package org.springframework.security.oauth2.jwt;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.KeySourceException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.jwk.KeyType;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.springframework.util.Assert;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-jose-5.7.10.jar:org/springframework/security/oauth2/jwt/ReactiveJwtDecoderProviderConfigurationUtils.class */
final class ReactiveJwtDecoderProviderConfigurationUtils {
    /* JADX INFO: Access modifiers changed from: package-private */
    public static <C extends SecurityContext> Mono<ConfigurableJWTProcessor<C>> addJWSAlgorithms(ReactiveRemoteJWKSource reactiveRemoteJWKSource, ConfigurableJWTProcessor<C> configurableJWTProcessor) {
        JWSKeySelector<C> jWSKeySelector = configurableJWTProcessor.getJWSKeySelector();
        if (!(jWSKeySelector instanceof JWSVerificationKeySelector)) {
            return Mono.just(configurableJWTProcessor);
        }
        JWKSource jWKSource = ((JWSVerificationKeySelector) jWSKeySelector).getJWKSource();
        return getJWSAlgorithms(reactiveRemoteJWKSource).map(set -> {
            return new JWSVerificationKeySelector((Set<JWSAlgorithm>) set, jWKSource);
        }).map(jWSVerificationKeySelector -> {
            configurableJWTProcessor.setJWSKeySelector(jWSVerificationKeySelector);
            return configurableJWTProcessor;
        });
    }

    static Mono<Set<JWSAlgorithm>> getJWSAlgorithms(ReactiveRemoteJWKSource reactiveRemoteJWKSource) {
        return reactiveRemoteJWKSource.get(new JWKSelector(new JWKMatcher.Builder().publicOnly(true).keyUses(KeyUse.SIGNATURE, null).keyTypes(KeyType.RSA, KeyType.EC).build())).map(list -> {
            HashSet hashSet = new HashSet();
            Iterator it = list.iterator();
            while (it.hasNext()) {
                JWK jwk = (JWK) it.next();
                if (jwk.getAlgorithm() != null) {
                    hashSet.add(JWSAlgorithm.parse(jwk.getAlgorithm().getName()));
                } else if (jwk.getKeyType() == KeyType.RSA) {
                    hashSet.addAll(JWSAlgorithm.Family.RSA);
                } else if (jwk.getKeyType() == KeyType.EC) {
                    hashSet.addAll(JWSAlgorithm.Family.EC);
                }
            }
            Assert.notEmpty(hashSet, "Failed to find any algorithms from the JWK set");
            return hashSet;
        }).onErrorMap(KeySourceException.class, keySourceException -> {
            return new IllegalStateException(keySourceException);
        });
    }

    private ReactiveJwtDecoderProviderConfigurationUtils() {
    }
}
