package com.okta.jwt.impl;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.proc.SimpleSecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.okta.jwt.JoseException;
import com.okta.jwt.Jwt;
import com.okta.jwt.JwtVerifier;
import java.text.ParseException;
import java.time.Instant;
import java.util.Date;

/* loaded from: input_file:com/okta/jwt/impl/NimbusJwtVerifier.class */
public class NimbusJwtVerifier implements JwtVerifier {
    static final String TOKEN_TYPE_KEY = "token_type";
    static final String TOKEN_TYPE_ACCESS = "access_token";
    static final String TOKEN_TYPE_ID = "id_token";
    static final String NONCE_KEY = "nonce";
    private final ConfigurableJWTProcessor jwtProcessor;

    public NimbusJwtVerifier(ConfigurableJWTProcessor configurableJWTProcessor) {
        Assert.notNull(configurableJWTProcessor, "Nimbus JWT Processor cannot be empty");
        this.jwtProcessor = configurableJWTProcessor;
    }

    @Override // com.okta.jwt.JwtVerifier
    public Jwt decodeIdToken(String str, String str2) throws JoseException {
        Assert.notNull(str, "JWT String cannot be null");
        SimpleSecurityContext simpleSecurityContext = new SimpleSecurityContext();
        simpleSecurityContext.put(TOKEN_TYPE_KEY, TOKEN_TYPE_ID);
        simpleSecurityContext.put(NONCE_KEY, str2);
        return decode(str, simpleSecurityContext);
    }

    @Override // com.okta.jwt.JwtVerifier
    public Jwt decodeAccessToken(String str) throws JoseException {
        Assert.notNull(str, "JWT String cannot be null");
        SimpleSecurityContext simpleSecurityContext = new SimpleSecurityContext();
        simpleSecurityContext.put(TOKEN_TYPE_KEY, TOKEN_TYPE_ACCESS);
        return decode(str, simpleSecurityContext);
    }

    private Jwt decode(String str, SecurityContext securityContext) throws JoseException {
        try {
            JWTClaimsSet process = this.jwtProcessor.process(str, securityContext);
            return new DefaultJwt(str, nullSafeToInstant(process.getIssueTime()), nullSafeToInstant(process.getExpirationTime()), process.getClaims());
        } catch (BadJOSEException | JOSEException | ParseException e) {
            throw new JoseException("Failed to validate JWT string", e);
        }
    }

    private Instant nullSafeToInstant(Date date) {
        if (date != null) {
            return date.toInstant();
        }
        return null;
    }
}
