package net.shibboleth.idp.plugin.authn.oidc.rp.impl;

import java.net.URI;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.oidc.rp.config.navigate.RedirectUriLookupFunction;
import net.shibboleth.idp.plugin.authn.oidc.rp.context.OAuth2ClientContext;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.oidc.profile.config.OIDCAuthenticationRelyingPartyProfileConfiguration;
import net.shibboleth.oidc.profile.messaging.context.OIDCPeerEntityContext;
import net.shibboleth.profile.context.RelyingPartyContext;
import net.shibboleth.shared.annotation.constraint.NonnullBeforeExec;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.OutboundMessageContextLookup;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/impl/InitializeOAuth2ClientContext.class */
public class InitializeOAuth2ClientContext extends AbstractProfileAction {

    @NonnullBeforeExec
    private OAuth2ClientContext oauth2ClientContext;

    @NonnullBeforeExec
    private OIDCAuthenticationRelyingPartyProfileConfiguration profileConfiguration;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(InitializeOAuth2ClientContext.class);

    @Nonnull
    private Function<ProfileRequestContext, OAuth2ClientContext> oauth2ClientContextLookupStrategy = new ChildContextLookup(OAuth2ClientContext.class, true).compose(new ChildContextLookup(OIDCPeerEntityContext.class).compose(new OutboundMessageContextLookup()));

    @Nonnull
    private Function<ProfileRequestContext, RelyingPartyContext> relyingPartyContextLookupStrategy = new ChildContextLookup(RelyingPartyContext.class);

    @Nonnull
    private Function<ProfileRequestContext, URI> redirectUriOverrideLookupStrategy = new RedirectUriLookupFunction();

    public void setRelyingPartyContextLookupStrategy(@Nonnull Function<ProfileRequestContext, RelyingPartyContext> function) {
        this.relyingPartyContextLookupStrategy = (Function) Constraint.isNotNull(function, "RelyingPartyContext lookup strategy cannot be null");
    }

    public void setRedirectUriOverrideLookupStrategy(@Nonnull Function<ProfileRequestContext, URI> function) {
        checkSetterPreconditions();
        this.redirectUriOverrideLookupStrategy = (Function) Constraint.isNotNull(function, "Redirect URI lookup strategy can not be null");
    }

    public void setOAuth2ClientContextLookupStrategy(@Nonnull Function<ProfileRequestContext, OAuth2ClientContext> function) {
        checkSetterPreconditions();
        this.oauth2ClientContextLookupStrategy = (Function) Constraint.isNotNull(function, "OAuth2 client context lookup strategy cannot be null");
    }

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        this.oauth2ClientContext = this.oauth2ClientContextLookupStrategy.apply(profileRequestContext);
        if (this.oauth2ClientContext == null) {
            this.log.error("{} No OAuth2 client context found or created", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
            return false;
        }
        RelyingPartyContext apply = this.relyingPartyContextLookupStrategy.apply(profileRequestContext);
        if (apply != null && apply.getConfiguration() != null) {
            OIDCAuthenticationRelyingPartyProfileConfiguration profileConfig = apply.getProfileConfig();
            if (profileConfig instanceof OIDCAuthenticationRelyingPartyProfileConfiguration) {
                this.profileConfiguration = profileConfig;
            }
        }
        if (this.profileConfiguration != null) {
            return true;
        }
        this.log.error("{} OIDCAuthorizationConfiguration not found", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, "InvalidProfileConfiguration");
        return false;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        super.doExecute(profileRequestContext);
        String clientId = this.profileConfiguration.getClientId(profileRequestContext);
        if (StringSupport.trimOrNull(clientId) == null) {
            this.log.error("{} No client_id found from profile configuration", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRelyingPartyConfiguration");
        } else {
            if (!$assertionsDisabled && clientId == null) {
                throw new AssertionError();
            }
            this.oauth2ClientContext.setClientId(clientId);
            URI apply = this.redirectUriOverrideLookupStrategy.apply(profileRequestContext);
            if (apply != null) {
                this.log.debug("{} Redirect_uri has been explicitly set as '{}'", getLogPrefix(), apply);
                this.oauth2ClientContext.setRedirectUriOverride(apply);
            }
            this.log.debug("{} Initialized OAuth2 Client Context for client '{}'", getLogPrefix(), clientId);
        }
    }

    static {
        $assertionsDisabled = !InitializeOAuth2ClientContext.class.desiredAssertionStatus();
    }
}
