package pl.edu.icm.unity.saml.sp.web;

import java.io.IOException;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.AuthenticationOptionKeyUtils;
import pl.edu.icm.unity.saml.sp.RemoteAuthnContext;
import pl.edu.icm.unity.saml.sp.SAMLExchange;
import pl.edu.icm.unity.saml.sp.SAMLSPProperties;
import pl.edu.icm.unity.saml.sp.SamlContextManagement;
import pl.edu.icm.unity.webui.authn.ProxyAuthenticationFilter;

/* loaded from: input_file:pl/edu/icm/unity/saml/sp/web/SAMLProxyAuthnHandler.class */
class SAMLProxyAuthnHandler {
    private static final Logger log = Log.getLogger("unity.server.saml", SAMLProxyAuthnHandler.class);
    private final SAMLExchange credentialExchange;
    private final SamlContextManagement samlContextManagement;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SAMLProxyAuthnHandler(SAMLExchange sAMLExchange, SamlContextManagement samlContextManagement) {
        this.credentialExchange = sAMLExchange;
        this.samlContextManagement = samlContextManagement;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean triggerAutomatedAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return startLogin(getIdpConfigKey(httpServletRequest), httpServletRequest, httpServletResponse);
    }

    private String getIdpConfigKey(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("uy_select_authn");
        Set structuredListKeys = this.credentialExchange.getSamlValidatorSettings().getStructuredListKeys(SAMLSPProperties.IDP_PREFIX);
        if (parameter == null) {
            if (structuredListKeys.size() > 1) {
                throw new IllegalStateException("SAML authentication option was not requested with uy_select_authn and there are multiple options installed: can not perform automatic authentication.");
            }
            return (String) structuredListKeys.iterator().next();
        }
        String str = SAMLSPProperties.IDP_PREFIX + AuthenticationOptionKeyUtils.decodeOption(parameter) + ".";
        if (structuredListKeys.contains(str)) {
            return str;
        }
        throw new IllegalStateException("Client requested authN option " + str + ", which is not available in the authenticator selected for automated proxy authN. Ignoring the request.");
    }

    private boolean startLogin(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        log.debug("Starting automatic proxy authentication with remote SAML IdP configured under {}", str);
        HttpSession session = httpServletRequest.getSession();
        if (((RemoteAuthnContext) session.getAttribute(SAMLRetrieval.REMOTE_AUTHN_CONTEXT)) != null) {
            log.debug("Ignoring automated login as the previous remote SAML authentication is still in progress.");
            return false;
        }
        try {
            RemoteAuthnContext createSAMLRequest = this.credentialExchange.createSAMLRequest(str, ProxyAuthenticationFilter.getCurrentRelativeURL(httpServletRequest));
            session.setAttribute(SAMLRetrieval.REMOTE_AUTHN_CONTEXT, createSAMLRequest);
            this.samlContextManagement.addAuthnContext(createSAMLRequest);
            RedirectRequestHandler.handleRequest(createSAMLRequest, httpServletResponse);
            return true;
        } catch (Exception e) {
            throw new IllegalStateException("Can not create SAML authN request", e);
        }
    }
}
