attempted", getLogPrefix());
                ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS);
                return;
            } else {
                this.log.debug("{} Non-browser request with no Duo factor specified, enabling auto method", getLogPrefix());
                duoAuthenticationContext.setFactor("auto");
            }
        }
        if ("passcode".equals(duoAuthenticationContext.getFactor())) {
            if (duoAuthenticationContext.getPasscode() == null) {
                this.log.warn("{} Request for passcode-based Duo login with no password supplied", getLogPrefix());
                ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS);
                return;
            }
        } else if (this.autoAuthenticationSupported && duoAuthenticationContext.getDeviceID() == null) {
            duoAuthenticationContext.setDeviceID("auto");
        }
        if (this.pushInfoLookupStrategy != null) {
            Map<String, String> apply = this.pushInfoLookupStrategy.apply(profileRequestContext);
            if (apply != null) {
                duoAuthenticationContext.getPushInfo().putAll(apply);
            }
        } else {
            RelyingPartyUIContext relyingPartyUIContext = (RelyingPartyUIContext) authenticationContext.getSubcontext(RelyingPartyUIContext.class);
            if (relyingPartyUIContext != null && relyingPartyUIContext.getServiceName() != null) {
                duoAuthenticationContext.getPushInfo().put("service", relyingPartyUIContext.getServiceName());
            }
        }
        authenticationContext.addSubcontext(duoAuthenticationContext, true);
        Logger logger = this.log;
        Object[] objArr = new Object[4];
        objArr[0] = getLogPrefix();
        objArr[1] = duoAuthenticationContext.getFactor();
        objArr[2] = duoAuthenticationContext.getDeviceID();
        objArr[3] = duoAuthenticationContext.getPasscode() != null ? "set" : "not set";
        logger.debug("{} Duo AuthAPI parameters extracted from request (Factor: {}, Device: {}, Passcode: {})", objArr);
    }

    protected void extractHeaders(@Nonnull DuoAuthenticationContext duoAuthenticationContext) {
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        if (httpServletRequest == null) {
            return;
        }
        if (this.clientAddressTrusted) {
            duoAuthenticationContext.setClientAddress(HttpServletSupport.getRemoteAddr(httpServletRequest));
        }
        String header = httpServletRequest.getHeader(this.factorHeaderName);
        if (header != null && !header.isEmpty()) {
            duoAuthenticationContext.setFactor(header);
        }
        String header2 = httpServletRequest.getHeader(this.deviceHeaderName);
        if (header2 != null && !header2.isEmpty()) {
            duoAuthenticationContext.setDeviceID(header2);
        }
        String header3 = httpServletRequest.getHeader(this.passcodeHeaderName);
        if (header3 == null || header3.isEmpty()) {
            return;
        }
        duoAuthenticationContext.setPasscode(header3);
    }
}
