package org.springframework.security.oauth2.jwt;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.DefaultResourceRetriever;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import java.net.MalformedURLException;
import java.net.URL;
import java.time.Instant;
import java.util.LinkedHashMap;
import java.util.Map;
import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.class */
public final class NimbusJwtDecoderJwkSupport implements JwtDecoder {
    private final URL jwkSetUrl;
    private final JWSAlgorithm jwsAlgorithm;
    private final ConfigurableJWTProcessor<SecurityContext> jwtProcessor;

    public NimbusJwtDecoderJwkSupport(String str) {
        this(str, JwsAlgorithms.RS256);
    }

    public NimbusJwtDecoderJwkSupport(String str, String str2) {
        Assert.hasText(str, "jwkSetUrl cannot be empty");
        Assert.hasText(str2, "jwsAlgorithm cannot be empty");
        try {
            this.jwkSetUrl = new URL(str);
            this.jwsAlgorithm = JWSAlgorithm.parse(str2);
            JWSVerificationKeySelector jWSVerificationKeySelector = new JWSVerificationKeySelector(this.jwsAlgorithm, new RemoteJWKSet(this.jwkSetUrl, new DefaultResourceRetriever(30000, 30000)));
            this.jwtProcessor = new DefaultJWTProcessor();
            this.jwtProcessor.setJWSKeySelector(jWSVerificationKeySelector);
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException("Invalid JWK Set URL " + str + " : " + e.getMessage(), e);
        }
    }

    @Override // org.springframework.security.oauth2.jwt.JwtDecoder
    public Jwt decode(String str) throws JwtException {
        try {
            JWT parse = JWTParser.parse(str);
            JWTClaimsSet process = this.jwtProcessor.process(parse, (SecurityContext) null);
            Instant instant = process.getExpirationTime().toInstant();
            return new Jwt(str, process.getIssueTime() != null ? process.getIssueTime().toInstant() : Instant.from(instant).minusSeconds(1L), instant, new LinkedHashMap((Map) parse.getHeader().toJSONObject()), process.getClaims());
        } catch (Exception e) {
            throw new JwtException("An error occurred while attempting to decode the Jwt: " + e.getMessage(), e);
        }
    }
}
