package org.iplass.mtp.impl.auth.authenticate.oidc.command;

import org.iplass.mtp.ApplicationException;
import org.iplass.mtp.auth.AuthContext;
import org.iplass.mtp.auth.User;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.command.annotation.CommandClass;
import org.iplass.mtp.command.annotation.action.ActionMapping;
import org.iplass.mtp.command.annotation.action.ParamMapping;
import org.iplass.mtp.command.annotation.action.Result;
import org.iplass.mtp.impl.auth.authenticate.builtin.policy.AuthenticationPolicyService;
import org.iplass.mtp.impl.auth.authenticate.oidc.MetaOpenIdConnect;
import org.iplass.mtp.impl.auth.authenticate.oidc.OIDCCredential;
import org.iplass.mtp.impl.auth.authenticate.oidc.OIDCRuntimeException;
import org.iplass.mtp.impl.auth.authenticate.oidc.OIDCValidateResult;
import org.iplass.mtp.impl.web.WebResourceBundleUtil;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.web.WebRequestConstants;

@ActionMapping(name = AccountConnectCallbackCommand.ACTION_NAME, clientCacheType = ActionMapping.ClientCacheType.NO_CACHE, paramMapping = {@ParamMapping(name = "defName", mapFrom = "${paths}")}, result = {@Result(status = "SUCCESS", type = Result.Type.REDIRECT, value = WebRequestConstants.REDIRECT_PATH), @Result(exception = ApplicationException.class, type = Result.Type.DYNAMIC, value = "org.iplass.mtp.oidc.errorTemplate")})
@CommandClass(name = "mtp/oidc/AccountConnectCallbackCommand", displayName = "OpenID Connect Account Connect Callback processing")
/* loaded from: input_file:org/iplass/mtp/impl/auth/authenticate/oidc/command/AccountConnectCallbackCommand.class */
public class AccountConnectCallbackCommand extends AbstractCallbackCommand {
    public static final String ACTION_NAME = "oidc/connectcb";
    public static final String PARAM_DEFINITION_NAME = "defName";
    public static final String STAT_SUCCESS = "SUCCESS";
    private AuthenticationPolicyService policyService;

    public AccountConnectCallbackCommand() {
        super(AccountConnectCommand.SESSION_OIDC_STATE);
        this.policyService = ServiceRegistry.getRegistry().getService(AuthenticationPolicyService.class);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v15, types: [java.lang.Throwable] */
    @Override // org.iplass.mtp.impl.auth.authenticate.oidc.command.AbstractCallbackCommand
    protected void executeImpl(MetaOpenIdConnect.OpenIdConnectRuntime openIdConnectRuntime, RequestContext requestContext, OIDCCredential oIDCCredential) {
        OIDCValidateResult validate = openIdConnectRuntime.validate(oIDCCredential);
        if (!validate.isValid()) {
            throw new ApplicationException(WebResourceBundleUtil.resourceString("impl.auth.authenticate.oidc.command.AbstractCallbackCommand.error", "Invalid response from OpenID Provider.", "invalid_response"), validate.getRootCause() == null ? new OIDCRuntimeException(validate.getError() + ":" + validate.getErrorDescription()) : new OIDCRuntimeException(validate.getError() + ":" + validate.getErrorDescription(), validate.getRootCause()));
        }
        User user = AuthContext.getCurrentContext().getUser();
        if (!openIdConnectRuntime.isAllowedOnPolicy(this.policyService.getOrDefault(user.getAccountPolicy()))) {
            throw new OIDCRuntimeException("policy not allow OpenIdConnectDefinition:" + openIdConnectRuntime.m14getMetaData().getName());
        }
        openIdConnectRuntime.connect(user.getOid(), validate);
    }

    @Override // org.iplass.mtp.impl.auth.authenticate.oidc.command.AbstractCallbackCommand
    protected String createRedirectUri(MetaOpenIdConnect.OpenIdConnectRuntime openIdConnectRuntime, RequestContext requestContext) {
        return openIdConnectRuntime.createRedirectUri(requestContext, ACTION_NAME);
    }
}
