package net.shibboleth.idp.saml.saml2.profile.impl;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AbstractAuthenticationAction;
import net.shibboleth.idp.authn.AuthnEventIds;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.ExternalAuthenticationContext;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.StatusCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-saml-impl-4.3.2.jar:net/shibboleth/idp/saml/saml2/profile/impl/ContinueSAMLAuthentication.class */
public class ContinueSAMLAuthentication extends AbstractAuthenticationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) ContinueSAMLAuthentication.class);

    @Nullable
    private ExternalAuthenticationContext extContext;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.authn.AbstractAuthenticationAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        if (!super.doPreExecute(profileRequestContext, authenticationContext)) {
            return false;
        }
        this.extContext = (ExternalAuthenticationContext) authenticationContext.getSubcontext(ExternalAuthenticationContext.class);
        if (this.extContext != null) {
            return true;
        }
        this.log.debug("{} No ExternalAuthenticationContext available within authentication context", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_AUTHN_CTX);
        return false;
    }

    @Override // net.shibboleth.idp.authn.AbstractAuthenticationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        if (this.extContext.getAuthnError() != null) {
            this.log.info("{} SAML authentication attempt signaled an error: {}", getLogPrefix(), this.extContext.getAuthnError());
            ActionSupport.buildEvent(profileRequestContext, this.extContext.getAuthnError());
        } else if (profileRequestContext.getInboundMessageContext() == null) {
            this.log.info("{} No inbound SAML Response found", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS);
        } else if (!(profileRequestContext.getInboundMessageContext().getMessage() instanceof Response)) {
            this.log.info("{} Inbound message was not a SAML Response", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.MESSAGE_PROC_ERROR);
        }
        Response response = (Response) profileRequestContext.getInboundMessageContext().getMessage();
        if (response.getStatus() == null || response.getStatus().getStatusCode() == null || response.getStatus().getStatusCode().getValue() == null) {
            this.log.info("{} SAML response did not contain a StatusCode", getLogPrefix());
            authenticationContext.removeSubcontext(SAMLAuthnContext.class);
            ActionSupport.buildEvent(profileRequestContext, EventIds.MESSAGE_PROC_ERROR);
        } else {
            if (StatusCode.SUCCESS.equals(response.getStatus().getStatusCode().getValue())) {
                return;
            }
            this.log.info("{} SAML response contained error status: {}", getLogPrefix(), response.getStatus().getStatusCode().getValue());
            authenticationContext.removeSubcontext(SAMLAuthnContext.class);
            ActionSupport.buildEvent(profileRequestContext, EventIds.MESSAGE_PROC_ERROR);
        }
    }
}
