package net.shibboleth.oidc.security.jwt.claims.impl;

import com.nimbusds.jwt.JWTClaimsSet;
import java.util.function.BiFunction;
import javax.annotation.Nonnull;
import net.shibboleth.oidc.jwt.claims.AbstractClaimsValidator;
import net.shibboleth.oidc.jwt.claims.JWTValidationException;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.annotation.constraint.ThreadSafeAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafeAfterInit
/* loaded from: input_file:net/shibboleth/oidc/security/jwt/claims/impl/ExactMatchClaimsValidator.class */
public class ExactMatchClaimsValidator extends AbstractClaimsValidator {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ExactMatchClaimsValidator.class);

    @NonnullAfterInit
    private BiFunction<ProfileRequestContext, JWTClaimsSet, String> valueToMatchLookupStrategy;

    @NonnullAfterInit
    @NotEmpty
    private String claimName;

    public void setClaimName(@NotEmpty @Nonnull String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.claimName = Constraint.isNotEmpty(str, "Claim name can not be null or empty");
    }

    public void setValueToMatchLookupStrategy(@Nonnull BiFunction<ProfileRequestContext, JWTClaimsSet, String> biFunction) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.valueToMatchLookupStrategy = (BiFunction) Constraint.isNotNull(biFunction, "Claim value to match lookup strategy can not be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.claimName == null) {
            throw new ComponentInitializationException("Claim name can not be null");
        }
        if (this.valueToMatchLookupStrategy == null) {
            throw new ComponentInitializationException("Matching value lookup strategy can not be null");
        }
    }

    protected void doValidate(@Nonnull JWTClaimsSet jWTClaimsSet, @Nonnull ProfileRequestContext profileRequestContext) throws JWTValidationException {
        Object claim = jWTClaimsSet.getClaim(this.claimName);
        if (claim == null) {
            throw new JWTValidationException("Claim '" + this.claimName + "' does not exist");
        }
        String apply = this.valueToMatchLookupStrategy.apply(profileRequestContext, jWTClaimsSet);
        this.log.trace("{}: Checking actual claim '{}' matches expected claim '{}'", new Object[]{getId(), claim, apply});
        if (!claim.equals(apply)) {
            throw new JWTValidationException("JWT \"" + this.claimName + "\" claim has value " + claim + " but should be " + apply);
        }
    }
}
