package net.shibboleth.idp.authn.impl;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.Principal;
import java.time.Instant;
import java.util.Collection;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.security.auth.Subject;
import net.shibboleth.idp.attribute.context.AttributeContext;
import net.shibboleth.idp.authn.ExternalAuthentication;
import net.shibboleth.idp.authn.ExternalAuthenticationException;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.ExternalAuthenticationContext;
import net.shibboleth.idp.consent.context.ConsentManagementContext;
import net.shibboleth.profile.context.RelyingPartyContext;
import net.shibboleth.shared.logic.Constraint;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;

/* loaded from: input_file:WEB-INF/lib/idp-authn-impl-5.0.0.jar:net/shibboleth/idp/authn/impl/ExternalAuthenticationImpl.class */
public class ExternalAuthenticationImpl extends ExternalAuthentication {

    @Nonnull
    private Function<ProfileRequestContext, RelyingPartyContext> relyingPartyContextLookupStrategy;
    private final boolean extendedFlow;

    public ExternalAuthenticationImpl() {
        this(false);
    }

    public ExternalAuthenticationImpl(boolean z) {
        this.extendedFlow = z;
        this.relyingPartyContextLookupStrategy = new ChildContextLookup(RelyingPartyContext.class);
    }

    public void setRelyingPartyContextLookupStrategy(@Nonnull Function<ProfileRequestContext, RelyingPartyContext> function) {
        this.relyingPartyContextLookupStrategy = (Function) Constraint.isNotNull(function, "RelyingPartyContext lookup strategy cannot be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.authn.ExternalAuthentication
    public void doStart(@Nonnull HttpServletRequest httpServletRequest, @Nonnull ProfileRequestContext profileRequestContext, @Nonnull ExternalAuthenticationContext externalAuthenticationContext) throws ExternalAuthenticationException {
        super.doStart(httpServletRequest, profileRequestContext, externalAuthenticationContext);
        AuthenticationContext authenticationContext = (AuthenticationContext) profileRequestContext.getSubcontext(AuthenticationContext.class);
        if (authenticationContext == null) {
            throw new ExternalAuthenticationException("No AuthenticationContext found");
        }
        if (authenticationContext.getAttemptedFlow() == null) {
            throw new ExternalAuthenticationException("No attempted authentication flow set");
        }
        httpServletRequest.setAttribute(ExternalAuthentication.EXTENDED_FLOW_PARAM, Boolean.valueOf(this.extendedFlow));
        httpServletRequest.setAttribute(ExternalAuthentication.PASSIVE_AUTHN_PARAM, Boolean.valueOf(authenticationContext.isPassive()));
        httpServletRequest.setAttribute(ExternalAuthentication.FORCE_AUTHN_PARAM, Boolean.valueOf(authenticationContext.isForceAuthn()));
        RelyingPartyContext apply = this.relyingPartyContextLookupStrategy.apply(profileRequestContext);
        if (apply != null) {
            httpServletRequest.setAttribute(ExternalAuthentication.RELYING_PARTY_PARAM, apply.getRelyingPartyId());
        }
    }

    @Override // net.shibboleth.idp.authn.ExternalAuthentication
    protected void doFinish(@Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse, @Nonnull ProfileRequestContext profileRequestContext, @Nonnull ExternalAuthenticationContext externalAuthenticationContext) throws ExternalAuthenticationException, IOException {
        if (externalAuthenticationContext.getFlowExecutionUrl() == null) {
            throw new ExternalAuthenticationException("No flow execution URL found to return control");
        }
        Object attribute = httpServletRequest.getAttribute(ExternalAuthentication.SUBJECT_KEY);
        if (attribute == null || !(attribute instanceof Subject)) {
            Object attribute2 = httpServletRequest.getAttribute("principal");
            if (attribute2 == null || !(attribute2 instanceof Principal)) {
                Object attribute3 = httpServletRequest.getAttribute(ExternalAuthentication.PRINCIPAL_NAME_KEY);
                if (attribute3 != null && (attribute3 instanceof String)) {
                    externalAuthenticationContext.setPrincipalName((String) attribute3);
                }
            } else {
                externalAuthenticationContext.setPrincipal((Principal) attribute2);
            }
        } else {
            externalAuthenticationContext.setSubject((Subject) attribute);
        }
        Object attribute4 = httpServletRequest.getAttribute(ExternalAuthentication.AUTHENTICATION_INSTANT_KEY);
        if (attribute4 != null && (attribute4 instanceof Instant)) {
            externalAuthenticationContext.setAuthnInstant((Instant) attribute4);
        }
        Object attribute5 = httpServletRequest.getAttribute(ExternalAuthentication.AUTHENTICATING_AUTHORITIES_KEY);
        if (attribute5 != null && (attribute5 instanceof Collection)) {
            externalAuthenticationContext.getAuthenticatingAuthorities().addAll((Collection) attribute5);
        }
        Object attribute6 = httpServletRequest.getAttribute("attributes");
        if (attribute6 != null && (attribute6 instanceof Collection)) {
            AttributeContext attributeContext = (AttributeContext) externalAuthenticationContext.ensureSubcontext(AttributeContext.class);
            attributeContext.setUnfilteredIdPAttributes((Collection) attribute6);
            attributeContext.setIdPAttributes((Collection) attribute6);
        }
        Object attribute7 = httpServletRequest.getAttribute(ExternalAuthentication.AUTHENTICATION_ERROR_KEY);
        if (attribute7 != null && (attribute7 instanceof String)) {
            externalAuthenticationContext.setAuthnError((String) attribute7);
        }
        Object attribute8 = httpServletRequest.getAttribute(ExternalAuthentication.AUTHENTICATION_EXCEPTION_KEY);
        if (attribute8 != null && (attribute8 instanceof Exception)) {
            externalAuthenticationContext.setAuthnException((Exception) attribute8);
        }
        Object attribute9 = httpServletRequest.getAttribute(ExternalAuthentication.DONOTCACHE_KEY);
        if (attribute9 != null && (attribute9 instanceof Boolean)) {
            externalAuthenticationContext.setDoNotCache(((Boolean) attribute9).booleanValue());
        }
        Object attribute10 = httpServletRequest.getAttribute(ExternalAuthentication.PREVIOUSRESULT_KEY);
        if (attribute10 != null && (attribute10 instanceof Boolean)) {
            externalAuthenticationContext.setPreviousResult(((Boolean) attribute10).booleanValue());
        }
        Object attribute11 = httpServletRequest.getAttribute(ExternalAuthentication.REVOKECONSENT_KEY);
        if (attribute11 != null && (attribute11 instanceof Boolean) && ((Boolean) attribute11).booleanValue()) {
            ((ConsentManagementContext) profileRequestContext.ensureSubcontext(ConsentManagementContext.class)).setRevokeConsent(true);
        }
        httpServletResponse.sendRedirect(externalAuthenticationContext.getFlowExecutionUrl());
    }
}
