package org.activiti.cloud.services.identity.keycloak.validator;

import org.activiti.cloud.services.common.security.jwt.validator.ValidationCheck;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.jwt.Jwt;

/* loaded from: input_file:org/activiti/cloud/services/identity/keycloak/validator/RealmValidationCheck.class */
public class RealmValidationCheck implements ValidationCheck {
    protected static final Logger LOGGER = LoggerFactory.getLogger(RealmValidationCheck.class);
    private String authServerUrl;
    private final String realm;

    public RealmValidationCheck(String str, String str2) {
        this.authServerUrl = str;
        this.realm = str2;
    }

    public boolean isValid(Jwt jwt) {
        String realmUrl = getRealmUrl();
        if (jwt.getIssuer() == null || realmUrl.equals(jwt.getIssuer().toString())) {
            return true;
        }
        LOGGER.error("Invalid token issuer. Expected '" + realmUrl + "', but was '" + String.valueOf(jwt.getIssuer()) + "'");
        return false;
    }

    public String getRealmUrl() {
        return String.format("%s/realms/%s", this.authServerUrl, this.realm);
    }
}
