package org.apache.cxf.rs.security.oidc.rp;

import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.rs.security.oauth2.client.ClientCodeRequestFilter;
import org.apache.cxf.rs.security.oauth2.client.ClientTokenContext;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;

/* loaded from: input_file:org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.class */
public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter {
    private UserInfoClient userInfoClient;
    private boolean userInfoRequired = true;

    protected ClientTokenContext createTokenContext(ContainerRequestContext containerRequestContext, ClientAccessToken clientAccessToken) {
        OidcClientTokenContextImpl oidcClientTokenContextImpl = new OidcClientTokenContextImpl();
        if (clientAccessToken != null) {
            oidcClientTokenContextImpl.setIdToken(this.userInfoClient.getIdToken(clientAccessToken, getConsumer().getKey()));
            if (this.userInfoRequired) {
                oidcClientTokenContextImpl.setUserInfo(this.userInfoClient.getUserInfo(clientAccessToken, oidcClientTokenContextImpl.getIdToken()));
            }
            containerRequestContext.setSecurityContext(new OidcSecurityContext(oidcClientTokenContextImpl));
        }
        return oidcClientTokenContextImpl;
    }

    public void setUserInfoClient(UserInfoClient userInfoClient) {
        this.userInfoClient = userInfoClient;
    }

    public void setUserInfoRequired(boolean z) {
        this.userInfoRequired = z;
    }

    protected void checkSecurityContextStart(SecurityContext securityContext) {
        if (securityContext != null && securityContext.getUserPrincipal() != null) {
            throw ExceptionUtils.toNotAuthorizedException((Throwable) null, (Response) null);
        }
    }
}
