package org.geant.idpextension.oidc.profile.impl;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.openid.connect.sdk.claims.CodeHash;
import javax.annotation.Nonnull;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/geant/idpextension/oidc/profile/impl/AddAuthorizationCodeHashToIDToken.class */
public class AddAuthorizationCodeHashToIDToken extends AbstractOIDCSigningResponseAction {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(AddAuthorizationCodeHashToIDToken.class);

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (getOidcResponseContext().getIDToken() == null) {
            this.log.error("{} No id token", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidMessageContext");
            return;
        }
        if (getOidcResponseContext().getAuthorizationCode() == null) {
            this.log.error("{} No authz code to calculate hash on", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidMessageContext");
            return;
        }
        CodeHash compute = CodeHash.compute(getOidcResponseContext().getAuthorizationCode(), new JWSAlgorithm(getSignatureSigningParameters().getSignatureAlgorithm()));
        if (compute == null || compute.getValue() == null) {
            this.log.error("{} Not able to generate c_hash using algorithm {}", getLogPrefix(), getSignatureSigningParameters().getSignatureAlgorithm());
            ActionSupport.buildEvent(profileRequestContext, "InvalidSecurityConfiguration");
        } else {
            this.log.debug("{} Setting authz code hash to id token", getLogPrefix());
            getOidcResponseContext().getIDToken().setClaim("c_hash", compute.getValue());
            this.log.debug("{} Updated token {}", getLogPrefix(), getOidcResponseContext().getIDToken().toJSONObject().toJSONString());
        }
    }
}
