package net.shibboleth.oidc.profile.config;

import com.google.common.base.Predicates;
import java.time.Duration;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.function.Function;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration;
import net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.annotation.constraint.NotLive;
import net.shibboleth.utilities.java.support.annotation.constraint.Positive;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.logic.ConstraintViolationException;
import net.shibboleth.utilities.java.support.logic.FunctionSupport;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.profile.context.ProfileRequestContext;

/* loaded from: input_file:net/shibboleth/oidc/profile/config/OIDCAuthorizationConfiguration.class */
public class OIDCAuthorizationConfiguration extends AbstractOIDCSSOConfiguration implements OIDCProfileConfiguration, AuthenticationProfileConfiguration, OverriddenIssuerProfileConfiguration {

    @NotEmpty
    @Nonnull
    public static final String PROFILE_ID = "http://shibboleth.net/ns/profiles/oidc/sso/browser";

    @Nonnull
    private Predicate<ProfileRequestContext> acrRequestAlwaysEssentialPredicate;

    @Nonnull
    private Predicate<ProfileRequestContext> encodeConsentInTokensPredicate;

    @Nonnull
    private Function<ProfileRequestContext, Duration> authorizeCodeLifetimeLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, Set<String>> encodedAttributesLookupStrategy;

    @Nonnull
    private Predicate<ProfileRequestContext> useRequestObjectPredicate;

    @Nonnull
    private Function<ProfileRequestContext, Set<String>> deniedUserInfoAttributesLookupStrategy;

    @Nonnull
    private Predicate<ProfileRequestContext> includeIssuerInResponsePredicate;

    @Nonnull
    private Function<ProfileRequestContext, String> httpRequestMethodLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, BiFunction<ProfileRequestContext, Map<String, Object>, Map<String, Object>>> authorizationCodeClaimsSetManipulationStrategyLookupStrategy;

    /* loaded from: input_file:net/shibboleth/oidc/profile/config/OIDCAuthorizationConfiguration$OIDCHttpRequestMethod.class */
    public enum OIDCHttpRequestMethod {
        GET,
        POST
    }

    public OIDCAuthorizationConfiguration() {
        this(PROFILE_ID);
    }

    public OIDCAuthorizationConfiguration(@NotEmpty @Nonnull String str) {
        super(str);
        this.acrRequestAlwaysEssentialPredicate = Predicates.alwaysFalse();
        this.encodeConsentInTokensPredicate = Predicates.alwaysFalse();
        this.useRequestObjectPredicate = Predicates.alwaysFalse();
        this.authorizeCodeLifetimeLookupStrategy = FunctionSupport.constant(Duration.ofMinutes(5L));
        this.encodedAttributesLookupStrategy = FunctionSupport.constant((Object) null);
        this.deniedUserInfoAttributesLookupStrategy = FunctionSupport.constant((Object) null);
        this.httpRequestMethodLookupStrategy = FunctionSupport.constant(OIDCHttpRequestMethod.GET.toString());
        this.includeIssuerInResponsePredicate = Predicates.alwaysFalse();
        this.authorizationCodeClaimsSetManipulationStrategyLookupStrategy = FunctionSupport.constant((Object) null);
    }

    public boolean isAcrRequestAlwaysEssential(@Nullable ProfileRequestContext profileRequestContext) {
        return this.acrRequestAlwaysEssentialPredicate.test(profileRequestContext);
    }

    public void setAcrRequestAlwaysEssential(boolean z) {
        this.acrRequestAlwaysEssentialPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setAcrRequestAlwaysEssentialPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.acrRequestAlwaysEssentialPredicate = (Predicate) Constraint.isNotNull(predicate, "Condition cannot be null");
    }

    public boolean isUseRequestObject(@Nullable ProfileRequestContext profileRequestContext) {
        return this.useRequestObjectPredicate.test(profileRequestContext);
    }

    public void setUseRequestObject(boolean z) {
        this.useRequestObjectPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setUseRequestObjectPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.useRequestObjectPredicate = (Predicate) Constraint.isNotNull(predicate, "Use request object condition cannot be null");
    }

    public boolean isEncodeConsentInTokens(@Nullable ProfileRequestContext profileRequestContext) {
        return this.encodeConsentInTokensPredicate.test(profileRequestContext);
    }

    public void setEncodeConsentInTokens(boolean z) {
        this.encodeConsentInTokensPredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setEncodeConsentInTokensPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.encodeConsentInTokensPredicate = (Predicate) Constraint.isNotNull(predicate, "Condition cannot be null");
    }

    @Nonnull
    @Positive
    public Duration getAuthorizeCodeLifetime(@Nullable ProfileRequestContext profileRequestContext) {
        Duration apply = this.authorizeCodeLifetimeLookupStrategy.apply(profileRequestContext);
        Constraint.isTrue((apply == null || apply.isZero() || apply.isNegative()) ? false : true, "Authorization code lifetime must be greater than 0");
        return apply;
    }

    public void setAuthorizeCodeLifetime(@Nonnull @Positive Duration duration) {
        Constraint.isTrue((duration == null || duration.isZero() || duration.isNegative()) ? false : true, "Authorization code lifetime must be greater than 0");
        this.authorizeCodeLifetimeLookupStrategy = FunctionSupport.constant(duration);
    }

    public void setAuthorizeCodeLifetimeLookupStrategy(@Nonnull Function<ProfileRequestContext, Duration> function) {
        this.authorizeCodeLifetimeLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    public void setHttpRequestMethodLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        this.httpRequestMethodLookupStrategy = (Function) Constraint.isNotNull(function, "HTTP request method strategy can not be null");
    }

    public void setHttpRequestMethod(@NotEmpty @Nonnull OIDCHttpRequestMethod oIDCHttpRequestMethod) {
        this.httpRequestMethodLookupStrategy = FunctionSupport.constant(oIDCHttpRequestMethod != null ? oIDCHttpRequestMethod.toString() : null);
    }

    public OIDCHttpRequestMethod getHttpRequestMethod(@Nullable ProfileRequestContext profileRequestContext) {
        String apply = this.httpRequestMethodLookupStrategy.apply(profileRequestContext);
        if (apply == null) {
            return null;
        }
        try {
            return OIDCHttpRequestMethod.valueOf(apply);
        } catch (IllegalArgumentException e) {
            throw new ConstraintViolationException("Unexpected HTTP method value: '" + apply + "': " + e.getMessage());
        }
    }

    @NonnullElements
    @Nonnull
    @NotLive
    public Set<String> getEncodedAttributes(@Nullable ProfileRequestContext profileRequestContext) {
        Set<String> apply = this.encodedAttributesLookupStrategy.apply(profileRequestContext);
        return apply != null ? Set.copyOf(apply) : Collections.emptySet();
    }

    public void setEncodedAttributes(@NonnullElements @Nullable Collection<String> collection) {
        if (collection == null || collection.isEmpty()) {
            this.encodedAttributesLookupStrategy = FunctionSupport.constant((Object) null);
        } else {
            this.encodedAttributesLookupStrategy = FunctionSupport.constant(Set.copyOf(StringSupport.normalizeStringCollection(collection)));
        }
    }

    public void setEncodedAttributesLookupStrategy(@Nonnull Function<ProfileRequestContext, Set<String>> function) {
        this.encodedAttributesLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    @NonnullElements
    @Nonnull
    @NotLive
    public Set<String> getDeniedUserInfoAttributes(@Nullable ProfileRequestContext profileRequestContext) {
        Set<String> apply = this.deniedUserInfoAttributesLookupStrategy.apply(profileRequestContext);
        return apply != null ? Set.copyOf(apply) : Collections.emptySet();
    }

    public void setDeniedUserInfoAttributes(@NonnullElements @Nullable Collection<String> collection) {
        if (collection == null || collection.isEmpty()) {
            this.deniedUserInfoAttributesLookupStrategy = FunctionSupport.constant((Object) null);
        } else {
            this.deniedUserInfoAttributesLookupStrategy = FunctionSupport.constant(Set.copyOf(StringSupport.normalizeStringCollection(collection)));
        }
    }

    public void setDeniedUserInfoAttributesLookupStrategy(@Nonnull Function<ProfileRequestContext, Set<String>> function) {
        this.deniedUserInfoAttributesLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    public boolean isIncludeIssuerInResponse(@Nullable ProfileRequestContext profileRequestContext) {
        return this.includeIssuerInResponsePredicate.test(profileRequestContext);
    }

    public void setIncludeIssuerInResponse(boolean z) {
        this.includeIssuerInResponsePredicate = z ? Predicates.alwaysTrue() : Predicates.alwaysFalse();
    }

    public void setIncludeIssuerInResponsePredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.includeIssuerInResponsePredicate = (Predicate) Constraint.isNotNull(predicate, "Condition cannot be null");
    }

    @Nonnull
    public BiFunction<ProfileRequestContext, Map<String, Object>, Map<String, Object>> getAuthorizationCodeClaimsSetManipulationStrategy(@Nullable ProfileRequestContext profileRequestContext) {
        return this.authorizationCodeClaimsSetManipulationStrategyLookupStrategy.apply(profileRequestContext);
    }

    public void setAuthorizationCodeClaimsSetManipulationStrategy(@Nullable BiFunction<ProfileRequestContext, Map<String, Object>, Map<String, Object>> biFunction) {
        this.authorizationCodeClaimsSetManipulationStrategyLookupStrategy = FunctionSupport.constant(biFunction);
    }

    public void setAuthorizationCodeClaimsSetManipulationStrategyLookupStrategy(@Nonnull Function<ProfileRequestContext, BiFunction<ProfileRequestContext, Map<String, Object>, Map<String, Object>>> function) {
        this.authorizationCodeClaimsSetManipulationStrategyLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }
}
