package net.shibboleth.oidc.security.jose.impl;

import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation;
import java.util.Collections;
import java.util.List;
import java.util.function.Function;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.oidc.security.jose.criterion.ClientInformationCriterion;
import net.shibboleth.shared.annotation.ParameterName;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.resolver.CriteriaSet;
import org.opensaml.xmlsec.algorithm.AlgorithmRegistry;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/oidc/security/jose/impl/ClientInformationKeyTransportEncryptionAlgorithmsLookupStrategy.class */
public class ClientInformationKeyTransportEncryptionAlgorithmsLookupStrategy extends DefaultKeyTransportEncryptionAlgorithmsLookupStrategy {

    @Nonnull
    private final Logger log;

    @Nonnull
    private final Function<OIDCClientInformation, String> clientKeyTransportAlgorithmLookupStrategy;

    public ClientInformationKeyTransportEncryptionAlgorithmsLookupStrategy(@ParameterName(name = "clientKeyTransportAlgorithmsLookupStrategy") @Nonnull Function<OIDCClientInformation, String> function, @ParameterName(name = "AlgorithmRegistry") @Nullable AlgorithmRegistry algorithmRegistry) {
        super(algorithmRegistry);
        this.log = LoggerFactory.getLogger(ClientInformationKeyTransportEncryptionAlgorithmsLookupStrategy.class);
        this.clientKeyTransportAlgorithmLookupStrategy = (Function) Constraint.isNotNull(function, "The client key transport lookup strategy can not be null");
    }

    public ClientInformationKeyTransportEncryptionAlgorithmsLookupStrategy(@ParameterName(name = "clientKeyTransportAlgorithmLookupStrategy") @Nonnull Function<OIDCClientInformation, String> function) {
        this(function, null);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // net.shibboleth.oidc.security.jose.impl.DefaultKeyTransportEncryptionAlgorithmsLookupStrategy, java.util.function.BiFunction
    @Nullable
    public List<String> apply(@Nullable CriteriaSet criteriaSet, @Nullable Predicate<String> predicate) {
        ClientInformationCriterion clientInformationCriterion = criteriaSet != null ? (ClientInformationCriterion) criteriaSet.get(ClientInformationCriterion.class) : null;
        OIDCClientInformation oidcClientInformation = clientInformationCriterion != null ? clientInformationCriterion.getOidcClientInformation() : null;
        if (oidcClientInformation == null) {
            this.log.debug("No client metadata, falling back to default local behaviour");
            return super.apply(criteriaSet, predicate);
        }
        String apply = this.clientKeyTransportAlgorithmLookupStrategy.apply(oidcClientInformation);
        this.log.trace("Resolved effective key transport algorithm from client metadata: {}", apply);
        if (apply == null) {
            this.log.debug("Client metadata does not contain 'alg' algorithm value, returning empty list");
            return Collections.emptyList();
        }
        List<String> keyTransportAlgorithmsFromConfiguration = getKeyTransportAlgorithmsFromConfiguration(criteriaSet, predicate);
        this.log.trace("Resolved supported key transport algorithms from config: {}", keyTransportAlgorithmsFromConfiguration);
        if (keyTransportAlgorithmsFromConfiguration.contains(apply)) {
            this.log.debug("The algorithm configured in the metadata is supported");
            return List.of(apply);
        }
        this.log.warn("No supported key transport algorithm. Client metadata and configuration are not compatible");
        return CollectionSupport.emptyList();
    }
}
