package org.frankframework.management.security;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.KeySourceException;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.source.JWKSetCacheRefreshEvaluator;
import com.nimbusds.jose.jwk.source.JWKSetSource;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import java.io.IOException;
import java.text.ParseException;
import java.util.function.Supplier;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:org/frankframework/management/security/JwtVerifier.class */
public class JwtVerifier extends DefaultJWTProcessor<SecurityContext> {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/frankframework/management/security/JwtVerifier$LazyLoadingJwkSetSource.class */
    public static class LazyLoadingJwkSetSource implements JWKSetSource<SecurityContext> {
        private final Supplier<String> supply;

        public LazyLoadingJwkSetSource(Supplier<String> supplier) {
            this.supply = supplier;
        }

        public JWKSet getJWKSet(JWKSetCacheRefreshEvaluator jWKSetCacheRefreshEvaluator, long j, SecurityContext securityContext) throws KeySourceException {
            try {
                String str = this.supply.get();
                if (str == null) {
                    throw new KeySourceException("no jwks found");
                }
                return JWKSet.parse(str);
            } catch (ParseException e) {
                throw new KeySourceException("parse exception", e);
            }
        }

        public void close() throws IOException {
        }
    }

    /* loaded from: input_file:org/frankframework/management/security/JwtVerifier$LazyLoadingJwkSource.class */
    private static class LazyLoadingJwkSource extends JWSVerificationKeySelector<SecurityContext> {
        public LazyLoadingJwkSource(Supplier<String> supplier) {
            super(JwtKeyGenerator.JWT_DEFAULT_SIGNING_ALGORITHM, createKeySource(supplier));
        }

        private static JWKSource<SecurityContext> createKeySource(Supplier<String> supplier) {
            return JWKSourceBuilder.create(new LazyLoadingJwkSetSource(supplier)).cacheForever().build();
        }
    }

    public JwtVerifier(Supplier<String> supplier) {
        setJWSKeySelector(new LazyLoadingJwkSource(supplier));
    }

    public Authentication verify(String str) throws IOException {
        try {
            try {
                return new JwtAuthenticationToken(process(str, null), str);
            } catch (ParseException e) {
                throw new IOException("unable to create AuthenticationToken", e);
            }
        } catch (JOSEException | ParseException | BadJOSEException e2) {
            throw new IOException("unable to parse JWT", e2);
        }
    }
}
