package com.appiancorp.security.auth.saml.oauth;

import com.appiancorp.core.crypto.InternalEncryptionStringService;
import com.appiancorp.security.auth.saml.SamlMessageContextWrapper;
import com.appiancorp.suiteapi.common.exceptions.EncryptionException;
import java.util.List;
import java.util.Optional;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.saml2.core.Assertion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:com/appiancorp/security/auth/saml/oauth/SamlAssertionRetriever.class */
public class SamlAssertionRetriever {
    private static final Logger LOG = LoggerFactory.getLogger(SamlAssertionRetriever.class);
    private static final String ERROR_MSG = "Will not return saml assertion for oauth saml connected systems.";
    private final SamlAssertionSerializer assertionSerializer;
    private final OAuthSamlAuthGrantCsTokenRetrieveToggle oAuthSamlAuthGrantCsTokenRetrieveToggle;
    private final InternalEncryptionStringService internalEncryptionStringService;

    public SamlAssertionRetriever(SamlAssertionSerializer samlAssertionSerializer, InternalEncryptionStringService internalEncryptionStringService, OAuthSamlAuthGrantCsTokenRetrieveToggle oAuthSamlAuthGrantCsTokenRetrieveToggle) {
        this.assertionSerializer = samlAssertionSerializer;
        this.internalEncryptionStringService = internalEncryptionStringService;
        this.oAuthSamlAuthGrantCsTokenRetrieveToggle = oAuthSamlAuthGrantCsTokenRetrieveToggle;
    }

    public Optional<String> getAssertion(Authentication authentication) {
        Optional<String> empty = Optional.empty();
        try {
            if (!this.oAuthSamlAuthGrantCsTokenRetrieveToggle.isEnabled()) {
                LOG.trace("Feature toggle for saml authz grant is disabled. {}", ERROR_MSG);
                return empty;
            }
            if (!(authentication.getCredentials() instanceof SamlMessageContextWrapper)) {
                LOG.error("Saml authentication creds is not an instance of SamlMessageContextWrapper. {}", ERROR_MSG);
                return empty;
            }
            List<Assertion> assertionList = ((SamlMessageContextWrapper) authentication.getCredentials()).getAssertionList();
            if (assertionList == null || assertionList.isEmpty()) {
                LOG.error("No assertions found in saml message wrapper. {}", ERROR_MSG);
                return empty;
            }
            if (assertionList.size() < 1) {
                LOG.error("We expect at least one assertion to be set in saml message. {}", ERROR_MSG);
                return empty;
            }
            String serialize = this.assertionSerializer.serialize(assertionList.get(0));
            LOG.trace("Successful SAML assertion serialization. Serialized Assertion: {}", serialize);
            String encryptToString = this.internalEncryptionStringService.encryptToString(serialize);
            LOG.trace("Successful SAML assertion encryption. Encrypted Assertion: {}", encryptToString);
            return Optional.of(encryptToString);
        } catch (EncryptionException e) {
            LOG.error("Error encrypting SAML assertion.", e);
            return empty;
        } catch (Exception e2) {
            LOG.error("An exception occurred while getting SAML assertion for user session.", e2);
            return empty;
        } catch (MarshallingException e3) {
            LOG.error("Error serializing SAML assertion.", e3);
            return empty;
        }
    }
}
