package io.smallrye.jwt.auth.principal;

import io.smallrye.jwt.algorithm.SignatureAlgorithm;
import java.net.URI;
import java.util.Set;
import org.jose4j.lang.UnresolvableKeyException;

/* loaded from: input_file:io/smallrye/jwt/auth/principal/AwsAlbKeyConfigurationValidator.class */
interface AwsAlbKeyConfigurationValidator {
    static void validateKeyConfiguration(JWTAuthContextInfo jWTAuthContextInfo) throws UnresolvableKeyException {
        String publicKeyLocation = jWTAuthContextInfo.getPublicKeyLocation();
        if (publicKeyLocation == null) {
            throw PrincipalMessages.msg.nullKeyLocation();
        }
        if (containsSubPath(publicKeyLocation)) {
            throw AwsAlbKeyResolverMessages.msg.subPathNotAllowed();
        }
    }

    static void validatePublicKeyAlgorithmConfiguration(JWTAuthContextInfo jWTAuthContextInfo) {
        Set<SignatureAlgorithm> signatureAlgorithm = jWTAuthContextInfo.getSignatureAlgorithm();
        if (signatureAlgorithm == null) {
            AwsAlbKeyResolverLogging.log.publicKeyAlgorithmNotSet();
        }
        if (signatureAlgorithm.size() == 1 && signatureAlgorithm.contains(SignatureAlgorithm.ES256)) {
            return;
        }
        AwsAlbKeyResolverLogging.log.publicKeyAlgorithmNotSetToES256();
    }

    static void validateTokenHeaderConfiguration(JWTAuthContextInfo jWTAuthContextInfo) {
        String tokenHeader = jWTAuthContextInfo.getTokenHeader();
        if (tokenHeader == null || !"X-Amzn-Oidc-Data".equals(tokenHeader)) {
            AwsAlbKeyResolverLogging.log.invalidAWSTokenHeader();
        }
    }

    static String removeEndingSlash(String str) {
        return (!str.endsWith("/") || str.length() == 1) ? str : str.substring(0, str.length() - 1);
    }

    static boolean containsSubPath(String str) {
        return URI.create(removeEndingSlash(str)).getPath().contains("/");
    }
}
