package nl._42.boot.saml.web;

import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import nl._42.boot.saml.SAMLProperties;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

@RequestMapping({"/saml"})
@Controller
/* loaded from: input_file:nl/_42/boot/saml/web/SAMLDiscoveryController.class */
public class SAMLDiscoveryController {
    private final SAMLProperties properties;
    private final MetadataManager metadata;

    @GetMapping({"/idpSelection"})
    public String idpSelection(HttpServletRequest httpServletRequest, Model model, Principal principal) {
        if (isAuthenticated(principal)) {
            throw new IllegalArgumentException("User is already logged in.");
        }
        if (!isForwarded(httpServletRequest)) {
            throw new IllegalArgumentException("Cannot directly access this service.");
        }
        model.addAttribute("idps", this.metadata.getIDPEntityNames());
        return "redirect:/saml/login?idp=" + this.properties.getIdpUrl();
    }

    private static boolean isForwarded(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getAttribute("javax.servlet.forward.request_uri") != null;
    }

    private static boolean isAuthenticated(Principal principal) {
        return (principal == null || (principal instanceof AnonymousAuthenticationToken)) ? false : true;
    }

    public SAMLDiscoveryController(SAMLProperties sAMLProperties, MetadataManager metadataManager) {
        this.properties = sAMLProperties;
        this.metadata = metadataManager;
    }
}
