package org.trellisldp.oauth;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SigningKeyResolverAdapter;
import io.jsonwebtoken.security.SecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.List;

/* loaded from: input_file:org/trellisldp/oauth/FederatedJwtAuthenticator.class */
public class FederatedJwtAuthenticator implements Authenticator {
    private final KeyStore keyStore;
    private final List<String> keyIds;

    public FederatedJwtAuthenticator(KeyStore keyStore, List<String> list) {
        this.keyStore = keyStore;
        this.keyIds = list;
    }

    @Override // org.trellisldp.oauth.Authenticator
    public Claims parse(String str) {
        return (Claims) Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolverAdapter() { // from class: org.trellisldp.oauth.FederatedJwtAuthenticator.1
            public Key resolveSigningKey(JwsHeader jwsHeader, Claims claims) {
                if (jwsHeader.getKeyId() == null) {
                    throw new JwtException("Missing Key ID (kid) header field");
                }
                try {
                    if (FederatedJwtAuthenticator.this.keyIds.contains(jwsHeader.getKeyId()) && FederatedJwtAuthenticator.this.keyStore.containsAlias(jwsHeader.getKeyId())) {
                        return FederatedJwtAuthenticator.this.keyStore.getCertificate(jwsHeader.getKeyId()).getPublicKey();
                    }
                    throw new SecurityException("Could not locate key in keystore: " + jwsHeader.getKeyId());
                } catch (KeyStoreException e) {
                    throw new SecurityException("Error retrieving key from keystore", e);
                }
            }
        }).build().parseClaimsJws(str).getBody();
    }
}
