package com.nimbusds.jwt.proc;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEDecrypter;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.BadJWEException;
import com.nimbusds.jose.proc.BadJWSException;
import com.nimbusds.jose.proc.BaseJOSEProcessor;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.PlainJWT;
import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.security.Key;
import java.text.ParseException;
import java.util.List;
import java.util.ListIterator;

/* loaded from: input_file:com/nimbusds/jwt/proc/DefaultJWTProcessor.class */
public class DefaultJWTProcessor<C extends SecurityContext> extends BaseJOSEProcessor<C> implements JWTProcessor<ReadOnlyJWTClaimsSet, C> {
    private JWTClaimsVerifier claimsVerifier;

    public JWTClaimsVerifier getJWTClaimsVerifier() {
        return this.claimsVerifier;
    }

    public void setJWTClaimsVerifier(JWTClaimsVerifier jWTClaimsVerifier) {
        this.claimsVerifier = jWTClaimsVerifier;
    }

    private ReadOnlyJWTClaimsSet verifyAndReturnClaims(JWT jwt) throws BadJWTException {
        try {
            ReadOnlyJWTClaimsSet jWTClaimsSet = jwt.getJWTClaimsSet();
            if (this.claimsVerifier != null) {
                this.claimsVerifier.verify(jWTClaimsSet);
            }
            return jWTClaimsSet;
        } catch (ParseException e) {
            throw new BadJWTException(e.getMessage(), e);
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.nimbusds.jwt.proc.JWTProcessor
    public ReadOnlyJWTClaimsSet process(String str, C c) throws ParseException, BadJOSEException, JOSEException {
        JWT parse = JWTParser.parse(str);
        if (parse instanceof SignedJWT) {
            return process((SignedJWT) parse, (SignedJWT) c);
        }
        if (parse instanceof EncryptedJWT) {
            return process((EncryptedJWT) parse, (EncryptedJWT) c);
        }
        if (parse instanceof PlainJWT) {
            return process((PlainJWT) parse, (PlainJWT) c);
        }
        throw new JOSEException("Unexpected JWT object type: " + parse.getClass());
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.nimbusds.jwt.proc.JWTProcessor
    public ReadOnlyJWTClaimsSet process(PlainJWT plainJWT, C c) throws BadJOSEException, JOSEException {
        verifyAndReturnClaims(plainJWT);
        throw new BadJOSEException("Unsecured (plain) JWTs are rejected, extend class to handle");
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.nimbusds.jwt.proc.JWTProcessor
    public ReadOnlyJWTClaimsSet process(SignedJWT signedJWT, C c) throws BadJOSEException, JOSEException {
        if (getJWSKeySelector() == null) {
            throw new BadJOSEException("Signed JWT rejected: No JWS key selector is configured");
        }
        if (getJWSVerifierFactory() == null) {
            throw new JOSEException("No JWS verifier is configured");
        }
        List<? extends Key> selectJWSKeys = getJWSKeySelector().selectJWSKeys(signedJWT.getHeader(), c);
        if (selectJWSKeys == null || selectJWSKeys.isEmpty()) {
            throw new BadJOSEException("Signed JWT rejected: No matching key(s) found");
        }
        ListIterator<? extends Key> listIterator = selectJWSKeys.listIterator();
        while (listIterator.hasNext()) {
            JWSVerifier createJWSVerifier = getJWSVerifierFactory().createJWSVerifier(signedJWT.getHeader(), listIterator.next());
            if (createJWSVerifier != null) {
                if (signedJWT.verify(createJWSVerifier)) {
                    return verifyAndReturnClaims(signedJWT);
                }
                if (!listIterator.hasNext()) {
                    throw new BadJWSException("Signed JWT rejected: Invalid signature");
                }
            }
        }
        throw new BadJOSEException("JWS object rejected: No matching verifier(s) found");
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.nimbusds.jwt.proc.JWTProcessor
    public ReadOnlyJWTClaimsSet process(EncryptedJWT encryptedJWT, C c) throws BadJOSEException, JOSEException {
        if (getJWEKeySelector() == null) {
            throw new BadJOSEException("Encrypted JWT rejected: No JWE key selector is configured");
        }
        if (getJWEDecrypterFactory() == null) {
            throw new JOSEException("No JWE decrypter is configured");
        }
        List<? extends Key> selectJWEKeys = getJWEKeySelector().selectJWEKeys(encryptedJWT.getHeader(), c);
        if (selectJWEKeys == null || selectJWEKeys.isEmpty()) {
            throw new BadJOSEException("Encrypted JWT rejected: No matching key(s) found");
        }
        ListIterator<? extends Key> listIterator = selectJWEKeys.listIterator();
        while (listIterator.hasNext()) {
            JWEDecrypter createJWEDecrypter = getJWEDecrypterFactory().createJWEDecrypter(encryptedJWT.getHeader(), listIterator.next());
            if (createJWEDecrypter != null) {
                try {
                    encryptedJWT.decrypt(createJWEDecrypter);
                    if (!"JWT".equalsIgnoreCase(encryptedJWT.getHeader().getContentType())) {
                        return verifyAndReturnClaims(encryptedJWT);
                    }
                    SignedJWT signedJWT = encryptedJWT.getPayload().toSignedJWT();
                    if (signedJWT == null) {
                        throw new BadJWTException("The payload is not a nested JWT");
                    }
                    return process(signedJWT, (SignedJWT) c);
                } catch (JOSEException e) {
                    if (!listIterator.hasNext()) {
                        throw new BadJWEException("Encrypted JWT rejected: " + e.getMessage(), e);
                    }
                }
            }
        }
        throw new BadJOSEException("Encrypted JWT rejected: No matching decrypter(s) found");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.nimbusds.jwt.proc.JWTProcessor
    public /* bridge */ /* synthetic */ ReadOnlyJWTClaimsSet process(EncryptedJWT encryptedJWT, SecurityContext securityContext) throws BadJOSEException, JOSEException {
        return process(encryptedJWT, (EncryptedJWT) securityContext);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.nimbusds.jwt.proc.JWTProcessor
    public /* bridge */ /* synthetic */ ReadOnlyJWTClaimsSet process(SignedJWT signedJWT, SecurityContext securityContext) throws BadJOSEException, JOSEException {
        return process(signedJWT, (SignedJWT) securityContext);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.nimbusds.jwt.proc.JWTProcessor
    public /* bridge */ /* synthetic */ ReadOnlyJWTClaimsSet process(PlainJWT plainJWT, SecurityContext securityContext) throws BadJOSEException, JOSEException {
        return process(plainJWT, (PlainJWT) securityContext);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.nimbusds.jwt.proc.JWTProcessor
    public /* bridge */ /* synthetic */ ReadOnlyJWTClaimsSet process(String str, SecurityContext securityContext) throws ParseException, BadJOSEException, JOSEException {
        return process(str, (String) securityContext);
    }
}
