package org.connectorio.dropwizard.nimbus.auth.jwt;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.DefaultResourceRetriever;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import io.dropwizard.auth.AuthenticationException;
import io.dropwizard.auth.Authenticator;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Optional;
import org.connectorio.dropwizard.nimbus.auth.jwt.JwtClaimsSetPrincipal;
import org.connectorio.dropwizard.nimbus.auth.jwt.config.JwtConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/connectorio/dropwizard/nimbus/auth/jwt/DefaultJwtAuthenticator.class */
public class DefaultJwtAuthenticator<P extends JwtClaimsSetPrincipal> implements Authenticator<JWT, P> {
    private final Logger logger;
    private final JwtClaimsSetAuthenticator<P> delegate;
    private final URL jwkSetUrl;
    private final RemoteJWKSet<SecurityContext> jwkSource;
    private final JWSVerificationKeySelector<SecurityContext> jwsKeySelector;
    private final DefaultJWTProcessor<SecurityContext> processor;

    public DefaultJwtAuthenticator(JwtClaimsSetAuthenticator<P> jwtClaimsSetAuthenticator, JwtConfiguration jwtConfiguration) {
        this(jwtClaimsSetAuthenticator, jwtConfiguration.getUri(), JWSAlgorithm.parse(jwtConfiguration.getSignatureAlgorithm()));
    }

    public DefaultJwtAuthenticator(JwtClaimsSetAuthenticator<P> jwtClaimsSetAuthenticator, String str, JWSAlgorithm jWSAlgorithm) {
        this(jwtClaimsSetAuthenticator, url(str), jWSAlgorithm);
    }

    public DefaultJwtAuthenticator(JwtClaimsSetAuthenticator<P> jwtClaimsSetAuthenticator, URL url, JWSAlgorithm jWSAlgorithm) {
        this.logger = LoggerFactory.getLogger(DefaultJwtAuthenticator.class);
        this.delegate = jwtClaimsSetAuthenticator;
        this.jwkSetUrl = url;
        this.jwkSource = new RemoteJWKSet<>(this.jwkSetUrl, new DefaultResourceRetriever(30000, 30000));
        this.jwsKeySelector = new JWSVerificationKeySelector<>(jWSAlgorithm, this.jwkSource);
        DefaultJWTProcessor<SecurityContext> defaultJWTProcessor = new DefaultJWTProcessor<>();
        defaultJWTProcessor.setJWSKeySelector(this.jwsKeySelector);
        defaultJWTProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier());
        this.processor = defaultJWTProcessor;
    }

    public Optional<P> authenticate(JWT jwt) throws AuthenticationException {
        try {
            return this.delegate.authenticate(this.processor.process(jwt, (SecurityContext) null));
        } catch (BadJOSEException e) {
            this.logger.error("Token validation failed", e);
            return Optional.empty();
        } catch (JOSEException e2) {
            this.logger.error("Signature check failed", e2);
            return Optional.empty();
        }
    }

    private static URL url(String str) {
        try {
            return new URL(str);
        } catch (MalformedURLException e) {
            throw new RuntimeException("Could not parse JWK URL", e);
        }
    }
}
