package net.shibboleth.oidc.security.jwt.claims.impl;

import com.nimbusds.jwt.JWTClaimsSet;
import java.text.ParseException;
import java.util.List;
import java.util.function.BiFunction;
import javax.annotation.Nonnull;
import net.shibboleth.oidc.jwt.claims.AbstractClaimsValidator;
import net.shibboleth.oidc.jwt.claims.JWTValidationException;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.ThreadSafeAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.profile.context.ProfileRequestContext;

@ThreadSafeAfterInit
/* loaded from: input_file:net/shibboleth/oidc/security/jwt/claims/impl/ACRClaimsValidator.class */
public class ACRClaimsValidator extends AbstractClaimsValidator {

    @NonnullAfterInit
    private BiFunction<ProfileRequestContext, JWTClaimsSet, List<String>> requestedEssentialAcrsClaimLookupStrategy;

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.requestedEssentialAcrsClaimLookupStrategy == null) {
            throw new ComponentInitializationException("Requested Essential ACR Claim Lookup Strategy can not be null");
        }
    }

    public void setRequestedEssentialAcrsClaimLookupStrategy(@Nonnull BiFunction<ProfileRequestContext, JWTClaimsSet, List<String>> biFunction) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.requestedEssentialAcrsClaimLookupStrategy = (BiFunction) Constraint.isNotNull(biFunction, "requestedAcrClaimLookupStrategy can not be null");
    }

    protected void doValidate(@Nonnull JWTClaimsSet jWTClaimsSet, @Nonnull ProfileRequestContext profileRequestContext) throws JWTValidationException {
        List<String> apply = this.requestedEssentialAcrsClaimLookupStrategy.apply(profileRequestContext, jWTClaimsSet);
        if (apply == null || apply.isEmpty()) {
            return;
        }
        try {
            String stringClaim = jWTClaimsSet.getStringClaim("acr");
            if (stringClaim == null) {
                throw new JWTValidationException("ACR claim requested but not received inside ID Token");
            }
            if (!apply.contains(stringClaim)) {
                throw new JWTValidationException("Did not receive one of the requested ACR claim values. Requested '" + apply.toString() + "', received '" + stringClaim + "'");
            }
        } catch (ParseException e) {
            throw new JWTValidationException("ACR claim requested, but none received inside ID Token");
        }
    }
}
