package no.nav.security.token.support.core.validation;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import no.nav.security.token.support.core.exceptions.JwtTokenValidatorException;

/* loaded from: input_file:no/nav/security/token/support/core/validation/DefaultConfigurableJwtValidator.class */
public class DefaultConfigurableJwtValidator implements JwtTokenValidator {
    private static final List<String> DEFAULT_REQUIRED_CLAIMS = List.of("aud", "exp", "iat", "iss", "sub");
    private static final Set<String> PROHIBITED_CLAIMS = Collections.emptySet();
    private final JWKSource<SecurityContext> jwkSource;
    private final ConfigurableJWTProcessor<SecurityContext> jwtProcessor;

    public DefaultConfigurableJwtValidator(String str, List<String> list, JWKSource<SecurityContext> jWKSource) {
        this(str, list, null, jWKSource);
    }

    public DefaultConfigurableJwtValidator(String str, List<String> list, List<String> list2, JWKSource<SecurityContext> jWKSource) {
        List list3 = (List) Optional.ofNullable(list).orElse(List.of());
        List list4 = (List) Optional.ofNullable(list2).orElse(List.of());
        Set difference = difference(DEFAULT_REQUIRED_CLAIMS, list4);
        JWTClaimsSet build = new JWTClaimsSet.Builder().issuer(str).build();
        JWSVerificationKeySelector jWSVerificationKeySelector = new JWSVerificationKeySelector(JWSAlgorithm.RS256, jWKSource);
        DefaultJwtClaimsVerifier defaultJwtClaimsVerifier = new DefaultJwtClaimsVerifier(acceptedAudiences(list3, list4), build, difference, PROHIBITED_CLAIMS);
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        defaultJWTProcessor.setJWSKeySelector(jWSVerificationKeySelector);
        defaultJWTProcessor.setJWTClaimsSetVerifier(defaultJwtClaimsVerifier);
        this.jwkSource = jWKSource;
        this.jwtProcessor = defaultJWTProcessor;
    }

    @Override // no.nav.security.token.support.core.validation.JwtTokenValidator
    public void assertValidToken(String str) throws JwtTokenValidatorException {
        try {
            this.jwtProcessor.process(str, (SecurityContext) null);
        } catch (Throwable th) {
            throw new JwtTokenValidatorException("Token validation failed: " + th.getMessage(), th);
        }
    }

    private static Set<String> acceptedAudiences(List<String> list, List<String> list2) {
        if (!list2.contains("aud")) {
            return new HashSet(list);
        }
        if (list.isEmpty()) {
            return null;
        }
        ArrayList arrayList = new ArrayList(list);
        arrayList.add(null);
        return new HashSet(arrayList);
    }

    private static <T> Set<T> difference(List<T> list, List<T> list2) {
        return (Set) list.stream().filter(obj -> {
            return !list2.contains(obj);
        }).collect(Collectors.toUnmodifiableSet());
    }

    protected JWKSource<SecurityContext> getJwkSource() {
        return this.jwkSource;
    }
}
