package no.nav.security.mock.oauth2.extensions;

import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.AuthorizationGrant;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.Prompt;
import java.time.Duration;
import java.time.Instant;
import java.util.Collection;
import java.util.HashSet;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import no.nav.security.mock.oauth2.OAuth2Exception;
import org.jetbrains.annotations.NotNull;

/* compiled from: NimbusExtensions.kt */
@Metadata(mv = {1, 4, 0}, bv = {1, 0, 3}, k = 2, d1 = {"��>\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0010\b\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\u001a\n\u0010��\u001a\u00020\u0001*\u00020\u0002\u001a\n\u0010\u0003\u001a\u00020\u0004*\u00020\u0002\u001a\n\u0010\u0005\u001a\u00020\u0006*\u00020\u0007\u001a\n\u0010\b\u001a\u00020\t*\u00020\u0002\u001a\n\u0010\n\u001a\u00020\u000b*\u00020\f\u001a\u001a\u0010\r\u001a\u00020\u000e*\u00020\u00072\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012¨\u0006\u0013"}, d2 = {"authorizationCode", "Lcom/nimbusds/oauth2/sdk/AuthorizationCode;", "Lcom/nimbusds/oauth2/sdk/TokenRequest;", "clientIdAsString", "", "expiresIn", "", "Lcom/nimbusds/jwt/SignedJWT;", "grantType", "Lcom/nimbusds/oauth2/sdk/GrantType;", "isPrompt", "", "Lcom/nimbusds/openid/connect/sdk/AuthenticationRequest;", "verifySignatureAndIssuer", "Lcom/nimbusds/jwt/JWTClaimsSet;", "issuer", "Lcom/nimbusds/oauth2/sdk/id/Issuer;", "jwkSet", "Lcom/nimbusds/jose/jwk/JWKSet;", "mock-oauth2-server"})
/* loaded from: input_file:no/nav/security/mock/oauth2/extensions/NimbusExtensionsKt.class */
public final class NimbusExtensionsKt {
    public static final boolean isPrompt(@NotNull AuthenticationRequest authenticationRequest) {
        Intrinsics.checkNotNullParameter(authenticationRequest, "$this$isPrompt");
        Iterable prompt = authenticationRequest.getPrompt();
        if (prompt == null) {
            return false;
        }
        Iterable<Prompt.Type> iterable = prompt;
        if ((iterable instanceof Collection) && ((Collection) iterable).isEmpty()) {
            return false;
        }
        for (Prompt.Type type : iterable) {
            if (type == Prompt.Type.LOGIN || type == Prompt.Type.CONSENT || type == Prompt.Type.SELECT_ACCOUNT) {
                return true;
            }
        }
        return false;
    }

    @NotNull
    public static final GrantType grantType(@NotNull TokenRequest tokenRequest) {
        Intrinsics.checkNotNullParameter(tokenRequest, "$this$grantType");
        AuthorizationGrant authorizationGrant = tokenRequest.getAuthorizationGrant();
        if (authorizationGrant != null) {
            GrantType type = authorizationGrant.getType();
            if (type != null) {
                return type;
            }
        }
        throw new OAuth2Exception(OAuth2Error.INVALID_REQUEST, "missing required parameter grant_type");
    }

    @NotNull
    public static final AuthorizationCode authorizationCode(@NotNull TokenRequest tokenRequest) {
        Intrinsics.checkNotNullParameter(tokenRequest, "$this$authorizationCode");
        AuthorizationCodeGrant authorizationGrant = tokenRequest.getAuthorizationGrant();
        if (authorizationGrant != null) {
            AuthorizationCodeGrant authorizationCodeGrant = authorizationGrant;
            if (!(authorizationCodeGrant instanceof AuthorizationCodeGrant)) {
                authorizationCodeGrant = null;
            }
            AuthorizationCodeGrant authorizationCodeGrant2 = authorizationCodeGrant;
            if (authorizationCodeGrant2 != null) {
                AuthorizationCode authorizationCode = authorizationCodeGrant2.getAuthorizationCode();
                if (authorizationCode != null) {
                    return authorizationCode;
                }
            }
        }
        throw new OAuth2Exception(OAuth2Error.INVALID_GRANT, "code cannot be null");
    }

    /* JADX WARN: Code restructure failed: missing block: B:6:0x0019, code lost:
    
        if (r0 != null) goto L13;
     */
    @org.jetbrains.annotations.NotNull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static final java.lang.String clientIdAsString(@org.jetbrains.annotations.NotNull com.nimbusds.oauth2.sdk.TokenRequest r5) {
        /*
            r0 = r5
            java.lang.String r1 = "$this$clientIdAsString"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r0, r1)
            r0 = r5
            com.nimbusds.oauth2.sdk.auth.ClientAuthentication r0 = r0.getClientAuthentication()
            r1 = r0
            if (r1 == 0) goto L1f
            com.nimbusds.oauth2.sdk.id.ClientID r0 = r0.getClientID()
            r1 = r0
            if (r1 == 0) goto L1f
            java.lang.String r0 = r0.getValue()
            r1 = r0
            if (r1 == 0) goto L1f
            goto L30
        L1f:
            r0 = r5
            com.nimbusds.oauth2.sdk.id.ClientID r0 = r0.getClientID()
            r1 = r0
            if (r1 == 0) goto L2e
            java.lang.String r0 = r0.getValue()
            goto L30
        L2e:
            r0 = 0
        L30:
            r1 = r0
            if (r1 == 0) goto L37
            goto L48
        L37:
            no.nav.security.mock.oauth2.OAuth2Exception r0 = new no.nav.security.mock.oauth2.OAuth2Exception
            r1 = r0
            com.nimbusds.oauth2.sdk.ErrorObject r2 = com.nimbusds.oauth2.sdk.OAuth2Error.INVALID_CLIENT
            java.lang.String r3 = "client_id cannot be null"
            r1.<init>(r2, r3)
            java.lang.Throwable r0 = (java.lang.Throwable) r0
            throw r0
        L48:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: no.nav.security.mock.oauth2.extensions.NimbusExtensionsKt.clientIdAsString(com.nimbusds.oauth2.sdk.TokenRequest):java.lang.String");
    }

    public static final int expiresIn(@NotNull SignedJWT signedJWT) {
        Intrinsics.checkNotNullParameter(signedJWT, "$this$expiresIn");
        Instant now = Instant.now();
        JWTClaimsSet jWTClaimsSet = signedJWT.getJWTClaimsSet();
        Intrinsics.checkNotNullExpressionValue(jWTClaimsSet, "this.jwtClaimsSet");
        Duration between = Duration.between(now, jWTClaimsSet.getExpirationTime().toInstant());
        Intrinsics.checkNotNullExpressionValue(between, "Duration.between(Instant…pirationTime.toInstant())");
        return (int) between.getSeconds();
    }

    @NotNull
    public static final JWTClaimsSet verifySignatureAndIssuer(@NotNull SignedJWT signedJWT, @NotNull Issuer issuer, @NotNull JWKSet jWKSet) {
        Intrinsics.checkNotNullParameter(signedJWT, "$this$verifySignatureAndIssuer");
        Intrinsics.checkNotNullParameter(issuer, "issuer");
        Intrinsics.checkNotNullParameter(jWKSet, "jwkSet");
        ConfigurableJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        defaultJWTProcessor.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier(new JOSEObjectType[]{new JOSEObjectType("JWT")}));
        defaultJWTProcessor.setJWSKeySelector(new JWSVerificationKeySelector(JWSAlgorithm.RS256, new ImmutableJWKSet(jWKSet)));
        defaultJWTProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier(new JWTClaimsSet.Builder().issuer(issuer.toString()).build(), new HashSet(CollectionsKt.listOf(new String[]{"sub", "iat", "exp", "aud"}))));
        try {
            JWTClaimsSet process = defaultJWTProcessor.process(signedJWT, (SecurityContext) null);
            Intrinsics.checkNotNullExpressionValue(process, "jwtProcessor.process(this, null)");
            return process;
        } catch (Exception e) {
            throw new OAuth2Exception("invalid signed JWT.", e);
        }
    }
}
