package net.shibboleth.idp.plugin.oidc.op.profile.impl;

import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import java.util.List;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.plugin.oidc.op.config.navigate.TokenEndpointAuthMethodLookupFunction;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/impl/AddTokenEndpointAuthMethodsToClientMetadata.class */
public class AddTokenEndpointAuthMethodsToClientMetadata extends AbstractOIDCClientMetadataPopulationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AddTokenEndpointAuthMethodsToClientMetadata.class);

    @Nullable
    private Function<ProfileRequestContext, List<ClientAuthenticationMethod>> tokenEndpointAuthMethodsLookupStrategy = new TokenEndpointAuthMethodLookupFunction();

    public void setTokenEndpointAuthMethodsLookupStrategy(@Nonnull Function<ProfileRequestContext, List<ClientAuthenticationMethod>> function) {
        this.tokenEndpointAuthMethodsLookupStrategy = (Function) Constraint.isNotNull(function, "Strategy to obtain enabled token endpoint authentication methods cannot be null");
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        ClientAuthenticationMethod tokenEndpointAuthMethod = getInputMetadata().getTokenEndpointAuthMethod() != null ? getInputMetadata().getTokenEndpointAuthMethod() : ClientAuthenticationMethod.getDefault();
        List<ClientAuthenticationMethod> apply = this.tokenEndpointAuthMethodsLookupStrategy.apply(profileRequestContext);
        if (apply != null && apply.contains(tokenEndpointAuthMethod)) {
            getOutputMetadata().setTokenEndpointAuthMethod(tokenEndpointAuthMethod);
        } else {
            this.log.warn("{} Non-supported token_endpoint_auth_method {}", getLogPrefix(), tokenEndpointAuthMethod);
            ActionSupport.buildEvent(profileRequestContext, "InvalidMessage");
        }
    }
}
