package net.shibboleth.idp.plugin.oidc.op.profile.impl;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import java.text.ParseException;
import java.util.Map;
import java.util.function.BiFunction;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.shibboleth.oidc.profile.config.navigate.IDTokenManipulationStrategyLookupFunction;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/impl/ManipulateClaimsForIDToken.class */
public class ManipulateClaimsForIDToken extends AbstractOIDCAuthenticationResponseAction {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(ManipulateClaimsForIDToken.class);

    @Nonnull
    private Function<ProfileRequestContext, BiFunction<ProfileRequestContext, Map<String, Object>, Map<String, Object>>> idTokenManipulationStrategyLookupStrategy = new IDTokenManipulationStrategyLookupFunction();
    private BiFunction<ProfileRequestContext, Map<String, Object>, Map<String, Object>> manipulationStrategy;
    private IDTokenClaimsSet idToken;

    public void setIDTokenManipulationStrategyLookupStrategy(@Nonnull Function<ProfileRequestContext, BiFunction<ProfileRequestContext, Map<String, Object>, Map<String, Object>>> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.idTokenManipulationStrategyLookupStrategy = (Function) Constraint.isNotNull(function, "IDToken manipulation strategy lookup strategy cannot be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationResponseAction, net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCRequestAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        this.idToken = getOidcResponseContext().getIDToken();
        if (this.idToken == null) {
            this.log.error("{} No id token", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidMessageContext");
            return false;
        }
        this.manipulationStrategy = this.idTokenManipulationStrategyLookupStrategy.apply(profileRequestContext);
        if (this.manipulationStrategy != null) {
            return true;
        }
        this.log.debug("{} No manipulation strategy resolved, nothing to do.", getLogPrefix());
        return false;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        Map<String, Object> apply = this.manipulationStrategy.apply(profileRequestContext, this.idToken.toJSONObject());
        if (apply == null) {
            this.log.debug("{} Manipulation strategy retruned null, leaving id_token claims untouched.", getLogPrefix());
            return;
        }
        this.log.debug("{} Applying the manipulated claims into the id_token", getLogPrefix());
        try {
            IDTokenClaimsSet iDTokenClaimsSet = new IDTokenClaimsSet(JWTClaimsSet.parse(apply));
            this.log.debug("{} Replacing the id_token with the manipulated contents", getLogPrefix());
            getOidcResponseContext().setIDToken(iDTokenClaimsSet);
        } catch (ParseException | com.nimbusds.oauth2.sdk.ParseException e) {
            this.log.error("{} The resulted claims set could not be transformed into id_token", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileConfiguration");
        }
    }
}
