package org.springframework.security.oauth2.jwt;

import com.nimbusds.jose.RemoteKeySourceException;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.JWTProcessor;
import java.text.ParseException;
import java.time.Instant;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/oauth2/jwt/NimbusJwtDecoder.class */
public final class NimbusJwtDecoder implements JwtDecoder {
    private static final String DECODING_ERROR_MESSAGE_TEMPLATE = "An error occurred while attempting to decode the Jwt: %s";
    private final JWTProcessor<SecurityContext> jwtProcessor;
    private Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
    private OAuth2TokenValidator<Jwt> jwtValidator = JwtValidators.createDefault();

    public NimbusJwtDecoder(JWTProcessor<SecurityContext> jWTProcessor) {
        Assert.notNull(jWTProcessor, "jwtProcessor cannot be null");
        this.jwtProcessor = jWTProcessor;
    }

    public void setJwtValidator(OAuth2TokenValidator<Jwt> oAuth2TokenValidator) {
        Assert.notNull(oAuth2TokenValidator, "jwtValidator cannot be null");
        this.jwtValidator = oAuth2TokenValidator;
    }

    public void setClaimSetConverter(Converter<Map<String, Object>, Map<String, Object>> converter) {
        Assert.notNull(converter, "claimSetConverter cannot be null");
        this.claimSetConverter = converter;
    }

    @Override // org.springframework.security.oauth2.jwt.JwtDecoder
    public Jwt decode(String str) throws JwtException {
        JWT parse = parse(str);
        if (parse instanceof SignedJWT) {
            return validateJwt(createJwt(str, parse));
        }
        throw new JwtException("Unsupported algorithm of " + parse.getHeader().getAlgorithm());
    }

    private JWT parse(String str) {
        try {
            return JWTParser.parse(str);
        } catch (Exception e) {
            throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, e.getMessage()), e);
        }
    }

    private Jwt createJwt(String str, JWT jwt) {
        try {
            JWTClaimsSet process = this.jwtProcessor.process(jwt, (SecurityContext) null);
            LinkedHashMap linkedHashMap = new LinkedHashMap((Map) jwt.getHeader().toJSONObject());
            Map map = (Map) this.claimSetConverter.convert(process.getClaims());
            return new Jwt(str, (Instant) map.get(JwtClaimNames.IAT), (Instant) map.get(JwtClaimNames.EXP), linkedHashMap, map);
        } catch (Exception e) {
            if (e.getCause() instanceof ParseException) {
                throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed payload"));
            }
            throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, e.getMessage()), e);
        } catch (RemoteKeySourceException e2) {
            if (e2.getCause() instanceof ParseException) {
                throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed Jwk set"));
            }
            throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, e2.getMessage()), e2);
        }
    }

    private Jwt validateJwt(Jwt jwt) {
        OAuth2TokenValidatorResult validate = this.jwtValidator.validate(jwt);
        if (validate.hasErrors()) {
            throw new JwtValidationException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ((OAuth2Error) validate.getErrors().iterator().next()).getDescription()), validate.getErrors());
        }
        return jwt;
    }
}
