package com.appiancorp.security.auth.saml;

import com.appiancorp.common.web.ThreadLocalRequest;
import com.appiancorp.security.auth.AutoSyncUserData;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.security.auth.saml.exception.IncorrectIdpException;
import com.appiancorp.security.auth.saml.exception.IncorrectTestUserException;
import com.appiancorp.security.auth.saml.exception.NonSamlUserException;
import com.appiancorp.security.auth.saml.service.SamlSettings;
import com.appiancorp.suite.cfg.SamlConfiguration;
import com.appiancorp.suiteapi.personalization.UserProfile;
import com.google.common.base.Optional;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import org.apache.log4j.Logger;
import org.opensaml.messaging.handler.MessageHandlerException;

/* loaded from: input_file:com/appiancorp/security/auth/saml/SamlTestValidator.class */
public class SamlTestValidator {
    private static final Logger LOG = Logger.getLogger(SamlTestValidator.class);
    public static final String TEST_USER_KEY = "testUser";
    public static final String TEST_USER_IDP_DESCRIPTION_KEY = "testUserIdpDescription";
    public static final String CURRENT_TEST_IDP_DESCRIPTION_KEY = "currentTestIdpDescription";
    private final SamlAuthenticator samlAuthenticator;
    private final SamlConfiguration samlConfig;
    private final SamlTestStateManager samlTestStateManager;
    private final SamlSettingsSelector samlSettingsSelector;

    public SamlTestValidator(SamlAuthenticator samlAuthenticator, SamlConfiguration samlConfiguration, SamlTestStateManager samlTestStateManager, SamlSettingsSelector samlSettingsSelector) {
        this.samlAuthenticator = samlAuthenticator;
        this.samlConfig = samlConfiguration;
        this.samlTestStateManager = samlTestStateManager;
        this.samlSettingsSelector = samlSettingsSelector;
    }

    public void validate(SamlAuthToken samlAuthToken) throws MessageHandlerException, AutoSyncUserData.UserDataMissingException, IncorrectTestUserException, NonSamlUserException, IncorrectIdpException {
        UserProfile authenticateUser = this.samlAuthenticator.authenticateUser(samlAuthToken, this.samlConfig.alsoAllowLowercaseUsername());
        if (this.samlTestStateManager.isGlobalTest()) {
            validateTestRunAsCurrentUser(authenticateUser);
        } else {
            validateCorrectIdpUsed(authenticateUser);
        }
    }

    private void validateTestRunAsCurrentUser(UserProfile userProfile) throws IncorrectTestUserException {
        UserProfile userProfile2 = SpringSecurityContextHelper.getCurrentSecurityContext().getUserProfile();
        if (userProfile.getUsername().equals(userProfile2.getUsername())) {
            return;
        }
        LOG.debug("User from the SAML test (" + userProfile.getUsername() + ") did not match the current logged in user: " + userProfile2.getUsername());
        throw new IncorrectTestUserException();
    }

    private void validateCorrectIdpUsed(UserProfile userProfile) throws IncorrectIdpException, NonSamlUserException {
        Optional<SamlSettings> selectSettingsForUser = this.samlSettingsSelector.selectSettingsForUser(this.samlTestStateManager.getTestSamlSettingsList(ThreadLocalRequest.get()), userProfile.getUsername());
        if (!selectSettingsForUser.isPresent()) {
            throw new NonSamlUserException();
        }
        if (((SamlSettings) selectSettingsForUser.get()).getIdpEntityId() == null || ((SamlSettings) selectSettingsForUser.get()).getIdpEntityId().equals(this.samlConfig.getIdpEntityId())) {
            return;
        }
        LOG.debug("Test User IDP is: " + ((SamlSettings) selectSettingsForUser.get()).getIdpEntityId() + " but user attempted to authenticate with: " + this.samlConfig.getIdpEntityId());
        ArrayList newArrayList = Lists.newArrayList();
        newArrayList.add(userProfile.getUsername());
        newArrayList.add(((SamlSettings) selectSettingsForUser.get()).getDescription());
        newArrayList.add(this.samlTestStateManager.getTestSamlSettings().getDescription());
        throw new IncorrectIdpException(newArrayList);
    }
}
