package com.mapr.admin.util;

import com.auth0.jwk.JwkException;
import com.auth0.jwk.UrlJwkProvider;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidParameterException;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.List;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/mapr/admin/util/JwtUtils.class */
public class JwtUtils {
    private JwtUtils() {
    }

    public static DecodedJWT verifyToken(String str) {
        String property = System.getProperty("apiserver.issuer", "");
        if (StringUtils.isBlank(property)) {
            throw new Exception("no keycloak identity server is set in properties.cfg file. Please add it and restart API Server.");
        }
        List singletonList = Collections.singletonList(property);
        DecodedJWT decode = JWT.decode(str);
        if (singletonList.contains(decode.getIssuer())) {
            return JWT.require(Algorithm.RSA256(loadPublicKey(decode), null)).withIssuer(decode.getIssuer()).build().verify(str);
        }
        throw new InvalidParameterException(String.format("Unknown Issuer %s", decode.getIssuer()));
    }

    private static RSAPublicKey loadPublicKey(DecodedJWT decodedJWT) throws JwkException, MalformedURLException {
        return (RSAPublicKey) new UrlJwkProvider(new URL(getKeycloakCertificateUrl(decodedJWT))).get(decodedJWT.getKeyId()).getPublicKey();
    }

    private static String getKeycloakCertificateUrl(DecodedJWT decodedJWT) {
        return decodedJWT.getIssuer() + "/protocol/openid-connect/certs";
    }
}
