package org.nentangso.core.security.oauth2;

import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.util.Assert;

/* loaded from: input_file:org/nentangso/core/security/oauth2/AudienceValidator.class */
public class AudienceValidator implements OAuth2TokenValidator<Jwt> {
    private final Logger log = LoggerFactory.getLogger(AudienceValidator.class);
    private final OAuth2Error error = new OAuth2Error("invalid_token", "The required audience is missing", (String) null);
    private final List<String> allowedAudience;

    public AudienceValidator(List<String> list) {
        Assert.notEmpty(list, "Allowed audience should not be null or empty.");
        this.allowedAudience = list;
    }

    public OAuth2TokenValidatorResult validate(Jwt jwt) {
        List audience = jwt.getAudience();
        Stream stream = audience.stream();
        List<String> list = this.allowedAudience;
        Objects.requireNonNull(list);
        if (stream.anyMatch((v1) -> {
            return r1.contains(v1);
        })) {
            return OAuth2TokenValidatorResult.success();
        }
        this.log.warn("Invalid audience: {}", audience);
        return OAuth2TokenValidatorResult.failure(new OAuth2Error[]{this.error});
    }
}
