package org.geant.idpextension.oidc.attribute.filter.spring.policyrule.filtercontext.impl;

import java.util.List;
import javax.annotation.Nonnull;
import net.shibboleth.idp.attribute.filter.PolicyRequirementRule;
import net.shibboleth.idp.attribute.filter.context.AttributeFilterContext;
import net.shibboleth.idp.attribute.filter.policyrule.impl.AbstractStringPolicyRule;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import org.geant.idpextension.oidc.messaging.context.OIDCAuthenticationResponseContext;
import org.opensaml.messaging.context.navigate.RecursiveTypedParentContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/geant/idpextension/oidc/attribute/filter/spring/policyrule/filtercontext/impl/AttributeOIDCScopePolicyRule.class */
public class AttributeOIDCScopePolicyRule extends AbstractStringPolicyRule {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AttributeOIDCScopePolicyRule.class);

    public PolicyRequirementRule.Tristate matches(@Nonnull AttributeFilterContext attributeFilterContext) {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        ProfileRequestContext apply = new RecursiveTypedParentContextLookup(ProfileRequestContext.class).apply(attributeFilterContext);
        if (apply == null || apply.getOutboundMessageContext() == null) {
            this.log.trace("{} No outbound message context", getLogPrefix());
            return PolicyRequirementRule.Tristate.FALSE;
        }
        OIDCAuthenticationResponseContext subcontext = apply.getOutboundMessageContext().getSubcontext(OIDCAuthenticationResponseContext.class, false);
        if (subcontext == null || subcontext.getScope() == null) {
            this.log.trace("{} No verified requested scopes for oidc found", getLogPrefix());
            return PolicyRequirementRule.Tristate.FALSE;
        }
        List<String> stringList = subcontext.getScope().toStringList();
        if (stringList == null || stringList.isEmpty()) {
            this.log.warn("{} No scopes in oidc request, should not happen", getLogPrefix());
            return PolicyRequirementRule.Tristate.FAIL;
        }
        for (String str : stringList) {
            this.log.debug("{} evaluating scope {}", getLogPrefix(), str);
            if (stringCompare(str) == PolicyRequirementRule.Tristate.TRUE) {
                return PolicyRequirementRule.Tristate.TRUE;
            }
        }
        return PolicyRequirementRule.Tristate.FALSE;
    }
}
