package org.keycloak.adapters.rotation;

import java.security.PublicKey;
import org.jboss.logging.Logger;
import org.keycloak.RSATokenVerifier;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.common.VerificationException;
import org.keycloak.representations.AccessToken;

/* loaded from: input_file:BOOT-INF/lib/keycloak-adapter-core-3.2.0.Final.jar:org/keycloak/adapters/rotation/AdapterRSATokenVerifier.class */
public class AdapterRSATokenVerifier {
    private static final Logger log = Logger.getLogger((Class<?>) AdapterRSATokenVerifier.class);

    public static AccessToken verifyToken(String str, KeycloakDeployment keycloakDeployment) throws VerificationException {
        return verifyToken(str, keycloakDeployment, true, true);
    }

    public static PublicKey getPublicKey(String str, KeycloakDeployment keycloakDeployment) throws VerificationException {
        PublicKey publicKey = keycloakDeployment.getPublicKeyLocator().getPublicKey(str, keycloakDeployment);
        if (publicKey != null) {
            return publicKey;
        }
        log.errorf("Didn't find publicKey for kid: %s", str);
        throw new VerificationException("Didn't find publicKey for specified kid");
    }

    public static AccessToken verifyToken(String str, KeycloakDeployment keycloakDeployment, boolean z, boolean z2) throws VerificationException {
        RSATokenVerifier checkTokenType = RSATokenVerifier.create(str).realmUrl(keycloakDeployment.getRealmInfoUrl()).checkActive(z).checkTokenType(z2);
        return checkTokenType.publicKey(getPublicKey(checkTokenType.getHeader().getKeyId(), keycloakDeployment)).verify().getToken();
    }
}
