package no.nav.brukerdialog.security.oidc.provider;

import java.security.Key;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import no.nav.brukerdialog.security.domain.IdentType;
import no.nav.brukerdialog.security.domain.OidcCredential;
import no.nav.brukerdialog.security.jaspic.TokenLocator;
import no.nav.brukerdialog.security.jwks.CacheMissAction;
import no.nav.brukerdialog.security.jwks.JsonWebKeyCache;
import no.nav.brukerdialog.security.jwks.JwtHeader;
import no.nav.sbl.rest.RestUtils;

/* loaded from: input_file:no/nav/brukerdialog/security/oidc/provider/AzureADB2CProvider.class */
public class AzureADB2CProvider implements OidcProvider {
    private final TokenLocator tokenLocator;
    private final IdentType identType;
    private final String expectedAudience;
    private final JsonWebKeyCache keyCache;
    private final String expectedIssuer;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:no/nav/brukerdialog/security/oidc/provider/AzureADB2CProvider$IssuerMetaData.class */
    public static class IssuerMetaData {
        private String issuer;
        private String jwks_uri;

        private IssuerMetaData() {
        }
    }

    public AzureADB2CProvider(AzureADB2CConfig azureADB2CConfig) {
        this.expectedAudience = azureADB2CConfig.expectedAudience;
        IssuerMetaData issuerMetaData = (IssuerMetaData) RestUtils.withClient(client -> {
            return (IssuerMetaData) client.target(azureADB2CConfig.discoveryUrl).request().get(IssuerMetaData.class);
        });
        this.expectedIssuer = issuerMetaData.issuer;
        this.keyCache = new JsonWebKeyCache(issuerMetaData.jwks_uri, false);
        this.tokenLocator = new TokenLocator(azureADB2CConfig.tokenName, null);
        this.identType = azureADB2CConfig.identType;
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public String getExpectedIssuer() {
        return this.expectedIssuer;
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public String getExpectedAudience(String str) {
        return this.expectedAudience;
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public Optional<Key> getVerificationKey(JwtHeader jwtHeader, CacheMissAction cacheMissAction) {
        return this.keyCache.getVerificationKey(jwtHeader, cacheMissAction);
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public Optional<String> getToken(HttpServletRequest httpServletRequest) {
        return this.tokenLocator.getToken(httpServletRequest);
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public Optional<String> getRefreshToken(HttpServletRequest httpServletRequest) {
        return Optional.empty();
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public OidcCredential getFreshToken(String str, String str2) {
        throw new IllegalStateException("not supported");
    }

    @Override // no.nav.brukerdialog.security.oidc.provider.OidcProvider
    public IdentType getIdentType(String str) {
        return this.identType;
    }
}
