package io.confluent.security.auth.oauth.mockserver.common;

import com.fasterxml.jackson.databind.JsonNode;
import com.nimbusds.jose.JWSObject;

/* loaded from: input_file:io/confluent/security/auth/oauth/mockserver/common/TokenIntrospection.class */
public class TokenIntrospection {
    private static final NimbusPayloadTransformer TRANSFORMER = new NimbusPayloadTransformer();

    public static TokenInfo introspectAccessToken(String str, PrincipalExtractor principalExtractor) {
        try {
            try {
                JsonNode jsonNode = (JsonNode) JWSObject.parse(str).getPayload().toType(TRANSFORMER);
                if (principalExtractor == null) {
                    principalExtractor = new PrincipalExtractor();
                }
                String principal = principalExtractor.getPrincipal(jsonNode);
                if (principal == null) {
                    principal = principalExtractor.getSub(jsonNode);
                }
                return new TokenInfo(jsonNode, str, principal);
            } catch (Exception e) {
                throw new ValidationException("Failed to read payload from JWT access token", e);
            }
        } catch (Exception e2) {
            throw new ValidationException("Failed to parse JWT token: " + LogUtil.mask(str));
        }
    }
}
