package org.apache.cxf.rs.security.oidc.rp;

import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oidc.common.UserToken;
import org.apache.cxf.rs.security.oidc.utils.OidcUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/oidc/rp/UserTokenValidator.class */
public class UserTokenValidator extends AbstractTokenValidator {
    private boolean requireAtHash = true;

    public UserToken getIdTokenFromJwt(ClientAccessToken clientAccessToken, String str) {
        return getIdTokenFromJwt(getIdJwtToken(clientAccessToken, str), str);
    }

    public UserToken getIdTokenFromJwt(JwtToken jwtToken, String str) {
        return new UserToken(jwtToken.getClaims().asMap());
    }

    public JwtToken getIdJwtToken(ClientAccessToken clientAccessToken, String str) {
        JwtToken jwtToken = getJwtToken((String) clientAccessToken.getParameters().get(OidcUtils.ID_TOKEN), str, null, false);
        validateJwtClaims(jwtToken.getClaims(), str, true);
        OidcUtils.validateAccessTokenHash(clientAccessToken, jwtToken, this.requireAtHash);
        return jwtToken;
    }

    public void setRequireAtHash(boolean z) {
        this.requireAtHash = z;
    }
}
