package no.nav.security.token.support.core.validation;

import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.ResourceRetriever;
import com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata;
import java.net.MalformedURLException;
import java.net.URL;
import no.nav.security.token.support.core.configuration.IssuerProperties;
import no.nav.security.token.support.core.exceptions.MetaDataNotAvailableException;

/* loaded from: input_file:no/nav/security/token/support/core/validation/JwtTokenValidatorFactory.class */
public class JwtTokenValidatorFactory {
    private JwtTokenValidatorFactory() {
    }

    public static JwtTokenValidator tokenValidator(IssuerProperties issuerProperties, AuthorizationServerMetadata authorizationServerMetadata, ResourceRetriever resourceRetriever) {
        return tokenValidator(issuerProperties, authorizationServerMetadata, jwkSource(issuerProperties, getJWKsUrl(authorizationServerMetadata), resourceRetriever));
    }

    public static JwtTokenValidator tokenValidator(IssuerProperties issuerProperties, AuthorizationServerMetadata authorizationServerMetadata, JWKSource<SecurityContext> jWKSource) {
        return new DefaultConfigurableJwtValidator(authorizationServerMetadata.getIssuer().getValue(), issuerProperties.getAcceptedAudience(), issuerProperties.getValidation().getOptionalClaims(), jWKSource);
    }

    private static JWKSource<SecurityContext> jwkSource(IssuerProperties issuerProperties, URL url, ResourceRetriever resourceRetriever) {
        JWKSourceBuilder create = JWKSourceBuilder.create(url, resourceRetriever);
        if (issuerProperties.getJwksCache().isConfigured().booleanValue()) {
            create.cache(issuerProperties.getJwksCache().getLifespanMillis().longValue(), issuerProperties.getJwksCache().getRefreshTimeMillis().longValue());
        }
        return create.build();
    }

    private static URL getJWKsUrl(AuthorizationServerMetadata authorizationServerMetadata) {
        try {
            return authorizationServerMetadata.getJWKSetURI().toURL();
        } catch (MalformedURLException e) {
            throw new MetaDataNotAvailableException(e);
        }
    }
}
