package com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver;

import java.net.URI;
import java.util.List;
import java.util.Optional;
import lombok.Generated;
import org.springframework.http.HttpStatus;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.JwtClaimValidator;
import org.springframework.security.oauth2.jwt.JwtValidators;
import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.ResponseStatus;

/* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/DefaultSpringAddonsReactiveJwtDecoderFactory.class */
public class DefaultSpringAddonsReactiveJwtDecoderFactory implements SpringAddonsReactiveJwtDecoderFactory {

    /* JADX INFO: Access modifiers changed from: package-private */
    @ResponseStatus(HttpStatus.UNAUTHORIZED)
    /* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/DefaultSpringAddonsReactiveJwtDecoderFactory$InvalidReactiveJwtDecoderCreationParametersException.class */
    public static class InvalidReactiveJwtDecoderCreationParametersException extends RuntimeException {
        private static final long serialVersionUID = 3575615882241560832L;

        public InvalidReactiveJwtDecoderCreationParametersException() {
            super("At least one of jwkSetUri or issuer must be provided");
        }
    }

    @Override // com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.SpringAddonsReactiveJwtDecoderFactory
    public ReactiveJwtDecoder create(Optional<URI> optional, Optional<URI> optional2, Optional<String> optional3) {
        NimbusReactiveJwtDecoder build = optional.isPresent() ? NimbusReactiveJwtDecoder.withJwkSetUri(optional.get().toString()).build() : NimbusReactiveJwtDecoder.withIssuerLocation(optional2.orElseThrow(() -> {
            return new InvalidReactiveJwtDecoderCreationParametersException();
        }).toString()).build();
        OAuth2TokenValidator oAuth2TokenValidator = (OAuth2TokenValidator) optional2.map((v0) -> {
            return v0.toString();
        }).map(JwtValidators::createDefaultWithIssuer).orElse(JwtValidators.createDefault());
        build.setJwtValidator((OAuth2TokenValidator) optional3.filter(StringUtils::hasText).map(str -> {
            return new JwtClaimValidator("aud", list -> {
                return list != null && list.contains(str);
            });
        }).map(jwtClaimValidator -> {
            return new DelegatingOAuth2TokenValidator(List.of(oAuth2TokenValidator, jwtClaimValidator));
        }).orElse(oAuth2TokenValidator));
        return build;
    }

    @Generated
    public DefaultSpringAddonsReactiveJwtDecoderFactory() {
    }
}
