package com.azure.spring.aad.webapi.validator;

import com.azure.spring.aad.AADTrustedIssuerRepository;
import com.azure.spring.autoconfigure.aad.AADTokenClaim;
import java.util.function.Predicate;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.util.Assert;

/* loaded from: input_file:com/azure/spring/aad/webapi/validator/AADJwtIssuerValidator.class */
public class AADJwtIssuerValidator implements OAuth2TokenValidator<Jwt> {
    private static final String LOGIN_MICROSOFT_ONLINE_ISSUER = "https://login.microsoftonline.com/";
    private static final String STS_WINDOWS_ISSUER = "https://sts.windows.net/";
    private static final String STS_CHINA_CLOUD_API_ISSUER = "https://sts.chinacloudapi.cn/";
    private final AADJwtClaimValidator<String> validator;
    private final AADTrustedIssuerRepository trustedIssuerRepo;

    public AADJwtIssuerValidator() {
        this(null);
    }

    public AADJwtIssuerValidator(AADTrustedIssuerRepository aADTrustedIssuerRepository) {
        this.trustedIssuerRepo = aADTrustedIssuerRepository;
        this.validator = new AADJwtClaimValidator<>(AADTokenClaim.ISS, trustedIssuerRepoValidIssuer());
    }

    private Predicate<String> trustedIssuerRepoValidIssuer() {
        return str -> {
            if (str == null) {
                return false;
            }
            return this.trustedIssuerRepo == null ? str.startsWith(LOGIN_MICROSOFT_ONLINE_ISSUER) || str.startsWith(STS_WINDOWS_ISSUER) || str.startsWith(STS_CHINA_CLOUD_API_ISSUER) : this.trustedIssuerRepo.getTrustedIssuers().contains(str);
        };
    }

    public OAuth2TokenValidatorResult validate(Jwt jwt) {
        Assert.notNull(jwt, "token cannot be null");
        return this.validator.validate(jwt);
    }
}
