package net.shibboleth.oidc.security.jwt.claims.impl;

import com.nimbusds.jwt.JWTClaimsSet;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.oidc.jwt.claims.AbstractClaimsValidator;
import net.shibboleth.oidc.jwt.claims.JWTValidationException;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.StringSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.storage.RevocationCache;

/* loaded from: input_file:net/shibboleth/oidc/security/jwt/claims/impl/JWTIdentifierRevocationValidator.class */
public class JWTIdentifierRevocationValidator extends AbstractClaimsValidator {

    @NonnullAfterInit
    private RevocationCache revocationCache;

    @NotEmpty
    @NonnullAfterInit
    private String context;
    static final /* synthetic */ boolean $assertionsDisabled;

    public void setRevocationCache(@Nonnull RevocationCache revocationCache) {
        checkSetterPreconditions();
        this.revocationCache = (RevocationCache) Constraint.isNotNull(revocationCache, "RevocationCache cannot be null");
    }

    public void setContext(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.context = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Context cannot be null or empty");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.revocationCache == null) {
            throw new ComponentInitializationException("RevocationCache cannot be null");
        }
        if (this.context == null) {
            throw new ComponentInitializationException("Context cannot be null");
        }
    }

    protected void doValidate(@Nonnull JWTClaimsSet jWTClaimsSet, @Nullable ProfileRequestContext profileRequestContext) throws JWTValidationException {
        String jwtid = jWTClaimsSet.getJWTID();
        if (StringSupport.trimOrNull(jwtid) == null) {
            throw new JWTValidationException("Claims set is missing required JWT identifier claim");
        }
        if (!$assertionsDisabled && (jwtid == null || this.context == null)) {
            throw new AssertionError();
        }
        if (this.revocationCache.isRevoked(this.context, jwtid)) {
            throw new JWTValidationException("JWT ID '" + jwtid + "' has been revoked");
        }
    }

    static {
        $assertionsDisabled = !JWTIdentifierRevocationValidator.class.desiredAssertionStatus();
    }
}
