package net.shibboleth.idp.plugin.authn.oidc.rp.encoding.impl;

import com.nimbusds.jose.util.StandardCharset;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.oidc.rp.OIDCRPException;
import net.shibboleth.idp.plugin.authn.oidc.rp.context.AccessTokenResponseContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/encoding/impl/DefaultUserInfoRequestEncoder.class */
public class DefaultUserInfoRequestEncoder extends AbstractRequestEncoderFunction {

    @NotEmpty
    @Nonnull
    private static final String HTTPS = "https";

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(DefaultUserInfoRequestEncoder.class);

    @Nonnull
    private final Function<ProfileRequestContext, AccessTokenResponseContext> tokenResponseContextLookupStrategy = new ChildContextLookup(AccessTokenResponseContext.class, true).compose(new InboundMessageContextLookup());

    @Override // net.shibboleth.idp.plugin.authn.oidc.rp.encoding.impl.AbstractRequestEncoderFunction
    public HttpUriRequest doApply(@Nonnull ProfileRequestContext profileRequestContext) {
        try {
            AccessTokenResponseContext apply = this.tokenResponseContextLookupStrategy.apply(profileRequestContext);
            if (apply == null) {
                this.log.debug("No TokenResponseContext returned by lookup strategy");
                return null;
            }
            RequestBuilder charset = RequestBuilder.get().setUri(new URIBuilder().setScheme(HTTPS).setPort(getProviderMetadataContext().getProviderInformation().getUserInfoEndpointURI().getPort()).setHost(getProviderMetadataContext().getProviderInformation().getUserInfoEndpointURI().getHost()).setPath(getProviderMetadataContext().getProviderInformation().getUserInfoEndpointURI().getPath()).build()).setHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.getMimeType()).setCharset(StandardCharset.UTF_8);
            addBearerToken(charset, apply);
            HttpUriRequest build = charset.build();
            this.log.debug("UserInfo request URL '{}'", build);
            return build;
        } catch (Exception e) {
            this.log.warn("Unable to encode token request", e);
            return null;
        }
    }

    private void addBearerToken(@Nonnull RequestBuilder requestBuilder, @Nonnull AccessTokenResponseContext accessTokenResponseContext) throws OIDCRPException {
        if (!"Bearer".equals(accessTokenResponseContext.getRawTokenResponse().get("token_type")) || !(accessTokenResponseContext.getRawTokenResponse().get("access_token") instanceof String)) {
            throw new OIDCRPException("Access_token not found, or not Bearer type");
        }
        requestBuilder.addHeader("Authorization", "Bearer " + ((String) accessTokenResponseContext.getRawTokenResponse().get("access_token")));
    }
}
