package no.nav.security.token.support.core.validation;

import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.ResourceRetriever;
import com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata;
import java.net.URL;
import kotlin.Metadata;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.Intrinsics;
import no.nav.security.token.support.core.configuration.IssuerProperties;
import org.jetbrains.annotations.NotNull;

/* compiled from: JwtTokenValidatorFactory.kt */
@Metadata(mv = {2, 0, 0}, k = 1, xi = 48, d1 = {"��8\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\bÆ\u0002\u0018��2\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003J \u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH\u0007J&\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\t2\f\u0010\f\u001a\b\u0012\u0004\u0012\u00020\u000e0\rH\u0007JI\u0010\u000f\u001a&\u0012\f\u0012\n \u0010*\u0004\u0018\u00010\u000e0\u000e \u0010*\u0012\u0012\f\u0012\n \u0010*\u0004\u0018\u00010\u000e0\u000e\u0018\u00010\r0\r2\u0006\u0010\u0006\u001a\u00020\u00072\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\n\u001a\u00020\u000bH\u0002¢\u0006\u0002\u0010\u0013¨\u0006\u0014"}, d2 = {"Lno/nav/security/token/support/core/validation/JwtTokenValidatorFactory;", "", "<init>", "()V", "tokenValidator", "Lno/nav/security/token/support/core/validation/DefaultConfigurableJwtValidator;", "p", "Lno/nav/security/token/support/core/configuration/IssuerProperties;", "md", "Lcom/nimbusds/oauth2/sdk/as/AuthorizationServerMetadata;", "retriever", "Lcom/nimbusds/jose/util/ResourceRetriever;", "remoteJWKSet", "Lcom/nimbusds/jose/jwk/source/JWKSource;", "Lcom/nimbusds/jose/proc/SecurityContext;", "jwkSource", "kotlin.jvm.PlatformType", "jwksUrl", "Ljava/net/URL;", "(Lno/nav/security/token/support/core/configuration/IssuerProperties;Ljava/net/URL;Lcom/nimbusds/jose/util/ResourceRetriever;)Lcom/nimbusds/jose/jwk/source/JWKSource;", "token-validation-core"})
/* loaded from: input_file:no/nav/security/token/support/core/validation/JwtTokenValidatorFactory.class */
public final class JwtTokenValidatorFactory {

    @NotNull
    public static final JwtTokenValidatorFactory INSTANCE = new JwtTokenValidatorFactory();

    private JwtTokenValidatorFactory() {
    }

    @JvmStatic
    @NotNull
    public static final DefaultConfigurableJwtValidator tokenValidator(@NotNull IssuerProperties issuerProperties, @NotNull AuthorizationServerMetadata authorizationServerMetadata, @NotNull ResourceRetriever resourceRetriever) {
        Intrinsics.checkNotNullParameter(issuerProperties, "p");
        Intrinsics.checkNotNullParameter(authorizationServerMetadata, "md");
        Intrinsics.checkNotNullParameter(resourceRetriever, "retriever");
        JwtTokenValidatorFactory jwtTokenValidatorFactory = INSTANCE;
        JwtTokenValidatorFactory jwtTokenValidatorFactory2 = INSTANCE;
        URL url = authorizationServerMetadata.getJWKSetURI().toURL();
        Intrinsics.checkNotNullExpressionValue(url, "toURL(...)");
        JWKSource<SecurityContext> jwkSource = jwtTokenValidatorFactory2.jwkSource(issuerProperties, url, resourceRetriever);
        Intrinsics.checkNotNullExpressionValue(jwkSource, "jwkSource(...)");
        return tokenValidator(issuerProperties, authorizationServerMetadata, jwkSource);
    }

    @JvmStatic
    @NotNull
    public static final DefaultConfigurableJwtValidator tokenValidator(@NotNull IssuerProperties issuerProperties, @NotNull AuthorizationServerMetadata authorizationServerMetadata, @NotNull JWKSource<SecurityContext> jWKSource) {
        Intrinsics.checkNotNullParameter(issuerProperties, "p");
        Intrinsics.checkNotNullParameter(authorizationServerMetadata, "md");
        Intrinsics.checkNotNullParameter(jWKSource, "remoteJWKSet");
        String value = authorizationServerMetadata.getIssuer().getValue();
        Intrinsics.checkNotNullExpressionValue(value, "getValue(...)");
        return new DefaultConfigurableJwtValidator(value, issuerProperties.getAcceptedAudience(), issuerProperties.getValidation().getOptionalClaims(), jWKSource);
    }

    private final JWKSource<SecurityContext> jwkSource(IssuerProperties issuerProperties, URL url, ResourceRetriever resourceRetriever) {
        JWKSourceBuilder create = JWKSourceBuilder.create(url, resourceRetriever);
        if (issuerProperties.getJwksCache().isConfigured()) {
            create.cache(issuerProperties.getJwksCache().getLifespanMillis(), issuerProperties.getJwksCache().getRefreshTimeMillis());
        }
        return create.build();
    }
}
