package net.shibboleth.idp.plugin.authn.oidc.rp.impl;

import java.util.Map;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.plugin.authn.oidc.rp.OIDCRPException;
import net.shibboleth.idp.plugin.authn.oidc.rp.context.AccessTokenResponseContext;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/impl/ExchangeCodeForAccessToken.class */
public class ExchangeCodeForAccessToken extends AbstractHttpOIDCAuthenticationAction<Map<String, Object>> {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ExchangeCodeForAccessToken.class);

    @Nonnull
    private Function<ProfileRequestContext, AccessTokenResponseContext> tokenResponseContextLookupStrategy = new ChildContextLookup(AccessTokenResponseContext.class, true).compose(new InboundMessageContextLookup());

    public void setTokenResponseContextLookupStrategy(@Nonnull Function<ProfileRequestContext, AccessTokenResponseContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.tokenResponseContextLookupStrategy = (Function) Constraint.isNotNull(function, "TokenResponseContext lookup strategy cannot be null");
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        this.log.debug("{} Exchanging auth_code '{}' for id_token from upstream OP '{}'", new Object[]{getLogPrefix(), getAuthenticationResponse().getAuthorizationCode(), authenticationContext.getAuthenticatingAuthority()});
        AccessTokenResponseContext apply = this.tokenResponseContextLookupStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.debug("{} No TokenResponseContext returned by lookup strategy", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
            return;
        }
        try {
            Map<String, Object> handleRequest = handleRequest(profileRequestContext);
            apply.setRawTokenResponse(handleRequest);
            this.log.trace("{}: Token request response '{}'", getLogPrefix(), handleRequest);
        } catch (OIDCRPException e) {
            this.log.error("{} Failed to exchange authorisation code for token result: {}", getLogPrefix(), e.getMessage());
            ActionSupport.buildEvent(profileRequestContext, "AuthenticationException");
        }
    }
}
