package endpoints.repackaged.org.jose4j.jwt.consumer;

import endpoints.repackaged.org.jose4j.jca.ProviderContext;
import endpoints.repackaged.org.jose4j.jwa.AlgorithmConstraints;
import endpoints.repackaged.org.jose4j.jwe.JsonWebEncryption;
import endpoints.repackaged.org.jose4j.jws.AlgorithmIdentifiers;
import endpoints.repackaged.org.jose4j.jws.JsonWebSignature;
import endpoints.repackaged.org.jose4j.jwt.JwtClaims;
import endpoints.repackaged.org.jose4j.jwt.MalformedClaimException;
import endpoints.repackaged.org.jose4j.jwt.consumer.ErrorCodeValidator;
import endpoints.repackaged.org.jose4j.jwx.JsonWebStructure;
import endpoints.repackaged.org.jose4j.keys.KeyPersuasion;
import endpoints.repackaged.org.jose4j.keys.resolvers.DecryptionKeyResolver;
import endpoints.repackaged.org.jose4j.keys.resolvers.VerificationKeyResolver;
import endpoints.repackaged.org.jose4j.lang.ExceptionHelp;
import endpoints.repackaged.org.jose4j.lang.JoseException;
import java.security.Key;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;

/* loaded from: input_file:endpoints/repackaged/org/jose4j/jwt/consumer/JwtConsumer.class */
public class JwtConsumer {
    private VerificationKeyResolver verificationKeyResolver;
    private DecryptionKeyResolver decryptionKeyResolver;
    private List<ErrorCodeValidator> validators;
    private AlgorithmConstraints jwsAlgorithmConstraints;
    private AlgorithmConstraints jweAlgorithmConstraints;
    private AlgorithmConstraints jweContentEncryptionAlgorithmConstraints;
    private boolean requireSignature = true;
    private boolean requireEncryption;
    private boolean requireIntegrity;
    private boolean liberalContentTypeHandling;
    private boolean skipSignatureVerification;
    private boolean relaxVerificationKeyValidation;
    private boolean skipVerificationKeyResolutionOnNone;
    private boolean relaxDecryptionKeyValidation;
    private ProviderContext jwsProviderContext;
    private ProviderContext jweProviderContext;
    private JwsCustomizer jwsCustomizer;
    private JweCustomizer jweCustomizer;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJwsAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
        this.jwsAlgorithmConstraints = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJweAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
        this.jweAlgorithmConstraints = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJweContentEncryptionAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
        this.jweContentEncryptionAlgorithmConstraints = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setVerificationKeyResolver(VerificationKeyResolver verificationKeyResolver) {
        this.verificationKeyResolver = verificationKeyResolver;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setDecryptionKeyResolver(DecryptionKeyResolver decryptionKeyResolver) {
        this.decryptionKeyResolver = decryptionKeyResolver;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setValidators(List<ErrorCodeValidator> list) {
        this.validators = list;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRequireSignature(boolean z) {
        this.requireSignature = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRequireEncryption(boolean z) {
        this.requireEncryption = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRequireIntegrity(boolean z) {
        this.requireIntegrity = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setLiberalContentTypeHandling(boolean z) {
        this.liberalContentTypeHandling = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSkipSignatureVerification(boolean z) {
        this.skipSignatureVerification = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRelaxVerificationKeyValidation(boolean z) {
        this.relaxVerificationKeyValidation = z;
    }

    public void setSkipVerificationKeyResolutionOnNone(boolean z) {
        this.skipVerificationKeyResolutionOnNone = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRelaxDecryptionKeyValidation(boolean z) {
        this.relaxDecryptionKeyValidation = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJwsProviderContext(ProviderContext providerContext) {
        this.jwsProviderContext = providerContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJweProviderContext(ProviderContext providerContext) {
        this.jweProviderContext = providerContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJwsCustomizer(JwsCustomizer jwsCustomizer) {
        this.jwsCustomizer = jwsCustomizer;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJweCustomizer(JweCustomizer jweCustomizer) {
        this.jweCustomizer = jweCustomizer;
    }

    public JwtClaims processToClaims(String str) throws InvalidJwtException {
        return process(str).getJwtClaims();
    }

    public void processContext(JwtContext jwtContext) throws InvalidJwtException {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        ArrayList arrayList = new ArrayList(jwtContext.getJoseObjects());
        for (int size = arrayList.size() - 1; size >= 0; size--) {
            List subList = arrayList.subList(size + 1, arrayList.size());
            List<JsonWebStructure> unmodifiableList = Collections.unmodifiableList(subList);
            JsonWebStructure jsonWebStructure = (JsonWebStructure) arrayList.get(size);
            try {
                if (jsonWebStructure instanceof JsonWebSignature) {
                    JsonWebSignature jsonWebSignature = (JsonWebSignature) jsonWebStructure;
                    boolean equals = AlgorithmIdentifiers.NONE.equals(jsonWebSignature.getAlgorithmHeaderValue());
                    if (!this.skipSignatureVerification) {
                        if (this.jwsProviderContext != null) {
                            jsonWebSignature.setProviderContext(this.jwsProviderContext);
                        }
                        if (this.relaxVerificationKeyValidation) {
                            jsonWebSignature.setDoKeyValidation(false);
                        }
                        if (this.jwsAlgorithmConstraints != null) {
                            jsonWebSignature.setAlgorithmConstraints(this.jwsAlgorithmConstraints);
                        }
                        if (!equals || !this.skipVerificationKeyResolutionOnNone) {
                            jsonWebSignature.setKey(this.verificationKeyResolver.resolveKey(jsonWebSignature, unmodifiableList));
                        }
                        if (this.jwsCustomizer != null) {
                            this.jwsCustomizer.customize(jsonWebSignature, unmodifiableList);
                        }
                        if (!jsonWebSignature.verifySignature()) {
                            throw new InvalidJwtSignatureException(jsonWebSignature, jwtContext);
                        }
                    }
                    if (!equals) {
                        z = true;
                    }
                } else {
                    JsonWebEncryption jsonWebEncryption = (JsonWebEncryption) jsonWebStructure;
                    Key resolveKey = this.decryptionKeyResolver.resolveKey(jsonWebEncryption, unmodifiableList);
                    if (resolveKey != null && !resolveKey.equals(jsonWebEncryption.getKey())) {
                        throw new InvalidJwtException("The resolved decryption key is different than the one originally used to decrypt the JWE.", Collections.singletonList(new ErrorCodeValidator.Error(17, "Key resolution problem.")), jwtContext);
                    }
                    if (this.jweAlgorithmConstraints != null) {
                        this.jweAlgorithmConstraints.checkConstraint(jsonWebEncryption.getAlgorithmHeaderValue());
                    }
                    if (this.jweContentEncryptionAlgorithmConstraints != null) {
                        this.jweContentEncryptionAlgorithmConstraints.checkConstraint(jsonWebEncryption.getEncryptionMethodHeaderParameter());
                    }
                    z2 = true;
                    z3 = jsonWebEncryption.getKeyManagementModeAlgorithm().getKeyPersuasion() == KeyPersuasion.SYMMETRIC;
                }
            } catch (InvalidJwtException e) {
                throw e;
            } catch (JoseException e2) {
                StringBuilder sb = new StringBuilder();
                sb.append("Unable to process");
                if (!subList.isEmpty()) {
                    sb.append(" nested");
                }
                sb.append(" JOSE object (cause: ").append(e2).append("): ").append(jsonWebStructure);
                throw new InvalidJwtException("JWT processing failed.", new ErrorCodeValidator.Error(17, sb.toString()), e2, jwtContext);
            } catch (Exception e3) {
                StringBuilder sb2 = new StringBuilder();
                sb2.append("Unexpected exception encountered while processing");
                if (!subList.isEmpty()) {
                    sb2.append(" nested");
                }
                sb2.append(" JOSE object (").append(e3).append("): ").append(jsonWebStructure);
                throw new InvalidJwtException("JWT processing failed.", new ErrorCodeValidator.Error(17, sb2.toString()), e3, jwtContext);
            }
        }
        if (this.requireSignature && !z) {
            throw new InvalidJwtException("The JWT has no signature but the JWT Consumer is configured to require one: " + jwtContext.getJwt(), Collections.singletonList(new ErrorCodeValidator.Error(10, "Missing signature.")), jwtContext);
        }
        if (this.requireEncryption && !z2) {
            throw new InvalidJwtException("The JWT has no encryption but the JWT Consumer is configured to require it: " + jwtContext.getJwt(), Collections.singletonList(new ErrorCodeValidator.Error(19, "No encryption.")), jwtContext);
        }
        if (this.requireIntegrity && !z && !z3) {
            throw new InvalidJwtException("The JWT has no integrity protection (signature/MAC or symmetric AEAD encryption) but the JWT Consumer is configured to require it: " + jwtContext.getJwt(), Collections.singletonList(new ErrorCodeValidator.Error(20, "Missing Integrity Protection")), jwtContext);
        }
        validate(jwtContext);
    }

    public JwtContext process(String str) throws InvalidJwtException {
        String payload;
        String str2 = str;
        JwtClaims jwtClaims = null;
        LinkedList linkedList = new LinkedList();
        JwtContext jwtContext = new JwtContext(str, null, Collections.unmodifiableList(linkedList));
        while (jwtClaims == null) {
            try {
                JsonWebStructure fromCompactSerialization = JsonWebStructure.fromCompactSerialization(str2);
                if (fromCompactSerialization instanceof JsonWebSignature) {
                    payload = ((JsonWebSignature) fromCompactSerialization).getUnverifiedPayload();
                } else {
                    JsonWebEncryption jsonWebEncryption = (JsonWebEncryption) fromCompactSerialization;
                    if (this.jweProviderContext != null) {
                        jsonWebEncryption.setProviderContext(this.jweProviderContext);
                    }
                    if (this.relaxDecryptionKeyValidation) {
                        jsonWebEncryption.setDoKeyValidation(false);
                    }
                    if (this.jweContentEncryptionAlgorithmConstraints != null) {
                        jsonWebEncryption.setContentEncryptionAlgorithmConstraints(this.jweContentEncryptionAlgorithmConstraints);
                    }
                    List<JsonWebStructure> unmodifiableList = Collections.unmodifiableList(linkedList);
                    jsonWebEncryption.setKey(this.decryptionKeyResolver.resolveKey(jsonWebEncryption, unmodifiableList));
                    if (this.jweAlgorithmConstraints != null) {
                        jsonWebEncryption.setAlgorithmConstraints(this.jweAlgorithmConstraints);
                    }
                    if (this.jweCustomizer != null) {
                        this.jweCustomizer.customize(jsonWebEncryption, unmodifiableList);
                    }
                    payload = jsonWebEncryption.getPayload();
                }
                if (isNestedJwt(fromCompactSerialization)) {
                    str2 = payload;
                } else {
                    try {
                        jwtClaims = JwtClaims.parse(payload, jwtContext);
                        jwtContext.setJwtClaims(jwtClaims);
                    } catch (InvalidJwtException e) {
                        if (!this.liberalContentTypeHandling) {
                            throw e;
                        }
                        try {
                            JsonWebStructure.fromCompactSerialization(str);
                            str2 = payload;
                        } catch (JoseException e2) {
                            throw e;
                        }
                    }
                }
                linkedList.addFirst(fromCompactSerialization);
            } catch (InvalidJwtException e3) {
                throw e3;
            } catch (JoseException e4) {
                StringBuilder sb = new StringBuilder();
                sb.append("Unable to process");
                if (!linkedList.isEmpty()) {
                    sb.append(" nested");
                }
                sb.append(" JOSE object (cause: ").append(e4).append("): ").append(str2);
                throw new InvalidJwtException("JWT processing failed.", new ErrorCodeValidator.Error(17, sb.toString()), e4, jwtContext);
            } catch (Exception e5) {
                StringBuilder sb2 = new StringBuilder();
                sb2.append("Unexpected exception encountered while processing");
                if (!linkedList.isEmpty()) {
                    sb2.append(" nested");
                }
                sb2.append(" JOSE object (").append(e5).append("): ").append(str2);
                throw new InvalidJwtException("JWT processing failed.", new ErrorCodeValidator.Error(17, sb2.toString()), e5, jwtContext);
            }
        }
        processContext(jwtContext);
        return jwtContext;
    }

    void validate(JwtContext jwtContext) throws InvalidJwtException {
        ErrorCodeValidator.Error error;
        ArrayList arrayList = new ArrayList();
        for (ErrorCodeValidator errorCodeValidator : this.validators) {
            try {
                error = errorCodeValidator.validate(jwtContext);
            } catch (MalformedClaimException e) {
                error = new ErrorCodeValidator.Error(18, e.getMessage());
            } catch (Exception e2) {
                error = new ErrorCodeValidator.Error(17, "Unexpected exception thrown from validator " + errorCodeValidator.getClass().getName() + ": " + ExceptionHelp.toStringWithCausesAndAbbreviatedStack(e2, getClass()));
            }
            if (error != null) {
                arrayList.add(error);
            }
        }
        if (!arrayList.isEmpty()) {
            throw new InvalidJwtException("JWT (claims->" + jwtContext.getJwtClaims().getRawJson() + ") rejected due to invalid claims.", arrayList, jwtContext);
        }
    }

    private boolean isNestedJwt(JsonWebStructure jsonWebStructure) {
        String contentTypeHeaderValue = jsonWebStructure.getContentTypeHeaderValue();
        return contentTypeHeaderValue != null && (contentTypeHeaderValue.equalsIgnoreCase("jwt") || contentTypeHeaderValue.equalsIgnoreCase("application/jwt"));
    }
}
