package cn.insmart.iam.resource.validator;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.util.Assert;

/* loaded from: input_file:cn/insmart/iam/resource/validator/AudienceValidator.class */
public class AudienceValidator implements OAuth2TokenValidator<Jwt> {
    private static final Logger log = LoggerFactory.getLogger(AudienceValidator.class);
    private final String audience;
    private final OAuth2Error error;

    public AudienceValidator(String str) {
        Assert.hasText(str, "audience is required!");
        this.audience = str;
        this.error = new OAuth2Error("invalid_token", "Invalid token does not contain resource id (" + str + ")", (String) null);
    }

    public OAuth2TokenValidatorResult validate(Jwt jwt) {
        if (!this.audience.startsWith("iam") && !jwt.getAudience().contains(this.audience)) {
            return OAuth2TokenValidatorResult.failure(new OAuth2Error[]{this.error});
        }
        return OAuth2TokenValidatorResult.success();
    }
}
