package io.soffa.commons.jwt;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import io.soffa.commons.logging.Logger;
import io.soffa.service.core.model.Authentication;
import java.io.InputStream;
import java.net.URL;
import java.util.Objects;
import java.util.Optional;

/* loaded from: input_file:io/soffa/commons/jwt/JwtJwksDecoder.class */
public class JwtJwksDecoder implements JwtDecoder {
    private static final Logger logger = Logger.create((Class<?>) JwtJwksDecoder.class);
    private final ConfigurableJWTProcessor<SecurityContext> jwtProcessor;

    public JwtJwksDecoder(String str) {
        ImmutableJWKSet immutableJWKSet = new ImmutableJWKSet(str.startsWith("http") ? JWKSet.load(new URL(str)) : JWKSet.load((InputStream) Objects.requireNonNull(JwtJwksDecoder.class.getResourceAsStream(str))));
        this.jwtProcessor = new DefaultJWTProcessor();
        this.jwtProcessor.setJWSKeySelector(new JWSVerificationKeySelector(JWSAlgorithm.RS256, immutableJWKSet));
    }

    @Override // io.soffa.commons.jwt.JwtDecoder
    public Optional<Authentication> decode(String str) {
        try {
            JWTClaimsSet process = this.jwtProcessor.process(str, (SecurityContext) null);
            return Optional.of(extractInfo(new Jwt(str, process.getSubject(), process.getClaims())));
        } catch (Exception e) {
            logger.error(e);
            return Optional.empty();
        }
    }

    protected Authentication extractInfo(Jwt jwt) {
        return Authentication.builder().username(jwt.getSubject()).build();
    }
}
