package com.atlassian.asap.core.validator;

import com.atlassian.asap.api.Jwt;
import com.atlassian.asap.api.exception.CannotRetrieveKeyException;
import com.atlassian.asap.api.exception.InvalidTokenException;
import com.atlassian.asap.core.keys.KeyProvider;
import com.atlassian.asap.core.parser.JwtParser;
import com.atlassian.asap.core.parser.VerifiableJwt;
import com.atlassian.asap.core.server.AuthenticationContext;
import com.atlassian.asap.nimbus.parser.NimbusJwtParser;
import java.security.PublicKey;
import java.time.Clock;
import java.util.Collections;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Supplier;

/* loaded from: input_file:com/atlassian/asap/core/validator/JwtValidatorImpl.class */
public class JwtValidatorImpl implements JwtValidator, JwtRevalidator {
    private final KeyProvider<PublicKey> publicKeyProvider;
    private final JwtParser jwtParser;
    private final JwtClaimsValidator jwtClaimsValidator;
    private final Supplier<Set<String>> resourceServerAudiences;

    public JwtValidatorImpl(KeyProvider<PublicKey> keyProvider, JwtParser jwtParser, JwtClaimsValidator jwtClaimsValidator, Supplier<Set<String>> supplier) {
        this.publicKeyProvider = (KeyProvider) Objects.requireNonNull(keyProvider);
        this.jwtParser = (JwtParser) Objects.requireNonNull(jwtParser);
        this.jwtClaimsValidator = (JwtClaimsValidator) Objects.requireNonNull(jwtClaimsValidator);
        this.resourceServerAudiences = (Supplier) Objects.requireNonNull(supplier);
    }

    public JwtValidatorImpl(KeyProvider<PublicKey> keyProvider, JwtParser jwtParser, JwtClaimsValidator jwtClaimsValidator, Set<String> set) {
        this(keyProvider, jwtParser, jwtClaimsValidator, (Supplier<Set<String>>) () -> {
            return set;
        });
    }

    public JwtValidatorImpl(KeyProvider<PublicKey> keyProvider, JwtParser jwtParser, JwtClaimsValidator jwtClaimsValidator, String str) {
        this(keyProvider, jwtParser, jwtClaimsValidator, (Set<String>) Collections.singleton(str));
    }

    @Override // com.atlassian.asap.core.validator.JwtValidator
    public final Jwt readAndValidate(String str) throws InvalidTokenException, CannotRetrieveKeyException {
        VerifiableJwt parse = this.jwtParser.parse(str);
        parse.verifySignature((PublicKey) this.publicKeyProvider.getKey(ValidatedKeyId.validate(parse.getHeader().getKeyId())));
        this.jwtClaimsValidator.validate(parse, this.resourceServerAudiences.get());
        return parse;
    }

    @Override // com.atlassian.asap.core.validator.JwtValidator
    public final Optional<String> determineUnverifiedIssuer(String str) {
        return this.jwtParser.determineUnverifiedIssuer(str);
    }

    @Override // com.atlassian.asap.core.validator.JwtRevalidator
    public void revalidateClaims(Jwt jwt) throws InvalidTokenException {
        this.jwtClaimsValidator.validate(jwt, this.resourceServerAudiences.get());
    }

    public static JwtValidator createDefault(AuthenticationContext authenticationContext) {
        return new JwtValidatorImpl(authenticationContext.getPublicKeyProvider(), (JwtParser) new NimbusJwtParser(), new JwtClaimsValidator(Clock.systemUTC()), authenticationContext.getResourceServerAudiences());
    }

    public static JwtValidator createDefault(String str, String str2) {
        return createDefault(new AuthenticationContext(str, str2));
    }

    public static JwtValidator createDefault(Set<String> set, String str) {
        return createDefault(new AuthenticationContext(set, str));
    }
}
