package fish.payara.security.openid.controller;

import fish.payara.security.openid.api.IdentityToken;
import fish.payara.security.openid.domain.OpenIdConfiguration;
import fish.payara.security.shaded.nimbusds.jwt.JWTClaimsSet;
import fish.payara.security.shaded.nimbusds.jwt.proc.BadJWTException;
import java.util.List;
import java.util.Objects;

/* loaded from: input_file:MICRO-INF/runtime/security-connector-oidc-client.jar:fish/payara/security/openid/controller/RefreshedIdTokenClaimsSetVerifier.class */
public class RefreshedIdTokenClaimsSetVerifier extends TokenClaimsSetVerifier {
    private final IdentityToken previousIdToken;

    public RefreshedIdTokenClaimsSetVerifier(IdentityToken identityToken, OpenIdConfiguration openIdConfiguration) {
        super(openIdConfiguration);
        this.previousIdToken = identityToken;
    }

    @Override // fish.payara.security.openid.controller.TokenClaimsSetVerifier
    public void verify(JWTClaimsSet jWTClaimsSet) throws BadJWTException {
        String str = (String) this.previousIdToken.getClaim("iss");
        String issuer = jWTClaimsSet.getIssuer();
        if (issuer == null || !issuer.equals(str)) {
            throw new IllegalStateException("iss Claim Value MUST be the same as in the ID Token issued when the original authentication occurred.");
        }
        String str2 = (String) this.previousIdToken.getClaim("sub");
        String subject = jWTClaimsSet.getSubject();
        if (subject == null || !subject.equals(str2)) {
            throw new IllegalStateException("sub Claim Value MUST be the same as in the ID Token issued when the original authentication occurred.");
        }
        List list = (List) this.previousIdToken.getClaim("aud");
        List<String> audience = jWTClaimsSet.getAudience();
        if (audience == null || !audience.equals(list)) {
            throw new IllegalStateException("aud Claim Value MUST be the same as in the ID Token issued when the original authentication occurred.");
        }
        if (Objects.isNull(jWTClaimsSet.getIssueTime())) {
            throw new IllegalStateException("iat Claim Value must not be null.");
        }
        String str3 = (String) this.previousIdToken.getClaim("azp");
        String str4 = (String) jWTClaimsSet.getClaim("azp");
        if (str3 == null) {
            if (str4 == null) {
                return;
            }
        } else if (str3.equals(str4)) {
            return;
        }
        throw new IllegalStateException("azp Claim Value MUST be the same as in the ID Token issued when the original authentication occurred.");
    }
}
