package org.elasticsearch.xpack.security.authc.jwt;

import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;
import org.elasticsearch.common.Strings;
import org.elasticsearch.core.Nullable;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/jwt/JwtStringClaimValidator.class */
public class JwtStringClaimValidator implements JwtFieldValidator {
    public static JwtStringClaimValidator ALLOW_ALL_SUBJECTS = new JwtStringClaimValidator("sub", null, true);
    private final String claimName;

    @Nullable
    private final Map<String, String> fallbackClaimNames;

    @Nullable
    private final List<String> allowedClaimValues;
    private final boolean singleValuedClaim;

    public JwtStringClaimValidator(String str, List<String> list, boolean z) {
        this(str, null, list, z);
    }

    public JwtStringClaimValidator(String str, Map<String, String> map, List<String> list, boolean z) {
        this.claimName = str;
        this.fallbackClaimNames = map;
        this.allowedClaimValues = list;
        this.singleValuedClaim = z;
    }

    @Override // org.elasticsearch.xpack.security.authc.jwt.JwtFieldValidator
    public void validate(JWSHeader jWSHeader, JWTClaimsSet jWTClaimsSet) {
        FallbackableClaim fallbackableClaim = new FallbackableClaim(this.claimName, this.fallbackClaimNames, jWTClaimsSet);
        List<String> stringClaimValues = getStringClaimValues(fallbackableClaim);
        if (stringClaimValues == null) {
            throw new IllegalArgumentException("missing required string claim [" + fallbackableClaim + "]");
        }
        if (this.allowedClaimValues != null) {
            Stream<String> stream = stringClaimValues.stream();
            List<String> list = this.allowedClaimValues;
            Objects.requireNonNull(list);
            if (false == stream.anyMatch((v1) -> {
                return r2.contains(v1);
            })) {
                throw new IllegalArgumentException("string claim [" + fallbackableClaim + "] has value [" + Strings.collectionToCommaDelimitedString(stringClaimValues) + "] which does not match allowed claim values [" + Strings.collectionToCommaDelimitedString(this.allowedClaimValues) + "]");
            }
        }
    }

    private List<String> getStringClaimValues(FallbackableClaim fallbackableClaim) {
        if (!this.singleValuedClaim) {
            return fallbackableClaim.getStringListClaimValue();
        }
        String stringClaimValue = fallbackableClaim.getStringClaimValue();
        if (stringClaimValue != null) {
            return List.of(stringClaimValue);
        }
        return null;
    }
}
