package be.atbash.runtime.security.jwt.principal;

import be.atbash.ee.security.octopus.jwt.InvalidJWTException;
import be.atbash.ee.security.octopus.jwt.JWTEncoding;
import be.atbash.ee.security.octopus.jwt.decoder.JWTDecoder;
import be.atbash.ee.security.octopus.keys.selector.KeySelector;
import be.atbash.ee.security.octopus.nimbus.jwt.JWTClaimsSet;
import be.atbash.runtime.core.data.util.SystemPropertyUtil;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;

@ApplicationScoped
/* loaded from: input_file:be/atbash/runtime/security/jwt/principal/JWTCallerPrincipalFactory.class */
public class JWTCallerPrincipalFactory {

    @Inject
    private JWTDecoder jwtDecoder;

    @Inject
    private KeySelector keySelector;

    public JWTCallerPrincipal parse(String str, JWTAuthContextInfo jWTAuthContextInfo) {
        if (SystemPropertyUtil.getInstance().isTck("jwt") && jWTAuthContextInfo.isJWERequired() && this.jwtDecoder.determineEncoding(str) != JWTEncoding.JWE) {
            throw new InvalidJWTException("Token must be a JWE");
        }
        MPBearerTokenVerifier mPBearerTokenVerifier = new MPBearerTokenVerifier(jWTAuthContextInfo);
        return new DefaultJWTCallerPrincipal(str, (JWTClaimsSet) (jWTAuthContextInfo.getPublicKeyContent() != null ? this.jwtDecoder.decode(str, JWTClaimsSet.class, new InlineKeySelector(jWTAuthContextInfo.getPublicKeyContent()), mPBearerTokenVerifier, new String[0]) : this.jwtDecoder.decode(str, JWTClaimsSet.class, this.keySelector, mPBearerTokenVerifier, new String[0])).getData(), jWTAuthContextInfo);
    }
}
