package com.atlassian.asap.core.server.filter;

import com.atlassian.asap.api.Jwt;
import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-connect-plugin-1.1.100.jar:com/atlassian/asap/core/server/filter/WhitelistRequestAuthorizationFilter.class */
public class WhitelistRequestAuthorizationFilter extends AbstractRequestAuthorizationFilter {
    private final Set<String> authorizedSubjects;
    private final Set<String> authorizedIssuers;

    public WhitelistRequestAuthorizationFilter(Set<String> set, Set<String> set2) {
        this.authorizedSubjects = ImmutableSet.copyOf((Collection) set);
        this.authorizedIssuers = ImmutableSet.copyOf((Collection) set2);
    }

    public WhitelistRequestAuthorizationFilter(Set<String> set) {
        this(set, set);
    }

    @Override // com.atlassian.asap.core.server.filter.AbstractRequestAuthorizationFilter
    protected boolean isAuthorized(HttpServletRequest httpServletRequest, Jwt jwt) {
        return this.authorizedIssuers.contains(jwt.getClaims().getIssuer()) && this.authorizedSubjects.contains(jwt.getClaims().getSubject().orElse(jwt.getClaims().getIssuer()));
    }
}
