package org.pac4j.jwt.credentials.authenticator;

import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.MACVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import org.pac4j.core.exception.CredentialsException;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.profile.ProfileHelper;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.http.credentials.TokenCredentials;
import org.pac4j.http.credentials.authenticator.TokenAuthenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/jwt/credentials/authenticator/JwtAuthenticator.class */
public class JwtAuthenticator implements TokenAuthenticator {
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private String secret;

    public JwtAuthenticator() {
    }

    public JwtAuthenticator(String str) {
        this.secret = str;
    }

    public void validate(TokenCredentials tokenCredentials) {
        CommonHelper.assertNotBlank("secret", this.secret);
        String token = tokenCredentials.getToken();
        try {
            JWEObject parse = JWEObject.parse(token);
            parse.decrypt(new DirectDecrypter(this.secret.getBytes("UTF-8")));
            SignedJWT signedJWT = parse.getPayload().toSignedJWT();
            if (!signedJWT.verify(new MACVerifier(this.secret))) {
                String str = "JWT verification failed: " + token;
                this.logger.error(str);
                throw new CredentialsException(str);
            }
            try {
                JWTClaimsSet jWTClaimsSet = signedJWT.getJWTClaimsSet();
                tokenCredentials.setUserProfile(ProfileHelper.buildProfile(jWTClaimsSet.getSubject(), jWTClaimsSet.getClaims()));
            } catch (Exception e) {
                this.logger.error("Cannot get claimSet", e);
                throw new TechnicalException("Cannot get claimSet: " + e.getMessage());
            }
        } catch (Exception e2) {
            this.logger.error("Cannot decrypt / verify JWT", e2);
            throw new TechnicalException("Cannot decrypt / verify JWT: " + e2.getMessage());
        }
    }

    public String getSecret() {
        return this.secret;
    }

    public void setSecret(String str) {
        this.secret = str;
    }
}
