package org.springframework.security.oauth2.jwt;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:org/springframework/security/oauth2/jwt/JwtDecoders.class */
public final class JwtDecoders {
    public static JwtDecoder fromOidcIssuerLocation(String str) {
        OIDCProviderMetadata parse = parse(getOpenidConfiguration(str));
        String value = parse.getIssuer().getValue();
        if (!str.equals(value)) {
            throw new IllegalStateException("The Issuer \"" + value + "\" provided in the OpenID Configuration did not match the requested issuer \"" + str + "\"");
        }
        OAuth2TokenValidator<Jwt> createDefaultWithIssuer = JwtValidators.createDefaultWithIssuer(str);
        NimbusJwtDecoderJwkSupport nimbusJwtDecoderJwkSupport = new NimbusJwtDecoderJwkSupport(parse.getJWKSetURI().toASCIIString());
        nimbusJwtDecoderJwkSupport.setJwtValidator(createDefaultWithIssuer);
        return nimbusJwtDecoderJwkSupport;
    }

    private static String getOpenidConfiguration(String str) {
        try {
            return (String) new RestTemplate().getForObject(str + "/.well-known/openid-configuration", String.class, new Object[0]);
        } catch (RuntimeException e) {
            throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of \"" + str + "\"", e);
        }
    }

    private static OIDCProviderMetadata parse(String str) {
        try {
            return OIDCProviderMetadata.parse(str);
        } catch (ParseException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private JwtDecoders() {
    }
}
