package net.shibboleth.oidc.security.jwt.claims.impl;

import com.nimbusds.jwt.JWTClaimsSet;
import java.util.Iterator;
import java.util.List;
import java.util.function.BiFunction;
import javax.annotation.Nonnull;
import net.shibboleth.oidc.jwt.claims.AbstractClaimsValidator;
import net.shibboleth.oidc.jwt.claims.JWTValidationException;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.ThreadSafeAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.profile.context.ProfileRequestContext;

@ThreadSafeAfterInit
/* loaded from: input_file:net/shibboleth/oidc/security/jwt/claims/impl/AudienceClaimsValidator.class */
public class AudienceClaimsValidator extends AbstractClaimsValidator {

    @NonnullAfterInit
    private BiFunction<ProfileRequestContext, JWTClaimsSet, String> audienceLookupStrategy;

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.audienceLookupStrategy == null) {
            throw new ComponentInitializationException("Audience lookup strategy can not be null");
        }
    }

    public void setAudienceLookupStrategy(@Nonnull BiFunction<ProfileRequestContext, JWTClaimsSet, String> biFunction) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.audienceLookupStrategy = (BiFunction) Constraint.isNotNull(biFunction, "Audience lookup strategy can not be null");
    }

    protected void doValidate(@Nonnull JWTClaimsSet jWTClaimsSet, @Nonnull ProfileRequestContext profileRequestContext) throws JWTValidationException {
        String apply = this.audienceLookupStrategy.apply(profileRequestContext, jWTClaimsSet);
        if (apply == null) {
            throw new JWTValidationException("Audience value not present in the context");
        }
        List audience = jWTClaimsSet.getAudience();
        if (audience == null || audience.isEmpty()) {
            throw new JWTValidationException("JWT missing required audience");
        }
        boolean z = false;
        Iterator it = audience.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (apply.equals((String) it.next())) {
                z = true;
                break;
            }
        }
        if (!z) {
            throw new JWTValidationException("JWT audience rejected: " + audience);
        }
    }
}
