package com.yahoo.athenz.auth.oauth.parser;

import com.yahoo.athenz.auth.KeyStore;
import com.yahoo.athenz.auth.oauth.token.DefaultOAuthJwtAccessToken;
import com.yahoo.athenz.auth.oauth.token.OAuthJwtAccessToken;
import com.yahoo.athenz.auth.oauth.token.OAuthJwtAccessTokenException;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;

/* loaded from: input_file:com/yahoo/athenz/auth/oauth/parser/DefaultOAuthJwtAccessTokenParser.class */
public class DefaultOAuthJwtAccessTokenParser implements OAuthJwtAccessTokenParser {
    public static final int ALLOWED_CLOCK_SKEW_SECONDS = 60;
    protected JwtParser parser;

    public DefaultOAuthJwtAccessTokenParser(KeyStore keyStore, String str) throws IllegalArgumentException {
        this.parser = null;
        if (keyStore == null) {
            throw new IllegalArgumentException("DefaultOAuthJwtAccessTokenParser: keyStore is null");
        }
        this.parser = Jwts.parserBuilder().setSigningKeyResolver(new KeyStoreJwkKeyResolver(keyStore, str, null)).setAllowedClockSkewSeconds(60L).build();
    }

    @Override // com.yahoo.athenz.auth.oauth.parser.OAuthJwtAccessTokenParser
    public OAuthJwtAccessToken parse(String str) throws OAuthJwtAccessTokenException {
        try {
            return new DefaultOAuthJwtAccessToken(this.parser.parseClaimsJws(str));
        } catch (Exception e) {
            throw new OAuthJwtAccessTokenException(e);
        }
    }
}
