package org.forgerock.openidconnect;

import java.util.Iterator;
import java.util.Set;
import javax.inject.Inject;
import org.forgerock.oauth2.core.AuthorizeRequestValidator;
import org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory;
import org.forgerock.oauth2.core.OAuth2Request;
import org.forgerock.oauth2.core.exceptions.ClientAuthenticationFailureFactory;
import org.forgerock.oauth2.core.exceptions.InvalidClientException;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.oauth2.core.exceptions.ServerException;

/* loaded from: input_file:org/forgerock/openidconnect/SubjectTypeValidator.class */
public class SubjectTypeValidator implements AuthorizeRequestValidator {
    private final OAuth2ProviderSettingsFactory providerSettingsFactory;
    private final OpenIdConnectClientRegistrationStore clientRegistrationStore;
    private final ClientAuthenticationFailureFactory failureFactory;

    @Inject
    public SubjectTypeValidator(OAuth2ProviderSettingsFactory oAuth2ProviderSettingsFactory, OpenIdConnectClientRegistrationStore openIdConnectClientRegistrationStore, ClientAuthenticationFailureFactory clientAuthenticationFailureFactory) {
        this.providerSettingsFactory = oAuth2ProviderSettingsFactory;
        this.clientRegistrationStore = openIdConnectClientRegistrationStore;
        this.failureFactory = clientAuthenticationFailureFactory;
    }

    @Override // org.forgerock.oauth2.core.AuthorizeRequestValidator
    public void validateRequest(OAuth2Request oAuth2Request) throws InvalidClientException, NotFoundException, ServerException {
        Set<String> supportedSubjectTypes = this.providerSettingsFactory.get(oAuth2Request).getSupportedSubjectTypes();
        String lowerCase = this.clientRegistrationStore.get((String) oAuth2Request.getParameter("client_id"), oAuth2Request).getSubjectType().toLowerCase();
        Iterator<String> it = supportedSubjectTypes.iterator();
        while (it.hasNext()) {
            if (it.next().toLowerCase().equals(lowerCase)) {
                return;
            }
        }
        throw this.failureFactory.getException(oAuth2Request, "Server does not support this client's subject type.");
    }
}
