package org.jose4j.jwt.consumer;

import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwx.HeaderParameterNames;
import org.jose4j.jwx.JsonWebStructure;
import org.jose4j.keys.resolvers.DecryptionKeyResolver;
import org.jose4j.keys.resolvers.VerificationKeyResolver;
import org.jose4j.lang.ExceptionHelp;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:org/jose4j/jwt/consumer/JwtConsumer.class */
public class JwtConsumer {
    private VerificationKeyResolver verificationKeyResolver;
    private DecryptionKeyResolver decryptionKeyResolver;
    private List<Validator> validators;
    private AlgorithmConstraints jwsAlgorithmConstraints;
    private AlgorithmConstraints jweAlgorithmConstraints;
    private AlgorithmConstraints jweContentEncryptionAlgorithmConstraints;
    private boolean requireSignature = true;
    private boolean requireEncryption;
    private boolean liberalContentTypeHandling;
    private boolean skipSignatureVerification;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJwsAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
        this.jwsAlgorithmConstraints = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJweAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
        this.jweAlgorithmConstraints = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJweContentEncryptionAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
        this.jweContentEncryptionAlgorithmConstraints = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setVerificationKeyResolver(VerificationKeyResolver verificationKeyResolver) {
        this.verificationKeyResolver = verificationKeyResolver;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setDecryptionKeyResolver(DecryptionKeyResolver decryptionKeyResolver) {
        this.decryptionKeyResolver = decryptionKeyResolver;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setValidators(List<Validator> list) {
        this.validators = list;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRequireSignature(boolean z) {
        this.requireSignature = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRequireEncryption(boolean z) {
        this.requireEncryption = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setLiberalContentTypeHandling(boolean z) {
        this.liberalContentTypeHandling = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSkipSignatureVerification(boolean z) {
        this.skipSignatureVerification = z;
    }

    public JwtClaims processToClaims(String str) throws InvalidJwtException {
        return process(str).getJwtClaims();
    }

    public JwtContext process(String str) throws InvalidJwtException {
        String payload;
        JwtClaims jwtClaims = null;
        LinkedList linkedList = new LinkedList();
        boolean z = false;
        boolean z2 = false;
        while (jwtClaims == null) {
            try {
                JsonWebStructure fromCompactSerialization = JsonWebStructure.fromCompactSerialization(str);
                if (fromCompactSerialization instanceof JsonWebSignature) {
                    JsonWebSignature jsonWebSignature = (JsonWebSignature) fromCompactSerialization;
                    if (this.skipSignatureVerification) {
                        payload = jsonWebSignature.getUnverifiedPayload();
                    } else {
                        jsonWebSignature.setKey(this.verificationKeyResolver.resolveKey(jsonWebSignature, Collections.unmodifiableList(linkedList)));
                        if (this.jwsAlgorithmConstraints != null) {
                            jsonWebSignature.setAlgorithmConstraints(this.jwsAlgorithmConstraints);
                        }
                        if (!jsonWebSignature.verifySignature()) {
                            throw new InvalidJwtSignatureException("JWS signature is invalid: " + str);
                        }
                        payload = jsonWebSignature.getPayload();
                    }
                    if (!jsonWebSignature.getAlgorithmHeaderValue().equals(AlgorithmIdentifiers.NONE)) {
                        z = true;
                    }
                } else {
                    JsonWebEncryption jsonWebEncryption = (JsonWebEncryption) fromCompactSerialization;
                    jsonWebEncryption.setKey(this.decryptionKeyResolver.resolveKey(jsonWebEncryption, Collections.unmodifiableList(linkedList)));
                    if (this.jweAlgorithmConstraints != null) {
                        jsonWebEncryption.setAlgorithmConstraints(this.jweAlgorithmConstraints);
                    }
                    if (this.jweContentEncryptionAlgorithmConstraints != null) {
                        jsonWebEncryption.setContentEncryptionAlgorithmConstraints(this.jweContentEncryptionAlgorithmConstraints);
                    }
                    z2 = true;
                    payload = jsonWebEncryption.getPayload();
                }
                if (isNestedJwt(fromCompactSerialization)) {
                    str = payload;
                } else {
                    try {
                        jwtClaims = JwtClaims.parse(payload);
                    } catch (InvalidJwtException e) {
                        if (!this.liberalContentTypeHandling) {
                            throw e;
                        }
                        try {
                            JsonWebStructure.fromCompactSerialization(str);
                            str = payload;
                        } catch (JoseException e2) {
                            throw e;
                        }
                    }
                }
                linkedList.addFirst(fromCompactSerialization);
            } catch (InvalidJwtException e3) {
                throw e3;
            } catch (JoseException e4) {
                StringBuilder sb = new StringBuilder();
                sb.append("Unable to process");
                if (!linkedList.isEmpty()) {
                    sb.append(" nested");
                }
                sb.append(" JOSE object (cause: ").append(e4).append("): ").append(str);
                throw new InvalidJwtException(sb.toString(), e4);
            } catch (Exception e5) {
                StringBuilder sb2 = new StringBuilder();
                sb2.append("Unexpected exception encountered while processing");
                if (!linkedList.isEmpty()) {
                    sb2.append(" nested");
                }
                sb2.append(" JOSE object (").append(e5).append("): ").append(str);
                throw new InvalidJwtException(sb2.toString(), e5);
            }
        }
        if (this.requireSignature && !z) {
            throw new InvalidJwtException("The JWT has no signature but the JWT Consumer is configured to require one: " + str);
        }
        if (this.requireEncryption && !z2) {
            throw new InvalidJwtException("The JWT has no encryption but the JWT Consumer is configured to require it: " + str);
        }
        JwtContext jwtContext = new JwtContext(jwtClaims, Collections.unmodifiableList(linkedList));
        validate(jwtContext);
        return jwtContext;
    }

    void validate(JwtContext jwtContext) throws InvalidJwtException {
        String str;
        ArrayList arrayList = new ArrayList();
        for (Validator validator : this.validators) {
            try {
                str = validator.validate(jwtContext);
            } catch (MalformedClaimException e) {
                str = e.getMessage();
            } catch (Exception e2) {
                str = "Unexpected exception thrown from validator " + validator.getClass().getName() + ": " + ExceptionHelp.toStringWithCausesAndAbbreviatedStack(e2, getClass());
            }
            if (str != null) {
                arrayList.add(str);
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        InvalidJwtException invalidJwtException = new InvalidJwtException("JWT (claims->" + jwtContext.getJwtClaims().getRawJson() + ") rejected due to invalid claims.");
        invalidJwtException.setDetails(arrayList);
        throw invalidJwtException;
    }

    private boolean isNestedJwt(JsonWebStructure jsonWebStructure) {
        String stringHeaderValue = jsonWebStructure.getHeaders().getStringHeaderValue(HeaderParameterNames.CONTENT_TYPE);
        return stringHeaderValue != null && (stringHeaderValue.equalsIgnoreCase("jwt") || stringHeaderValue.equalsIgnoreCase("application/jwt"));
    }
}
