package net.shibboleth.idp.plugin.authn.oidc.rp.context.navigate;

import com.nimbusds.jwt.JWT;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
import java.util.function.BiConsumer;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.minidev.json.JSONObject;
import net.shibboleth.idp.plugin.authn.oidc.rp.context.AccessTokenResponseContext;
import net.shibboleth.shared.annotation.ParameterName;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/context/navigate/IDTokenInAccessTokenUpdateStrategy.class */
public class IDTokenInAccessTokenUpdateStrategy implements BiConsumer<ProfileRequestContext, JWT> {

    @Nonnull
    private final Logger log;

    @Nonnull
    private final Function<ProfileRequestContext, AccessTokenResponseContext> tokenResponseContextLookupStrategy;

    public IDTokenInAccessTokenUpdateStrategy(@ParameterName(name = "accessTokenContextLookupStrategy") Function<ProfileRequestContext, AccessTokenResponseContext> function) {
        this.log = LoggerFactory.getLogger(IDTokenInAccessTokenUpdateStrategy.class);
        this.tokenResponseContextLookupStrategy = (Function) Constraint.isNotNull(function, "accessTokenContextLookupStrategy can not be null");
    }

    public IDTokenInAccessTokenUpdateStrategy() {
        this.log = LoggerFactory.getLogger(IDTokenInAccessTokenUpdateStrategy.class);
        this.tokenResponseContextLookupStrategy = new ChildContextLookup(AccessTokenResponseContext.class, true).compose(new InboundMessageContextLookup());
    }

    @Override // java.util.function.BiConsumer
    public void accept(ProfileRequestContext profileRequestContext, JWT jwt) {
        AccessTokenResponseContext apply = this.tokenResponseContextLookupStrategy.apply(profileRequestContext);
        OIDCTokenResponse tokenResponse = apply != null ? apply.getTokenResponse() : null;
        if (apply == null || tokenResponse == null) {
            this.log.warn("Unable to set id_token back onto access token response context");
            return;
        }
        try {
            JSONObject jSONObject = tokenResponse.toJSONObject();
            jSONObject.put("id_token", jwt.serialize());
            apply.setTokenResponse(OIDCTokenResponse.parse(jSONObject));
        } catch (ParseException e) {
            this.log.warn("Unable to set id_token back onto access token response", e);
        }
    }
}
