package net.shibboleth.oidc.security.jose.impl;

import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation;
import java.util.List;
import java.util.function.Function;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.oidc.security.credential.DefaultClientSecretCredential;
import net.shibboleth.oidc.security.jose.SignatureSigningParametersResolver;
import net.shibboleth.oidc.security.jose.criterion.ClientInformationCriterion;
import net.shibboleth.shared.annotation.ParameterName;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import net.shibboleth.shared.resolver.CriteriaSet;
import org.opensaml.security.credential.Credential;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/oidc/security/jose/impl/ClientInformationSignatureSigningParametersResolver.class */
public class ClientInformationSignatureSigningParametersResolver extends BasicSignatureSigningParametersResolver implements SignatureSigningParametersResolver {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ClientInformationSignatureSigningParametersResolver.class);

    @Nonnull
    private final Function<OIDCClientInformation, String> signatureAlgorithmLookupStrategy;

    @Nullable
    private final String defaultAlgorithmValue;
    static final /* synthetic */ boolean $assertionsDisabled;

    public ClientInformationSignatureSigningParametersResolver(@ParameterName(name = "signatureAlgorithmLookupStrategy") @Nonnull Function<OIDCClientInformation, String> function, @ParameterName(name = "defaultAlgorithmValue") @Nullable String str) {
        this.signatureAlgorithmLookupStrategy = (Function) Constraint.isNotNull(function, "The signature algorithm lookup strategy can not be null");
        this.defaultAlgorithmValue = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.oidc.security.jose.impl.BasicSignatureSigningParametersResolver
    @Nonnull
    public List<String> getEffectiveSignatureAlgorithms(@Nonnull CriteriaSet criteriaSet, @Nonnull Predicate<String> predicate) {
        List<String> effectiveSignatureAlgorithms = super.getEffectiveSignatureAlgorithms(criteriaSet, predicate);
        OIDCClientInformation clientInformation = getClientInformation(criteriaSet);
        if (clientInformation == null) {
            if (StringSupport.trimOrNull(this.defaultAlgorithmValue) == null) {
                this.log.error("No client information found from the criteria set");
                return CollectionSupport.emptyList();
            }
            this.log.debug("No client information found from the criteria set, using default");
            if ($assertionsDisabled || this.defaultAlgorithmValue != null) {
                return convertIntoListIfEnabled(this.defaultAlgorithmValue, effectiveSignatureAlgorithms);
            }
            throw new AssertionError();
        }
        String apply = this.signatureAlgorithmLookupStrategy.apply(clientInformation);
        if (StringSupport.trimOrNull(apply) != null) {
            if ($assertionsDisabled || apply != null) {
                return convertIntoListIfEnabled(apply, effectiveSignatureAlgorithms);
            }
            throw new AssertionError();
        }
        if (StringSupport.trimOrNull(this.defaultAlgorithmValue) == null) {
            this.log.error("No signature algorith or default value specified, returning empty list");
            return CollectionSupport.emptyList();
        }
        this.log.debug("No signature algorithm specified in the metadata, using default");
        if ($assertionsDisabled || this.defaultAlgorithmValue != null) {
            return convertIntoListIfEnabled(this.defaultAlgorithmValue, effectiveSignatureAlgorithms);
        }
        throw new AssertionError();
    }

    @Nullable
    protected OIDCClientInformation getClientInformation(@Nonnull CriteriaSet criteriaSet) {
        ClientInformationCriterion clientInformationCriterion = (ClientInformationCriterion) criteriaSet.get(ClientInformationCriterion.class);
        if (clientInformationCriterion != null) {
            return clientInformationCriterion.getOidcClientInformation();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.oidc.security.jose.impl.BasicSignatureSigningParametersResolver
    @Nonnull
    public List<Credential> getEffectiveSigningCredentials(@Nonnull CriteriaSet criteriaSet) {
        List<Credential> effectiveSigningCredentials = super.getEffectiveSigningCredentials(criteriaSet);
        OIDCClientInformation clientInformation = getClientInformation(criteriaSet);
        if (clientInformation == null) {
            this.log.debug("No client information found from the criteria set");
            return effectiveSigningCredentials;
        }
        Secret secret = clientInformation.getSecret();
        if (secret == null) {
            this.log.debug("No client information secret found from the criteria set");
            return effectiveSigningCredentials;
        }
        String value = secret.getValue();
        if (value == null) {
            this.log.debug("No client information secret found from the criteria set");
            return effectiveSigningCredentials;
        }
        effectiveSigningCredentials.add(new DefaultClientSecretCredential(value).toSigningCredential());
        return effectiveSigningCredentials;
    }

    @Nonnull
    protected List<String> convertIntoListIfEnabled(@Nonnull String str, @Nonnull List<String> list) {
        if (list.contains(str)) {
            return CollectionSupport.listOf(str);
        }
        this.log.warn("The algorithm {} is not enabled, returning empty list", str);
        return CollectionSupport.emptyList();
    }

    static {
        $assertionsDisabled = !ClientInformationSignatureSigningParametersResolver.class.desiredAssertionStatus();
    }
}
