package com.pingidentity.did.sdk.auth;

import com.pingidentity.did.sdk.exception.AuthenticationException;
import com.pingidentity.did.sdk.jose.JoseConstraints;
import java.util.Objects;
import java.util.UUID;
import java.util.function.Function;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumer;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.jwt.consumer.JwtContext;
import org.jose4j.keys.resolvers.JwksVerificationKeyResolver;
import org.jose4j.keys.resolvers.VerificationKeyResolver;

/* loaded from: classes4.dex */
public class AuthTokenConsumer {
    private final Function<UUID, JsonWebKeySet> keyRetriever;

    public AuthTokenConsumer(Function<UUID, JsonWebKeySet> function) {
        Objects.requireNonNull(function);
        this.keyRetriever = function;
    }

    private JwtConsumer firstPassConsumer() {
        return new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
    }

    private JwtContext initialContext(String str) throws InvalidJwtException {
        return firstPassConsumer().process(str);
    }

    private JwtConsumer secondPassConsumer(String str, JsonWebKeySet jsonWebKeySet) {
        return new JwtConsumerBuilder().setExpectedIssuer(str).setRequireExpirationTime().setSkipDefaultAudienceValidation().setAllowedClockSkewInSeconds(30).setVerificationKeyResolver(verificationKeyResolver(jsonWebKeySet)).setJwsAlgorithmConstraints(JoseConstraints.JWS_ALGORITHM_CONSTRAINTS).build();
    }

    private VerificationKeyResolver verificationKeyResolver(JsonWebKeySet jsonWebKeySet) {
        JwksVerificationKeyResolver jwksVerificationKeyResolver = new JwksVerificationKeyResolver(jsonWebKeySet.getJsonWebKeys());
        jwksVerificationKeyResolver.setDisambiguateWithVerifySignature(true);
        return jwksVerificationKeyResolver;
    }

    public UUID getIssuerId(String str) {
        try {
            JwtContext initialContext = initialContext(str);
            String issuer = initialContext.getJwtClaims().getIssuer();
            UUID fromString = UUID.fromString(issuer);
            JsonWebKeySet apply = this.keyRetriever.apply(fromString);
            Objects.requireNonNull(apply, "JsonWebKeySet is null");
            secondPassConsumer(issuer, apply).processContext(initialContext);
            return fromString;
        } catch (Exception e8) {
            throw new AuthenticationException(e8);
        }
    }
}
