package io.quarkus.oidc.runtime;

import io.quarkus.oidc.IdToken;
import io.quarkus.security.credential.TokenCredential;
import io.quarkus.security.identity.SecurityIdentity;
import java.util.Set;
import javax.annotation.Priority;
import javax.enterprise.context.RequestScoped;
import javax.enterprise.inject.Alternative;
import javax.enterprise.inject.Produces;
import javax.inject.Inject;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;

@Alternative
@Priority(2)
@RequestScoped
/* loaded from: input_file:io/quarkus/oidc/runtime/OidcJsonWebTokenProducer.class */
public class OidcJsonWebTokenProducer {

    @Inject
    SecurityIdentity identity;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcJsonWebTokenProducer$NullJsonWebToken.class */
    public static class NullJsonWebToken implements JsonWebToken {
        private NullJsonWebToken() {
        }

        public String getName() {
            return null;
        }

        public Set<String> getClaimNames() {
            return null;
        }

        public <T> T getClaim(String str) {
            return null;
        }
    }

    @RequestScoped
    @Produces
    JsonWebToken currentAccessToken() {
        return getTokenCredential(AccessTokenCredential.class);
    }

    @RequestScoped
    @Produces
    @IdToken
    JsonWebToken currentIdToken() {
        return getTokenCredential(IdTokenCredential.class);
    }

    @RequestScoped
    @Produces
    RefreshToken currentRefreshToken() {
        return this.identity.getCredential(RefreshToken.class);
    }

    private JsonWebToken getTokenCredential(Class<? extends TokenCredential> cls) {
        if (this.identity.isAnonymous()) {
            return new NullJsonWebToken();
        }
        TokenCredential credential = this.identity.getCredential(cls);
        if (credential == null) {
            throw new IllegalStateException("Current identity not associated with an access token");
        }
        try {
            return new OidcJwtCallerPrincipal(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(credential.getToken()));
        } catch (InvalidJwtException e) {
            throw new RuntimeException((Throwable) e);
        }
    }
}
