package com.fivefaces.structureclient.config.security.user;

import com.fivefaces.structureclient.config.security.SecurityProperties;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtValidators;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/fivefaces/structureclient/config/security/user/UserJwtTokenServiceImpl.class */
public class UserJwtTokenServiceImpl implements UserJwtTokenService {
    private static final Logger log = LoggerFactory.getLogger(UserJwtTokenServiceImpl.class);
    private final JwtDecoder decoder;

    public UserJwtTokenServiceImpl(SecurityProperties securityProperties) {
        this.decoder = decoder(securityProperties);
    }

    @Override // com.fivefaces.structureclient.config.security.user.UserJwtTokenService
    public JWT validateToken(String str) {
        try {
            this.decoder.decode(str);
            return JWTParser.parse(str);
        } catch (Exception e) {
            log.error("Could not validate JWT token", e);
            throw new BadCredentialsException("Invalid JWT");
        }
    }

    private JwtDecoder decoder(SecurityProperties securityProperties) {
        OAuth2TokenValidator createDefaultWithIssuer = JwtValidators.createDefaultWithIssuer(securityProperties.getUserIssuerUri());
        NimbusJwtDecoder build = NimbusJwtDecoder.withJwkSetUri(securityProperties.getUserJwkSetUri()).build();
        build.setJwtValidator(createDefaultWithIssuer);
        return build;
    }
}
