package fr.paris.lutece.plugins.franceconnect.oidc.jwt;

import fr.paris.lutece.plugins.franceconnect.oidc.AuthClientConf;
import fr.paris.lutece.plugins.franceconnect.oidc.AuthServerConf;
import fr.paris.lutece.plugins.franceconnect.oidc.IDToken;
import fr.paris.lutece.plugins.franceconnect.oidc.Token;
import fr.paris.lutece.plugins.franceconnect.web.Constants;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureException;
import java.io.UnsupportedEncodingException;
import org.apache.log4j.Logger;

/* loaded from: input_file:fr/paris/lutece/plugins/franceconnect/oidc/jwt/JjwtJWTParser.class */
public class JjwtJWTParser implements JWTParser {
    @Override // fr.paris.lutece.plugins.franceconnect.oidc.jwt.JWTParser
    public void parseJWT(Token token, AuthClientConf authClientConf, AuthServerConf authServerConf, String str, Logger logger) throws TokenValidationException {
        String idTokenString = token.getIdTokenString();
        try {
            JwtParser parser = Jwts.parser();
            parser.setSigningKey(authClientConf.getClientSecret().getBytes("UTF-8"));
            Claims claims = (Claims) parser.parse(idTokenString).getBody();
            IDToken iDToken = new IDToken();
            iDToken.setAudience(claims.getAudience());
            iDToken.setIssuer(claims.getIssuer());
            iDToken.setSubject(claims.getSubject());
            iDToken.setNonce(getVerifiedNonce(claims, str));
            iDToken.setExpiration(getExpiration(claims));
            iDToken.setIssueAt(getIssueAt(claims));
            iDToken.setIdProvider((String) claims.get(Constants.CLAIM_IDP));
            iDToken.setAcr((String) claims.get(Constants.CLAIM_ACR));
            logger.debug("ID Token retrieved by JJWT parser implementation : " + iDToken);
            token.setIdToken(iDToken);
        } catch (SignatureException e) {
            throw new TokenValidationException(e.getMessage(), e);
        } catch (UnsupportedEncodingException e2) {
            throw new TokenValidationException(e2.getMessage(), e2);
        } catch (ExpiredJwtException e3) {
            throw new TokenValidationException(e3.getMessage(), e3);
        }
    }

    private String getVerifiedNonce(Claims claims, String str) throws TokenValidationException {
        String str2 = (String) claims.get("nonce");
        if (str2 == null) {
            throw new TokenValidationException("The token doesn't contains the nonce info.");
        }
        if (str2.equals(str)) {
            return str2;
        }
        throw new TokenValidationException("The nonce info has not the value expected.");
    }

    private String getExpiration(Claims claims) {
        return String.valueOf(claims.getExpiration().getTime() / 1000);
    }

    private String getIssueAt(Claims claims) {
        return String.valueOf(claims.getIssuedAt().getTime() / 1000);
    }
}
