package net.shibboleth.idp.authn;

import com.google.common.base.Strings;
import com.google.common.net.UrlEscapers;
import java.io.IOException;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.ExternalAuthenticationContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.profile.context.ProfileRequestContext;
import org.springframework.webflow.context.ExternalContextHolder;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.repository.FlowExecutionRepository;
import org.springframework.webflow.execution.repository.FlowExecutionRepositoryException;
import org.springframework.webflow.executor.FlowExecutorImpl;

/* loaded from: input_file:WEB-INF/lib/idp-authn-api-4.3.2.jar:net/shibboleth/idp/authn/ExternalAuthentication.class */
public abstract class ExternalAuthentication {

    @NotEmpty
    @Nonnull
    public static final String SWF_KEY = "net.shibboleth.idp.flowExecutor";

    @NotEmpty
    @Nonnull
    public static final String CONVERSATION_KEY = "conversation";

    @NotEmpty
    @Nonnull
    public static final String PRINCIPAL_KEY = "principal";

    @NotEmpty
    @Nonnull
    public static final String PRINCIPAL_NAME_KEY = "principal_name";

    @NotEmpty
    @Nonnull
    public static final String SUBJECT_KEY = "subject";

    @NotEmpty
    @Nonnull
    public static final String AUTHENTICATION_INSTANT_KEY = "authnInstant";

    @NotEmpty
    @Nonnull
    public static final String AUTHENTICATING_AUTHORITIES_KEY = "authnAuthorities";

    @NotEmpty
    @Nonnull
    public static final String ATTRIBUTES_KEY = "attributes";

    @NotEmpty
    @Nonnull
    public static final String AUTHENTICATION_ERROR_KEY = "authnError";

    @NotEmpty
    @Nonnull
    public static final String AUTHENTICATION_EXCEPTION_KEY = "authnException";

    @NotEmpty
    @Nonnull
    public static final String DONOTCACHE_KEY = "doNotCache";

    @NotEmpty
    @Nonnull
    public static final String REVOKECONSENT_KEY = "revokeConsent";

    @NotEmpty
    @Nonnull
    public static final String PREVIOUSRESULT_KEY = "previousResult";

    @NotEmpty
    @Nonnull
    public static final String FORCE_AUTHN_PARAM = "forceAuthn";

    @NotEmpty
    @Nonnull
    public static final String PASSIVE_AUTHN_PARAM = "isPassive";

    @NotEmpty
    @Nonnull
    public static final String RELYING_PARTY_PARAM = "relyingParty";

    @NotEmpty
    @Nonnull
    public static final String EXTENDED_FLOW_PARAM = "extended";

    @NotEmpty
    @Nonnull
    public static String getExternalRedirect(@NotEmpty @Nonnull String str, @NotEmpty @Nonnull String str2) {
        Constraint.isNotEmpty(str, "Base location cannot be null or empty");
        StringBuilder sb = new StringBuilder(str);
        sb.append(str.indexOf(63) == -1 ? '?' : '&');
        sb.append("conversation").append('=').append(UrlEscapers.urlFormParameterEscaper().escape(str2));
        return sb.toString();
    }

    @NotEmpty
    @Nonnull
    public static String startExternalAuthentication(@Nonnull HttpServletRequest httpServletRequest) throws ExternalAuthenticationException {
        String parameter = httpServletRequest.getParameter("conversation");
        if (Strings.isNullOrEmpty(parameter)) {
            throw new ExternalAuthenticationException("No conversation key found in request");
        }
        ProfileRequestContext profileRequestContext = getProfileRequestContext(parameter, httpServletRequest);
        ExternalAuthenticationContext externalAuthenticationContext = getExternalAuthenticationContext(profileRequestContext);
        externalAuthenticationContext.getExternalAuthentication().doStart(httpServletRequest, profileRequestContext, externalAuthenticationContext);
        return parameter;
    }

    public static void finishExternalAuthentication(@NotEmpty @Nonnull String str, @Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse) throws ExternalAuthenticationException, IOException {
        ProfileRequestContext profileRequestContext = getProfileRequestContext(str, httpServletRequest);
        ExternalAuthenticationContext externalAuthenticationContext = getExternalAuthenticationContext(profileRequestContext);
        externalAuthenticationContext.getExternalAuthentication().doFinish(httpServletRequest, httpServletResponse, profileRequestContext, externalAuthenticationContext);
    }

    @Nonnull
    public static ProfileRequestContext getProfileRequestContext(@NotEmpty @Nonnull String str, @Nonnull HttpServletRequest httpServletRequest) throws ExternalAuthenticationException {
        Object attribute = httpServletRequest.getServletContext().getAttribute("net.shibboleth.idp.flowExecutor");
        try {
            if (!(attribute instanceof FlowExecutorImpl)) {
                if (attribute instanceof ProfileRequestContext) {
                    return (ProfileRequestContext) attribute;
                }
                throw new ExternalAuthenticationException("No FlowExecutor available in servlet context");
            }
            try {
                FlowExecutionRepository executionRepository = ((FlowExecutorImpl) attribute).getExecutionRepository();
                ExternalContextHolder.setExternalContext(new ServletExternalContext(httpServletRequest.getServletContext(), httpServletRequest, null));
                Object obj = executionRepository.getFlowExecution(executionRepository.parseFlowExecutionKey(str)).getConversationScope().get(ProfileRequestContext.BINDING_KEY);
                if (!(obj instanceof ProfileRequestContext)) {
                    throw new ExternalAuthenticationException("ProfileRequestContext not available in webflow conversation scope");
                }
                ProfileRequestContext profileRequestContext = (ProfileRequestContext) obj;
                ExternalContextHolder.setExternalContext(null);
                return profileRequestContext;
            } catch (FlowExecutionRepositoryException e) {
                throw new ExternalAuthenticationException("Error retrieving flow conversation", e);
            }
        } catch (Throwable th) {
            ExternalContextHolder.setExternalContext(null);
            throw th;
        }
    }

    @Nonnull
    private static ExternalAuthenticationContext getExternalAuthenticationContext(@Nonnull ProfileRequestContext profileRequestContext) throws ExternalAuthenticationException {
        AuthenticationContext authenticationContext = (AuthenticationContext) profileRequestContext.getSubcontext(AuthenticationContext.class);
        if (authenticationContext == null) {
            throw new ExternalAuthenticationException("No AuthenticationContext found");
        }
        ExternalAuthenticationContext externalAuthenticationContext = (ExternalAuthenticationContext) authenticationContext.getSubcontext(ExternalAuthenticationContext.class);
        if (externalAuthenticationContext == null) {
            throw new ExternalAuthenticationException("No ExternalInterceptorContext found");
        }
        return externalAuthenticationContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doStart(@Nonnull HttpServletRequest httpServletRequest, @Nonnull ProfileRequestContext profileRequestContext, @Nonnull ExternalAuthenticationContext externalAuthenticationContext) throws ExternalAuthenticationException {
        httpServletRequest.setAttribute(ProfileRequestContext.BINDING_KEY, profileRequestContext);
    }

    protected abstract void doFinish(@Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse, @Nonnull ProfileRequestContext profileRequestContext, @Nonnull ExternalAuthenticationContext externalAuthenticationContext) throws ExternalAuthenticationException, IOException;
}
