package net.shibboleth.idp.saml.saml2.profile.impl;

import javax.annotation.Nonnull;
import net.shibboleth.idp.authn.AbstractAuthenticationAction;
import net.shibboleth.idp.authn.AuthnEventIds;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.ExternalAuthenticationContext;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.slf4j.Logger;

/* loaded from: input_file:WEB-INF/lib/idp-saml-impl-5.1.0.jar:net/shibboleth/idp/saml/saml2/profile/impl/ContinueSAMLAuthentication.class */
public class ContinueSAMLAuthentication extends AbstractAuthenticationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) ContinueSAMLAuthentication.class);
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // net.shibboleth.idp.authn.AbstractAuthenticationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        ExternalAuthenticationContext externalAuthenticationContext = (ExternalAuthenticationContext) authenticationContext.getSubcontext(ExternalAuthenticationContext.class);
        if (externalAuthenticationContext == null) {
            this.log.debug("{} No ExternalAuthenticationContext available within authentication context", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_AUTHN_CTX);
            return;
        }
        MessageContext inboundMessageContext = profileRequestContext != null ? profileRequestContext.getInboundMessageContext() : null;
        if (!$assertionsDisabled && externalAuthenticationContext == null) {
            throw new AssertionError();
        }
        String authnError = externalAuthenticationContext.getAuthnError();
        if (authnError != null) {
            this.log.info("{} SAML authentication attempt signaled an error: {}", getLogPrefix(), authnError);
            ActionSupport.buildEvent(profileRequestContext, authnError);
            return;
        }
        if (inboundMessageContext == null) {
            this.log.info("{} No inbound SAML Response found", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS);
            return;
        }
        Response response = (Response) inboundMessageContext.getMessage();
        if (response == null || !(response instanceof Response)) {
            this.log.info("{} Inbound message was not a SAML Response", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.MESSAGE_PROC_ERROR);
            return;
        }
        Status status = response.getStatus();
        StatusCode statusCode = status == null ? null : status.getStatusCode();
        if (status == null || statusCode == null || statusCode.getValue() == null) {
            this.log.info("{} SAML response did not contain a StatusCode", getLogPrefix());
            authenticationContext.removeSubcontext(SAMLAuthnContext.class);
            ActionSupport.buildEvent(profileRequestContext, EventIds.MESSAGE_PROC_ERROR);
        } else {
            if (StatusCode.SUCCESS.equals(statusCode.getValue())) {
                return;
            }
            this.log.info("{} SAML response contained error status: {}", getLogPrefix(), statusCode.getValue());
            authenticationContext.removeSubcontext(SAMLAuthnContext.class);
            ActionSupport.buildEvent(profileRequestContext, EventIds.MESSAGE_PROC_ERROR);
        }
    }

    static {
        $assertionsDisabled = !ContinueSAMLAuthentication.class.desiredAssertionStatus();
    }
}
