package no.nav.security.token.support.core.validation;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import com.nimbusds.jwt.proc.JWTClaimsSetVerifier;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import no.nav.security.token.support.core.exceptions.JwtTokenValidatorException;

@Deprecated(since = "3.1.3", forRemoval = true)
/* loaded from: input_file:no/nav/security/token/support/core/validation/ConfigurableJwtTokenValidator.class */
public class ConfigurableJwtTokenValidator implements JwtTokenValidator {
    private final String issuer;
    private final RemoteJWKSet<SecurityContext> remoteJWKSet;
    private final List<String> defaultRequiredClaims = List.of("sub", "aud", "iss", "iat", "exp", "nbf");
    private final List<String> requiredClaims;

    public ConfigurableJwtTokenValidator(String str, List<String> list, RemoteJWKSet<SecurityContext> remoteJWKSet) {
        this.issuer = str;
        this.remoteJWKSet = remoteJWKSet;
        this.requiredClaims = removeOptionalClaims(this.defaultRequiredClaims, (List) Optional.ofNullable(list).orElse(List.of()));
    }

    @Override // no.nav.security.token.support.core.validation.JwtTokenValidator
    public void assertValidToken(String str) throws JwtTokenValidatorException {
        verify(this.issuer, str, new JWSVerificationKeySelector<>(JWSAlgorithm.RS256, this.remoteJWKSet));
    }

    private void verify(String str, String str2, JWSVerificationKeySelector<SecurityContext> jWSVerificationKeySelector) {
        verify(str2, (JWTClaimsSetVerifier<SecurityContext>) new DefaultJWTClaimsVerifier(new JWTClaimsSet.Builder().issuer(str).build(), new HashSet(this.requiredClaims)), jWSVerificationKeySelector);
    }

    private void verify(String str, JWTClaimsSetVerifier<SecurityContext> jWTClaimsSetVerifier, JWSVerificationKeySelector<SecurityContext> jWSVerificationKeySelector) {
        try {
            DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
            defaultJWTProcessor.setJWSKeySelector(jWSVerificationKeySelector);
            defaultJWTProcessor.setJWTClaimsSetVerifier(jWTClaimsSetVerifier);
            defaultJWTProcessor.process(parse(str), (SecurityContext) null);
        } catch (Throwable th) {
            throw new JwtTokenValidatorException("Token validation failed: " + th.getMessage(), th);
        }
    }

    private static <T> List<T> removeOptionalClaims(List<T> list, List<T> list2) {
        return list.stream().filter(obj -> {
            return !list2.contains(obj);
        }).toList();
    }

    private JWT parse(String str) {
        try {
            return JWTParser.parse(str);
        } catch (Throwable th) {
            throw new JwtTokenValidatorException("Token verification failed: " + th.getMessage(), th);
        }
    }
}
