package com.ibm.ws.security.openidconnect.token;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.security.openidconnect.util.JsonUtil;
import com.ibm.ws.security.openidconnect.util.MessageHelper;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:com/ibm/ws/security/openidconnect/token/CheckAudience.class */
public class CheckAudience {
    private static final TraceComponent tc = Tr.register(CheckAudience.class, "OpenIdConnect", "com.ibm.ws.security.openidconnect.common.OidcCommonMessages");
    private final String clientId;
    private JWTPayload payload;

    public CheckAudience(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "CheckAudience(uri[" + str + "])");
        }
        this.clientId = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "CheckAudience(uri)");
        }
    }

    public CheckAudience(String str, JWTPayload jWTPayload) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "CheckAudience(uri[" + str + "], payload2[" + JsonUtil.getObjState(jWTPayload) + "])");
        }
        this.clientId = str;
        this.payload = jWTPayload;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "CheckAudience(uri,payload2)");
        }
    }

    public void check() throws IDTokenValidationFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "check");
        }
        checkStrings(this.clientId, this.payload);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "check");
        }
    }

    boolean singleAudienceElementCheck(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "singleAudienceElementCheck(clientId[" + str + "],aud[" + str2 + "])");
        }
        boolean equals = str2.equals(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "singleAudienceElementCheck returns [" + equals + "]");
        }
        return equals;
    }

    boolean multipleAudienceElementCheck(String str, List<String> list) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkStrings(clientId[" + str + "],audList)");
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().equals(str)) {
                if (!tc.isEntryEnabled()) {
                    return true;
                }
                Tr.exit(tc, "multipleAudienceElementCheck returns [true]");
                return true;
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "multipleAudienceElementCheck returns [false]");
        return false;
    }

    private void checkStrings(String str, JWTPayload jWTPayload) throws IDTokenValidationFailedException {
        String str2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkStrings(clientId[" + str + "],payload[" + JsonUtil.getObjState(jWTPayload) + "])");
        }
        boolean z = false;
        String str3 = null;
        Object obj = jWTPayload.get("aud");
        if (obj instanceof String) {
            str3 = (String) obj;
            z = singleAudienceElementCheck(str, str3);
        } else if (obj instanceof List) {
            if (((List) obj).size() == 1) {
                str3 = (String) ((List) obj).get(0);
                z = singleAudienceElementCheck(str, str3);
            } else if (((List) obj).size() > 1 && multipleAudienceElementCheck(str, (List) obj) && (str2 = (String) jWTPayload.get(PayloadConstants.AUTHORIZED_PARTY)) != null) {
                if (!str2.equals(str)) {
                    Tr.error(tc, "OIDC_IDTOKEN_VERIFY_AUD_AZP_ERR", new Object[]{str2, str});
                    throw new IDTokenValidationFailedException(MessageHelper.getMessage("OIDC_IDTOKEN_VERIFY_AUD_AZP_ERR", new Object[]{str2, str}));
                }
                z = true;
            }
        }
        if (!z) {
            Tr.error(tc, "OIDC_IDTOKEN_VERIFY_AUD_ERR", new Object[]{str3, str});
            throw IDTokenValidationFailedException.format("OIDC_IDTOKEN_VERIFY_AUD_ERR", str3, str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkStrings");
        }
    }
}
