package org.forgerock.jaspi.modules.openid.resolvers;

import java.security.PublicKey;
import org.forgerock.caf.authentication.framework.AuthenticationFramework;
import org.forgerock.jaspi.modules.openid.exceptions.InvalidSignatureException;
import org.forgerock.jaspi.modules.openid.exceptions.OpenIdConnectVerificationException;
import org.forgerock.json.jose.jws.SignedJwt;
import org.forgerock.json.jose.jws.SigningManager;

/* loaded from: input_file:org/forgerock/jaspi/modules/openid/resolvers/PublicKeyOpenIdResolverImpl.class */
public class PublicKeyOpenIdResolverImpl extends BaseOpenIdResolver {
    private final SigningManager signingManager;
    private final PublicKey key;

    public PublicKeyOpenIdResolverImpl(String str, PublicKey publicKey) {
        super(str);
        this.signingManager = new SigningManager();
        this.key = publicKey;
    }

    @Override // org.forgerock.jaspi.modules.openid.resolvers.BaseOpenIdResolver, org.forgerock.jaspi.modules.openid.resolvers.OpenIdResolver
    public void validateIdentity(SignedJwt signedJwt) throws OpenIdConnectVerificationException {
        super.validateIdentity(signedJwt);
        verifySignature(signedJwt);
    }

    public void verifySignature(SignedJwt signedJwt) throws InvalidSignatureException {
        if (signedJwt.verify(createSigningHandlerForKey(this.signingManager, this.key))) {
            return;
        }
        AuthenticationFramework.LOG.debug("JWS signature not signed with supplied key");
        throw new InvalidSignatureException("JWS signature not signed with supplied key");
    }
}
