package com.ibm.ws.security.openidconnect.token;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.util.Iterator;
import java.util.List;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.openidconnect.common_1.0.14.jar:com/ibm/ws/security/openidconnect/token/CheckAudience.class */
public class CheckAudience {
    private static final TraceComponent tc = Tr.register((Class<?>) CheckAudience.class, "OpenIdConnect", "com.ibm.ws.security.openidconnect.common.internal.resources.OidcCommonMessages");
    private final String clientId;
    private JWTPayload payload;
    static final long serialVersionUID = -8464082453506778211L;

    public CheckAudience(String str) {
        this.clientId = str;
    }

    public CheckAudience(String str, JWTPayload jWTPayload) {
        this.clientId = str;
        this.payload = jWTPayload;
    }

    public void check() throws IDTokenValidationFailedException {
        checkStrings(this.clientId, this.payload);
    }

    boolean singleAudienceElementCheck(String str, String str2) {
        return str2.equals(str);
    }

    boolean multipleAudienceElementCheck(String str, List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().equals(str)) {
                return true;
            }
        }
        return false;
    }

    private void checkStrings(String str, JWTPayload jWTPayload) throws IDTokenValidationFailedException {
        String str2;
        boolean z = false;
        String str3 = null;
        Object obj = jWTPayload.get("aud");
        if (obj instanceof String) {
            str3 = (String) obj;
            z = singleAudienceElementCheck(str, str3);
        } else if (obj instanceof List) {
            if (((List) obj).size() == 1) {
                str3 = (String) ((List) obj).get(0);
                z = singleAudienceElementCheck(str, str3);
            } else if (((List) obj).size() > 1 && multipleAudienceElementCheck(str, (List) obj) && (str2 = (String) jWTPayload.get("azp")) != null) {
                if (!str2.equals(str)) {
                    Tr.error(tc, "OIDC_IDTOKEN_VERIFY_AUD_AZP_ERR", str2, str);
                    throw new IDTokenValidationFailedException(Tr.formatMessage(tc, "OIDC_IDTOKEN_VERIFY_AUD_AZP_ERR", str2, str));
                }
                z = true;
            }
        }
        if (z) {
            return;
        }
        Tr.error(tc, "OIDC_IDTOKEN_VERIFY_AUD_ERR", str3, str);
        throw IDTokenValidationFailedException.format("OIDC_IDTOKEN_VERIFY_AUD_ERR", str3, str);
    }
}
