package org.entur.jwt.spring;

import com.nimbusds.jose.Header;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.oauth2.jwt.BadJwtException;
import org.springframework.security.oauth2.jwt.JwtException;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/entur/jwt/spring/ReactiveJwtMonoConverter.class */
public class ReactiveJwtMonoConverter implements Converter<JWT, Mono<JWTClaimsSet>> {
    private final DefaultJWTProcessor<SecurityContext> jwtProcessor;
    private final JWSVerificationKeySelector selector;

    public ReactiveJwtMonoConverter(DefaultJWTProcessor<SecurityContext> defaultJWTProcessor, JWSVerificationKeySelector jWSVerificationKeySelector) {
        this.jwtProcessor = defaultJWTProcessor;
        this.selector = jWSVerificationKeySelector;
    }

    public Mono<JWTClaimsSet> convert(JWT jwt) {
        JWSHeader header = jwt.getHeader();
        if (this.selector.isAllowed(header.getAlgorithm())) {
            return Mono.fromCallable(() -> {
                return createClaimsSet(jwt, null);
            });
        }
        throw new BadJwtException("Unsupported algorithm of " + header.getAlgorithm());
    }

    private <C extends SecurityContext> JWTClaimsSet createClaimsSet(JWT jwt, C c) {
        try {
            return this.jwtProcessor.process(jwt, c);
        } catch (JOSEException e) {
            throw new JwtException("Failed to validate the token", e);
        } catch (BadJOSEException e2) {
            throw new BadJwtException("Failed to validate the token", e2);
        }
    }

    private JWKSelector createSelector(JWSVerificationKeySelector jWSVerificationKeySelector, Header header) {
        JWSHeader jWSHeader = (JWSHeader) header;
        if (jWSVerificationKeySelector.isAllowed(jWSHeader.getAlgorithm())) {
            return new JWKSelector(JWKMatcher.forJWSHeader(jWSHeader));
        }
        throw new BadJwtException("Unsupported algorithm of " + header.getAlgorithm());
    }
}
