package net.shibboleth.idp.plugin.oidc.op.profile.impl;

import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import java.net.URI;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.oidc.jwk.support.RemoteJwkUtils;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.apache.http.client.HttpClient;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/impl/AddJwksToClientMetadata.class */
public class AddJwksToClientMetadata extends AbstractOIDCClientMetadataPopulationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AddJwksToClientMetadata.class);

    @NonnullAfterInit
    private HttpClient httpClient;

    @Nullable
    private HttpClientSecurityParameters httpClientSecurityParameters;

    public void setHttpClient(@Nonnull HttpClient httpClient) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpClient = (HttpClient) Constraint.isNotNull(httpClient, "HttpClient cannot be null");
    }

    public void setHttpClientSecurityParameters(@Nullable HttpClientSecurityParameters httpClientSecurityParameters) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpClientSecurityParameters = httpClientSecurityParameters;
    }

    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.httpClient == null) {
            throw new ComponentInitializationException(getLogPrefix() + " HttpClient cannot be null");
        }
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        JWKSet jWKSet = getInputMetadata().getJWKSet();
        URI jWKSetURI = getInputMetadata().getJWKSetURI();
        if (jWKSet != null && jWKSetURI != null) {
            this.log.warn("{} Both jwks and jwks_uri were defined", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidMessage");
            return;
        }
        if (jWKSet != null) {
            if (containsKeys(jWKSet)) {
                getOutputMetadata().setJWKSet(jWKSet);
                return;
            } else {
                this.log.warn("{} The jwks was defined, but it doesn't contain any keys", getLogPrefix());
                ActionSupport.buildEvent(profileRequestContext, "InvalidMessage");
                return;
            }
        }
        if (jWKSetURI != null) {
            if (containsKeys(RemoteJwkUtils.fetchRemoteJwkSet(getLogPrefix(), jWKSetURI, this.httpClient, this.httpClientSecurityParameters))) {
                this.log.debug("{} The jwks_uri endpoint available and contains key(s)", getLogPrefix());
                getOutputMetadata().setJWKSetURI(jWKSetURI);
            } else {
                this.log.warn("{} The jwks_uri was defined, but the endpoint does not contain key(s)", getLogPrefix());
                ActionSupport.buildEvent(profileRequestContext, "InvalidMessage");
            }
        }
    }

    protected boolean containsKeys(JWKSet jWKSet) {
        List<JWK> keys;
        return (jWKSet == null || (keys = jWKSet.getKeys()) == null || keys.isEmpty()) ? false : true;
    }
}
