package org.geant.idpextension.oidc.profile.impl;

import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.openid.connect.sdk.OIDCResponseTypeValue;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.logic.PredicateSupport;
import org.geant.idpextension.oidc.config.logic.AuthorizationCodeFlowEnabledPredicate;
import org.geant.idpextension.oidc.config.logic.ImplicitFlowEnabledPredicate;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/geant/idpextension/oidc/profile/impl/AddResponseTypesToClientMetadata.class */
public class AddResponseTypesToClientMetadata extends AbstractOIDCClientMetadataPopulationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AddResponseTypesToClientMetadata.class);

    @Nonnull
    private Predicate<ProfileRequestContext> authorizationCodeFlowPredicate = new AuthorizationCodeFlowEnabledPredicate();

    @Nonnull
    private Predicate<ProfileRequestContext> implicitFlowPredicate = new ImplicitFlowEnabledPredicate();

    @Nonnull
    private Map<ResponseType, Predicate<ProfileRequestContext>> supportedResponseTypes = new HashMap();

    public AddResponseTypesToClientMetadata() {
        this.supportedResponseTypes.put(new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE}), this.authorizationCodeFlowPredicate);
        this.supportedResponseTypes.put(new ResponseType(new ResponseType.Value[]{OIDCResponseTypeValue.ID_TOKEN}), this.implicitFlowPredicate);
        this.supportedResponseTypes.put(new ResponseType(new ResponseType.Value[]{ResponseType.Value.TOKEN, OIDCResponseTypeValue.ID_TOKEN}), this.implicitFlowPredicate);
        this.supportedResponseTypes.put(new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE, OIDCResponseTypeValue.ID_TOKEN}), PredicateSupport.and(this.implicitFlowPredicate, this.authorizationCodeFlowPredicate));
        this.supportedResponseTypes.put(new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE, ResponseType.Value.TOKEN}), PredicateSupport.and(this.implicitFlowPredicate, this.authorizationCodeFlowPredicate));
        this.supportedResponseTypes.put(new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE, ResponseType.Value.TOKEN, OIDCResponseTypeValue.ID_TOKEN}), PredicateSupport.and(this.implicitFlowPredicate, this.authorizationCodeFlowPredicate));
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
    }

    public Predicate<ProfileRequestContext> getAuthorizationCodeFlowEnabled() {
        return this.authorizationCodeFlowPredicate;
    }

    public void setAuthorizationCodeFlowEnabled(Predicate<ProfileRequestContext> predicate) {
        this.authorizationCodeFlowPredicate = (Predicate) Constraint.isNotNull(predicate, "Predicate used to indicate whether authorization code flow is supported cannot be null");
    }

    public Predicate<ProfileRequestContext> getImplicitFlowEnabled() {
        return this.implicitFlowPredicate;
    }

    public void setImplicitFlowEnabled(Predicate<ProfileRequestContext> predicate) {
        this.implicitFlowPredicate = (Predicate) Constraint.isNotNull(predicate, "Predicate used to indicate whether hybrid flow is supported cannot be null");
    }

    public void setSupportedResponseTypes(Map<ResponseType, Predicate<ProfileRequestContext>> map) {
        this.supportedResponseTypes = (Map) Constraint.isNotNull(map, "Supported response types cannot be null!");
    }

    public Map<ResponseType, Predicate<ProfileRequestContext>> getSupportedResponseTypes() {
        return this.supportedResponseTypes;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        Set<ResponseType> responseTypes = getInputMetadata().getResponseTypes();
        HashSet hashSet = new HashSet();
        if (responseTypes == null || responseTypes.isEmpty()) {
            addResponseTypeIfEnabled(hashSet, new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE}), this.authorizationCodeFlowPredicate, profileRequestContext);
        } else {
            for (ResponseType responseType : responseTypes) {
                if (this.supportedResponseTypes.keySet().contains(responseType)) {
                    addResponseTypeIfEnabled(hashSet, responseType, this.supportedResponseTypes.get(responseType), profileRequestContext);
                } else {
                    this.log.warn("{} Dropping unsupported requested response type {}", getLogPrefix(), responseType);
                }
            }
            if (hashSet.isEmpty()) {
                this.log.error("{} No supported response types requested", getLogPrefix());
                ActionSupport.buildEvent(profileRequestContext, "InvalidMessage");
                return;
            }
        }
        getOutputMetadata().setResponseTypes(hashSet);
    }

    protected void addResponseTypeIfEnabled(Set<ResponseType> set, ResponseType responseType, Predicate<ProfileRequestContext> predicate, ProfileRequestContext profileRequestContext) {
        if (!predicate.test(profileRequestContext)) {
            this.log.debug("{} Response type {} is not enabled", getLogPrefix(), responseType);
        } else {
            this.log.debug("{} Adding {} to the list of enabled types", getLogPrefix(), responseType);
            set.add(responseType);
        }
    }
}
