package io.micronaut.security.oauth2.endpoint.token.response.validation;

import io.micronaut.context.annotation.Requires;
import io.micronaut.security.oauth2.client.OpenIdProviderMetadata;
import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
import io.micronaut.security.oauth2.endpoint.token.response.OpenIdClaims;
import jakarta.inject.Singleton;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Requires(property = "micronaut.security.oauth2.openid.claims-validation.issuer", notEquals = "false")
/* loaded from: input_file:io/micronaut/security/oauth2/endpoint/token/response/validation/IssuerClaimValidator.class */
public class IssuerClaimValidator implements OpenIdClaimsValidator {
    private static final Logger LOG = LoggerFactory.getLogger(IssuerClaimValidator.class);

    @Override // io.micronaut.security.oauth2.endpoint.token.response.validation.OpenIdClaimsValidator
    public boolean validate(OpenIdClaims openIdClaims, OauthClientConfiguration oauthClientConfiguration, OpenIdProviderMetadata openIdProviderMetadata) {
        String issuer = openIdClaims.getIssuer();
        if (issuer == null) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("issuer claim does not exist");
            return false;
        }
        boolean equals = issuer.equals(openIdProviderMetadata.getIssuer());
        if (!equals && LOG.isDebugEnabled()) {
            LOG.debug("JWT issuer claim does not match {}", openIdProviderMetadata.getIssuer());
        }
        return equals;
    }
}
