package com.atlassian.plugins.authentication.sso.web.oidc;

import com.atlassian.plugins.authentication.api.config.IdpConfigService;
import com.atlassian.plugins.authentication.api.config.IdpSearchParameters;
import com.atlassian.plugins.authentication.api.config.SsoType;
import com.atlassian.plugins.authentication.api.config.oidc.OidcConfig;
import com.atlassian.plugins.authentication.sso.ui.login.LoginGatewayServlet;
import com.atlassian.plugins.authentication.sso.util.ApplicationStateValidator;
import com.atlassian.plugins.authentication.sso.web.AuthenticationHandlerProvider;
import com.atlassian.plugins.authentication.sso.web.SessionDataService;
import com.atlassian.plugins.authentication.sso.web.usercontext.AuthenticationFailedException;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.google.common.base.Strings;
import java.io.IOException;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/oidc/InitiateLoginServlet.class */
public class InitiateLoginServlet extends HttpServlet {
    private static final Logger log = LoggerFactory.getLogger(InitiateLoginServlet.class);
    public static final String URL = "/plugins/servlet/oidc/initiate-login";
    public static final String TARGET_LINK_PARAM = "target_link_uri";
    public static final String LOGIN_HINT_PARAM = "login_hint";
    public static final String ISSUER_PARAM = "iss";
    private final AuthenticationHandlerProvider authenticationHandlerProvider;
    private final IdpConfigService idpConfigService;
    private final SessionDataService sessionDataService;
    private final ApplicationStateValidator applicationStateValidator;
    private final ApplicationProperties applicationProperties;

    public InitiateLoginServlet(AuthenticationHandlerProvider authenticationHandlerProvider, IdpConfigService idpConfigService, SessionDataService sessionDataService, ApplicationStateValidator applicationStateValidator, ApplicationProperties applicationProperties) {
        this.authenticationHandlerProvider = authenticationHandlerProvider;
        this.idpConfigService = idpConfigService;
        this.sessionDataService = sessionDataService;
        this.applicationStateValidator = applicationStateValidator;
        this.applicationProperties = applicationProperties;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Optional<OidcConfig> fetchOidcConfigByIssuer = fetchOidcConfigByIssuer(httpServletRequest.getParameter("iss"));
        if (!fetchOidcConfigByIssuer.isPresent()) {
            httpServletResponse.sendRedirect(this.applicationProperties.getBaseUrl(UrlMode.RELATIVE) + LoginGatewayServlet.URL);
            return;
        }
        this.applicationStateValidator.checkCanProcessAuthenticationRequest(fetchOidcConfigByIssuer.get());
        log.debug("Login flow has been initiated by: {}", fetchOidcConfigByIssuer.get().getIssuer());
        this.sessionDataService.requireNewSession(httpServletRequest);
        OidcAuthenticationHandler.setLoginHint(httpServletRequest, httpServletRequest.getParameter(LOGIN_HINT_PARAM));
        try {
            this.authenticationHandlerProvider.getAuthenticationHandler(fetchOidcConfigByIssuer.get().getSsoType()).processAuthenticationRequest(httpServletRequest, httpServletResponse, httpServletRequest.getParameter(TARGET_LINK_PARAM), fetchOidcConfigByIssuer.get());
        } catch (IllegalArgumentException e) {
            httpServletResponse.sendError(Response.Status.BAD_REQUEST.getStatusCode(), e.getMessage());
        }
    }

    private Optional<OidcConfig> fetchOidcConfigByIssuer(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return Optional.empty();
        }
        List list = (List) this.idpConfigService.getIdpConfigs(IdpSearchParameters.allEnabledOfType(SsoType.OIDC)).stream().map(idpConfig -> {
            return (OidcConfig) idpConfig;
        }).filter(oidcConfig -> {
            return Objects.equals(oidcConfig.getIssuer(), str);
        }).collect(Collectors.toList());
        if (list.size() == 1) {
            return Optional.of(list.get(0));
        }
        log.warn("IDP initiated OIDC flow: could not retrieve IDP config for issuer {}", str);
        throw new AuthenticationFailedException("Login flow initiated by unknown issuer: " + str);
    }
}
