package io.smallrye.jwt.auth.principal;

import io.smallrye.jwt.algorithm.KeyEncryptionAlgorithm;
import io.smallrye.jwt.algorithm.SignatureAlgorithm;
import io.smallrye.jwt.auth.cdi.JWTCallerPrincipalFactoryProducer;
import io.smallrye.jwt.util.KeyUtils;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.util.Collections;
import java.util.Set;
import javax.crypto.SecretKey;
import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;

@ApplicationScoped
/* loaded from: input_file:io/smallrye/jwt/auth/principal/DefaultJWTParser.class */
public class DefaultJWTParser implements JWTParser {
    private static final String ED_EC_PUBLIC_KEY_INTERFACE = "java.security.interfaces.EdECPublicKey";
    private static final String XEC_PRIVATE_KEY_INTERFACE = "java.security.interfaces.XECPrivateKey";

    @Inject
    private JWTAuthContextInfo authContextInfo;

    @Inject
    private JWTCallerPrincipalFactory callerPrincipalFactory;

    public DefaultJWTParser() {
    }

    public DefaultJWTParser(JWTAuthContextInfo jWTAuthContextInfo) {
        this(jWTAuthContextInfo, new JWTCallerPrincipalFactoryProducer().getFactory());
    }

    public DefaultJWTParser(JWTCallerPrincipalFactory jWTCallerPrincipalFactory) {
        this(new JWTAuthContextInfo(), jWTCallerPrincipalFactory);
    }

    public DefaultJWTParser(JWTAuthContextInfo jWTAuthContextInfo, JWTCallerPrincipalFactory jWTCallerPrincipalFactory) {
        this.authContextInfo = jWTAuthContextInfo;
        this.callerPrincipalFactory = jWTCallerPrincipalFactory;
    }

    @Override // io.smallrye.jwt.auth.principal.JWTParser
    public JsonWebToken parse(String str) throws ParseException {
        return getCallerPrincipalFactory().parse(str, this.authContextInfo);
    }

    @Override // io.smallrye.jwt.auth.principal.JWTParser
    public JsonWebToken parse(String str, JWTAuthContextInfo jWTAuthContextInfo) throws ParseException {
        JWTCallerPrincipalFactory callerPrincipalFactory = getCallerPrincipalFactory();
        if (jWTAuthContextInfo.getPublicKeyLocation() != null || jWTAuthContextInfo.getPublicKeyContent() != null || jWTAuthContextInfo.getDecryptionKeyContent() != null || jWTAuthContextInfo.getDecryptionKeyLocation() != null) {
            try {
                callerPrincipalFactory = (JWTCallerPrincipalFactory) callerPrincipalFactory.getClass().getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
            } catch (Throwable th) {
                PrincipalMessages.msg.newJWTCallerPrincipalFactoryFailure(th);
            }
        }
        return callerPrincipalFactory.parse(str, jWTAuthContextInfo);
    }

    @Override // io.smallrye.jwt.auth.principal.JWTParser
    public JsonWebToken verify(String str, PublicKey publicKey) throws ParseException {
        JWTAuthContextInfo copyAuthContextInfo = copyAuthContextInfo();
        copyAuthContextInfo.setPublicVerificationKey(publicKey);
        if (publicKey instanceof ECPublicKey) {
            setSignatureAlgorithmIfNeeded(copyAuthContextInfo, "ES", SignatureAlgorithm.ES256);
        } else if (isEdECPublicKey(publicKey)) {
            setSignatureAlgorithmIfNeeded(copyAuthContextInfo, "EdDSA", SignatureAlgorithm.EDDSA);
        } else {
            setSignatureAlgorithmIfNeeded(copyAuthContextInfo, "RS", SignatureAlgorithm.RS256);
        }
        return getCallerPrincipalFactory().parse(str, copyAuthContextInfo);
    }

    @Override // io.smallrye.jwt.auth.principal.JWTParser
    public JsonWebToken verify(String str, SecretKey secretKey) throws ParseException {
        JWTAuthContextInfo copyAuthContextInfo = copyAuthContextInfo();
        copyAuthContextInfo.setSecretVerificationKey(secretKey);
        setSignatureAlgorithmIfNeeded(copyAuthContextInfo, "HS", SignatureAlgorithm.HS256);
        return getCallerPrincipalFactory().parse(str, copyAuthContextInfo);
    }

    @Override // io.smallrye.jwt.auth.principal.JWTParser
    public JsonWebToken verify(String str, String str2) throws ParseException {
        return verify(str, KeyUtils.createSecretKeyFromSecret(str2));
    }

    @Override // io.smallrye.jwt.auth.principal.JWTParser
    public JsonWebToken decrypt(String str, PrivateKey privateKey) throws ParseException {
        JWTAuthContextInfo copyAuthContextInfo = copyAuthContextInfo();
        copyAuthContextInfo.setPrivateDecryptionKey(privateKey);
        if ((privateKey instanceof ECPrivateKey) || isXecPrivateKey(privateKey)) {
            setKeyEncryptionAlgorithmIfNeeded(copyAuthContextInfo, "EC", KeyEncryptionAlgorithm.ECDH_ES_A256KW);
        } else {
            setKeyEncryptionAlgorithmIfNeeded(copyAuthContextInfo, "RS", KeyEncryptionAlgorithm.RSA_OAEP);
        }
        return getCallerPrincipalFactory().parse(str, copyAuthContextInfo);
    }

    @Override // io.smallrye.jwt.auth.principal.JWTParser
    public JsonWebToken decrypt(String str, SecretKey secretKey) throws ParseException {
        JWTAuthContextInfo copyAuthContextInfo = copyAuthContextInfo();
        copyAuthContextInfo.setSecretDecryptionKey(secretKey);
        setKeyEncryptionAlgorithmIfNeeded(copyAuthContextInfo, "A256KW", KeyEncryptionAlgorithm.A256KW);
        return getCallerPrincipalFactory().parse(str, copyAuthContextInfo);
    }

    @Override // io.smallrye.jwt.auth.principal.JWTParser
    public JsonWebToken decrypt(String str, String str2) throws ParseException {
        return decrypt(str, KeyUtils.createSecretKeyFromSecret(str2));
    }

    private JWTCallerPrincipalFactory getCallerPrincipalFactory() {
        return this.callerPrincipalFactory == null ? JWTCallerPrincipalFactory.instance() : this.callerPrincipalFactory;
    }

    private JWTAuthContextInfo copyAuthContextInfo() {
        return this.authContextInfo != null ? new JWTAuthContextInfo(this.authContextInfo) : new JWTAuthContextInfo();
    }

    private void setSignatureAlgorithmIfNeeded(JWTAuthContextInfo jWTAuthContextInfo, String str, SignatureAlgorithm signatureAlgorithm) {
        if (jWTAuthContextInfo.getSignatureAlgorithm().stream().anyMatch(signatureAlgorithm2 -> {
            return signatureAlgorithm2.getAlgorithm().startsWith(str);
        })) {
            return;
        }
        jWTAuthContextInfo.setSignatureAlgorithm(Set.of(signatureAlgorithm));
    }

    private void setKeyEncryptionAlgorithmIfNeeded(JWTAuthContextInfo jWTAuthContextInfo, String str, KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
        if (jWTAuthContextInfo.getKeyEncryptionAlgorithm().stream().anyMatch(keyEncryptionAlgorithm2 -> {
            return keyEncryptionAlgorithm2.getAlgorithm().startsWith(str);
        })) {
            return;
        }
        jWTAuthContextInfo.setKeyEncryptionAlgorithm(Collections.singleton(keyEncryptionAlgorithm));
    }

    private static boolean isEdECPublicKey(Key key) {
        return KeyUtils.isSupportedKey(key, ED_EC_PUBLIC_KEY_INTERFACE);
    }

    private static boolean isXecPrivateKey(Key key) {
        return KeyUtils.isSupportedKey(key, XEC_PRIVATE_KEY_INTERFACE);
    }

    @Override // io.smallrye.jwt.auth.principal.JWTParser
    public JsonWebToken parseOnly(String str) throws ParseException {
        try {
            JwtClaims processToClaims = new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(str);
            processToClaims.setClaim(Claims.raw_token.name(), str);
            return new DefaultJWTCallerPrincipal(processToClaims);
        } catch (InvalidJwtException e) {
            PrincipalMessages.msg.failedToVerifyToken(e);
            return null;
        }
    }
}
