package no.nav.common.auth.oidc;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.openid.connect.sdk.Nonce;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import com.nimbusds.openid.connect.sdk.validators.IDTokenValidator;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.ParseException;
import no.nav.common.auth.oidc.discovery.OidcDiscoveryConfiguration;
import no.nav.common.auth.oidc.discovery.OidcDiscoveryConfigurationClient;

/* loaded from: input_file:no/nav/common/auth/oidc/OidcTokenValidator.class */
public class OidcTokenValidator {
    private static final JWSAlgorithm JWS_ALGORITHM = JWSAlgorithm.RS256;
    private final IDTokenValidator validator;
    private final String issuer;

    public OidcTokenValidator(String str, String str2) {
        OidcDiscoveryConfiguration fetchDiscoveryConfiguration = new OidcDiscoveryConfigurationClient().fetchDiscoveryConfiguration(str);
        this.issuer = fetchDiscoveryConfiguration.issuer;
        this.validator = createValidator(fetchDiscoveryConfiguration.issuer, fetchDiscoveryConfiguration.jwksUri, JWS_ALGORITHM, str2);
    }

    public OidcTokenValidator(String str, String str2, JWSAlgorithm jWSAlgorithm, String str3) {
        this.issuer = str;
        this.validator = createValidator(str, str2, jWSAlgorithm, str3);
    }

    public IDTokenClaimsSet validate(JWT jwt) throws BadJOSEException, JOSEException {
        return this.validator.validate(jwt, (Nonce) null);
    }

    public IDTokenClaimsSet validate(String str) throws ParseException, JOSEException, BadJOSEException {
        return validate(JWTParser.parse(str));
    }

    public String getIssuer() {
        return this.issuer;
    }

    private IDTokenValidator createValidator(String str, String str2, JWSAlgorithm jWSAlgorithm, String str3) {
        try {
            return new IDTokenValidator(new Issuer(str), new ClientID(str3), jWSAlgorithm, new URL(str2));
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException("Invalid jwks URL " + str2);
        }
    }
}
