package pl.edu.icm.unity.engine.api.authn;

import java.util.ArrayList;
import java.util.List;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.remote.UnknownRemoteUserException;
import pl.edu.icm.unity.engine.api.endpoint.BindingAuthn;
import pl.edu.icm.unity.engine.api.session.SessionParticipant;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/api/authn/AuthenticationProcessor.class */
public class AuthenticationProcessor {

    /* loaded from: input_file:pl/edu/icm/unity/engine/api/authn/AuthenticationProcessor$PartialAuthnState.class */
    public interface PartialAuthnState {
        boolean isSecondaryAuthenticationRequired();

        BindingAuthn getSecondaryAuthenticator();

        AuthenticationResult getPrimaryResult();
    }

    /* loaded from: input_file:pl/edu/icm/unity/engine/api/authn/AuthenticationProcessor$PartialAuthnStateImpl.class */
    private class PartialAuthnStateImpl implements PartialAuthnState {
        private BindingAuthn secondaryAuthenticator;
        private AuthenticationResult primaryResult;

        public PartialAuthnStateImpl(BindingAuthn bindingAuthn, AuthenticationResult authenticationResult) {
            this.secondaryAuthenticator = bindingAuthn;
            this.primaryResult = authenticationResult;
        }

        @Override // pl.edu.icm.unity.engine.api.authn.AuthenticationProcessor.PartialAuthnState
        public boolean isSecondaryAuthenticationRequired() {
            return this.secondaryAuthenticator != null;
        }

        @Override // pl.edu.icm.unity.engine.api.authn.AuthenticationProcessor.PartialAuthnState
        public BindingAuthn getSecondaryAuthenticator() {
            return this.secondaryAuthenticator;
        }

        @Override // pl.edu.icm.unity.engine.api.authn.AuthenticationProcessor.PartialAuthnState
        public AuthenticationResult getPrimaryResult() {
            return this.primaryResult;
        }
    }

    public PartialAuthnState processPrimaryAuthnResult(AuthenticationResult authenticationResult, AuthenticationOption authenticationOption) throws AuthenticationException {
        if (authenticationResult.getStatus() == AuthenticationResult.Status.success) {
            return authenticationOption.getMandatory2ndAuthenticator() != null ? new PartialAuthnStateImpl(authenticationOption.getMandatory2ndAuthenticator(), authenticationResult) : new PartialAuthnStateImpl(null, authenticationResult);
        }
        if (authenticationResult.getStatus() == AuthenticationResult.Status.unknownRemotePrincipal) {
            throw new UnknownRemoteUserException("AuthenticationProcessorUtil.authnFailed", authenticationResult);
        }
        throw new AuthenticationException("AuthenticationProcessorUtil.authnFailed");
    }

    public AuthenticatedEntity finalizeAfterPrimaryAuthentication(PartialAuthnState partialAuthnState) {
        if (partialAuthnState.isSecondaryAuthenticationRequired()) {
            throw new IllegalStateException("BUG: code tried to finalize authentication requiring MFA after first authentication");
        }
        return partialAuthnState.getPrimaryResult().getAuthenticatedEntity();
    }

    public AuthenticatedEntity finalizeAfterSecondaryAuthentication(PartialAuthnState partialAuthnState, AuthenticationResult authenticationResult) throws AuthenticationException {
        if (!partialAuthnState.isSecondaryAuthenticationRequired()) {
            throw new IllegalStateException("BUG: code tried to finalize authentication with additional authentication while only one was selected");
        }
        if (authenticationResult.getStatus() != AuthenticationResult.Status.success) {
            if (authenticationResult.getStatus() == AuthenticationResult.Status.unknownRemotePrincipal) {
                throw new AuthenticationException("AuthenticationProcessorUtil.authnWrongUsers");
            }
            throw new AuthenticationException("AuthenticationProcessorUtil.authnFailed");
        }
        Long entityId = authenticationResult.getAuthenticatedEntity().getEntityId();
        AuthenticatedEntity authenticatedEntity = partialAuthnState.getPrimaryResult().getAuthenticatedEntity();
        if (!entityId.equals(authenticatedEntity.getEntityId())) {
            throw new AuthenticationException("AuthenticationProcessorUtil.authnWrongUsers");
        }
        AuthenticatedEntity authenticatedEntity2 = authenticationResult.getAuthenticatedEntity();
        authenticatedEntity2.getAuthenticatedWith().addAll(authenticatedEntity.getAuthenticatedWith());
        return authenticatedEntity2;
    }

    public static List<SessionParticipant> extractParticipants(AuthenticationResult... authenticationResultArr) throws AuthenticationException {
        ArrayList arrayList = new ArrayList();
        for (AuthenticationResult authenticationResult : authenticationResultArr) {
            if (authenticationResult.getRemoteAuthnContext() != null && authenticationResult.getRemoteAuthnContext().getSessionParticipants() != null) {
                arrayList.addAll(authenticationResult.getRemoteAuthnContext().getSessionParticipants());
            }
        }
        return arrayList;
    }
}
