package org.springframework.security.oauth2.jwt;

import java.util.Map;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.RequestEntity;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.class */
public final class ReactiveJwtDecoders {
    public static ReactiveJwtDecoder fromOidcIssuerLocation(String str) {
        Map<String, Object> openidConfiguration = getOpenidConfiguration(str);
        String obj = openidConfiguration.containsKey("issuer") ? openidConfiguration.get("issuer").toString() : "(unavailable)";
        if (!str.equals(obj)) {
            throw new IllegalStateException("The Issuer \"" + obj + "\" provided in the OpenID Configuration did not match the requested issuer \"" + str + "\"");
        }
        OAuth2TokenValidator<Jwt> createDefaultWithIssuer = JwtValidators.createDefaultWithIssuer(str);
        NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = new NimbusReactiveJwtDecoder(openidConfiguration.get("jwks_uri").toString());
        nimbusReactiveJwtDecoder.setJwtValidator(createDefaultWithIssuer);
        return nimbusReactiveJwtDecoder;
    }

    private static Map<String, Object> getOpenidConfiguration(String str) {
        try {
            return (Map) new RestTemplate().exchange(RequestEntity.get(UriComponentsBuilder.fromUriString(str + "/.well-known/openid-configuration").build().toUri()).build(), new ParameterizedTypeReference<Map<String, Object>>() { // from class: org.springframework.security.oauth2.jwt.ReactiveJwtDecoders.1
            }).getBody();
        } catch (RuntimeException e) {
            throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of \"" + str + "\"", e);
        }
    }

    private ReactiveJwtDecoders() {
    }
}
