package com.vmware.vapi.cis.authn;

import com.vmware.vapi.core.AsyncHandle;
import com.vmware.vapi.core.ExecutionContext;
import com.vmware.vapi.internal.security.SecurityUtil;
import com.vmware.vapi.internal.util.Validate;
import com.vmware.vapi.protocol.RequestProcessor;
import com.vmware.vapi.saml.SamlToken;
import com.vmware.vapi.security.AuthenticationHandler;
import com.vmware.vapi.security.PrincipalId;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/vmware/vapi/cis/authn/SamlTokenAuthnHandler.class */
public class SamlTokenAuthnHandler implements AuthenticationHandler {
    private static final String INVALID_AUTHN_MSG = "Authentication data not found";
    public static final String SAML_TOKEN_KEY = "saml_token";
    public static final String ERROR_KEY = "saml_error";

    /* loaded from: input_file:com/vmware/vapi/cis/authn/SamlTokenAuthnHandler$AuthnResultImpl.class */
    private final class AuthnResultImpl extends AuthenticationHandler.AuthenticationResult {
        private final PrincipalId subject;
        private final List<PrincipalId> groupList;
        private final SamlToken token;
        static final /* synthetic */ boolean $assertionsDisabled;

        private AuthnResultImpl(SamlToken samlToken) {
            this.groupList = new ArrayList();
            if (!$assertionsDisabled && samlToken == null) {
                throw new AssertionError();
            }
            this.subject = new PrincipalIdImpl(samlToken.getSubject());
            Iterator<com.vmware.vapi.saml.PrincipalId> it = samlToken.getGroupList().iterator();
            while (it.hasNext()) {
                this.groupList.add(new PrincipalIdImpl(it.next()));
            }
            this.token = samlToken;
        }

        @Override // com.vmware.vapi.security.AuthenticationHandler.AuthenticationResult
        public PrincipalId getUser() {
            return this.subject;
        }

        @Override // com.vmware.vapi.security.AuthenticationHandler.AuthenticationResult
        public List<PrincipalId> getGroups() {
            return this.groupList;
        }

        @Override // com.vmware.vapi.security.AuthenticationHandler.AuthenticationResult
        public ExecutionContext.SecurityContext getSecurityContext() {
            return new SamlTokenSecurityContext(this.token);
        }

        static {
            $assertionsDisabled = !SamlTokenAuthnHandler.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:com/vmware/vapi/cis/authn/SamlTokenAuthnHandler$PrincipalIdImpl.class */
    private class PrincipalIdImpl implements PrincipalId {
        private final String name;
        private final String domain;

        private PrincipalIdImpl(com.vmware.vapi.saml.PrincipalId principalId) {
            this.name = principalId.getName();
            this.domain = principalId.getDomain();
        }

        @Override // com.vmware.vapi.security.PrincipalId
        public String getName() {
            return this.name;
        }

        @Override // com.vmware.vapi.security.PrincipalId
        public String getDomain() {
            return this.domain;
        }
    }

    @Override // com.vmware.vapi.security.AuthenticationHandler
    public void authenticate(ExecutionContext.SecurityContext securityContext, AsyncHandle<AuthenticationHandler.AuthenticationResult> asyncHandle) {
        Validate.notNull(securityContext);
        Validate.notNull(asyncHandle);
        Map map = (Map) SecurityUtil.narrowType(securityContext.getProperty(RequestProcessor.SECURITY_PROC_METADATA_KEY), Map.class);
        if (map == null) {
            asyncHandle.setError(new RuntimeException(INVALID_AUTHN_MSG));
            return;
        }
        SamlToken samlToken = (SamlToken) SecurityUtil.narrowType(map.get(SAML_TOKEN_KEY), SamlToken.class);
        Exception exc = (Exception) SecurityUtil.narrowType(map.get(ERROR_KEY), Exception.class);
        if (exc != null || samlToken == null) {
            asyncHandle.setError(new RuntimeException(INVALID_AUTHN_MSG, exc));
        } else {
            asyncHandle.setResult(new AuthnResultImpl(samlToken));
        }
    }

    @Override // com.vmware.vapi.security.AuthenticationHandler
    public List<String> supportedAuthenticationSchemes() {
        return Collections.unmodifiableList(Arrays.asList("com.vmware.vapi.std.security.saml_hok_token", "com.vmware.vapi.std.security.saml_bearer_token"));
    }
}
