package org.apache.cxf.rs.security.oidc.rp;

import java.util.Map;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.client.Consumer;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.utils.OidcUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/oidc/rp/IdTokenReader.class */
public class IdTokenReader extends AbstractTokenValidator {
    private boolean requireAtHash = true;

    public IdToken getIdToken(ClientAccessToken clientAccessToken, Consumer consumer) {
        return getIdTokenFromJwt(getIdJwtToken(clientAccessToken, consumer));
    }

    public IdToken getIdToken(String str, Consumer consumer) {
        return getIdTokenFromJwt(getIdJwtToken(str, consumer));
    }

    public JwtToken getIdJwtToken(ClientAccessToken clientAccessToken, Consumer consumer) {
        JwtToken idJwtToken = getIdJwtToken((String) clientAccessToken.getParameters().get(OidcUtils.ID_TOKEN), consumer);
        OidcUtils.validateAccessTokenHash(clientAccessToken, idJwtToken, this.requireAtHash);
        return idJwtToken;
    }

    public JwtToken getIdJwtToken(String str, Consumer consumer) {
        JwtToken jwtToken = getJwtToken(str, consumer.getSecret());
        validateJwtClaims(jwtToken.getClaims(), consumer.getKey(), true);
        return jwtToken;
    }

    private IdToken getIdTokenFromJwt(JwtToken jwtToken) {
        return new IdToken((Map<String, Object>) jwtToken.getClaims().asMap());
    }

    public void setRequireAtHash(boolean z) {
        this.requireAtHash = z;
    }
}
