package aQute.openapi.oauth2.provider;

import aQute.openapi.oauth2.provider.Handler;
import aQute.openapi.security.environment.api.OpenAPISecurityEnvironment;
import java.net.URISyntaxException;
import java.util.Optional;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.slf4j.Logger;

/* loaded from: input_file:aQute/openapi/oauth2/provider/OpenIdHandler.class */
public class OpenIdHandler extends Handler {
    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenIdHandler(Logger logger, OAuth2Configuration oAuth2Configuration, ProviderDefinition providerDefinition) throws URISyntaxException {
        super(logger, oAuth2Configuration, providerDefinition);
    }

    @Override // aQute.openapi.oauth2.provider.Handler
    public Handler.AuthenticateResult authenticate(AccessTokenResponse accessTokenResponse, OpenAPISecurityEnvironment openAPISecurityEnvironment) throws Exception {
        Handler.AuthenticateResult authenticateResult = new Handler.AuthenticateResult();
        try {
            String str = (String) new JwtConsumerBuilder().setSkipSignatureVerification().setSkipDefaultAudienceValidation().build().processToClaims(accessTokenResponse.id_token).getClaimValue("email", String.class);
            if (str == null) {
                authenticateResult.error = ErrorEnum.x_id_received.toString();
                authenticateResult.error_description = this.nameKey + "=" + str;
                return authenticateResult;
            }
            Optional user = openAPISecurityEnvironment.getUser(this.nameKey, str.toLowerCase());
            if (user.isPresent()) {
                authenticateResult.user = (String) user.get();
                return authenticateResult;
            }
            authenticateResult.error = ErrorEnum.x_no_such_user.toString();
            authenticateResult.error_description = this.nameKey + "=" + str;
            return authenticateResult;
        } catch (Exception e) {
            authenticateResult.error = ErrorEnum.x_jwt_verification_failed.toString();
            return authenticateResult;
        }
    }
}
