package org.geant.idpextension.oidc.profile.impl;

import com.nimbusds.oauth2.sdk.Scope;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.geant.idpextension.oidc.messaging.context.OIDCAuthenticationResponseContext;
import org.geant.idpextension.oidc.messaging.context.OIDCAuthenticationResponseTokenClaimsContext;
import org.geant.idpextension.oidc.messaging.context.OIDCMetadataContext;
import org.geant.idpextension.oidc.profile.context.navigate.OIDCAuthenticationResponseContextLookupFunction;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/geant/idpextension/oidc/profile/impl/ReduceValidatedScope.class */
public class ReduceValidatedScope extends AbstractOIDCTokenResponseAction {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(ReduceValidatedScope.class);

    @Nonnull
    private Function<ProfileRequestContext, OIDCAuthenticationResponseTokenClaimsContext> tokenClaimsContextLookupStrategy = new ChildContextLookup(OIDCAuthenticationResponseTokenClaimsContext.class).compose(new OIDCAuthenticationResponseContextLookupFunction());

    @Nullable
    private OIDCAuthenticationResponseTokenClaimsContext tokenClaimsCtx;

    ReduceValidatedScope() {
    }

    public void setOIDCAuthenticationResponseTokenClaimsContextLookupStrategy(@Nonnull Function<ProfileRequestContext, OIDCAuthenticationResponseTokenClaimsContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.tokenClaimsContextLookupStrategy = (Function) Constraint.isNotNull(function, "OIDCAuthenticationResponseTokenClaimsContextt lookup strategy cannot be null");
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        Scope scope = getTokenRequest().getScope();
        if (scope == null) {
            return;
        }
        List stringList = getOidcResponseContext().getScope().toStringList();
        this.log.debug("{} Original scope {}", getLogPrefix(), getOidcResponseContext().getScope().toString());
        stringList.retainAll(scope.toStringList());
        Scope scope2 = new Scope();
        Iterator it = stringList.iterator();
        while (it.hasNext()) {
            scope2.add((String) it.next());
        }
        this.log.debug("{} Reduced scope {}", getLogPrefix(), scope2.toString());
        if (scope2.equals(getOidcResponseContext().getScope())) {
            return;
        }
        getOidcResponseContext().setScope(scope2);
        this.tokenClaimsCtx = this.tokenClaimsContextLookupStrategy.apply(profileRequestContext);
        if (this.tokenClaimsCtx != null) {
            this.log.debug("{} Removing token delivery attributes due to reduced scope", getLogPrefix());
            this.tokenClaimsCtx.getParent().removeSubcontext(this.tokenClaimsCtx);
        }
    }

    @Override // org.geant.idpextension.oidc.profile.impl.AbstractOIDCTokenResponseAction
    @Nullable
    public /* bridge */ /* synthetic */ OIDCMetadataContext getMetadataContext() {
        return super.getMetadataContext();
    }

    @Override // org.geant.idpextension.oidc.profile.impl.AbstractOIDCTokenResponseAction
    @Nullable
    public /* bridge */ /* synthetic */ OIDCAuthenticationResponseContext getOidcResponseContext() {
        return super.getOidcResponseContext();
    }
}
