package com.sap.cloud.sdk.cloudplatform.security;

import com.sap.cloud.security.config.OAuth2ServiceConfiguration;
import com.sap.cloud.security.token.Token;
import com.sap.cloud.security.token.validation.ValidationResult;
import com.sap.cloud.security.token.validation.ValidationResults;
import com.sap.cloud.security.token.validation.Validator;
import io.vavr.control.Try;
import java.lang.invoke.SerializedLambda;
import java.net.URI;
import java.util.List;
import java.util.function.Predicate;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/security/CustomJwtIssuerValidator.class */
class CustomJwtIssuerValidator implements Validator<Token> {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CustomJwtIssuerValidator.class);
    private static final Pattern HAS_PROTOCOL_PATTERN = Pattern.compile("^\\w+://");
    private static final Predicate<String> HAS_PROTOCOL = str -> {
        return HAS_PROTOCOL_PATTERN.matcher(str).find();
    };

    @Nonnull
    private final List<String> domains;

    public CustomJwtIssuerValidator(@Nonnull OAuth2ServiceConfiguration oAuth2ServiceConfiguration) {
        this.domains = oAuth2ServiceConfiguration.getDomains();
        if (this.domains == null || this.domains.isEmpty()) {
            throw new IllegalArgumentException("JwtIssuerValidator requires a domain(s).");
        }
    }

    public ValidationResult validate(Token token) {
        return (checkIssuerInDomains(token.getClaimAsString("iss")) || checkIssuerInDomains(token.getClaimAsString("ias_iss"))) ? ValidationResults.createValid() : ValidationResults.createInvalid("Issuer is not trusted because it doesn't match any of these domains '{}' of the identity provider.", new Object[]{this.domains});
    }

    boolean checkIssuerInDomains(@Nullable String str) {
        String extractHost;
        if (str != null && (extractHost = extractHost(str)) != null) {
            Stream<String> stream = this.domains.stream();
            extractHost.getClass();
            if (stream.anyMatch(extractHost::endsWith)) {
                return true;
            }
        }
        return false;
    }

    @Nullable
    static String extractHost(String str) {
        String str2 = HAS_PROTOCOL.test(str) ? str : "https://" + str;
        return (String) Try.of(() -> {
            return new URI(str2).getHost();
        }).onFailure(th -> {
            log.warn("Invalid URI: {}", str, th);
        }).getOrNull();
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -44706476:
                if (implMethodName.equals("lambda$extractHost$3ed72fa7$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/CustomJwtIssuerValidator") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;)Ljava/lang/String;")) {
                    String str = (String) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return new URI(str).getHost();
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
