package org.elasticsearch.xpack.security.authc.jwt;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import java.util.List;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.rest.RestStatus;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/jwt/JwtAlgorithmValidator.class */
public class JwtAlgorithmValidator implements JwtFieldValidator {
    private final List<String> allowedAlgorithms;

    public JwtAlgorithmValidator(List<String> list) {
        this.allowedAlgorithms = list;
    }

    @Override // org.elasticsearch.xpack.security.authc.jwt.JwtFieldValidator
    public void validate(JWSHeader jWSHeader, JWTClaimsSet jWTClaimsSet) {
        JWSAlgorithm algorithm = jWSHeader.getAlgorithm();
        if (algorithm == null) {
            throw new ElasticsearchSecurityException("missing JWT algorithm header", RestStatus.BAD_REQUEST, new Object[0]);
        }
        if (false == this.allowedAlgorithms.contains(algorithm.getName())) {
            throw new ElasticsearchSecurityException("invalid JWT algorithm [{}], allowed algorithms are [{}]", RestStatus.BAD_REQUEST, new Object[]{algorithm, Strings.collectionToCommaDelimitedString(this.allowedAlgorithms)});
        }
    }
}
