package net.shibboleth.idp.plugin.authn.oidc.rp.decoding.impl;

import com.fasterxml.jackson.core.type.TypeReference;
import com.nimbusds.jose.util.IOUtils;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.openid.connect.sdk.claims.ClaimsSet;
import java.util.Map;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.oidc.rp.messaging.JWTUserInfoResponse;
import net.shibboleth.idp.plugin.authn.oidc.rp.messaging.PlainUserInfoResponse;
import net.shibboleth.idp.plugin.authn.oidc.rp.messaging.UserInfoResponse;
import org.apache.http.HttpResponse;
import org.apache.http.entity.ContentType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.MediaType;
import org.springframework.util.MimeType;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/decoding/impl/DefaultUserInfoResponseDecoder.class */
public class DefaultUserInfoResponseDecoder extends AbstractJSONResponseDecoderFunction<UserInfoResponse> {

    @Nonnull
    public static final MediaType APPLICATION_JWT = new MediaType("application", "jwt");

    @Nonnull
    public static final String USERINFO_ERROR_RESPONSE_HEADER = "WWW-Authenticate";

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(DefaultUserInfoResponseDecoder.class);

    @Override // java.util.function.Function
    public UserInfoResponse apply(@Nonnull HttpResponse httpResponse) {
        try {
            int statusCode = httpResponse.getStatusLine().getStatusCode();
            if (statusCode != 200) {
                if (httpResponse.getEntity() != null && httpResponse.getEntity().getContent() != null) {
                    this.log.error("Non-ok status code ({}) returned from UserInfo HTTP endpoint, error is: '{}' ", Integer.valueOf(statusCode), IOUtils.readInputStreamToString(httpResponse.getEntity().getContent()));
                    return null;
                }
                if (httpResponse.getHeaders(USERINFO_ERROR_RESPONSE_HEADER) == null || httpResponse.getHeaders(USERINFO_ERROR_RESPONSE_HEADER).length != 1) {
                    this.log.warn("Non-ok status code ({}) returned from UserInfo HTTP endpoint", Integer.valueOf(statusCode));
                    return null;
                }
                this.log.warn("Non-ok status code ({}) returned from UserInfo HTTP endpoint, error is: '{}'", Integer.valueOf(statusCode), httpResponse.getHeaders(USERINFO_ERROR_RESPONSE_HEADER)[0]);
                return null;
            }
            if (httpResponse.getEntity() == null || httpResponse.getEntity().getContent() == null) {
                this.log.warn("HTTP response does not contain a message entity, nothing to decode");
                return null;
            }
            ContentType contentType = ContentType.get(httpResponse.getEntity());
            if (contentType == null || contentType.getMimeType() == null) {
                this.log.warn("HTTP response did not contain a content-type, must contain a content-type");
                return null;
            }
            String readInputStreamToString = IOUtils.readInputStreamToString(httpResponse.getEntity().getContent());
            if (APPLICATION_JWT.compareTo(MimeType.valueOf(contentType.getMimeType())) == 0) {
                JWT parse = JWTParser.parse(readInputStreamToString);
                if (this.log.isTraceEnabled()) {
                    this.log.trace("UserInfo response decoder parsed an {} JWT type", parse instanceof SignedJWT ? "Signed" : parse instanceof EncryptedJWT ? "Encrypted" : "plain");
                }
                return new JWTUserInfoResponse(parse);
            }
            if (MediaType.APPLICATION_JSON.compareTo(MimeType.valueOf(contentType.getMimeType())) != 0) {
                return null;
            }
            Map map = (Map) getObjectMapper().readValue(readInputStreamToString, new TypeReference<Map<String, Object>>() { // from class: net.shibboleth.idp.plugin.authn.oidc.rp.decoding.impl.DefaultUserInfoResponseDecoder.1
            });
            ClaimsSet claimsSet = new ClaimsSet();
            claimsSet.putAll(map);
            if (this.log.isTraceEnabled()) {
                this.log.trace("UserInfo response decoder parsed a plain JSON Object for subject '{}'", claimsSet.getStringClaim("sub"));
            }
            return new PlainUserInfoResponse(claimsSet);
        } catch (Exception e) {
            this.log.warn("Unable to decode UserInfo response", e);
            return null;
        }
    }
}
