package net.shibboleth.oidc.security.jose.impl;

import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation;
import java.util.Collections;
import java.util.List;
import java.util.function.Function;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.oidc.security.credential.DefaultClientSecretCredential;
import net.shibboleth.oidc.security.jose.SignatureSigningParametersResolver;
import net.shibboleth.oidc.security.jose.criterion.ClientInformationCriterion;
import net.shibboleth.utilities.java.support.annotation.ParameterName;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.opensaml.security.credential.Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/oidc/security/jose/impl/ClientInformationSignatureSigningParametersResolver.class */
public class ClientInformationSignatureSigningParametersResolver extends BasicSignatureSigningParametersResolver implements SignatureSigningParametersResolver {
    private final Logger log = LoggerFactory.getLogger(ClientInformationSignatureSigningParametersResolver.class);
    private final Function<OIDCClientInformation, String> signatureAlgorithmLookupStrategy;
    private final String defaultAlgorithmValue;

    public ClientInformationSignatureSigningParametersResolver(@Nonnull @ParameterName(name = "signatureAlgorithmLookupStrategy") Function<OIDCClientInformation, String> function, @Nullable @ParameterName(name = "defaultAlgorithmValue") String str) {
        this.signatureAlgorithmLookupStrategy = (Function) Constraint.isNotNull(function, "The signature algorithm lookup strategy can not be null");
        this.defaultAlgorithmValue = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.oidc.security.jose.impl.BasicSignatureSigningParametersResolver
    @Nonnull
    public List<String> getEffectiveSignatureAlgorithms(@Nonnull CriteriaSet criteriaSet, @Nonnull Predicate<String> predicate) {
        List<String> effectiveSignatureAlgorithms = super.getEffectiveSignatureAlgorithms(criteriaSet, predicate);
        OIDCClientInformation clientInformation = getClientInformation(criteriaSet);
        if (clientInformation == null) {
            if (StringSupport.trimOrNull(this.defaultAlgorithmValue) != null) {
                this.log.debug("No client information found from the criteria set, using default");
                return convertIntoListIfEnabled(this.defaultAlgorithmValue, effectiveSignatureAlgorithms);
            }
            this.log.error("No client information found from the criteria set");
            return Collections.emptyList();
        }
        String apply = this.signatureAlgorithmLookupStrategy.apply(clientInformation);
        if (StringSupport.trimOrNull(apply) != null) {
            return convertIntoListIfEnabled(apply, effectiveSignatureAlgorithms);
        }
        if (StringSupport.trimOrNull(this.defaultAlgorithmValue) != null) {
            this.log.debug("No signature algorithm specified in the metadata, using default");
            return convertIntoListIfEnabled(this.defaultAlgorithmValue, effectiveSignatureAlgorithms);
        }
        this.log.error("No signature algorith or default value specified, returning empty list");
        return Collections.emptyList();
    }

    @Nullable
    protected OIDCClientInformation getClientInformation(@Nonnull CriteriaSet criteriaSet) {
        if (criteriaSet.contains(ClientInformationCriterion.class)) {
            return ((ClientInformationCriterion) criteriaSet.get(ClientInformationCriterion.class)).getOidcClientInformation();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.oidc.security.jose.impl.BasicSignatureSigningParametersResolver
    @Nonnull
    public List<Credential> getEffectiveSigningCredentials(@Nonnull CriteriaSet criteriaSet) {
        List<Credential> effectiveSigningCredentials = super.getEffectiveSigningCredentials(criteriaSet);
        OIDCClientInformation clientInformation = getClientInformation(criteriaSet);
        if (clientInformation == null || clientInformation.getSecret() == null) {
            this.log.debug("No client information found from the criteria set");
            return effectiveSigningCredentials;
        }
        effectiveSigningCredentials.add(new DefaultClientSecretCredential(clientInformation.getSecret().getValue()).toSigningCredential());
        return effectiveSigningCredentials;
    }

    @Nonnull
    protected List<String> convertIntoListIfEnabled(@Nonnull String str, @Nonnull List<String> list) {
        if (list.contains(str)) {
            return List.of(str);
        }
        this.log.warn("The algorithm {} is not enabled, returning empty list", str);
        return Collections.emptyList();
    }
}
