package net.shibboleth.idp.plugin.oidc.op.profile.context.navigate;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.openid.connect.sdk.claims.CodeHash;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.messaging.context.navigate.ContextDataLookupFunction;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/context/navigate/DefaultComputeAuthorizationCodeHashFunction.class */
public class DefaultComputeAuthorizationCodeHashFunction extends AbstractIdentifiableInitializableComponent implements ContextDataLookupFunction<ProfileRequestContext, String> {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(DefaultComputeAuthorizationCodeHashFunction.class);

    @NonnullAfterInit
    private Function<ProfileRequestContext, SecurityParametersContext> securityParametersLookupStrategy;

    @NonnullAfterInit
    private Function<ProfileRequestContext, String> authorizationCodeLookupStrategy;

    public void setSecurityParametersLookupStrategy(@Nonnull Function<ProfileRequestContext, SecurityParametersContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.securityParametersLookupStrategy = (Function) Constraint.isNotNull(function, "SecurityParameterContext lookup strategy cannot be null");
    }

    public void setAuthorizationCodeLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.authorizationCodeLookupStrategy = (Function) Constraint.isNotNull(function, "AuthorizationCode lookup strategy cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.securityParametersLookupStrategy == null) {
            throw new ComponentInitializationException("SecurityParameterContext lookup strategy cannot be null");
        }
        if (this.authorizationCodeLookupStrategy == null) {
            throw new ComponentInitializationException("AuthorizationCode lookup strategy cannot be null");
        }
    }

    @Nullable
    public String apply(@Nullable ProfileRequestContext profileRequestContext) {
        String apply = this.authorizationCodeLookupStrategy.apply(profileRequestContext);
        if (StringSupport.trimOrNull(apply) == null) {
            this.log.error("Could not resolve a value for authorization code to calculate the hash value");
            return null;
        }
        AuthorizationCode authorizationCode = new AuthorizationCode(apply);
        SecurityParametersContext apply2 = this.securityParametersLookupStrategy.apply(profileRequestContext);
        if (apply2 == null || apply2.getSignatureSigningParameters() == null) {
            this.log.error("Could not resolve security parameters for calculating the code hash value");
            return null;
        }
        SignatureSigningParameters signatureSigningParameters = apply2.getSignatureSigningParameters();
        CodeHash compute = CodeHash.compute(authorizationCode, new JWSAlgorithm(signatureSigningParameters.getSignatureAlgorithm()), (Curve) null);
        if (compute != null && compute.getValue() != null) {
            return compute.getValue();
        }
        this.log.error("Not able to generate c_hash using algorithm {}", signatureSigningParameters.getSignatureAlgorithm());
        return null;
    }
}
