package uk.gov.ida.saml.core.validation.conditions;

import com.google.inject.Inject;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml.saml2.core.Audience;
import org.opensaml.saml.saml2.core.AudienceRestriction;
import uk.gov.ida.saml.core.validation.SamlResponseValidationException;

/* loaded from: input_file:uk/gov/ida/saml/core/validation/conditions/AudienceRestrictionValidator.class */
public class AudienceRestrictionValidator {
    @Inject
    public AudienceRestrictionValidator() {
    }

    public void validate(List<AudienceRestriction> list, String... strArr) {
        if (list == null || list.size() != 1) {
            throw new SamlResponseValidationException("Exactly one audience restriction is expected.");
        }
        List audiences = list.get(0).getAudiences();
        if (audiences == null || audiences.size() != 1) {
            throw new SamlResponseValidationException("Exactly one audience is expected.");
        }
        String audienceURI = ((Audience) audiences.get(0)).getAudienceURI();
        if (Arrays.stream(strArr).noneMatch(str -> {
            return str.equals(audienceURI);
        })) {
            throw new SamlResponseValidationException(String.format("Audience must match an acceptable entity ID. Acceptable entity IDs are: %s but audience was: %s", StringUtils.join(strArr, ", "), audienceURI));
        }
    }
}
