package net.shibboleth.idp.plugin.oidc.op.metadata.impl;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.plugin.oidc.op.metadata.resolver.MetadataValueResolver;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.oidc.profile.config.JSONSecurityConfiguration;
import net.shibboleth.oidc.security.jose.EncryptionConfiguration;
import net.shibboleth.oidc.security.jose.SignatureSigningConfiguration;
import net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.xmlsec.AlgorithmPolicyConfiguration;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/metadata/impl/AlgorithmInfoMetadataValueResolver.class */
public class AlgorithmInfoMetadataValueResolver extends AbstractIdentifiableInitializableComponent implements MetadataValueResolver {
    private final Logger log = LoggerFactory.getLogger(AlgorithmInfoMetadataValueResolver.class);

    @Nonnull
    private Function<ProfileRequestContext, RelyingPartyContext> relyingPartyContextLookupStrategy = new ChildContextLookup(RelyingPartyContext.class);
    private boolean resolveEncryptionAlgs;
    private boolean resolveKeyTransportEncAlgs;

    public void setRelyingPartyContextLookupStrategy(@Nonnull Function<ProfileRequestContext, RelyingPartyContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.relyingPartyContextLookupStrategy = (Function) Constraint.isNotNull(function, "RelyingPartyContext lookup strategy cannot be null");
    }

    public void setResolveEncryptionAlgs(boolean z) {
        this.resolveEncryptionAlgs = z;
    }

    public void setResolveKeyTransportEncAlgs(boolean z) {
        this.resolveKeyTransportEncAlgs = z;
    }

    public Iterable<Object> resolve(ProfileRequestContext profileRequestContext) throws ResolverException {
        ArrayList arrayList = new ArrayList();
        RelyingPartyContext apply = this.relyingPartyContextLookupStrategy.apply(profileRequestContext);
        if (apply == null || apply.getProfileConfig() == null) {
            this.log.warn("Could not find profile configuration, nothing to do");
            return arrayList;
        }
        JSONSecurityConfiguration securityConfiguration = apply.getProfileConfig().getSecurityConfiguration(profileRequestContext);
        if (securityConfiguration == null) {
            this.log.warn("Could not find security configuration, nothing to do");
            return arrayList;
        }
        if (!(securityConfiguration instanceof JSONSecurityConfiguration)) {
            this.log.warn("Security configuration class was not expected: {}", securityConfiguration);
            return arrayList;
        }
        JSONSecurityConfiguration jSONSecurityConfiguration = securityConfiguration;
        ArrayList arrayList2 = new ArrayList();
        if (this.resolveEncryptionAlgs) {
            EncryptionConfiguration jwtEncryptionConfiguration = jSONSecurityConfiguration.getJwtEncryptionConfiguration();
            if (jwtEncryptionConfiguration != null) {
                if (this.resolveKeyTransportEncAlgs) {
                    populateAlgorithmsAgainstPolicy(arrayList2, jwtEncryptionConfiguration.getKeyTransportEncryptionAlgorithms(), jwtEncryptionConfiguration);
                } else {
                    populateAlgorithmsAgainstPolicy(arrayList2, jwtEncryptionConfiguration.getDataEncryptionAlgorithms(), jwtEncryptionConfiguration);
                }
            }
        } else {
            SignatureSigningConfiguration jwtSignatureSigningConfiguration = jSONSecurityConfiguration.getJwtSignatureSigningConfiguration();
            if (jwtSignatureSigningConfiguration != null) {
                populateAlgorithmsAgainstPolicy(arrayList2, jwtSignatureSigningConfiguration.getSignatureAlgorithms(), jwtSignatureSigningConfiguration);
            }
        }
        arrayList.add(arrayList2);
        return arrayList;
    }

    protected void populateAlgorithmsAgainstPolicy(List<String> list, List<String> list2, AlgorithmPolicyConfiguration algorithmPolicyConfiguration) {
        for (String str : list2) {
            if (AlgorithmSupport.validateAlgorithmURI(str, algorithmPolicyConfiguration.getIncludedAlgorithms(), algorithmPolicyConfiguration.getExcludedAlgorithms())) {
                list.add(str);
            } else {
                this.log.debug("Algorithm failed include/exclude validation: {}", str);
            }
        }
    }

    public Object resolveSingle(@Nullable ProfileRequestContext profileRequestContext) throws ResolverException {
        Iterator<Object> it = resolve(profileRequestContext).iterator();
        if (it.hasNext()) {
            return it.next();
        }
        return null;
    }
}
