package fish.payara.security.openid.controller;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.BadJWTException;
import fish.payara.security.openid.domain.OpenIdConfiguration;
import java.text.ParseException;
import java.util.Objects;

/* loaded from: input_file:MICRO-INF/runtime/openid-client-integration.jar:fish/payara/security/openid/controller/IdTokenClaimsSetVerifier.class */
public class IdTokenClaimsSetVerifier extends TokenClaimsSetVerifier {
    private final String expectedNonceHash;

    public IdTokenClaimsSetVerifier(String str, OpenIdConfiguration openIdConfiguration) {
        super(openIdConfiguration);
        this.expectedNonceHash = str;
    }

    @Override // fish.payara.security.openid.controller.TokenClaimsSetVerifier
    public void verify(JWTClaimsSet jWTClaimsSet) throws BadJWTException {
        if (this.configuration.isUseNonce()) {
            try {
                String stringClaim = jWTClaimsSet.getStringClaim("nonce");
                if (Objects.isNull(stringClaim)) {
                    throw new IllegalStateException("Missing nonce claim");
                }
                if (Objects.isNull(this.expectedNonceHash)) {
                    throw new IllegalStateException("Missing expected nonce claim");
                }
                if (!this.expectedNonceHash.equals(stringClaim)) {
                    throw new IllegalStateException("Invalid nonce claim : " + stringClaim);
                }
            } catch (ParseException e) {
                throw new IllegalStateException("Invalid nonce claim", e);
            }
        }
    }
}
