package com.atlassian.asap.core.validator;

import com.atlassian.asap.api.Jwt;
import com.atlassian.asap.api.exception.CannotRetrieveKeyException;
import com.atlassian.asap.api.exception.InvalidTokenException;
import com.atlassian.asap.core.keys.KeyProvider;
import com.atlassian.asap.core.parser.JwtParser;
import com.atlassian.asap.core.parser.VerifiableJwt;
import com.atlassian.asap.core.server.AuthenticationContext;
import com.atlassian.asap.nimbus.parser.NimbusJwtParser;
import java.security.PublicKey;
import java.time.Clock;
import java.util.Objects;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-connect-plugin-1.1.100.jar:com/atlassian/asap/core/validator/JwtValidator.class */
public class JwtValidator {
    private final KeyProvider<PublicKey> publicKeyProvider;
    private final JwtParser jwtParser;
    private final JwtClaimsValidator jwtClaimsValidator;
    private final String resourceServerAudience;

    public JwtValidator(KeyProvider<PublicKey> keyProvider, JwtParser jwtParser, JwtClaimsValidator jwtClaimsValidator, String str) {
        this.publicKeyProvider = (KeyProvider) Objects.requireNonNull(keyProvider);
        this.jwtParser = (JwtParser) Objects.requireNonNull(jwtParser);
        this.jwtClaimsValidator = (JwtClaimsValidator) Objects.requireNonNull(jwtClaimsValidator);
        this.resourceServerAudience = (String) Objects.requireNonNull(str);
    }

    public Jwt readAndValidate(String str) throws InvalidTokenException, CannotRetrieveKeyException {
        VerifiableJwt parse = this.jwtParser.parse(str);
        parse.verifySignature(this.publicKeyProvider.getKey(ValidatedKeyId.validate(parse.getHeader().getKeyId())));
        this.jwtClaimsValidator.validate(parse, this.resourceServerAudience);
        return parse;
    }

    public static JwtValidator createDefault(AuthenticationContext authenticationContext) {
        return new JwtValidator(authenticationContext.getPublicKeyProvider(), new NimbusJwtParser(), new JwtClaimsValidator(Clock.systemUTC()), authenticationContext.getResourceServerAudience());
    }

    public static JwtValidator createDefault(String str, String str2) {
        return createDefault(new AuthenticationContext(str, str2));
    }
}
