package no.nav.brukerdialog.security.oidc.provider;

import java.security.Key;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import no.nav.brukerdialog.security.Constants;
import no.nav.brukerdialog.security.domain.IdentType;
import no.nav.brukerdialog.security.domain.OidcCredential;
import no.nav.brukerdialog.security.jaspic.TokenLocator;
import no.nav.brukerdialog.security.jwks.CacheMissAction;
import no.nav.brukerdialog.security.jwks.JsonWebKeyCache;
import no.nav.brukerdialog.security.jwks.JwtHeader;
import no.nav.brukerdialog.security.oidc.IdTokenProvider;
import no.nav.brukerdialog.security.oidc.IdTokenProviderConfig;
import no.nav.brukerdialog.security.oidc.OidcTokenUtils;

/* loaded from: input_file:no/nav/brukerdialog/security/oidc/provider/IssoOidcProvider.class */
public class IssoOidcProvider implements OidcProvider {
    private final TokenLocator tokenLocator;
    private final IdTokenProvider idTokenProvider;
    private final JsonWebKeyCache keyCache;
    private final String issoExpectedTokenIssuer;

    public IssoOidcProvider() {
        this(IssoOidcProviderConfig.resolveFromSystemProperties());
    }

    public IssoOidcProvider(IssoOidcProviderConfig issoOidcProviderConfig) {
        this.tokenLocator = new TokenLocator(Constants.ID_TOKEN_COOKIE_NAME, "refresh_token");
        this.issoExpectedTokenIssuer = issoOidcProviderConfig.issoExpectedTokenIssuer;
        this.idTokenProvider = new IdTokenProvider(IdTokenProviderConfig.from(issoOidcProviderConfig));
        this.keyCache = new JsonWebKeyCache(issoOidcProviderConfig.issoJwksUrl, true);
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public String getExpectedIssuer() {
        return this.issoExpectedTokenIssuer;
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public String getExpectedAudience(String str) {
        return null;
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public Optional<Key> getVerificationKey(JwtHeader jwtHeader, CacheMissAction cacheMissAction) {
        return this.keyCache.getVerificationKey(jwtHeader, cacheMissAction);
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public Optional<String> getToken(HttpServletRequest httpServletRequest) {
        return this.tokenLocator.getToken(httpServletRequest);
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public Optional<String> getRefreshToken(HttpServletRequest httpServletRequest) {
        return this.tokenLocator.getRefreshToken(httpServletRequest);
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public OidcCredential getFreshToken(String str, String str2) {
        return this.idTokenProvider.getToken(str, OidcTokenUtils.getOpenamClientFromToken(str2));
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public IdentType getIdentType(String str) {
        return IdentType.InternBruker;
    }
}
