package net.shibboleth.idp.plugin.authn.oidc.rp.metadata.impl;

import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.util.Objects;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.oidc.metadata.ProviderMetadataResolver;
import net.shibboleth.oidc.metadata.context.OIDCProviderMetadataContext;
import net.shibboleth.oidc.metadata.criterion.IssuerIDCriterion;
import net.shibboleth.oidc.profile.messaging.context.AbstractOIDCEntityContext;
import net.shibboleth.oidc.profile.messaging.context.OIDCPeerEntityContext;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.Criterion;
import net.shibboleth.shared.resolver.ResolverException;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.messaging.handler.AbstractMessageHandler;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/metadata/impl/OIDCProviderMetadataLookupHandler.class */
public class OIDCProviderMetadataLookupHandler extends AbstractMessageHandler {

    @NonnullAfterInit
    private ProviderMetadataResolver providerResolver;

    @Nullable
    private Function<MessageContext, OIDCProviderMetadataContext> copyContextStrategy;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(OIDCProviderMetadataLookupHandler.class);

    @Nonnull
    private Function<MessageContext, ? extends AbstractOIDCEntityContext> contextClassLookupStrategy = new ChildContextLookup(OIDCPeerEntityContext.class);

    public void setContextClassLookupStrategy(@Nonnull Function<MessageContext, ? extends AbstractOIDCEntityContext> function) {
        checkSetterPreconditions();
        this.contextClassLookupStrategy = (Function) Constraint.isNotNull(function, "Context class lookup strategy can not be null");
    }

    public void setCopyContextStrategy(@Nullable Function<MessageContext, OIDCProviderMetadataContext> function) {
        checkSetterPreconditions();
        this.copyContextStrategy = function;
    }

    public void setProviderMetadataResolver(@Nonnull ProviderMetadataResolver providerMetadataResolver) {
        checkSetterPreconditions();
        this.providerResolver = (ProviderMetadataResolver) Constraint.isNotNull(providerMetadataResolver, "ProviderMetadataResolver cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.providerResolver == null) {
            throw new ComponentInitializationException("ProviderMetadataResolver cannot be null");
        }
    }

    protected void doInvoke(MessageContext messageContext) throws MessageHandlerException {
        ifNotInitializedThrowUninitializedComponentException();
        AbstractOIDCEntityContext apply = this.contextClassLookupStrategy.apply(messageContext);
        String identifier = apply != null ? apply.getIdentifier() : null;
        if (apply == null || identifier == null) {
            this.log.debug("{} OIDC entity context class '{}' missing or did not contain an issuer identifier", getLogPrefix(), AbstractOIDCEntityContext.class);
            return;
        }
        OIDCProviderMetadataContext resolveExisting = resolveExisting(messageContext, identifier);
        if (resolveExisting != null) {
            this.log.debug("{} Resolved existing provider metadata context, removing existing and re-using it", getLogPrefix());
            apply.removeSubcontext(OIDCProviderMetadataContext.class);
            apply.addSubcontext(resolveExisting);
            return;
        }
        try {
            OIDCProviderMetadata oIDCProviderMetadata = (OIDCProviderMetadata) this.providerResolver.resolveSingle(new CriteriaSet(new Criterion[]{new IssuerIDCriterion(new Issuer(apply.getIdentifier()))}));
            if (oIDCProviderMetadata == null) {
                this.log.debug("{} No provider metadata returned for {}", getLogPrefix(), apply.getIdentifier());
                return;
            }
            this.log.debug("{} Found provider metadata for '{}'", getLogPrefix(), apply.getIdentifier());
            OIDCProviderMetadataContext oIDCProviderMetadataContext = new OIDCProviderMetadataContext();
            oIDCProviderMetadataContext.setProviderInformation(oIDCProviderMetadata);
            apply.addSubcontext(oIDCProviderMetadataContext);
        } catch (ResolverException e) {
            this.log.error("{} ResolverException thrown during provider metadata lookup: {}", getLogPrefix(), e.getMessage());
            throw new MessageHandlerException(e);
        }
    }

    @Nullable
    protected OIDCProviderMetadataContext resolveExisting(@Nonnull MessageContext messageContext, @Nonnull String str) {
        if (this.copyContextStrategy == null) {
            return null;
        }
        if (!$assertionsDisabled && this.copyContextStrategy == null) {
            throw new AssertionError();
        }
        OIDCProviderMetadataContext apply = this.copyContextStrategy.apply(messageContext);
        if (apply == null) {
            this.log.debug("{} No existing OIDCProviderMetadataContext was resolved", getLogPrefix());
            return null;
        }
        OIDCProviderMetadata providerInformation = apply.getProviderInformation();
        if (providerInformation == null) {
            this.log.debug("{} Existing OIDCProviderMetadataContext was resolved but is missing ProviderInformation data", getLogPrefix());
            return null;
        }
        if (!Objects.equals(providerInformation.getIssuer().getValue(), str)) {
            this.log.debug("{} Existing OIDCProviderMetadataContext was resolved, but the issuer did not match the entity context data", getLogPrefix());
            return null;
        }
        this.log.debug("{} Found an existing and suitable OIDCProviderMetadataContext from which to copy ", getLogPrefix());
        OIDCProviderMetadataContext oIDCProviderMetadataContext = new OIDCProviderMetadataContext();
        oIDCProviderMetadataContext.setProviderInformation(apply.getProviderInformation());
        return oIDCProviderMetadataContext;
    }

    static {
        $assertionsDisabled = !OIDCProviderMetadataLookupHandler.class.desiredAssertionStatus();
    }
}
