package app.utils.security.server.oauth;

import app.utils.config.AppConfig;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.KeySourceException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
import com.nimbusds.jose.proc.SecurityContext;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.PublicKeyJwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.filters.JwtAccessTokenValidator;

/* loaded from: input_file:app/utils/security/server/oauth/DynamicKeyJwtAccessTokenValidator.class */
public class DynamicKeyJwtAccessTokenValidator extends JwtAccessTokenValidator {
    private final JWKSource<SecurityContext> jwkSource;

    public DynamicKeyJwtAccessTokenValidator() {
        try {
            this.jwkSource = JWKSourceBuilder.create(new URI(AppConfig.getInstance().getConfigs().getString("oauth.provider.jwks.endpoint")).toURL()).cache(true).build();
        } catch (MalformedURLException | URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    protected JwsSignatureVerifier getInitializedSignatureVerifier(JwtToken jwtToken) {
        try {
            List list = this.jwkSource.get(new JWKSelector(new JWKMatcher.Builder().keyID(jwtToken.getJwsHeaders().getKeyId()).build()), (SecurityContext) null);
            if (list.isEmpty()) {
                throw new RuntimeException("Failed to find a matching public key for JWT verification. Key ID '" + jwtToken.getJwsHeaders().getKeyId() + "' does not correspond to any key in the JWK set retrieved from provider");
            }
            return new PublicKeyJwsSignatureVerifier(((JWK) list.get(0)).toRSAKey().toPublicKey(), jwtToken.getJwsHeaders().getSignatureAlgorithm());
        } catch (JOSEException e) {
            throw new RuntimeException("Unable to convert Access Token signature Public Key from provider", e);
        } catch (KeySourceException e2) {
            throw new RuntimeException("Unable to get Access Token signature Public Key from provider", e2);
        }
    }
}
