package pl.edu.icm.unity.oauth.as.webauthz;

import com.nimbusds.oauth2.sdk.AuthorizationErrorResponse;
import com.nimbusds.oauth2.sdk.ErrorObject;
import java.util.Collection;
import java.util.Optional;
import pl.edu.icm.unity.engine.api.attributes.DynamicAttribute;
import pl.edu.icm.unity.oauth.as.OAuthAuthzContext;
import pl.edu.icm.unity.oauth.as.OAuthErrorResponseException;

/* loaded from: input_file:pl/edu/icm/unity/oauth/as/webauthz/EssentialACRConsistencyValidator.class */
public class EssentialACRConsistencyValidator {
    /* JADX INFO: Access modifiers changed from: package-private */
    public static void verifyEssentialRequestedACRisReturned(OAuthAuthzContext oAuthAuthzContext, Collection<DynamicAttribute> collection) throws OAuthErrorResponseException {
        if (oAuthAuthzContext.getRequestedAcr().isEmpty() || oAuthAuthzContext.getRequestedAcr().getEssentialACRs() == null || oAuthAuthzContext.getRequestedAcr().getEssentialACRs().isEmpty()) {
            return;
        }
        Optional<DynamicAttribute> findAny = collection.stream().filter(dynamicAttribute -> {
            return dynamicAttribute.getAttribute().getName().equals("acr");
        }).findAny();
        if (!findAny.isPresent() || !findAny.get().getAttribute().getValues().containsAll(oAuthAuthzContext.getRequestedAcr().getEssentialACRs().stream().map(acr -> {
            return acr.getValue();
        }).toList())) {
            throw new OAuthErrorResponseException(new AuthorizationErrorResponse(oAuthAuthzContext.getReturnURI(), new ErrorObject("invalid_request", "Unsupported acr value", 400), oAuthAuthzContext.getRequest().getState(), oAuthAuthzContext.getRequest().impliedResponseMode()), true);
        }
    }
}
