package no.nav.security.token.support.core.validation;

import com.nimbusds.jose.jwk.source.DefaultJWKSetCache;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.ResourceRetriever;
import com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.concurrent.TimeUnit;
import no.nav.security.token.support.core.configuration.IssuerProperties;
import no.nav.security.token.support.core.exceptions.MetaDataNotAvailableException;

/* loaded from: input_file:no/nav/security/token/support/core/validation/JwtTokenValidatorFactory.class */
public class JwtTokenValidatorFactory {
    public static JwtTokenValidator tokenValidator(IssuerProperties issuerProperties, AuthorizationServerMetadata authorizationServerMetadata, ResourceRetriever resourceRetriever) {
        return tokenValidator(issuerProperties, authorizationServerMetadata, remoteJwkSet(issuerProperties, getJWKsUrl(authorizationServerMetadata), resourceRetriever));
    }

    public static JwtTokenValidator tokenValidator(IssuerProperties issuerProperties, AuthorizationServerMetadata authorizationServerMetadata, RemoteJWKSet<SecurityContext> remoteJWKSet) {
        return issuerProperties.getValidation().isConfigured().booleanValue() ? new ConfigurableJwtTokenValidator(authorizationServerMetadata.getIssuer().getValue(), issuerProperties.getValidation().getOptionalClaims(), remoteJWKSet) : new DefaultJwtTokenValidator(authorizationServerMetadata.getIssuer().getValue(), issuerProperties.getAcceptedAudience(), remoteJWKSet);
    }

    private static RemoteJWKSet<SecurityContext> remoteJwkSet(IssuerProperties issuerProperties, URL url, ResourceRetriever resourceRetriever) {
        return issuerProperties.getJwksCache().isConfigured().booleanValue() ? new RemoteJWKSet<>(url, resourceRetriever, new DefaultJWKSetCache(issuerProperties.getJwksCache().getLifespan().longValue(), issuerProperties.getJwksCache().getRefreshTime().longValue(), TimeUnit.MINUTES)) : new RemoteJWKSet<>(url, resourceRetriever);
    }

    private static URL getJWKsUrl(AuthorizationServerMetadata authorizationServerMetadata) {
        try {
            return authorizationServerMetadata.getJWKSetURI().toURL();
        } catch (MalformedURLException e) {
            throw new MetaDataNotAvailableException(e);
        }
    }
}
