package com.nimbusds.oauth2.sdk.auth;

import com.nimbusds.common.contenttype.ContentType;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.assertions.jwt.JWTAssertionFactory;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.Audience;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.util.URLUtils;
import java.net.URI;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.jcip.annotations.Immutable;

@Immutable
/* loaded from: input_file:com/nimbusds/oauth2/sdk/auth/ClientSecretJWT.class */
public final class ClientSecretJWT extends JWTAuthentication {
    public static Set<JWSAlgorithm> supportedJWAs() {
        return Collections.unmodifiableSet(new HashSet(JWSAlgorithm.Family.HMAC_SHA));
    }

    public ClientSecretJWT(ClientID clientID, URI uri, JWSAlgorithm jWSAlgorithm, Secret secret) throws JOSEException {
        this(new Issuer(clientID), clientID, uri, jWSAlgorithm, secret);
    }

    public ClientSecretJWT(Issuer issuer, ClientID clientID, URI uri, JWSAlgorithm jWSAlgorithm, Secret secret) throws JOSEException {
        this(JWTAssertionFactory.create(new JWTAuthenticationClaimsSet(issuer, clientID, new Audience(uri.toString())), jWSAlgorithm, secret));
    }

    public ClientSecretJWT(SignedJWT signedJWT) {
        super(ClientAuthenticationMethod.CLIENT_SECRET_JWT, signedJWT);
        if (!JWSAlgorithm.Family.HMAC_SHA.contains(signedJWT.getHeader().getAlgorithm())) {
            throw new IllegalArgumentException("The client assertion JWT must be HMAC-signed (HS256, HS384 or HS512)");
        }
    }

    public static ClientSecretJWT parse(Map<String, List<String>> map) throws ParseException {
        JWTAuthentication.ensureClientAssertionType(map);
        try {
            ClientSecretJWT clientSecretJWT = new ClientSecretJWT(JWTAuthentication.parseClientAssertion(map));
            ClientID parseClientID = JWTAuthentication.parseClientID(map);
            if (parseClientID == null || parseClientID.equals(clientSecretJWT.getClientID())) {
                return clientSecretJWT;
            }
            throw new ParseException("Invalid client secret JWT authentication: The client identifier doesn't match the client assertion subject");
        } catch (IllegalArgumentException e) {
            throw new ParseException(e.getMessage(), e);
        }
    }

    public static ClientSecretJWT parse(String str) throws ParseException {
        return parse(URLUtils.parseParameters(str));
    }

    public static ClientSecretJWT parse(HTTPRequest hTTPRequest) throws ParseException {
        hTTPRequest.ensureMethod(HTTPRequest.Method.POST);
        hTTPRequest.ensureEntityContentType(ContentType.APPLICATION_URLENCODED);
        return parse((Map<String, List<String>>) hTTPRequest.getBodyAsFormParameters());
    }
}
