package net.shibboleth.idp.plugin.oidc.op.profile.impl;

import com.nimbusds.jwt.JWT;
import com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest;
import java.text.ParseException;
import java.util.Collection;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.plugin.oidc.op.messaging.context.OIDCAuthenticationResponseContext;
import net.shibboleth.idp.plugin.oidc.op.messaging.context.OIDCMetadataContext;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/impl/SetRequestedSubjectToResponseContext.class */
public class SetRequestedSubjectToResponseContext extends AbstractOIDCAuthenticationResponseAction {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(SetRequestedSubjectToResponseContext.class);

    @Nonnull
    private Collection<ClaimsSetRequest.Entry> idTokenClaims;

    @Nullable
    private JWT idTokenHint;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationResponseAction, net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCRequestAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        if (getOidcResponseContext().getRequestedClaims() != null && getOidcResponseContext().getRequestedClaims().getIDTokenClaimsRequest() != null) {
            this.idTokenClaims = getOidcResponseContext().getRequestedClaims().getIDTokenClaimsRequest().getEntries();
        }
        this.idTokenHint = getAuthenticationRequest().getIDTokenHint();
        if (this.idTokenClaims != null || this.idTokenHint != null) {
            return true;
        }
        this.log.debug("{} No requested claims nor id token hint, nothing to do", getLogPrefix());
        return false;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (this.idTokenClaims != null && !this.idTokenClaims.isEmpty()) {
            for (ClaimsSetRequest.Entry entry : this.idTokenClaims) {
                if ("sub".equals(entry.getClaimName())) {
                    this.log.debug("{} Setting requested sub claim value {}", getLogPrefix(), entry.getValue());
                    getOidcResponseContext().setRequestedSubject(entry.getValue());
                    return;
                }
            }
        }
        try {
            if (this.idTokenHint != null && this.idTokenHint.getJWTClaimsSet() != null) {
                this.log.debug("{} Setting requested sub claim value {}", getLogPrefix(), this.idTokenHint.getJWTClaimsSet().getSubject());
                getOidcResponseContext().setRequestedSubject(this.idTokenHint.getJWTClaimsSet().getSubject());
            }
        } catch (ParseException e) {
            this.log.error("{} error parsing id token hint", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
        }
    }

    @Override // net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationResponseAction
    public /* bridge */ /* synthetic */ OIDCMetadataContext getMetadataContext() {
        return super.getMetadataContext();
    }

    @Override // net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationResponseAction
    @Nonnull
    public /* bridge */ /* synthetic */ OIDCAuthenticationResponseContext getOidcResponseContext() {
        return super.getOidcResponseContext();
    }
}
