package com.azure.spring.cloud.autoconfigure.aadb2c.implementation;

import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtDecoderFactory;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:com/azure/spring/cloud/autoconfigure/aadb2c/implementation/AadB2cOidcIdTokenDecoderFactory.class */
public class AadB2cOidcIdTokenDecoderFactory implements JwtDecoderFactory<ClientRegistration> {
    private final RestOperations restOperations;

    public AadB2cOidcIdTokenDecoderFactory(RestOperations restOperations) {
        this.restOperations = restOperations;
    }

    public JwtDecoder createDecoder(ClientRegistration clientRegistration) {
        String jwkSetUri = clientRegistration.getProviderDetails().getJwkSetUri();
        if (StringUtils.hasText(jwkSetUri)) {
            return NimbusJwtDecoder.withJwkSetUri(jwkSetUri).jwsAlgorithm(SignatureAlgorithm.RS256).restOperations(this.restOperations).build();
        }
        OAuth2Error oAuth2Error = new OAuth2Error("missing_signature_verifier", "Failed to find a Signature Verifier for Client Registration: '" + clientRegistration.getRegistrationId() + "'. Check to ensure you have configured the JwkSet URI.", (String) null);
        throw new OAuth2AuthenticationException(oAuth2Error, oAuth2Error.toString());
    }
}
