package io.cellery.security.cell.sts.server.core.validators;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.proc.SimpleSecurityContext;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.PlainJWT;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import io.cellery.security.cell.sts.server.core.exception.TokenValidationFailureException;
import java.net.MalformedURLException;
import java.text.ParseException;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:io/cellery/security/cell/sts/server/core/validators/JWKSBasedJWTValidator.class */
public class JWKSBasedJWTValidator implements JWTSignatureValidator {
    private static final Log log = LogFactory.getLog(JWKSBasedJWTValidator.class);
    private ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor();

    @Override // io.cellery.security.cell.sts.server.core.validators.JWTSignatureValidator
    public boolean validateSignature(String str, String str2, String str3, Map<String, Object> map) throws TokenValidationFailureException {
        try {
            return validateSignature(JWTParser.parse(str), str2, str3, map);
        } catch (ParseException e) {
            throw new TokenValidationFailureException("Error occurred while parsing JWT string.", e);
        }
    }

    @Override // io.cellery.security.cell.sts.server.core.validators.JWTSignatureValidator
    public boolean validateSignature(JWT jwt, String str, String str2, Map<String, Object> map) throws TokenValidationFailureException {
        if (log.isDebugEnabled()) {
            log.debug("validating JWT signature using jwks_uri: " + str + " , for signing algorithm: " + str2);
        }
        try {
            setJWKeySelector(str, str2);
            SimpleSecurityContext simpleSecurityContext = null;
            if (map != null && !map.isEmpty()) {
                simpleSecurityContext = new SimpleSecurityContext();
                simpleSecurityContext.putAll(map);
            }
            if (jwt instanceof PlainJWT) {
                this.jwtProcessor.process((PlainJWT) jwt, (PlainJWT) simpleSecurityContext);
                return true;
            }
            if (jwt instanceof SignedJWT) {
                this.jwtProcessor.process((SignedJWT) jwt, (SignedJWT) simpleSecurityContext);
                return true;
            }
            if (jwt instanceof EncryptedJWT) {
                this.jwtProcessor.process((EncryptedJWT) jwt, (EncryptedJWT) simpleSecurityContext);
                return true;
            }
            this.jwtProcessor.process(jwt, (JWT) simpleSecurityContext);
            return true;
        } catch (JOSEException e) {
            throw new TokenValidationFailureException("Signature validation failed for the provided JWT.", e);
        } catch (BadJOSEException e2) {
            throw new TokenValidationFailureException("Signature validation failed for the provided JWT", e2);
        } catch (MalformedURLException e3) {
            throw new TokenValidationFailureException("Provided jwks_uri is malformed.", e3);
        }
    }

    private void setJWKeySelector(String str, String str2) throws MalformedURLException {
        this.jwtProcessor.setJWSKeySelector(new JWSVerificationKeySelector(JWSAlgorithm.parse(str2), JWKSourceDataProvider.getInstance().getJWKSource(str)));
    }
}
