package org.springframework.security.oauth2.jwt;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-jose-6.5.0.jar:org/springframework/security/oauth2/jwt/JwtTypeValidator.class */
public final class JwtTypeValidator implements OAuth2TokenValidator<Jwt> {
    private final Collection<String> validTypes;
    private boolean allowEmpty;

    public JwtTypeValidator(Collection<String> collection) {
        Assert.notEmpty(collection, "validTypes cannot be empty");
        this.validTypes = new ArrayList(collection);
    }

    public JwtTypeValidator(String... strArr) {
        this(List.of((Object[]) strArr));
    }

    public static JwtTypeValidator jwt() {
        JwtTypeValidator jwtTypeValidator = new JwtTypeValidator(List.of("JWT"));
        jwtTypeValidator.setAllowEmpty(true);
        return jwtTypeValidator;
    }

    public void setAllowEmpty(boolean z) {
        this.allowEmpty = z;
    }

    @Override // org.springframework.security.oauth2.core.OAuth2TokenValidator
    public OAuth2TokenValidatorResult validate(Jwt jwt) {
        String str = (String) jwt.getHeaders().get("typ");
        if ((!this.allowEmpty || StringUtils.hasText(str)) && !this.validTypes.contains(str)) {
            return OAuth2TokenValidatorResult.failure(new OAuth2Error("invalid_token", "the given typ value needs to be one of " + String.valueOf(this.validTypes), "https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.9"));
        }
        return OAuth2TokenValidatorResult.success();
    }
}
