package net.shibboleth.idp.plugin.oidc.op.oauth2.profile.impl;

import java.net.URI;
import java.util.Set;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.oidc.op.profile.context.navigate.DefaultRequestRedirectURILookupFunction;
import net.shibboleth.idp.plugin.oidc.op.profile.context.navigate.DefaultValidRedirectUrisLookupFunction;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/oauth2/profile/impl/ValidateRedirectURI.class */
public class ValidateRedirectURI extends AbstractOAuthAuthorizationResponseAction {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(ValidateRedirectURI.class);
    private boolean requireRequestedValue = true;

    @Nonnull
    private Function<ProfileRequestContext, URI> redirectURILookupStrategy = new DefaultRequestRedirectURILookupFunction();

    @Nonnull
    private Function<ProfileRequestContext, Set<URI>> validRedirectURIsLookupStrategy = new DefaultValidRedirectUrisLookupFunction();

    @Nonnull
    private Function<ProfileRequestContext, Set<URI>> registeredRedirectURIsLookupStrategy = new DefaultValidRedirectUrisLookupFunction();

    public void setRedirectURILookupStrategy(@Nonnull Function<ProfileRequestContext, URI> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.redirectURILookupStrategy = (Function) Constraint.isNotNull(function, "RedirectURILookupStrategy lookup strategy cannot be null");
    }

    public void setValidRedirectURIsLookupStrategy(@Nonnull Function<ProfileRequestContext, Set<URI>> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.validRedirectURIsLookupStrategy = (Function) Constraint.isNotNull(function, "ValidRedirectURIsLookupStrategy lookup strategy cannot be null");
    }

    public void setRegisteredRedirectURIsLookupStrategy(@Nonnull Function<ProfileRequestContext, Set<URI>> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.registeredRedirectURIsLookupStrategy = (Function) Constraint.isNotNull(function, "RegisteredRedirectURIsLookupStrategy lookup strategy cannot be null");
    }

    public void setRequireRequestedValue(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.requireRequestedValue = z;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        URI apply = this.redirectURILookupStrategy.apply(profileRequestContext);
        Set<URI> apply2 = this.validRedirectURIsLookupStrategy.apply(profileRequestContext);
        if (apply2 == null || apply2.isEmpty()) {
            this.log.warn("{} Client has not registered Redirection URIs. Redirection URI cannot be validated.", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRedirectionURI");
            return;
        }
        if (apply == null) {
            handleNullRequestedURI(profileRequestContext, apply2);
            return;
        }
        if (apply2.contains(apply)) {
            getOidcResponseContext().setRedirectURI(apply);
            this.log.debug("{} Redirection URI validated {}", getLogPrefix(), apply);
            return;
        }
        String str = "";
        for (URI uri : apply2) {
            str = str + (str.isEmpty() ? uri.toString() : ", " + uri.toString());
        }
        this.log.error("{} Redirection URI {} not matching any of the registered Redirection URIs [{}] ", new Object[]{getLogPrefix(), apply.toString(), str});
        ActionSupport.buildEvent(profileRequestContext, "InvalidRedirectionURI");
    }

    protected void handleNullRequestedURI(ProfileRequestContext profileRequestContext, @NotEmpty @Nonnull Set<URI> set) {
        if (this.requireRequestedValue) {
            this.log.warn("{} Redirection URI of the request not located for verification", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRedirectionURI");
            return;
        }
        Set<URI> apply = this.registeredRedirectURIsLookupStrategy.apply(profileRequestContext);
        if (apply == null || apply.isEmpty()) {
            this.log.warn("{} Client has not registered Redirection URIs. Redirection URI cannot be validated.", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRedirectionURI");
            return;
        }
        if (apply.size() != 1 || set.size() != 1) {
            this.log.warn("{} Redirection URI of the request missing even though multiple values registered/valid", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRedirectionURI");
            return;
        }
        URI next = apply.iterator().next();
        URI next2 = set.iterator().next();
        if (next.equals(next2)) {
            this.log.debug("{} No requested redirect_uri found, but allowing it due to single trusted value {}", getLogPrefix(), next);
            getOidcResponseContext().setRedirectURI(next);
        } else {
            this.log.warn("{} Registered URI '{}' did not match with the valid one '{}'", new Object[]{getLogPrefix(), next, next2});
            ActionSupport.buildEvent(profileRequestContext, "InvalidRedirectionURI");
        }
    }
}
