package org.iplass.mtp.impl.auth.authenticate.oidc.command;

import org.iplass.mtp.auth.AuthContext;
import org.iplass.mtp.command.Command;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.command.annotation.CommandClass;
import org.iplass.mtp.command.annotation.action.ActionMapping;
import org.iplass.mtp.command.annotation.action.ParamMapping;
import org.iplass.mtp.command.annotation.action.Result;
import org.iplass.mtp.command.annotation.action.TokenCheck;
import org.iplass.mtp.impl.auth.authenticate.builtin.policy.AuthenticationPolicyService;
import org.iplass.mtp.impl.auth.authenticate.oidc.MetaOpenIdConnect;
import org.iplass.mtp.impl.auth.authenticate.oidc.OIDCRuntimeException;
import org.iplass.mtp.impl.auth.authenticate.oidc.OIDCState;
import org.iplass.mtp.impl.auth.authenticate.oidc.OpenIdConnectService;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.util.StringUtil;
import org.iplass.mtp.web.WebRequestConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ActionMapping(name = AccountConnectCommand.ACTION_NAME, clientCacheType = ActionMapping.ClientCacheType.NO_CACHE, tokenCheck = @TokenCheck(useFixedToken = true), paramMapping = {@ParamMapping(name = "defName", mapFrom = "${paths}")}, result = {@Result(status = "SUCCESS", type = Result.Type.REDIRECT, allowExternalLocation = true, value = WebRequestConstants.REDIRECT_PATH)})
@CommandClass(name = "mtp/oidc/AccountConnectCommand", displayName = "OpenID Connect Account Connect processing")
/* loaded from: input_file:org/iplass/mtp/impl/auth/authenticate/oidc/command/AccountConnectCommand.class */
public class AccountConnectCommand implements Command {
    public static final String ACTION_NAME = "oidc/connect";
    public static final String PARAM_DEFINITION_NAME = "defName";
    public static final String STAT_SUCCESS = "SUCCESS";
    public static final String SESSION_OIDC_STATE = "org.iplass.mtp.oidc.connect.state";
    private static Logger logger = LoggerFactory.getLogger(AccountConnectCommand.class);
    private OpenIdConnectService service = (OpenIdConnectService) ServiceRegistry.getRegistry().getService(OpenIdConnectService.class);
    private AuthenticationPolicyService policyService = ServiceRegistry.getRegistry().getService(AuthenticationPolicyService.class);

    public String execute(RequestContext requestContext) {
        String stripToNull = StringUtil.stripToNull(requestContext.getParam("defName"));
        MetaOpenIdConnect.OpenIdConnectRuntime orDefault = this.service.getOrDefault(stripToNull);
        if (orDefault == null) {
            throw new OIDCRuntimeException("no OpenIdProvider Definition:" + stripToNull);
        }
        if (!orDefault.isAllowedOnPolicy(this.policyService.getOrDefault(AuthContext.getCurrentContext().getUser().getAccountPolicy()))) {
            throw new OIDCRuntimeException("policy not allow OpenIdConnectDefinition:" + orDefault.m14getMetaData().getName());
        }
        String backUrlAfterConnect = orDefault.backUrlAfterConnect(requestContext);
        if (backUrlAfterConnect == null) {
            backUrlAfterConnect = (String) requestContext.getAttribute(WebRequestConstants.REDIRECT_PATH);
        }
        OIDCState newOIDCState = orDefault.newOIDCState(backUrlAfterConnect, orDefault.createRedirectUri(requestContext, AccountConnectCallbackCommand.ACTION_NAME), (String) requestContext.getAttribute("org.iplass.mtp.oidc.errorTemplate"));
        requestContext.getSession().setAttribute(SESSION_OIDC_STATE, newOIDCState);
        String authorizeUrl = orDefault.authorizeUrl(newOIDCState);
        if (logger.isDebugEnabled()) {
            logger.debug("redirect to OP:" + authorizeUrl);
        }
        requestContext.setAttribute(WebRequestConstants.REDIRECT_PATH, authorizeUrl);
        return "SUCCESS";
    }
}
