package io.basestar.auth.nimbus;

import com.google.common.base.Verify;
import com.google.common.collect.ImmutableMap;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import io.basestar.auth.Authenticator;
import io.basestar.auth.Authorization;
import io.basestar.auth.Caller;
import io.basestar.auth.exception.AuthenticationFailedException;
import io.swagger.v3.oas.models.security.SecurityScheme;
import java.net.URL;
import java.text.ParseException;
import java.util.Map;
import java.util.concurrent.CompletableFuture;

/* loaded from: input_file:io/basestar/auth/nimbus/NimbusAuthenticator.class */
public class NimbusAuthenticator implements Authenticator {
    private final JWSAlgorithm algorithm;
    private final URL jwkURL;

    public boolean canAuthenticate(Authorization authorization) {
        return authorization.isBearer();
    }

    public CompletableFuture<Caller> authenticate(Authorization authorization) {
        try {
            String credentials = ((Authorization) Verify.verifyNotNull(authorization)).getCredentials();
            RemoteJWKSet remoteJWKSet = new RemoteJWKSet(this.jwkURL);
            DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
            defaultJWTProcessor.setJWSKeySelector(new JWSVerificationKeySelector(this.algorithm, remoteJWKSet));
            final JWTClaimsSet process = defaultJWTProcessor.process(credentials, (SecurityContext) null);
            return CompletableFuture.completedFuture(new Caller() { // from class: io.basestar.auth.nimbus.NimbusAuthenticator.1
                public boolean isAnon() {
                    return false;
                }

                public boolean isSuper() {
                    return false;
                }

                public String getSchema() {
                    return "User";
                }

                public String getId() {
                    return NimbusAuthenticator.this.userId(process);
                }

                public Map<String, Object> getClaims() {
                    return process.getClaims();
                }
            });
        } catch (JOSEException | ParseException | BadJOSEException e) {
            throw new AuthenticationFailedException(e.getMessage(), e);
        }
    }

    protected String userId(JWTClaimsSet jWTClaimsSet) {
        return jWTClaimsSet.getSubject();
    }

    public Map<String, SecurityScheme> openApi() {
        return ImmutableMap.of("Bearer", new SecurityScheme().type(SecurityScheme.Type.HTTP).in(SecurityScheme.In.HEADER).scheme("bearer").bearerFormat("JWT"));
    }

    public NimbusAuthenticator(JWSAlgorithm jWSAlgorithm, URL url) {
        this.algorithm = jWSAlgorithm;
        this.jwkURL = url;
    }

    public JWSAlgorithm getAlgorithm() {
        return this.algorithm;
    }

    public URL getJwkURL() {
        return this.jwkURL;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof NimbusAuthenticator)) {
            return false;
        }
        NimbusAuthenticator nimbusAuthenticator = (NimbusAuthenticator) obj;
        if (!nimbusAuthenticator.canEqual(this)) {
            return false;
        }
        JWSAlgorithm algorithm = getAlgorithm();
        JWSAlgorithm algorithm2 = nimbusAuthenticator.getAlgorithm();
        if (algorithm == null) {
            if (algorithm2 != null) {
                return false;
            }
        } else if (!algorithm.equals(algorithm2)) {
            return false;
        }
        URL jwkURL = getJwkURL();
        URL jwkURL2 = nimbusAuthenticator.getJwkURL();
        return jwkURL == null ? jwkURL2 == null : jwkURL.equals(jwkURL2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof NimbusAuthenticator;
    }

    public int hashCode() {
        JWSAlgorithm algorithm = getAlgorithm();
        int hashCode = (1 * 59) + (algorithm == null ? 43 : algorithm.hashCode());
        URL jwkURL = getJwkURL();
        return (hashCode * 59) + (jwkURL == null ? 43 : jwkURL.hashCode());
    }

    public String toString() {
        return "NimbusAuthenticator(algorithm=" + getAlgorithm() + ", jwkURL=" + getJwkURL() + ")";
    }
}
