package fun.mike.azure.auth.alpha;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.BadJWTException;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.ParseException;

/* loaded from: input_file:fun/mike/azure/auth/alpha/TokenValidator.class */
public class TokenValidator {
    public static AuthenticationResult validate(String str, String str2, String str3, String str4) {
        try {
            return validate(str, str2, str4, (JWKSource<SecurityContext>) new RemoteJWKSet(new URL(str3)));
        } catch (MalformedURLException e) {
            return AuthenticationResult.failed(String.format("JWKS URL \"%s\" retrieved from OpenID provider is malformed.", str3));
        }
    }

    private static AuthenticationResult validate(final String str, final String str2, String str3, JWKSource<SecurityContext> jWKSource) {
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        defaultJWTProcessor.setJWSKeySelector(new JWSVerificationKeySelector(JWSAlgorithm.RS256, jWKSource));
        defaultJWTProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier<SecurityContext>() { // from class: fun.mike.azure.auth.alpha.TokenValidator.1
            public void verify(JWTClaimsSet jWTClaimsSet) throws BadJWTException {
                super.verify(jWTClaimsSet);
                if (jWTClaimsSet.getExpirationTime() == null) {
                    throw new BadJWTException("Missing required token expiration claim.");
                }
                String subject = jWTClaimsSet.getSubject();
                if (str2.equals(jWTClaimsSet.getSubject())) {
                    throw new BadJWTException(String.format("Expected subject \"%s\" to be \"%s\".", str2, subject));
                }
                String format = String.format("https://sts.windows.net/%s/", str);
                if (!format.equals(jWTClaimsSet.getIssuer())) {
                    throw new BadJWTException(String.format("Expected issuer \"%s\" to be \"%s\".", str2, format));
                }
            }
        });
        try {
            return AuthenticationResult.valid(defaultJWTProcessor.process(str3, (SecurityContext) null).getClaims());
        } catch (ParseException | JOSEException | BadJOSEException e) {
            return AuthenticationResult.invalid(e.getMessage());
        }
    }
}
