package it.geosolutions.geostore.services.rest.security.oauth2.openid_connect.bearer;

import it.geosolutions.geostore.services.rest.security.oauth2.openid_connect.OpenIdConnectConfiguration;
import java.util.Map;

/* loaded from: input_file:WEB-INF/lib/geostore-rest-impl-2.2.0.jar:it/geosolutions/geostore/services/rest/security/oauth2/openid_connect/bearer/SubjectTokenValidator.class */
public class SubjectTokenValidator implements OpenIdTokenValidator {
    private final String SUBJECT_CLAIM_NAME = "sub";
    private final String AZURE_SUBJECT_CONTAINER_NAME = "xms_st";

    @Override // it.geosolutions.geostore.services.rest.security.oauth2.openid_connect.bearer.OpenIdTokenValidator
    public void verifyToken(OpenIdConnectConfiguration openIdConnectConfiguration, Map map, Map map2) throws Exception {
        if (map.get("sub") == null || map2.get("sub") == null || !map.get("sub").equals(map2.get("sub"))) {
            if (map.get("xms_st") != null && (map.get("xms_st") instanceof Map)) {
                Map map3 = (Map) map.get("xms_st");
                if (map3.get("sub") != null && map3.get("sub").equals(map2.get("sub"))) {
                    return;
                }
            }
            throw new Exception("JWT Bearer token VS UserInfo - subjects dont match");
        }
    }
}
