package org.soulwing.jwt.api.jose4j;

import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.lang.JoseException;
import org.soulwing.jwt.api.JWS;
import org.soulwing.jwt.api.KeyProvider;
import org.soulwing.jwt.api.PublicKeyInfo;
import org.soulwing.jwt.api.PublicKeyLocator;
import org.soulwing.jwt.api.exceptions.CertificateException;
import org.soulwing.jwt.api.exceptions.InvalidSignatureException;
import org.soulwing.jwt.api.exceptions.JWTConfigurationException;
import org.soulwing.jwt.api.exceptions.JWTSignatureException;
import org.soulwing.jwt.api.exceptions.KeyProviderException;
import org.soulwing.jwt.api.exceptions.PublicKeyNotFoundException;
import org.soulwing.jwt.api.exceptions.SignatureKeyNotFoundException;

/* loaded from: input_file:WEB-INF/lib/jwt-api-1.6.1.jar:org/soulwing/jwt/api/jose4j/Jose4jSignatureOperator.class */
class Jose4jSignatureOperator implements JWS {
    private JWS.Algorithm algorithm;
    private KeyProvider keyProvider;
    private PublicKeyLocator publicKeyLocator;

    /* loaded from: input_file:WEB-INF/lib/jwt-api-1.6.1.jar:org/soulwing/jwt/api/jose4j/Jose4jSignatureOperator$Builder.class */
    static class Builder implements JWS.Builder {
        final Jose4jSignatureOperator operation;

        private Builder() {
            this.operation = new Jose4jSignatureOperator();
        }

        @Override // org.soulwing.jwt.api.JWS.Builder
        public JWS.Builder keyProvider(KeyProvider keyProvider) {
            this.operation.keyProvider = keyProvider;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWS.Builder
        public JWS.Builder publicKeyLocator(PublicKeyLocator publicKeyLocator) {
            this.operation.publicKeyLocator = publicKeyLocator;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWS.Builder
        public JWS.Builder algorithm(JWS.Algorithm algorithm) {
            this.operation.algorithm = algorithm;
            return this;
        }

        @Override // org.soulwing.jwt.api.JWS.Builder
        public JWS build() throws JWTConfigurationException {
            if (this.operation.algorithm == null) {
                throw new JWTConfigurationException("algorithm is required");
            }
            if (this.operation.keyProvider == null && this.operation.publicKeyLocator == null && this.operation.algorithm != JWS.Algorithm.none) {
                throw new JWTConfigurationException("keyProvider or publicKeyLocator is required");
            }
            return this.operation;
        }
    }

    private Jose4jSignatureOperator() {
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // org.soulwing.jwt.api.JWS
    public String sign(String str) throws JWTSignatureException {
        try {
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setPayload(str);
            jsonWebSignature.setAlgorithmHeaderValue(this.algorithm.toToken());
            if (this.algorithm != JWS.Algorithm.none) {
                JoseKeyInfoUtil.configureKeyInfo(jsonWebSignature, this.keyProvider.currentKey());
            }
            return jsonWebSignature.getCompactSerialization();
        } catch (JoseException | KeyProviderException e) {
            throw new JWTSignatureException(e.toString(), e);
        }
    }

    @Override // org.soulwing.jwt.api.JWS
    public JWS.Result verify(String str) throws JWTSignatureException {
        PublicKeyInfo publicKeyInfo;
        try {
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setCompactSerialization(str);
            jsonWebSignature.setAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, this.algorithm.toToken()));
            if (!this.algorithm.isAsymmetric() || this.publicKeyLocator == null) {
                publicKeyInfo = null;
                jsonWebSignature.setKey(this.keyProvider.retrieveKey(jsonWebSignature.getKeyIdHeaderValue()).orElseThrow(SignatureKeyNotFoundException::new));
            } else {
                publicKeyInfo = this.publicKeyLocator.locate(new Jose4jPublicKeyCriteria(jsonWebSignature));
                jsonWebSignature.setKey(publicKeyInfo.getPublicKey());
            }
            if (jsonWebSignature.verifySignature()) {
                return new Jose4jVerificationResult(jsonWebSignature.getPayload(), publicKeyInfo);
            }
            throw new InvalidSignatureException(this.algorithm);
        } catch (JoseException | KeyProviderException e) {
            throw new JWTSignatureException(e.toString(), e);
        } catch (CertificateException e2) {
            if (e2.getCause() != null) {
                throw new JWTSignatureException(e2.getCause().getMessage(), e2.getCause());
            }
            throw new JWTSignatureException(e2.getMessage(), e2);
        } catch (PublicKeyNotFoundException e3) {
            throw new SignatureKeyNotFoundException();
        }
    }
}
