package org.elasticsearch.xpack.security.authc.jwt;

import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import java.text.ParseException;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.rest.RestStatus;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/jwt/JwtStringClaimValidator.class */
public class JwtStringClaimValidator implements JwtFieldValidator {
    private final String claimName;
    private final List<String> allowedClaimValues;
    private final boolean singleValuedClaim;

    public JwtStringClaimValidator(String str, List<String> list, boolean z) {
        this.claimName = str;
        this.allowedClaimValues = list;
        this.singleValuedClaim = z;
    }

    @Override // org.elasticsearch.xpack.security.authc.jwt.JwtFieldValidator
    public void validate(JWSHeader jWSHeader, JWTClaimsSet jWTClaimsSet) {
        try {
            List<String> stringClaimValues = getStringClaimValues(jWTClaimsSet);
            if (stringClaimValues == null) {
                throw new ElasticsearchSecurityException("missing required string claim [" + this.claimName + "]", RestStatus.BAD_REQUEST, new Object[0]);
            }
            Stream<String> stream = stringClaimValues.stream();
            List<String> list = this.allowedClaimValues;
            Objects.requireNonNull(list);
            if (false == stream.anyMatch((v1) -> {
                return r2.contains(v1);
            })) {
                throw new ElasticsearchSecurityException("string claim [" + this.claimName + "] has value [" + Strings.collectionToCommaDelimitedString(stringClaimValues) + "] which does not match allowed claim values [" + Strings.collectionToCommaDelimitedString(this.allowedClaimValues) + "]", RestStatus.BAD_REQUEST, new Object[0]);
            }
        } catch (ParseException e) {
            throw new ElasticsearchSecurityException("cannot parse string claim [" + this.claimName + "]", RestStatus.BAD_REQUEST, e, new Object[0]);
        }
    }

    private List<String> getStringClaimValues(JWTClaimsSet jWTClaimsSet) throws ParseException {
        String str = this.claimName;
        if (!this.singleValuedClaim) {
            Object claim = jWTClaimsSet.getClaim(str);
            return claim instanceof String ? List.of((String) claim) : jWTClaimsSet.getStringListClaim(str);
        }
        String stringClaim = jWTClaimsSet.getStringClaim(str);
        if (stringClaim != null) {
            return List.of(stringClaim);
        }
        return null;
    }
}
