package org.mockserver.authentication.jwt;

import java.text.ParseException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.mockserver.authentication.AuthenticationException;
import shaded_package.com.nimbusds.jose.JOSEException;
import shaded_package.com.nimbusds.jose.JOSEObjectType;
import shaded_package.com.nimbusds.jose.JWSAlgorithm;
import shaded_package.com.nimbusds.jose.jwk.source.JWKSource;
import shaded_package.com.nimbusds.jose.proc.BadJOSEException;
import shaded_package.com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
import shaded_package.com.nimbusds.jose.proc.JWSVerificationKeySelector;
import shaded_package.com.nimbusds.jose.proc.SecurityContext;
import shaded_package.com.nimbusds.jwt.JWTClaimsSet;
import shaded_package.com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import shaded_package.com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import shaded_package.com.nimbusds.jwt.proc.DefaultJWTProcessor;
import shaded_package.org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/mockserver/authentication/jwt/JWTValidator.class */
public class JWTValidator {
    private final JWKSource<SecurityContext> jwkSource;
    private final ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor();
    private String expectedAudience;
    private Map<String, String> matchingClaims;
    private Set<String> requiredClaims;
    private static final Set<JWSAlgorithm> JWS_ALGORITHMS = new HashSet(Arrays.asList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512, JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512, JWSAlgorithm.ES256, JWSAlgorithm.ES256K, JWSAlgorithm.ES384, JWSAlgorithm.ES512, JWSAlgorithm.PS256, JWSAlgorithm.PS384, JWSAlgorithm.PS512, JWSAlgorithm.EdDSA));

    public JWTValidator(JWKSource<SecurityContext> jWKSource) {
        this.jwkSource = jWKSource;
        this.jwtProcessor.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier(null, new JOSEObjectType("at+jwt"), JOSEObjectType.JOSE, JOSEObjectType.JOSE_JSON, JOSEObjectType.JWT));
    }

    public JWTValidator withExpectedAudience(String str) {
        if (StringUtils.isNotBlank(str)) {
            this.expectedAudience = str;
        } else {
            this.expectedAudience = null;
        }
        return this;
    }

    public JWTValidator withMatchingClaims(Map<String, String> map) {
        if (map.isEmpty()) {
            this.matchingClaims = null;
        } else {
            this.matchingClaims = map;
        }
        return this;
    }

    public JWTValidator withRequiredClaims(Set<String> set) {
        if (set.isEmpty()) {
            this.requiredClaims = null;
        } else {
            this.requiredClaims = set;
        }
        return this;
    }

    public JWTClaimsSet validate(String str) {
        try {
            this.jwtProcessor.setJWSKeySelector(new JWSVerificationKeySelector(JWS_ALGORITHMS, this.jwkSource));
            JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
            if (this.matchingClaims != null) {
                Map<String, String> map = this.matchingClaims;
                builder.getClass();
                map.forEach((v1, v2) -> {
                    r1.claim(v1, v2);
                });
            }
            this.jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier(this.expectedAudience, builder.build(), this.requiredClaims));
            return this.jwtProcessor.process(str, (String) null);
        } catch (ParseException | JOSEException | BadJOSEException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }
}
