package org.soulwing.jwt.api.locator;

import java.io.IOException;
import java.net.URI;
import java.security.cert.X509Certificate;
import java.util.EnumSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.soulwing.jwt.api.PublicKeyInfo;
import org.soulwing.jwt.api.PublicKeyLocator;
import org.soulwing.jwt.api.X509CertificateValidator;
import org.soulwing.jwt.api.exceptions.CertificateException;
import org.soulwing.jwt.api.exceptions.CertificateValidationException;
import org.soulwing.jwt.api.exceptions.PublicKeyNotFoundException;

/* loaded from: input_file:WEB-INF/lib/jwt-api-1.6.1.jar:org/soulwing/jwt/api/locator/JcaPublicKeyLocator.class */
public class JcaPublicKeyLocator implements PublicKeyLocator {
    private final Map<PublicKeyLocator.StrategyType, Strategy> strategies;
    private CertificateChainLoader chainLoader;
    private Set<PublicKeyLocator.StrategyType> enabledStrategies;
    private X509CertificateValidator certificateValidator;
    private X509CertificateValidator.Factory certificateValidatorFactory;

    /* loaded from: input_file:WEB-INF/lib/jwt-api-1.6.1.jar:org/soulwing/jwt/api/locator/JcaPublicKeyLocator$Builder.class */
    public static class Builder implements PublicKeyLocator.Builder {
        private JcaPublicKeyLocator locator;

        private Builder() {
            this.locator = new JcaPublicKeyLocator();
        }

        public PublicKeyLocator.Builder chainLoader(CertificateChainLoader certificateChainLoader) {
            this.locator.chainLoader = certificateChainLoader;
            return this;
        }

        @Override // org.soulwing.jwt.api.PublicKeyLocator.Builder
        public PublicKeyLocator.Builder strategies(Set<PublicKeyLocator.StrategyType> set) {
            this.locator.enabledStrategies = set;
            return this;
        }

        @Override // org.soulwing.jwt.api.PublicKeyLocator.Builder
        public PublicKeyLocator.Builder certificateValidator(X509CertificateValidator x509CertificateValidator) {
            this.locator.certificateValidator = x509CertificateValidator;
            return this;
        }

        @Override // org.soulwing.jwt.api.PublicKeyLocator.Builder
        public PublicKeyLocator.Builder certificateValidatorFactory(X509CertificateValidator.Factory factory) {
            this.locator.certificateValidatorFactory = factory;
            return this;
        }

        @Override // org.soulwing.jwt.api.PublicKeyLocator.Builder
        public PublicKeyLocator build() {
            if (this.locator.certificateValidator == null && this.locator.certificateValidatorFactory == null) {
                throw new IllegalArgumentException("certificate validator or validator factory is required");
            }
            if (this.locator.certificateValidator == null || this.locator.certificateValidatorFactory == null) {
                return this.locator;
            }
            throw new IllegalArgumentException("specify either a certificate validator or validator factory, not both");
        }
    }

    /* loaded from: input_file:WEB-INF/lib/jwt-api-1.6.1.jar:org/soulwing/jwt/api/locator/JcaPublicKeyLocator$CertificateChainStrategy.class */
    private class CertificateChainStrategy implements Strategy {
        private CertificateChainStrategy() {
        }

        @Override // org.soulwing.jwt.api.locator.JcaPublicKeyLocator.Strategy
        public PublicKeyInfo locate(PublicKeyLocator.Criteria criteria) throws CertificateValidationException {
            List<X509Certificate> certificateChain = criteria.getCertificateChain();
            if (certificateChain == null || certificateChain.isEmpty()) {
                return null;
            }
            JcaPublicKeyLocator.this.getValidator(criteria, certificateChain).validate(certificateChain);
            return PublicKeyInfo.builder().publicKey(certificateChain.get(0).getPublicKey()).certificates(certificateChain).build();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/jwt-api-1.6.1.jar:org/soulwing/jwt/api/locator/JcaPublicKeyLocator$CertificateChainUrlStrategy.class */
    private class CertificateChainUrlStrategy implements Strategy {
        private CertificateChainUrlStrategy() {
        }

        @Override // org.soulwing.jwt.api.locator.JcaPublicKeyLocator.Strategy
        public PublicKeyInfo locate(PublicKeyLocator.Criteria criteria) throws CertificateValidationException, IOException {
            URI certificateChainUrl = criteria.getCertificateChainUrl();
            if (certificateChainUrl == null) {
                return null;
            }
            List<X509Certificate> load = JcaPublicKeyLocator.this.chainLoader.load(certificateChainUrl);
            JcaPublicKeyLocator.this.getValidator(criteria, load).validate(load);
            return PublicKeyInfo.builder().publicKey(load.get(0).getPublicKey()).certificates(load).build();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/jwt-api-1.6.1.jar:org/soulwing/jwt/api/locator/JcaPublicKeyLocator$JsonWebKeyStrategy.class */
    private class JsonWebKeyStrategy implements Strategy {
        private JsonWebKeyStrategy() {
        }

        @Override // org.soulwing.jwt.api.locator.JcaPublicKeyLocator.Strategy
        public PublicKeyInfo locate(PublicKeyLocator.Criteria criteria) {
            return null;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/jwt-api-1.6.1.jar:org/soulwing/jwt/api/locator/JcaPublicKeyLocator$JsonWebKeyUrlStrategy.class */
    private class JsonWebKeyUrlStrategy implements Strategy {
        private JsonWebKeyUrlStrategy() {
        }

        @Override // org.soulwing.jwt.api.locator.JcaPublicKeyLocator.Strategy
        public PublicKeyInfo locate(PublicKeyLocator.Criteria criteria) {
            return null;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/jwt-api-1.6.1.jar:org/soulwing/jwt/api/locator/JcaPublicKeyLocator$Strategy.class */
    private interface Strategy {
        PublicKeyInfo locate(PublicKeyLocator.Criteria criteria) throws CertificateValidationException, IOException;
    }

    private JcaPublicKeyLocator() {
        this.strategies = new LinkedHashMap();
        this.chainLoader = PemCertificateChainLoader.getDefaultInstance();
        this.enabledStrategies = EnumSet.allOf(PublicKeyLocator.StrategyType.class);
        this.strategies.put(PublicKeyLocator.StrategyType.CERT_CHAIN, new CertificateChainStrategy());
        this.strategies.put(PublicKeyLocator.StrategyType.CERT_CHAIN_URL, new CertificateChainUrlStrategy());
        this.strategies.put(PublicKeyLocator.StrategyType.JWK, new JsonWebKeyStrategy());
        this.strategies.put(PublicKeyLocator.StrategyType.JWK_URL, new JsonWebKeyUrlStrategy());
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // org.soulwing.jwt.api.PublicKeyLocator
    public PublicKeyInfo locate(PublicKeyLocator.Criteria criteria) throws PublicKeyNotFoundException, CertificateValidationException {
        PublicKeyInfo locate;
        try {
            for (PublicKeyLocator.StrategyType strategyType : this.strategies.keySet()) {
                if (this.enabledStrategies.contains(strategyType) && (locate = this.strategies.get(strategyType).locate(criteria)) != null) {
                    return locate;
                }
            }
            throw new PublicKeyNotFoundException();
        } catch (IOException e) {
            throw new CertificateException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public X509CertificateValidator getValidator(PublicKeyLocator.Criteria criteria, List<X509Certificate> list) throws CertificateValidationException {
        return this.certificateValidator != null ? this.certificateValidator : this.certificateValidatorFactory.getValidator(criteria, list);
    }
}
