package net.trajano.openidconnect.crypto;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.json.Json;
import javax.json.JsonObject;
import net.trajano.openidconnect.internal.JcaJsonWebTokenCrypto;

/* loaded from: input_file:net/trajano/openidconnect/crypto/JsonWebTokenProcessor.class */
public class JsonWebTokenProcessor {
    private String alg;
    private boolean allowJwkToBeSet;
    private final JsonWebTokenCrypto crypto;
    private String enc;
    private JsonWebToken jsonWebToken;
    private JsonWebKey jwk;
    private String kid;
    private boolean signatureCheck;

    public JsonWebTokenProcessor(JsonWebToken jsonWebToken) {
        this.alg = JsonWebToken.ALG_NONE;
        this.allowJwkToBeSet = false;
        this.crypto = JcaJsonWebTokenCrypto.getInstance();
        this.enc = null;
        this.jwk = null;
        this.kid = null;
        this.signatureCheck = true;
        this.jsonWebToken = jsonWebToken;
        this.alg = jsonWebToken.getAlg();
        this.enc = jsonWebToken.getEnc();
        this.kid = jsonWebToken.getKid();
    }

    public JsonWebTokenProcessor(String str) throws IOException {
        this(new JsonWebToken(str));
    }

    public JsonWebTokenProcessor allowJwkToBeSet(boolean z) throws IOException {
        this.allowJwkToBeSet = z;
        return this;
    }

    public JsonObject getJsonPayload() throws GeneralSecurityException {
        return Json.createReader(new ByteArrayInputStream(getPayload())).readObject();
    }

    public byte[] getPayload() throws GeneralSecurityException {
        byte[] payload;
        if (JsonWebToken.ALG_NONE.equals(this.alg)) {
            payload = this.jsonWebToken.getPayload(0);
        } else if (this.enc != null) {
            if (this.jsonWebToken.getNumberOfPayloads() != 4) {
                throw new GeneralSecurityException("invalid number of payloads in JWT for JWE");
            }
            payload = this.crypto.getJWEPayload(this.jsonWebToken, this.jwk);
        } else if (this.enc == null && this.alg != null && this.signatureCheck) {
            if (this.jsonWebToken.getNumberOfPayloads() != 2) {
                throw new GeneralSecurityException("invalid number of payloads in JWT for JWS");
            }
            if (this.jwk == null) {
                throw new GeneralSecurityException("No JWK available to validate signature");
            }
            payload = this.crypto.getJWSPayload(this.jsonWebToken, this.jwk, this.alg);
        } else {
            if (this.enc != null || this.alg == null || this.signatureCheck) {
                throw new GeneralSecurityException("invalid JOSE header");
            }
            if (this.jsonWebToken.getNumberOfPayloads() != 2) {
                throw new GeneralSecurityException("invalid number of payloads in JWT for JWS");
            }
            payload = this.jsonWebToken.getPayload(0);
        }
        if (!"DEF".equals(this.jsonWebToken.getZip())) {
            return payload;
        }
        try {
            return this.crypto.inflate(payload);
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }

    public JsonWebTokenProcessor jwk(JsonWebKey jsonWebKey) throws IOException {
        if (!this.allowJwkToBeSet) {
            throw new IOException("jwk cannot be explicitly set");
        }
        this.jwk = jsonWebKey;
        return this;
    }

    public JsonWebTokenProcessor jwks(JsonWebKeySet jsonWebKeySet) throws IOException {
        if (this.kid != null) {
            this.jwk = jsonWebKeySet.getJwk(this.kid);
        } else if (jsonWebKeySet.getKeys().length == 1) {
            this.jwk = jsonWebKeySet.getKeys()[0];
        }
        return this;
    }

    public boolean isJwkAvailable() {
        return this.jwk != null || JsonWebToken.ALG_NONE.equals(this.alg);
    }

    public JsonWebTokenProcessor signatureCheck(boolean z) {
        this.signatureCheck = z;
        return this;
    }
}
