package net.shibboleth.idp.plugin.authn.oidc.rp.impl;

import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.ErrorResponse;
import com.nimbusds.oauth2.sdk.Response;
import java.io.IOException;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.plugin.authn.oidc.rp.context.AbstractAuthenticatableOIDCContext;
import net.shibboleth.idp.plugin.authn.oidc.rp.exception.OIDCRPException;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.ThreadSafeAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.protocol.HttpContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.opensaml.security.httpclient.HttpClientSecuritySupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafeAfterInit
/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/impl/AbstractHttpOIDCAuthenticationAction.class */
public abstract class AbstractHttpOIDCAuthenticationAction<T extends Response> extends AbstractOIDCAuthenticationResponseAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AbstractHttpOIDCAuthenticationAction.class);

    @NonnullAfterInit
    private Function<ProfileRequestContext, HttpUriRequest> httpRequestEncoderStrategy;

    @NonnullAfterInit
    private Function<HttpResponse, T> httpResponseDecoderStrategy;

    @NonnullAfterInit
    private HttpClient httpClient;

    @Nullable
    private HttpClientSecurityParameters httpClientSecurityParameters;

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.httpClient == null) {
            throw new ComponentInitializationException("httpClient cannot be null");
        }
        if (this.httpRequestEncoderStrategy == null) {
            throw new ComponentInitializationException("HTTP request encoder strategy cannot be null");
        }
        if (this.httpResponseDecoderStrategy == null) {
            throw new ComponentInitializationException("HTTP response decoder strategy cannot be null");
        }
    }

    @NonnullAfterInit
    public Function<ProfileRequestContext, HttpUriRequest> getHttpRequestEncoderStrategy() {
        return this.httpRequestEncoderStrategy;
    }

    @NonnullAfterInit
    public Function<HttpResponse, T> getHttpResponseDecoderStrategy() {
        return this.httpResponseDecoderStrategy;
    }

    public void setHttpResponseDecoderStrategy(@Nonnull Function<HttpResponse, T> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpResponseDecoderStrategy = (Function) Constraint.isNotNull(function, "Http decoder strategy can not be null");
    }

    public void setHttpRequestEncoderStrategy(@Nonnull Function<ProfileRequestContext, HttpUriRequest> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpRequestEncoderStrategy = (Function) Constraint.isNotNull(function, "Http encoder strategy can not be null");
    }

    public void setHttpClient(@Nonnull HttpClient httpClient) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpClient = (HttpClient) Constraint.isNotNull(httpClient, "HttpClient cannot be null");
    }

    public void setHttpClientSecurityParameters(@Nullable HttpClientSecurityParameters httpClientSecurityParameters) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpClientSecurityParameters = httpClientSecurityParameters;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public T handleRequest(@Nonnull ProfileRequestContext profileRequestContext, @Nullable AbstractAuthenticatableOIDCContext abstractAuthenticatableOIDCContext) throws OIDCRPException {
        try {
            HttpUriRequest apply = getHttpRequestEncoderStrategy().apply(profileRequestContext);
            if (apply == null) {
                throw new OIDCRPException("Unable to encode HTTP request");
            }
            ErrorResponse errorResponse = (Response) getHttpResponseDecoderStrategy().apply(executeHttpRequest(apply, abstractAuthenticatableOIDCContext));
            if (errorResponse == null) {
                throw new OIDCRPException("Unable to process HTTP response");
            }
            if (errorResponse.indicatesSuccess()) {
                return errorResponse;
            }
            throw new OIDCRPException(formatErrorResponse(errorResponse.getErrorObject()));
        } catch (IOException e) {
            this.log.error("{} Unable to perform HTTP request and return response", getLogPrefix(), e);
            throw new OIDCRPException(e);
        }
    }

    private String formatErrorResponse(@Nonnull ErrorObject errorObject) {
        StringBuilder sb = new StringBuilder();
        sb.append("Error response, HTTP status code '").append(errorObject.getHTTPStatusCode()).append("', error code '").append(errorObject.getCode()).append("', description: ").append(errorObject.getDescription());
        return sb.toString();
    }

    @Nonnull
    protected HttpResponse executeHttpRequest(@Nonnull HttpUriRequest httpUriRequest, @Nullable AbstractAuthenticatableOIDCContext abstractAuthenticatableOIDCContext) throws IOException {
        Constraint.isNotNull(httpUriRequest, "Request can not be null");
        HttpContext create = HttpClientContext.create();
        HttpClientSecuritySupport.marshalSecurityParameters(create, this.httpClientSecurityParameters, true);
        HttpClientSecuritySupport.addDefaultTLSTrustEngineCriteria(create, httpUriRequest);
        HttpResponse execute = this.httpClient.execute(httpUriRequest, create);
        HttpClientSecuritySupport.checkTLSCredentialEvaluated(create, httpUriRequest.getURI().getScheme());
        if (abstractAuthenticatableOIDCContext != null) {
            abstractAuthenticatableOIDCContext.setAuthenticated(true);
        }
        return execute;
    }
}
