package io.toolsplus.atlassian.connect.jwt.scala;

import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.MACVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import java.time.Instant;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Product;
import scala.Serializable;
import scala.Some;
import scala.StringContext;
import scala.collection.Iterator;
import scala.package$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;
import scala.util.Either;
import scala.util.Failure;
import scala.util.Left;
import scala.util.Right;
import scala.util.Success;
import scala.util.Try$;

/* compiled from: JwtReader.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005Mf\u0001B\u0001\u0003\u0001>\u0011\u0011BS<u%\u0016\fG-\u001a:\u000b\u0005\r!\u0011!B:dC2\f'BA\u0003\u0007\u0003\rQw\u000f\u001e\u0006\u0003\u000f!\tqaY8o]\u0016\u001cGO\u0003\u0002\n\u0015\u0005I\u0011\r\u001e7bgNL\u0017M\u001c\u0006\u0003\u00171\t\u0011\u0002^8pYN\u0004H.^:\u000b\u00035\t!![8\u0004\u0001M!\u0001\u0001E\u000b\u0019!\t\t2#D\u0001\u0013\u0015\u0005\u0019\u0011B\u0001\u000b\u0013\u0005\u0019\te.\u001f*fMB\u0011\u0011CF\u0005\u0003/I\u0011q\u0001\u0015:pIV\u001cG\u000f\u0005\u0002\u00123%\u0011!D\u0005\u0002\r'\u0016\u0014\u0018.\u00197ju\u0006\u0014G.\u001a\u0005\t9\u0001\u0011)\u001a!C\u0001;\u0005a1\u000f[1sK\u0012\u001cVm\u0019:fiV\ta\u0004\u0005\u0002 E9\u0011\u0011\u0003I\u0005\u0003CI\ta\u0001\u0015:fI\u00164\u0017BA\u0012%\u0005\u0019\u0019FO]5oO*\u0011\u0011E\u0005\u0005\tM\u0001\u0011\t\u0012)A\u0005=\u0005i1\u000f[1sK\u0012\u001cVm\u0019:fi\u0002BQ\u0001\u000b\u0001\u0005\u0002%\na\u0001P5oSRtDC\u0001\u0016-!\tY\u0003!D\u0001\u0003\u0011\u0015ar\u00051\u0001\u001f\u0011\u001dq\u0003A1A\u0005\u000e=\n\u0001B^3sS\u001aLWM]\u000b\u0002aA\u0011\u0011\u0007O\u0007\u0002e)\u00111\u0007N\u0001\u0005U>\u001cXM\u0003\u00026m\u0005Aa.[7ckN$7OC\u00018\u0003\r\u0019w.\\\u0005\u0003sI\u00121BS,T-\u0016\u0014\u0018NZ5fe\"11\b\u0001Q\u0001\u000eA\n\u0011B^3sS\u001aLWM\u001d\u0011\t\u000bu\u0002A\u0011\u0001 \u0002\u001bI,\u0017\rZ!oIZ+'/\u001b4z)\ry\u0014K\u0015\t\u0005\u0001\"[eJ\u0004\u0002B\r:\u0011!)R\u0007\u0002\u0007*\u0011AID\u0001\u0007yI|w\u000e\u001e \n\u0003\rI!a\u0012\n\u0002\u000fA\f7m[1hK&\u0011\u0011J\u0013\u0002\u0007\u000b&$\b.\u001a:\u000b\u0005\u001d\u0013\u0002CA\u0016M\u0013\ti%AA\u0003FeJ|'\u000f\u0005\u0002,\u001f&\u0011\u0001K\u0001\u0002\u0004\u0015^$\b\"B\u0003=\u0001\u0004q\u0002\"B*=\u0001\u0004q\u0012aD9vKJL8\u000b\u001e:j]\u001eD\u0015m\u001d5\t\u000bU\u0003A\u0011\u0002,\u0002\tI,\u0017\r\u001a\u000b\u0005\u007f]C\u0016\fC\u0003\u0006)\u0002\u0007a\u0004C\u0003T)\u0002\u0007a\u0004C\u0003[)\u0002\u00071,A\u000btQ>,H\u000e\u001a,fe&4\u0017pU5h]\u0006$XO]3\u0011\u0005Ea\u0016BA/\u0013\u0005\u001d\u0011un\u001c7fC:DQa\u0018\u0001\u0005\n\u0001\f!B^3sS\u001aL(+Z:u)\ry\u0014M\u001a\u0005\u0006Ez\u0003\raY\u0001\nU^\u001cxJ\u00196fGR\u0004\"!\r3\n\u0005\u0015\u0014$!\u0003&X'>\u0013'.Z2u\u0011\u0015\u0019f\f1\u0001\u001f\u0011\u0015A\u0007\u0001\"\u0003j\u0003Q1XM]5gsN#\u0018M\u001c3be\u0012\u001cE.Y5ngR\u0011!\u000e\u001d\t\u0005\u0001\"[5\u000e\u0005\u0002m]6\tQN\u0003\u0002\u0006i%\u0011q.\u001c\u0002\r\u0015^#6\t\\1j[N\u001cV\r\u001e\u0005\u0006c\u001e\u0004\ra[\u0001\u0007G2\f\u0017.\\:\t\u000bM\u0004A\u0011\u0002;\u0002+Y,'/\u001b4z#V,'/_*ue&tw\rS1tQR\u0019!.\u001e<\t\u000bE\u0014\b\u0019A6\t\u000bM\u0013\b\u0019\u0001\u0010\t\u000ba\u0004A\u0011B=\u0002\u001fY,'/\u001b4z'&<g.\u0019;ve\u0016$\"A_>\u0011\t\u0001C5j\u0019\u0005\u0006E^\u0004\ra\u0019\u0005\b{\u0002\t\t\u0011\"\u0001\u007f\u0003\u0011\u0019w\u000e]=\u0015\u0005)z\bb\u0002\u000f}!\u0003\u0005\rA\b\u0005\n\u0003\u0007\u0001\u0011\u0013!C\u0001\u0003\u000b\tabY8qs\u0012\"WMZ1vYR$\u0013'\u0006\u0002\u0002\b)\u001aa$!\u0003,\u0005\u0005-\u0001\u0003BA\u0007\u0003/i!!a\u0004\u000b\t\u0005E\u00111C\u0001\nk:\u001c\u0007.Z2lK\u0012T1!!\u0006\u0013\u0003)\tgN\\8uCRLwN\\\u0005\u0005\u00033\tyAA\tv]\u000eDWmY6fIZ\u000b'/[1oG\u0016D\u0011\"!\b\u0001\u0003\u0003%\t%a\b\u0002\u001bA\u0014x\u000eZ;diB\u0013XMZ5y+\t\t\t\u0003\u0005\u0003\u0002$\u00055RBAA\u0013\u0015\u0011\t9#!\u000b\u0002\t1\fgn\u001a\u0006\u0003\u0003W\tAA[1wC&\u00191%!\n\t\u0013\u0005E\u0002!!A\u0005\u0002\u0005M\u0012\u0001\u00049s_\u0012,8\r^!sSRLXCAA\u001b!\r\t\u0012qG\u0005\u0004\u0003s\u0011\"aA%oi\"I\u0011Q\b\u0001\u0002\u0002\u0013\u0005\u0011qH\u0001\u000faJ|G-^2u\u000b2,W.\u001a8u)\u0011\t\t%a\u0012\u0011\u0007E\t\u0019%C\u0002\u0002FI\u00111!\u00118z\u0011)\tI%a\u000f\u0002\u0002\u0003\u0007\u0011QG\u0001\u0004q\u0012\n\u0004\"CA'\u0001\u0005\u0005I\u0011IA(\u0003=\u0001(o\u001c3vGRLE/\u001a:bi>\u0014XCAA)!\u0019\t\u0019&!\u0017\u0002B5\u0011\u0011Q\u000b\u0006\u0004\u0003/\u0012\u0012AC2pY2,7\r^5p]&!\u00111LA+\u0005!IE/\u001a:bi>\u0014\b\"CA0\u0001\u0005\u0005I\u0011AA1\u0003!\u0019\u0017M\\#rk\u0006dGcA.\u0002d!Q\u0011\u0011JA/\u0003\u0003\u0005\r!!\u0011\t\u0013\u0005\u001d\u0004!!A\u0005B\u0005%\u0014\u0001\u00035bg\"\u001cu\u000eZ3\u0015\u0005\u0005U\u0002\"CA7\u0001\u0005\u0005I\u0011IA8\u0003!!xn\u0015;sS:<GCAA\u0011\u0011%\t\u0019\bAA\u0001\n\u0003\n)(\u0001\u0004fcV\fGn\u001d\u000b\u00047\u0006]\u0004BCA%\u0003c\n\t\u00111\u0001\u0002B\u001d9\u00111\u0010\u0002\t\u0002\u0005u\u0014!\u0003&xiJ+\u0017\rZ3s!\rY\u0013q\u0010\u0004\u0007\u0003\tA\t!!!\u0014\t\u0005}\u0004\u0003\u0007\u0005\bQ\u0005}D\u0011AAC)\t\ti\b\u0003\u0006\u0002\n\u0006}$\u0019!C\u0005\u0003g\t\u0011\u0004V%N\u000b~\u001bE*Q%N?2+UiV!Z?N+5i\u0014(E'\"I\u0011QRA@A\u0003%\u0011QG\u0001\u001b)&kUiX\"M\u0003&ku\fT#F/\u0006KvlU#D\u001f:#5\u000b\t\u0005\u000b\u0003#\u000by(!A\u0005\u0002\u0006M\u0015!B1qa2LHc\u0001\u0016\u0002\u0016\"1A$a$A\u0002yA!\"!'\u0002��\u0005\u0005I\u0011QAN\u0003\u001d)h.\u00199qYf$B!!(\u0002$B!\u0011#a(\u001f\u0013\r\t\tK\u0005\u0002\u0007\u001fB$\u0018n\u001c8\t\u0013\u0005\u0015\u0016qSA\u0001\u0002\u0004Q\u0013a\u0001=%a!Q\u0011\u0011VA@\u0003\u0003%I!a+\u0002\u0017I,\u0017\r\u001a*fg>dg/\u001a\u000b\u0003\u0003[\u0003B!a\t\u00020&!\u0011\u0011WA\u0013\u0005\u0019y%M[3di\u0002")
/* loaded from: input_file:io/toolsplus/atlassian/connect/jwt/scala/JwtReader.class */
public class JwtReader implements Product, Serializable {
    private final String sharedSecret;
    private final JWSVerifier io$toolsplus$atlassian$connect$jwt$scala$JwtReader$$verifier;

    public static Option<String> unapply(JwtReader jwtReader) {
        return JwtReader$.MODULE$.unapply(jwtReader);
    }

    public static JwtReader apply(String str) {
        return JwtReader$.MODULE$.apply(str);
    }

    public String sharedSecret() {
        return this.sharedSecret;
    }

    public final JWSVerifier io$toolsplus$atlassian$connect$jwt$scala$JwtReader$$verifier() {
        return this.io$toolsplus$atlassian$connect$jwt$scala$JwtReader$$verifier;
    }

    public Either<Error, Jwt> readAndVerify(String str, String str2) {
        return read(str, str2, true);
    }

    private Either<Error, Jwt> read(String str, String str2, boolean z) {
        Either<Error, Jwt> either;
        Either<Error, Jwt> verifyRest;
        Either<Error, Jwt> either2;
        Either<Error, Jwt> parseJWSObject = JwtParser$.MODULE$.parseJWSObject(str);
        if (parseJWSObject instanceof Right) {
            JWSObject jWSObject = (JWSObject) ((Right) parseJWSObject).b();
            if (z) {
                Either<Error, Jwt> verifySignature = verifySignature(jWSObject);
                if (verifySignature instanceof Right) {
                    either2 = verifyRest(jWSObject, str2);
                } else {
                    if (!(verifySignature instanceof Left)) {
                        throw new MatchError(verifySignature);
                    }
                    either2 = (Left) verifySignature;
                }
                verifyRest = either2;
            } else {
                verifyRest = verifyRest(jWSObject, str2);
            }
            either = verifyRest;
        } else {
            if (!(parseJWSObject instanceof Left)) {
                throw new MatchError(parseJWSObject);
            }
            either = (Left) parseJWSObject;
        }
        return either;
    }

    private Either<Error, Jwt> verifyRest(JWSObject jWSObject, String str) {
        Right right;
        Right right2;
        Right right3;
        Right parseJWTClaimsSet = JwtParser$.MODULE$.parseJWTClaimsSet(jWSObject.getPayload().toJSONObject());
        if (parseJWTClaimsSet instanceof Right) {
            JWTClaimsSet jWTClaimsSet = (JWTClaimsSet) parseJWTClaimsSet.b();
            Right verifyStandardClaims = verifyStandardClaims(jWTClaimsSet);
            if (verifyStandardClaims instanceof Right) {
                Right verifyQueryStringHash = verifyQueryStringHash(jWTClaimsSet, str);
                if (verifyQueryStringHash instanceof Right) {
                    right3 = package$.MODULE$.Right().apply(new Jwt(jWSObject, jWTClaimsSet));
                } else {
                    if (!(verifyQueryStringHash instanceof Left)) {
                        throw new MatchError(verifyQueryStringHash);
                    }
                    right3 = (Left) verifyQueryStringHash;
                }
                right2 = right3;
            } else {
                if (!(verifyStandardClaims instanceof Left)) {
                    throw new MatchError(verifyStandardClaims);
                }
                right2 = (Left) verifyStandardClaims;
            }
            right = right2;
        } else {
            if (!(parseJWTClaimsSet instanceof Left)) {
                throw new MatchError(parseJWTClaimsSet);
            }
            right = (Left) parseJWTClaimsSet;
        }
        return right;
    }

    private Either<Error, JWTClaimsSet> verifyStandardClaims(JWTClaimsSet jWTClaimsSet) {
        if (jWTClaimsSet.getIssueTime() == null || jWTClaimsSet.getExpirationTime() == null) {
            return new Left(new JwtInvalidClaimError("'exp' and 'iat' are required claims. Atlassian JWT does not allow JWTs with unlimited lifetimes."));
        }
        Instant now = Instant.now();
        Instant minusSeconds = now.minusSeconds(JwtReader$.MODULE$.io$toolsplus$atlassian$connect$jwt$scala$JwtReader$$TIME_CLAIM_LEEWAY_SECONDS());
        Instant plusSeconds = now.plusSeconds(JwtReader$.MODULE$.io$toolsplus$atlassian$connect$jwt$scala$JwtReader$$TIME_CLAIM_LEEWAY_SECONDS());
        if (jWTClaimsSet.getNotBeforeTime() != null) {
            if (!jWTClaimsSet.getExpirationTime().after(jWTClaimsSet.getNotBeforeTime())) {
                return new Left(new JwtInvalidClaimError(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"The expiration time must be after the not-before time but exp=", " and nbf=", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jWTClaimsSet.getExpirationTime(), jWTClaimsSet.getNotBeforeTime()}))));
            }
            if (jWTClaimsSet.getNotBeforeTime().toInstant().isAfter(plusSeconds)) {
                return new Left(new JwtTooEarlyError(jWTClaimsSet.getNotBeforeTime().toInstant(), now, JwtReader$.MODULE$.io$toolsplus$atlassian$connect$jwt$scala$JwtReader$$TIME_CLAIM_LEEWAY_SECONDS()));
            }
        }
        return jWTClaimsSet.getExpirationTime().toInstant().isBefore(minusSeconds) ? new Left(new JwtExpiredError(jWTClaimsSet.getExpirationTime().toInstant(), now, JwtReader$.MODULE$.io$toolsplus$atlassian$connect$jwt$scala$JwtReader$$TIME_CLAIM_LEEWAY_SECONDS())) : package$.MODULE$.Right().apply(jWTClaimsSet);
    }

    private Either<Error, JWTClaimsSet> verifyQueryStringHash(JWTClaimsSet jWTClaimsSet, String str) {
        Right apply;
        Some apply2 = Option$.MODULE$.apply(jWTClaimsSet.getClaim(HttpRequestCanonicalizer$.MODULE$.QUERY_STRING_HASH_CLAIM_NAME()));
        if (apply2 instanceof Some) {
            Object x = apply2.x();
            apply = (str != null ? !str.equals(x) : x != null) ? new Left(new JwtInvalidClaimError(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Expecting claim '", "' to have value '", "' but instead it has the value '", "'"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{HttpRequestCanonicalizer$.MODULE$.QUERY_STRING_HASH_CLAIM_NAME(), str, apply2})))) : package$.MODULE$.Right().apply(jWTClaimsSet);
        } else {
            if (!None$.MODULE$.equals(apply2)) {
                throw new MatchError(apply2);
            }
            apply = package$.MODULE$.Right().apply(jWTClaimsSet);
        }
        return apply;
    }

    private Either<Error, JWSObject> verifySignature(JWSObject jWSObject) {
        Right left;
        Success apply = Try$.MODULE$.apply(new JwtReader$$anonfun$1(this, jWSObject));
        if (apply instanceof Success) {
            left = BoxesRunTime.unboxToBoolean(apply.value()) ? package$.MODULE$.Right().apply(jWSObject) : new Left(new JwtSignatureMismatchError(jWSObject.getParsedString()));
        } else {
            if (!(apply instanceof Failure)) {
                throw new MatchError(apply);
            }
            left = new Left(new JwtSignatureMismatchError(((Failure) apply).exception().getMessage()));
        }
        return left;
    }

    public JwtReader copy(String str) {
        return new JwtReader(str);
    }

    public String copy$default$1() {
        return sharedSecret();
    }

    public String productPrefix() {
        return "JwtReader";
    }

    public int productArity() {
        return 1;
    }

    public Object productElement(int i) {
        switch (i) {
            case 0:
                return sharedSecret();
            default:
                throw new IndexOutOfBoundsException(BoxesRunTime.boxToInteger(i).toString());
        }
    }

    public Iterator<Object> productIterator() {
        return ScalaRunTime$.MODULE$.typedProductIterator(this);
    }

    public boolean canEqual(Object obj) {
        return obj instanceof JwtReader;
    }

    public int hashCode() {
        return ScalaRunTime$.MODULE$._hashCode(this);
    }

    public String toString() {
        return ScalaRunTime$.MODULE$._toString(this);
    }

    public boolean equals(Object obj) {
        boolean z;
        if (this != obj) {
            if (obj instanceof JwtReader) {
                JwtReader jwtReader = (JwtReader) obj;
                String sharedSecret = sharedSecret();
                String sharedSecret2 = jwtReader.sharedSecret();
                if (sharedSecret != null ? sharedSecret.equals(sharedSecret2) : sharedSecret2 == null) {
                    if (jwtReader.canEqual(this)) {
                        z = true;
                        if (!z) {
                        }
                    }
                }
                z = false;
                if (!z) {
                }
            }
            return false;
        }
        return true;
    }

    public JwtReader(String str) {
        this.sharedSecret = str;
        Product.class.$init$(this);
        this.io$toolsplus$atlassian$connect$jwt$scala$JwtReader$$verifier = new MACVerifier(str);
    }
}
