package pl.edu.icm.unity.engine.authn.remote;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Objects;
import java.util.function.Supplier;
import org.apache.logging.log4j.Logger;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorStepContext;
import pl.edu.icm.unity.engine.api.authn.InteractiveAuthenticationProcessor;
import pl.edu.icm.unity.engine.api.authn.RemoteAuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.remote.AuthenticationTriggeringContext;
import pl.edu.icm.unity.engine.api.authn.remote.RedirectedAuthnState;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthnResponseProcessor;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteSandboxAuthnContext;
import pl.edu.icm.unity.engine.api.authn.remote.RemotelyAuthenticatedInput;
import pl.edu.icm.unity.engine.api.authn.remote.RemotelyAuthenticatedPrincipal;
import pl.edu.icm.unity.engine.api.authn.sandbox.SandboxAuthenticationResult;
import pl.edu.icm.unity.engine.api.utils.LogRecorder;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/authn/remote/RemoteAuthnResponseProcessorImpl.class */
class RemoteAuthnResponseProcessorImpl implements RemoteAuthnResponseProcessor {
    private static final Logger log = Log.getLogger("unity.server.authn", RemoteAuthnResponseProcessorImpl.class);
    private final InteractiveAuthenticationProcessor authnProcessor;

    RemoteAuthnResponseProcessorImpl(InteractiveAuthenticationProcessor interactiveAuthenticationProcessor) {
        this.authnProcessor = interactiveAuthenticationProcessor;
    }

    public InteractiveAuthenticationProcessor.PostAuthenticationStepDecision processResponse(RedirectedAuthnState redirectedAuthnState, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, InteractiveAuthenticationProcessor.SessionReinitializer sessionReinitializer) {
        AuthenticationTriggeringContext authenticationTriggeringContext = redirectedAuthnState.getAuthenticationTriggeringContext();
        return authenticationTriggeringContext.isSandboxTriggered() ? processResponseInSandboxMode(redirectedAuthnState, httpServletRequest, authenticationTriggeringContext) : processResponseInProductionMode(redirectedAuthnState, httpServletRequest, httpServletResponse, authenticationTriggeringContext, sessionReinitializer);
    }

    private InteractiveAuthenticationProcessor.PostAuthenticationStepDecision processResponseInProductionMode(RedirectedAuthnState redirectedAuthnState, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationTriggeringContext authenticationTriggeringContext, InteractiveAuthenticationProcessor.SessionReinitializer sessionReinitializer) {
        AuthenticationResult processAnswer = redirectedAuthnState.processAnswer();
        return authenticationTriggeringContext.isRegistrationTriggered() ? this.authnProcessor.processRemoteRegistrationResult(processAnswer, redirectedAuthnState.getAuthenticationStepContext(), redirectedAuthnState.getInitialLoginMachine(), httpServletRequest) : processRegularAuthenticationResult(redirectedAuthnState, httpServletRequest, httpServletResponse, processAnswer, sessionReinitializer);
    }

    private InteractiveAuthenticationProcessor.PostAuthenticationStepDecision processResponseInSandboxMode(RedirectedAuthnState redirectedAuthnState, HttpServletRequest httpServletRequest, AuthenticationTriggeringContext authenticationTriggeringContext) {
        Objects.requireNonNull(redirectedAuthnState);
        SandboxAuthenticationResult executeVerificatorInSandboxMode = executeVerificatorInSandboxMode(redirectedAuthnState::processAnswer, authenticationTriggeringContext);
        return authenticationTriggeringContext.isRegistrationTriggered() ? this.authnProcessor.processRemoteRegistrationResult(executeVerificatorInSandboxMode, redirectedAuthnState.getAuthenticationStepContext(), redirectedAuthnState.getInitialLoginMachine(), httpServletRequest) : processSandboxAuthenticationResult(redirectedAuthnState, httpServletRequest, executeVerificatorInSandboxMode);
    }

    public AuthenticationResult executeVerificator(Supplier<AuthenticationResult> supplier, AuthenticationTriggeringContext authenticationTriggeringContext) {
        return authenticationTriggeringContext.isSandboxTriggered() ? executeVerificatorInSandboxMode(supplier, authenticationTriggeringContext) : supplier.get();
    }

    private SandboxAuthenticationResult executeVerificatorInSandboxMode(Supplier<AuthenticationResult> supplier, AuthenticationTriggeringContext authenticationTriggeringContext) {
        LogRecorder logRecorder = new LogRecorder(Log.REMOTE_AUTHENTICATION_RELATED_FACILITIES);
        logRecorder.startLogRecording();
        try {
            try {
                AuthenticationResult authenticationResult = supplier.get();
                logRecorder.stopLogRecording();
                return !authenticationResult.isRemote() ? handleNonRemoteSandboxResult(logRecorder, authenticationResult) : handleRemoteSandboxResult(logRecorder, authenticationResult.asRemote());
            } catch (Exception e) {
                SandboxAuthenticationResult handleVerificatorException = handleVerificatorException(logRecorder, e);
                logRecorder.stopLogRecording();
                return handleVerificatorException;
            }
        } catch (Throwable th) {
            logRecorder.stopLogRecording();
            throw th;
        }
    }

    private SandboxAuthenticationResult handleRemoteSandboxResult(LogRecorder logRecorder, RemoteAuthenticationResult remoteAuthenticationResult) {
        RemoteSandboxAuthnContext succeededAuthn;
        RemotelyAuthenticatedPrincipal remotelyAuthenticatedPrincipal = remoteAuthenticationResult.getRemotelyAuthenticatedPrincipal();
        if (remoteAuthenticationResult.getStatus() == AuthenticationResult.Status.deny) {
            succeededAuthn = RemoteSandboxAuthnContext.failedAuthn(remoteAuthenticationResult.getErrorResult().cause, logRecorder.getCapturedLogs().toString(), remotelyAuthenticatedPrincipal != null ? remotelyAuthenticatedPrincipal.getAuthnInput() : null);
        } else {
            succeededAuthn = RemoteSandboxAuthnContext.succeededAuthn(remoteAuthenticationResult.getRemotelyAuthenticatedPrincipal(), logRecorder.getCapturedLogs().toString());
        }
        return new SandboxAuthenticationResult(remoteAuthenticationResult, succeededAuthn);
    }

    private SandboxAuthenticationResult handleVerificatorException(LogRecorder logRecorder, Exception exc) {
        log.error("Verificator has thrown an exception (sandbox execution)", exc);
        return new SandboxAuthenticationResult(RemoteAuthenticationResult.failed(exc), RemoteSandboxAuthnContext.failedAuthn(exc, logRecorder.getCapturedLogs().toString(), (RemotelyAuthenticatedInput) null));
    }

    private SandboxAuthenticationResult handleNonRemoteSandboxResult(LogRecorder logRecorder, AuthenticationResult authenticationResult) {
        log.error("Got non-remote authn result in sandbox mode: {}, returning failure. That's a bug.", authenticationResult);
        return new SandboxAuthenticationResult(RemoteAuthenticationResult.failed(new IllegalStateException("Got non-remote authn result in sandbox mode: " + authenticationResult + ", returning failure. That's a bug.")), RemoteSandboxAuthnContext.failedAuthn(new IllegalStateException("Got non-remote authn result in sandbox mode: " + authenticationResult + ", returning failure. That's a bug."), logRecorder.getCapturedLogs().toString(), (RemotelyAuthenticatedInput) null));
    }

    private InteractiveAuthenticationProcessor.PostAuthenticationStepDecision processRegularAuthenticationResult(RedirectedAuthnState redirectedAuthnState, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationResult authenticationResult, InteractiveAuthenticationProcessor.SessionReinitializer sessionReinitializer) {
        return redirectedAuthnState.getAuthenticationStepContext().factor == AuthenticatorStepContext.FactorOrder.FIRST ? this.authnProcessor.processFirstFactorResult(authenticationResult, redirectedAuthnState.getAuthenticationStepContext(), redirectedAuthnState.getInitialLoginMachine(), redirectedAuthnState.getAuthenticationTriggeringContext().rememberMeSet, httpServletRequest, httpServletResponse, sessionReinitializer) : this.authnProcessor.processSecondFactorResult(redirectedAuthnState.getAuthenticationTriggeringContext().firstFactorAuthnState, authenticationResult, redirectedAuthnState.getAuthenticationStepContext(), redirectedAuthnState.getInitialLoginMachine(), redirectedAuthnState.getAuthenticationTriggeringContext().rememberMeSet, httpServletRequest, httpServletResponse, sessionReinitializer);
    }

    private InteractiveAuthenticationProcessor.PostAuthenticationStepDecision processSandboxAuthenticationResult(RedirectedAuthnState redirectedAuthnState, HttpServletRequest httpServletRequest, SandboxAuthenticationResult sandboxAuthenticationResult) {
        return redirectedAuthnState.getAuthenticationStepContext().factor == AuthenticatorStepContext.FactorOrder.FIRST ? this.authnProcessor.processFirstFactorSandboxAuthnResult(sandboxAuthenticationResult, redirectedAuthnState.getAuthenticationStepContext(), redirectedAuthnState.getInitialLoginMachine(), httpServletRequest, redirectedAuthnState.getAuthenticationTriggeringContext().sandboxRouter) : this.authnProcessor.processSecondFactorSandboxAuthnResult(redirectedAuthnState.getAuthenticationTriggeringContext().firstFactorAuthnState, sandboxAuthenticationResult, redirectedAuthnState.getAuthenticationStepContext(), redirectedAuthnState.getInitialLoginMachine(), httpServletRequest, redirectedAuthnState.getAuthenticationTriggeringContext().sandboxRouter);
    }
}
