package fun.mike.azure.auth;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.DefaultResourceRetriever;
import com.nimbusds.jose.util.IOUtils;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.BadJWTException;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;

/* loaded from: input_file:fun/mike/azure/auth/TokenValidatorFactory.class */
public class TokenValidatorFactory {
    public static TokenValidator build(String str, final String str2, final String str3, int i, int i2) {
        try {
            try {
                String readInputStreamToString = IOUtils.readInputStreamToString(new URL(str).openStream(), StandardCharsets.UTF_8);
                try {
                    URI jWKSetURI = OIDCProviderMetadata.parse(readInputStreamToString).getJWKSetURI();
                    try {
                        RemoteJWKSet remoteJWKSet = new RemoteJWKSet(jWKSetURI.toURL(), new DefaultResourceRetriever(i, i2, 51200));
                        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
                        defaultJWTProcessor.setJWSKeySelector(new JWSVerificationKeySelector(JWSAlgorithm.RS256, remoteJWKSet));
                        defaultJWTProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier<SecurityContext>() { // from class: fun.mike.azure.auth.TokenValidatorFactory.1
                            public void verify(JWTClaimsSet jWTClaimsSet, SecurityContext securityContext) throws BadJWTException {
                                super.verify(jWTClaimsSet, securityContext);
                                String str4 = (String) jWTClaimsSet.getAudience().get(0);
                                if (!str3.equals(str4)) {
                                    throw new BadJWTException(String.format("Expected audience \"%s\" to be \"%s\".", str4, str3));
                                }
                                String issuer = jWTClaimsSet.getIssuer();
                                if (!str2.equals(issuer)) {
                                    throw new BadJWTException(String.format("Expected issuer \"%s\" to be \"%s\".", issuer, str2));
                                }
                            }
                        });
                        return new TokenValidator(defaultJWTProcessor);
                    } catch (IllegalArgumentException | MalformedURLException e) {
                        throw new IllegalStateException(String.format("Malformed JWKS URI \"%s\" retrieved from metadata: %s", jWKSetURI.toString(), e.getMessage()));
                    }
                } catch (ParseException e2) {
                    throw new IllegalStateException(String.format("Failed to parse OpenID provider metadata from URL \"%s\": %s Metadata: %s", str, e2.getMessage(), readInputStreamToString));
                }
            } catch (IOException e3) {
                throw new IllegalStateException(String.format("Failed to read OpenID provider metadata from URL \"%s\".", str));
            }
        } catch (MalformedURLException e4) {
            throw new IllegalStateException(String.format("OpenID provider metadata URL \"%s\" is malformed.", str));
        }
    }
}
