package net.shibboleth.oidc.security.jwt.claims.impl;

import com.nimbusds.jwt.JWTClaimsSet;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.profile.context.navigate.ResponderIdLookupFunction;
import net.shibboleth.oidc.jwt.claims.JWTValidationException;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.annotation.constraint.ThreadSafeAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.profile.context.ProfileRequestContext;

@ThreadSafeAfterInit
/* loaded from: input_file:net/shibboleth/oidc/security/jwt/claims/impl/AuthenticationAudienceClaimsValidator.class */
public class AuthenticationAudienceClaimsValidator extends AudienceClaimsValidator {

    @Nonnull
    private Function<ProfileRequestContext, String> responderIdLookupStrategy = new ResponderIdLookupFunction();

    @Nonnull
    private List<String> endpointTargets = Collections.emptyList();

    @Nullable
    private String endpointReplacement = null;

    public void setResponderIdLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.responderIdLookupStrategy = (Function) Constraint.isNotNull(function, "The responder ID lookup strategy cannot be null");
    }

    public void setEndpointTargets(@Nonnull List<String> list) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.endpointTargets = (List) Constraint.isNotNull(list, "The endpoint paths to replace cannot be null");
    }

    public void setEndpointReplacement(@Nullable String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.endpointReplacement = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.oidc.security.jwt.claims.impl.AudienceClaimsValidator
    @NotEmpty
    @Nonnull
    public Set<String> resolveAcceptedAudiences(@Nonnull JWTClaimsSet jWTClaimsSet, @Nonnull ProfileRequestContext profileRequestContext) throws JWTValidationException {
        String next = super.resolveAcceptedAudiences(jWTClaimsSet, profileRequestContext).iterator().next();
        HashSet hashSet = new HashSet();
        String apply = this.responderIdLookupStrategy.apply(profileRequestContext);
        if (StringSupport.trimOrNull(apply) != null) {
            hashSet.add(apply);
        }
        hashSet.add(next);
        for (String str : this.endpointTargets) {
            if (next.contains(str) && this.endpointReplacement != null) {
                hashSet.add(next.replace(str, this.endpointReplacement));
            }
        }
        return hashSet;
    }
}
