package org.squashtest.tm.plugin.saml.controller;

import jakarta.servlet.http.HttpSession;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.squashtest.tm.plugin.saml.SAMLActivationSwitch;
import org.squashtest.tm.plugin.saml.licensevalidator.com.license4j.LicenseText;

@RequestMapping({SquashSAMLAuthFailureController.FAIL_URL})
@SAMLActivationSwitch
@Controller
/* loaded from: input_file:org/squashtest/tm/plugin/saml/controller/SquashSAMLAuthFailureController.class */
public class SquashSAMLAuthFailureController {
    public static final String FAIL_URL = "/auth/saml/authentication-failure";
    public static final String FAIL_TEMPLATE = "saml/authentication-failure.html";
    private static final Logger LOGGER = LoggerFactory.getLogger(SquashSAMLAuthFailureController.class);
    private static volatile /* synthetic */ int[] $SWITCH_TABLE$org$squashtest$tm$plugin$saml$controller$SquashSAMLAuthFailureController$FailureReason;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/squashtest/tm/plugin/saml/controller/SquashSAMLAuthFailureController$AutopsyReport.class */
    public static final class AutopsyReport {
        private boolean completed;
        private FailureReason reason;
        private Throwable cause;

        AutopsyReport(FailureReason failureReason, Throwable th, boolean z) {
            this.completed = z;
            this.reason = failureReason;
            this.cause = th;
        }

        public boolean isCompleted() {
            return this.completed;
        }

        public FailureReason getReason() {
            return this.reason;
        }

        public Throwable getCause() {
            return this.cause;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            AutopsyReport autopsyReport = (AutopsyReport) obj;
            return this.completed == autopsyReport.completed && this.reason == autopsyReport.reason && Objects.equals(this.cause, autopsyReport.cause);
        }

        public int hashCode() {
            return Objects.hash(Boolean.valueOf(this.completed), this.reason, this.cause);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/squashtest/tm/plugin/saml/controller/SquashSAMLAuthFailureController$FailureReason.class */
    public enum FailureReason {
        IDP_ASSERTION_REJECTED,
        IDP_AUTH_EXPIRED,
        ASSERTION_VALIDATION,
        UNKNOWN;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static FailureReason[] valuesCustom() {
            FailureReason[] valuesCustom = values();
            int length = valuesCustom.length;
            FailureReason[] failureReasonArr = new FailureReason[length];
            System.arraycopy(valuesCustom, 0, failureReasonArr, 0, length);
            return failureReasonArr;
        }
    }

    @RequestMapping(method = {RequestMethod.GET})
    public String showAuthenticationFailure(HttpSession httpSession, Model model) {
        LOGGER.debug("BEGIN saml auth failure page");
        Exception extractException = extractException(httpSession);
        AutopsyReport autopsyReport = null;
        if (httpSession == null || extractException == null) {
            LOGGER.error("No session nor authentication exception available for analysis, cannot tell what has gone wrong !");
        } else {
            autopsyReport = autopsy(extractException);
            if (autopsyReport.reason == FailureReason.UNKNOWN) {
                LOGGER.error("Couldn't find why the auth problem occurred. Original exception is :", extractException);
            } else {
                LOGGER.trace("Error can be gracefully handled. Original exception is : ", extractException);
            }
        }
        model.addAttribute("report", autopsyReport);
        if (autopsyReport != null && autopsyReport.cause != null) {
            model.addAttribute("causeName", autopsyReport.cause.getClass().getSimpleName());
            model.addAttribute("causeMessage", autopsyReport.cause.getMessage());
        }
        LOGGER.debug("END saml auth failure page");
        return FAIL_TEMPLATE;
    }

    private Exception extractException(HttpSession httpSession) {
        if (httpSession != null) {
            return (Exception) httpSession.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
        }
        return null;
    }

    private AutopsyReport autopsy(Exception exc) {
        LOGGER.debug("looking for the cause of the authentication failure");
        int i = 0;
        Throwable th = exc;
        LOGGER.trace("unwinding the cause chain");
        while (true) {
            int i2 = i;
            i++;
            if (i2 >= 6 || th.getCause() == null) {
                break;
            }
            th = th.getCause();
        }
        LOGGER.trace("building report");
        AutopsyReport autopsyReport = i >= 6 ? new AutopsyReport(FailureReason.UNKNOWN, th, false) : credentialsExpired(th) ? new AutopsyReport(FailureReason.IDP_AUTH_EXPIRED, th, true) : responseValidationError(th) ? new AutopsyReport(FailureReason.ASSERTION_VALIDATION, th, true) : new AutopsyReport(FailureReason.UNKNOWN, th, true);
        if (LOGGER.isTraceEnabled()) {
            logAutopsy(autopsyReport);
        }
        return autopsyReport;
    }

    private boolean credentialsExpired(Throwable th) {
        return CredentialsExpiredException.class.isAssignableFrom(th.getClass());
    }

    private boolean responseValidationError(Throwable th) {
        boolean isAssignableFrom = Saml2AuthenticationException.class.isAssignableFrom(th.getClass());
        String message = th.getMessage();
        return message != null && isAssignableFrom && message.startsWith("Invalid assertion");
    }

    private void logAutopsy(AutopsyReport autopsyReport) {
        switch ($SWITCH_TABLE$org$squashtest$tm$plugin$saml$controller$SquashSAMLAuthFailureController$FailureReason()[autopsyReport.reason.ordinal()]) {
            case LicenseText.TYPE_FLOATING_LICENSE_FILE /* 1 */:
            default:
                return;
            case 2:
                LOGGER.trace("The IDP assertion is expired and the user needs to reauthenticate to the IDP.");
                return;
            case 3:
                LOGGER.trace("An assertion validation error occurred. The assertion is invalid.");
                return;
            case 4:
                StringBuilder sb = new StringBuilder("No business error found. The cause is thus probably a technical error. ");
                if (!autopsyReport.completed) {
                    sb.append("Note : the cause chain was longer than expected so the search had to be aborded before getting to the bottom of this.");
                }
                LOGGER.trace(sb.toString());
                return;
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$org$squashtest$tm$plugin$saml$controller$SquashSAMLAuthFailureController$FailureReason() {
        int[] iArr = $SWITCH_TABLE$org$squashtest$tm$plugin$saml$controller$SquashSAMLAuthFailureController$FailureReason;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[FailureReason.valuesCustom().length];
        try {
            iArr2[FailureReason.ASSERTION_VALIDATION.ordinal()] = 3;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[FailureReason.IDP_ASSERTION_REJECTED.ordinal()] = 1;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[FailureReason.IDP_AUTH_EXPIRED.ordinal()] = 2;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[FailureReason.UNKNOWN.ordinal()] = 4;
        } catch (NoSuchFieldError unused4) {
        }
        $SWITCH_TABLE$org$squashtest$tm$plugin$saml$controller$SquashSAMLAuthFailureController$FailureReason = iArr2;
        return iArr2;
    }
}
