package eu.openanalytics.containerproxy.auth.impl.oidc;

import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.core.env.Environment;
import org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.security.oauth2.jwt.JwtValidators;
import org.springframework.stereotype.Component;

@ConditionalOnProperty(name = {"proxy.authentication"}, havingValue = "openid")
@Component
/* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/auth/impl/oidc/AccessTokenDecoder.class */
public class AccessTokenDecoder implements JwtDecoder {
    private final JwtDecoder delegate;

    public AccessTokenDecoder(ClientRegistrationRepository clientRegistrationRepository, Environment environment) {
        OidcIdTokenDecoderFactory oidcIdTokenDecoderFactory = new OidcIdTokenDecoderFactory();
        SignatureAlgorithm from = SignatureAlgorithm.from(environment.getProperty(OpenIDConfiguration.PROP_OPENID_JWKS_SIGNATURE_ALGORITHM, "RS256"));
        oidcIdTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> {
            return from;
        });
        oidcIdTokenDecoderFactory.setJwtValidatorFactory(clientRegistration2 -> {
            return JwtValidators.createDefault();
        });
        this.delegate = oidcIdTokenDecoderFactory.createDecoder(clientRegistrationRepository.findByRegistrationId("shinyproxy"));
    }

    @Override // org.springframework.security.oauth2.jwt.JwtDecoder
    public Jwt decode(String str) throws JwtException {
        return this.delegate.decode(str);
    }
}
