package net.shibboleth.idp.cas.flow.impl;

import javax.annotation.Nonnull;
import net.shibboleth.idp.cas.protocol.ProtocolError;
import net.shibboleth.idp.session.IdPSession;
import net.shibboleth.idp.session.SessionException;
import net.shibboleth.idp.session.SessionResolver;
import net.shibboleth.idp.session.context.SessionContext;
import net.shibboleth.idp.session.criterion.SessionIdCriterion;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:net/shibboleth/idp/cas/flow/impl/ValidateIdpSessionAction.class */
public class ValidateIdpSessionAction extends AbstractCASProtocolAction {
    private final Logger log = LoggerFactory.getLogger(ValidateIdpSessionAction.class);

    @Nonnull
    private final SessionResolver sessionResolver;

    public ValidateIdpSessionAction(@Nonnull SessionResolver sessionResolver) {
        this.sessionResolver = (SessionResolver) Constraint.isNotNull(sessionResolver, "Session resolver cannot be null.");
    }

    @Nonnull
    protected Event doExecute(@Nonnull RequestContext requestContext, @Nonnull ProfileRequestContext profileRequestContext) {
        String sessionId = getCASTicket(profileRequestContext).getSessionId();
        try {
            this.log.debug("Attempting to retrieve session {}", sessionId);
            IdPSession idPSession = (IdPSession) this.sessionResolver.resolveSingle(new CriteriaSet(new Criterion[]{new SessionIdCriterion(sessionId)}));
            boolean z = idPSession == null;
            if (idPSession != null) {
                try {
                    z = !idPSession.checkTimeout();
                    this.log.debug("Session {} expired={}", sessionId, Boolean.valueOf(z));
                } catch (SessionException e) {
                    this.log.debug("Error performing session timeout check. Assuming session has expired.", e);
                    z = true;
                }
            }
            if (z) {
                return ProtocolError.SessionExpired.event(this);
            }
            SessionContext sessionContext = new SessionContext();
            sessionContext.setIdPSession(idPSession);
            profileRequestContext.addSubcontext(sessionContext);
            return null;
        } catch (ResolverException e2) {
            this.log.debug("IdP session retrieval failed with error: {}", e2);
            return ProtocolError.SessionRetrievalError.event(this);
        }
    }
}
