package net.shibboleth.idp.plugin.authn.oidc.rp.impl;

import com.nimbusds.openid.connect.sdk.UserInfoResponse;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.plugin.authn.oidc.rp.context.UserInfoResponseContext;
import net.shibboleth.idp.plugin.authn.oidc.rp.exception.OIDCRPException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/impl/UserInfoEndpointLookup.class */
public class UserInfoEndpointLookup extends AbstractHttpOIDCAuthenticationAction<UserInfoResponse> {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(UserInfoEndpointLookup.class);

    @Nonnull
    private Function<ProfileRequestContext, UserInfoResponseContext> userInfoResponseContextLookupStrategy = new ChildContextLookup(UserInfoResponseContext.class, true).compose(new InboundMessageContextLookup());

    public void setUserInfoResponseContextLookupStrategy(@Nonnull Function<ProfileRequestContext, UserInfoResponseContext> function) {
        checkSetterPreconditions();
        this.userInfoResponseContextLookupStrategy = (Function) Constraint.isNotNull(function, "UserInfoResponseContext lookup strategy cannot be null");
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        this.log.debug("{} Requesting claims from UserInfo endpoint from provider '{}'", getLogPrefix(), authenticationContext.getAuthenticatingAuthority());
        UserInfoResponseContext apply = this.userInfoResponseContextLookupStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.debug("{} No UserInfo response context returned by lookup strategy", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
            return;
        }
        try {
            UserInfoResponse handleRequest = handleRequest(profileRequestContext, apply);
            if (handleRequest.indicatesSuccess()) {
                apply.setUserInfo(handleRequest.toSuccessResponse());
            }
        } catch (OIDCRPException e) {
            this.log.error("{} Unable to return claims from UserInfo endpoint", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, "InvalidUserInfoClaims");
        }
    }
}
