package com.google.api.tools.framework.aspects.authentication.validators;

import com.google.api.AuthProvider;
import com.google.api.AuthRequirement;
import com.google.api.AuthenticationRule;
import com.google.api.tools.framework.aspects.authentication.AuthConfigAspect;
import com.google.api.tools.framework.model.ConfigValidator;
import com.google.api.tools.framework.model.DiagReporter;
import com.google.api.tools.framework.model.Model;
import com.google.protobuf.Message;
import java.util.Iterator;

/* loaded from: input_file:com/google/api/tools/framework/aspects/authentication/validators/AuthenticationValidator.class */
public class AuthenticationValidator extends ConfigValidator<Model> {
    public AuthenticationValidator(DiagReporter diagReporter) {
        super(diagReporter, AuthConfigAspect.ASPECT_NAME, Model.class);
    }

    @Override // com.google.api.tools.framework.model.ConfigValidator
    public void run(Model model) {
        Iterator it = model.getServiceConfig().getAuthentication().getRulesList().iterator();
        while (it.hasNext()) {
            validateRequirements((AuthenticationRule) it.next(), model);
        }
    }

    private void validateRequirements(AuthenticationRule authenticationRule, Model model) {
        for (AuthRequirement authRequirement : authenticationRule.getRequirementsList()) {
            AuthProvider authProvider = AuthConfigAspect.getAuthProvider(authRequirement.getProviderId(), model);
            if (authProvider == null) {
                error(DiagReporter.MessageLocationContext.create((Message) authRequirement, 1), "Cannot find auth provider with id '%s'", authRequirement.getProviderId());
            } else if (!authRequirement.getAudiences().isEmpty() && !authProvider.getAudiences().isEmpty() && !authRequirement.getAudiences().equalsIgnoreCase(authProvider.getAudiences())) {
                error(DiagReporter.MessageLocationContext.create((Message) authRequirement, 2), "Setting 'audiences' field inside both 'requirement' and provider '%s' is not allowed. Please set the 'audiences' field only inside the 'provider'.", authProvider.getId());
            }
        }
    }
}
