package com.atlassian.crowd.sso.saml.impl.opensaml.action;

import com.atlassian.crowd.manager.sso.ApplicationSamlConfigurationNotFoundException;
import com.atlassian.crowd.manager.sso.ApplicationSamlConfigurationService;
import com.atlassian.crowd.manager.sso.ApplicationSsoDisabledException;
import com.atlassian.crowd.model.application.ImmutableApplication;
import com.atlassian.crowd.model.sso.ApplicationSamlConfiguration;
import com.atlassian.crowd.sso.saml.impl.opensaml.context.ApplicationContext;
import com.atlassian.crowd.sso.saml.impl.opensaml.context.ConfigContext;
import javax.annotation.Nonnull;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml2.core.AuthnRequest;

/* loaded from: input_file:com/atlassian/crowd/sso/saml/impl/opensaml/action/PrepareApplicationContextAction.class */
public class PrepareApplicationContextAction extends AbstractProfileAction {
    private final ApplicationSamlConfigurationService applicationSamlConfigurationService;

    public PrepareApplicationContextAction(ApplicationSamlConfigurationService applicationSamlConfigurationService) {
        this.applicationSamlConfigurationService = applicationSamlConfigurationService;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        ApplicationContext applicationContext = new ApplicationContext();
        AuthnRequest authnRequest = (AuthnRequest) profileRequestContext.getInboundMessageContext().getMessage();
        if (((ConfigContext) profileRequestContext.getSubcontext(ConfigContext.class)).isSkipApplicationValidation()) {
            applicationContext.setAssertionConsumerServiceURLBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
            applicationContext.setAssertionConsumerServiceURL(authnRequest.getAssertionConsumerServiceURL());
            applicationContext.setAudienceUrl(authnRequest.getIssuer().getValue());
        } else {
            ApplicationSamlConfiguration applicationSamlConfiguration = (ApplicationSamlConfiguration) this.applicationSamlConfigurationService.findByAssertionConsumerAndAudience(authnRequest.getAssertionConsumerServiceURL(), authnRequest.getIssuer().getValue()).orElseThrow(() -> {
                return new ApplicationSamlConfigurationNotFoundException(authnRequest.getIssuer().getValue(), authnRequest.getAssertionConsumerServiceURL());
            });
            ImmutableApplication from = ImmutableApplication.from(applicationSamlConfiguration.getApplication());
            if (!applicationSamlConfiguration.isEnabled()) {
                throw new ApplicationSsoDisabledException(from);
            }
            applicationContext.setAssertionConsumerServiceURLBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
            applicationContext.setAssertionConsumerServiceURL(applicationSamlConfiguration.getAssertionConsumerUrl());
            applicationContext.setAudienceUrl(applicationSamlConfiguration.getAudienceUrl());
            applicationContext.setApplication(from);
        }
        profileRequestContext.addSubcontext(applicationContext);
    }
}
