package net.shibboleth.idp.plugin.authn.oidc.rp.impl;

import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
import java.security.Principal;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.oidc.rp.context.AccessTokenResponseContext;
import net.shibboleth.idp.plugin.authn.oidc.rp.principal.OAuth2AccessTokenPrincipal;
import net.shibboleth.idp.plugin.authn.oidc.rp.principal.OAuth2RefreshTokenPrincipal;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.logic.Constraint;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/impl/AccessTokenToPrivateCredentialsMappingStrategy.class */
public class AccessTokenToPrivateCredentialsMappingStrategy implements Function<ProfileRequestContext, Collection<Principal>> {

    @Nonnull
    private final Function<ProfileRequestContext, AccessTokenResponseContext> tokenResponseContextLookupStrategy;
    static final /* synthetic */ boolean $assertionsDisabled;

    public AccessTokenToPrivateCredentialsMappingStrategy(@Nonnull Function<ProfileRequestContext, AccessTokenResponseContext> function) {
        this.tokenResponseContextLookupStrategy = (Function) Constraint.isNotNull(function, "TokenResponseContext Lookup Strategy can not be null");
    }

    public AccessTokenToPrivateCredentialsMappingStrategy() {
        this.tokenResponseContextLookupStrategy = new ChildContextLookup(AccessTokenResponseContext.class, true).compose(new InboundMessageContextLookup());
    }

    @Override // java.util.function.Function
    public Collection<Principal> apply(ProfileRequestContext profileRequestContext) {
        AccessTokenResponseContext apply = this.tokenResponseContextLookupStrategy.apply(profileRequestContext);
        OIDCTokenResponse tokenResponse = apply != null ? apply.getTokenResponse() : null;
        if (tokenResponse == null) {
            return CollectionSupport.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        AccessToken accessToken = tokenResponse.getTokens().getAccessToken();
        if (!$assertionsDisabled && accessToken == null) {
            throw new AssertionError();
        }
        RefreshToken refreshToken = tokenResponse.getTokens().getRefreshToken();
        arrayList.add(new OAuth2AccessTokenPrincipal(accessToken.getValue(), accessToken.getType().getValue(), accessToken.getLifetime() == 0 ? null : Duration.ofSeconds(accessToken.getLifetime())));
        if (refreshToken != null) {
            arrayList.add(new OAuth2RefreshTokenPrincipal(refreshToken.getValue()));
        }
        return arrayList;
    }

    static {
        $assertionsDisabled = !AccessTokenToPrivateCredentialsMappingStrategy.class.desiredAssertionStatus();
    }
}
