package org.soulwing.jwt.api.jose4j;

import java.time.Clock;
import org.soulwing.jwt.api.Assertions;
import org.soulwing.jwt.api.Claims;
import org.soulwing.jwt.api.JWE;
import org.soulwing.jwt.api.JWS;
import org.soulwing.jwt.api.JWTProvider;
import org.soulwing.jwt.api.JWTValidator;
import org.soulwing.jwt.api.JoseHeader;
import org.soulwing.jwt.api.exceptions.JWTAssertionFailedException;
import org.soulwing.jwt.api.exceptions.JWTConfigurationException;
import org.soulwing.jwt.api.exceptions.JWTEncryptionException;
import org.soulwing.jwt.api.exceptions.JWTParseException;
import org.soulwing.jwt.api.exceptions.JWTSignatureException;
import org.soulwing.jwt.api.exceptions.JWTValidationException;

/* loaded from: input_file:WEB-INF/lib/jwt-api-1.6.0.jar:org/soulwing/jwt/api/jose4j/Jose4jValidator.class */
class Jose4jValidator implements JWTValidator {
    private JWTProvider provider;
    private Clock clock = Clock.systemUTC();
    private JWE encryptionOperator;
    private JWE.Factory encryptionOperatorFactory;
    private JWS signatureOperator;
    private JWS.Factory signatureOperatorFactory;
    private Assertions assertions;

    /* loaded from: input_file:WEB-INF/lib/jwt-api-1.6.0.jar:org/soulwing/jwt/api/jose4j/Jose4jValidator$Builder.class */
    static class Builder implements JWTValidator.Builder {
        private final Jose4jValidator validator;

        private Builder(JWTProvider jWTProvider) {
            this.validator = new Jose4jValidator();
            this.validator.provider = jWTProvider;
        }

        @Override // org.soulwing.jwt.api.JWTValidator.Builder
        public JWTValidator.Builder encryptionOperator(JWE jwe) {
            if (jwe == null) {
                jwe = NoOpEncryptionOperator.INSTANCE;
            }
            this.validator.encryptionOperator = jwe;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWTValidator.Builder
        public JWTValidator.Builder encryptionOperatorFactory(JWE.Factory factory) {
            this.validator.encryptionOperatorFactory = factory;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWTValidator.Builder
        public JWTValidator.Builder signatureOperator(JWS jws) {
            this.validator.signatureOperator = jws;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWTValidator.Builder
        public JWTValidator.Builder signatureOperatorFactory(JWS.Factory factory) {
            this.validator.signatureOperatorFactory = factory;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWTValidator.Builder
        public JWTValidator.Builder claimsAssertions(Assertions assertions) {
            this.validator.assertions = assertions;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWTValidator.Builder
        public JWTValidator.Builder clock(Clock clock) {
            if (clock == null) {
                clock = Clock.systemUTC();
            }
            this.validator.clock = clock;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWTValidator.Builder
        public JWTValidator build() throws JWTConfigurationException {
            if (this.validator.clock == null) {
                throw new JWTConfigurationException("clock is required");
            }
            if (this.validator.encryptionOperator == null && this.validator.encryptionOperatorFactory == null) {
                this.validator.encryptionOperator = NoOpEncryptionOperator.INSTANCE;
            }
            if (this.validator.signatureOperator == null && this.validator.signatureOperatorFactory == null) {
                throw new JWTConfigurationException("signature operator or factory is required");
            }
            if (this.validator.assertions == null) {
                throw new JWTConfigurationException("assertions are required");
            }
            if (this.validator.encryptionOperator != null && this.validator.encryptionOperatorFactory != null) {
                throw new JWTConfigurationException("specify an encryption operator or operator factory, not both");
            }
            if (this.validator.signatureOperator == null || this.validator.signatureOperatorFactory == null) {
                return this.validator;
            }
            throw new JWTConfigurationException("specify a signature operator or operator factory, not both");
        }
    }

    Jose4jValidator() {
    }

    public static Builder builder(JWTProvider jWTProvider) {
        return new Builder(jWTProvider);
    }

    @Override // org.soulwing.jwt.api.JWTValidator
    public Claims validate(String str) throws JWTParseException, JWTEncryptionException, JWTSignatureException, JWTValidationException {
        try {
            JWS.Result verify = verify(decrypt(str));
            Claims parse = this.provider.parse(verify.getPayload());
            this.assertions.assertSatisfied(parse, new Jose4jAssertionContext(this.clock, verify.getPublicKeyInfo()));
            return parse;
        } catch (JWTAssertionFailedException | JWTConfigurationException e) {
            throw new JWTValidationException(e.getMessage(), e);
        }
    }

    private String decrypt(String str) throws JWTEncryptionException, JWTConfigurationException, JWTParseException {
        return getEncryptionOperator(this.provider.header(str)).decrypt(str);
    }

    private JWE getEncryptionOperator(JoseHeader joseHeader) throws JWTConfigurationException {
        return this.encryptionOperator != null ? this.encryptionOperator : this.encryptionOperatorFactory.getOperator((JWE.Header) joseHeader);
    }

    private JWS.Result verify(String str) throws JWTSignatureException, JWTConfigurationException, JWTParseException {
        return getSignatureOperator(this.provider.header(str)).verify(str);
    }

    private JWS getSignatureOperator(JoseHeader joseHeader) throws JWTConfigurationException {
        return this.signatureOperator != null ? this.signatureOperator : this.signatureOperatorFactory.getOperator((JWS.Header) joseHeader);
    }
}
