package net.shibboleth.idp.plugin.authn.oidc.rp.encoding.impl;

import com.nimbusds.jose.util.StandardCharset;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.pkce.CodeVerifier;
import com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.oidc.authn.context.OAuth2ClientAuthenticationContext;
import net.shibboleth.oidc.profile.core.OIDCAuthenticationRequest;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.io.support.ClassicRequestBuilder;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/encoding/impl/DefaultAuthCodeTokenRequestEncoder.class */
public class DefaultAuthCodeTokenRequestEncoder extends AbstractRequestEncoderFunction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(DefaultAuthCodeTokenRequestEncoder.class);
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // net.shibboleth.idp.plugin.authn.oidc.rp.encoding.impl.AbstractRequestEncoderFunction
    @Nullable
    public ClassicHttpRequest doApply(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull OIDCProviderMetadata oIDCProviderMetadata) {
        try {
            OAuth2ClientAuthenticationContext clientAuthenticationContext = getClientAuthenticationContext();
            if (clientAuthenticationContext == null) {
                this.log.warn("No client authentication context to base token request off");
                return null;
            }
            AuthenticationSuccessResponse authenticationResponse = getAuthenticationResponse();
            if (authenticationResponse == null) {
                this.log.warn("No authentication response from upstream OpenID Provider to base token request off");
                return null;
            }
            OIDCAuthenticationRequest authenticationRequest = getAuthenticationRequest();
            if (authenticationRequest == null) {
                this.log.warn("No authentication request to base token request off");
                return null;
            }
            HTTPRequest hTTPRequest = new TokenRequest(oIDCProviderMetadata.getTokenEndpointURI(), clientAuthenticationContext.getClientAuthentication(), new AuthorizationCodeGrant(authenticationResponse.getAuthorizationCode(), authenticationRequest.getRedirectURI(), authenticationRequest.getCodeVerifier() != null ? new CodeVerifier(authenticationRequest.getCodeVerifier()) : null)).toHTTPRequest();
            if ($assertionsDisabled || hTTPRequest != null) {
                return convertHttpRequest(hTTPRequest);
            }
            throw new AssertionError();
        } catch (Exception e) {
            this.log.warn("Unable to encode token request", e);
            return null;
        }
    }

    @Nullable
    private ClassicHttpRequest convertHttpRequest(@Nonnull HTTPRequest hTTPRequest) {
        if (hTTPRequest.getMethod() != HTTPRequest.Method.POST) {
            this.log.warn("Token Request must use the HTTP POST method, is trying to use '{}'", hTTPRequest.getMethod());
            return null;
        }
        ClassicRequestBuilder charset = ClassicRequestBuilder.post().setUri(hTTPRequest.getURI()).setHeader("Content-Type", hTTPRequest.getEntityContentType().toString()).setCharset(StandardCharset.UTF_8);
        hTTPRequest.getQueryParameters().forEach((str, list) -> {
            list.stream().forEach(str -> {
                charset.addParameter(str, str);
            });
        });
        if (hTTPRequest.getAuthorization() != null && !hTTPRequest.getAuthorization().isEmpty()) {
            charset.addHeader("Authorization", hTTPRequest.getAuthorization());
        }
        return charset.build();
    }

    static {
        $assertionsDisabled = !DefaultAuthCodeTokenRequestEncoder.class.desiredAssertionStatus();
    }
}
