package org.glassfish.soteria.mechanisms.openid.controller;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.BadJWTException;
import jakarta.security.enterprise.identitystore.openid.IdentityToken;
import java.util.List;
import java.util.Objects;
import org.glassfish.soteria.mechanisms.openid.domain.OpenIdConfiguration;

/* loaded from: input_file:org/glassfish/soteria/mechanisms/openid/controller/RefreshedIdTokenClaimsSetVerifier.class */
public class RefreshedIdTokenClaimsSetVerifier extends TokenClaimsSetVerifier {
    private final IdentityToken previousIdToken;

    public RefreshedIdTokenClaimsSetVerifier(IdentityToken identityToken, OpenIdConfiguration openIdConfiguration) {
        super(openIdConfiguration);
        this.previousIdToken = identityToken;
    }

    @Override // org.glassfish.soteria.mechanisms.openid.controller.TokenClaimsSetVerifier
    public void verify(JWTClaimsSet jWTClaimsSet) throws BadJWTException {
        String orElse = this.previousIdToken.getJwtClaims().getIssuer().orElse(null);
        String issuer = jWTClaimsSet.getIssuer();
        if (issuer == null || !issuer.equals(orElse)) {
            throw new IllegalStateException("iss Claim Value MUST be the same as in the ID Token issued when the original authentication occurred.");
        }
        String orElse2 = this.previousIdToken.getJwtClaims().getSubject().orElse(null);
        String subject = jWTClaimsSet.getSubject();
        if (subject == null || !subject.equals(orElse2)) {
            throw new IllegalStateException("sub Claim Value MUST be the same as in the ID Token issued when the original authentication occurred.");
        }
        List<String> audience = this.previousIdToken.getJwtClaims().getAudience();
        List<String> audience2 = jWTClaimsSet.getAudience();
        if (audience2 == null || !audience2.equals(audience)) {
            throw new IllegalStateException("aud Claim Value MUST be the same as in the ID Token issued when the original authentication occurred.");
        }
        if (Objects.isNull(jWTClaimsSet.getIssueTime())) {
            throw new IllegalStateException("iat Claim Value must not be null.");
        }
        String str = (String) this.previousIdToken.getClaims().get("azp");
        String str2 = (String) jWTClaimsSet.getClaim("azp");
        if (str == null) {
            if (str2 == null) {
                return;
            }
        } else if (str.equals(str2)) {
            return;
        }
        throw new IllegalStateException("azp Claim Value MUST be the same as in the ID Token issued when the original authentication occurred.");
    }
}
