package net.shibboleth.idp.plugin.oidc.op.attribute.filter.matcher.impl;

import java.util.Collection;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.IdPAttributeValue;
import net.shibboleth.idp.attribute.IdPRequestedAttribute;
import net.shibboleth.idp.attribute.filter.Matcher;
import net.shibboleth.idp.attribute.filter.context.AttributeFilterContext;
import net.shibboleth.idp.plugin.oidc.op.messaging.context.OIDCAuthenticationResponseContext;
import net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import org.opensaml.messaging.context.navigate.RecursiveTypedParentContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/attribute/filter/matcher/impl/AttributeInOIDCRequestedClaimsMatcher.class */
public class AttributeInOIDCRequestedClaimsMatcher extends AbstractIdentifiableInitializableComponent implements Matcher {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AttributeInOIDCRequestedClaimsMatcher.class);
    private boolean matchIfRequestedClaimsSilent;
    private boolean matchOnlyIDToken;
    private boolean matchOnlyUserInfo;
    private boolean onlyIfEssential;
    private String logPrefix;

    public boolean getOnlyIfEssential() {
        return this.onlyIfEssential;
    }

    public void setOnlyIfEssential(boolean z) {
        this.onlyIfEssential = z;
    }

    public boolean getMatchOnlyIDToken() {
        return this.matchOnlyIDToken;
    }

    public void setMatchOnlyIDToken(boolean z) {
        this.matchOnlyIDToken = z;
    }

    public boolean getMatchOnlyUserInfo() {
        return this.matchOnlyUserInfo;
    }

    public void setMatchOnlyUserInfo(boolean z) {
        this.matchOnlyUserInfo = z;
    }

    public boolean getMatchIRequestedClaimsSilent() {
        return this.matchIfRequestedClaimsSilent;
    }

    public void setMatchIfRequestedClaimsSilent(boolean z) {
        this.matchIfRequestedClaimsSilent = z;
    }

    public Set<IdPAttributeValue> getMatchingValues(@Nonnull IdPAttribute idPAttribute, @Nonnull AttributeFilterContext attributeFilterContext) {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        ProfileRequestContext apply = new RecursiveTypedParentContextLookup(ProfileRequestContext.class).apply(attributeFilterContext);
        if (apply == null || apply.getOutboundMessageContext() == null) {
            this.log.trace("{} No outbound message context", getLogPrefix());
            return null;
        }
        OIDCAuthenticationResponseContext subcontext = apply.getOutboundMessageContext().getSubcontext(OIDCAuthenticationResponseContext.class);
        if (subcontext == null) {
            this.log.debug("{} No oidc response ctx for this comparison", getLogPrefix());
            return null;
        }
        if (subcontext.getMappedIdTokenRequestedClaims() == null && subcontext.getMappedUserinfoRequestedClaims() == null) {
            this.log.debug("{} No requested claims", getLogPrefix());
            if (getMatchIRequestedClaimsSilent()) {
                this.log.debug("{} all values matched as in silent mode", getLogPrefix());
                return Set.copyOf(idPAttribute.getValues());
            }
            this.log.debug("{} none of the values matched as not silent mode", getLogPrefix());
            return Collections.emptySet();
        }
        if (subcontext.getMappedIdTokenRequestedClaims() != null && !getMatchOnlyUserInfo() && subcontext.getMappedIdTokenRequestedClaims().get().containsKey(idPAttribute.getId()) && verifyEssentiality(subcontext.getMappedIdTokenRequestedClaims().get().get(idPAttribute.getId()))) {
            this.log.debug("{} All values matched, as {} is a requested ID token claim", getLogPrefix(), idPAttribute.getId());
            return Set.copyOf(idPAttribute.getValues());
        }
        if (subcontext.getMappedUserinfoRequestedClaims() == null || getMatchOnlyIDToken() || !subcontext.getMappedUserinfoRequestedClaims().get().containsKey(idPAttribute.getId()) || !verifyEssentiality(subcontext.getMappedUserinfoRequestedClaims().get().get(idPAttribute.getId()))) {
            this.log.debug("{} Attribute {} was not a requested claim, none of the values matched", getLogPrefix(), idPAttribute.getId());
            return Collections.emptySet();
        }
        this.log.debug("{} All values matched, as {} is a requested Userinfo claim", getLogPrefix(), idPAttribute.getId());
        return Set.copyOf(idPAttribute.getValues());
    }

    private boolean verifyEssentiality(Collection<IdPAttribute> collection) {
        if (!this.onlyIfEssential) {
            return true;
        }
        Stream<IdPAttribute> stream = collection.stream();
        Class<IdPRequestedAttribute> cls = IdPRequestedAttribute.class;
        Objects.requireNonNull(IdPRequestedAttribute.class);
        Stream<IdPAttribute> filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<IdPRequestedAttribute> cls2 = IdPRequestedAttribute.class;
        Objects.requireNonNull(IdPRequestedAttribute.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).anyMatch(idPRequestedAttribute -> {
            return idPRequestedAttribute.isRequired();
        });
    }

    @Nonnull
    protected String getLogPrefix() {
        String str = this.logPrefix;
        if (null == str) {
            str = "Attribute Filter '" + getId() + "':";
            if (null == this.logPrefix) {
                this.logPrefix = str;
            }
        }
        return str;
    }
}
