package ro.ghionoiu.kmsjwt.token;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SigningKeyResolverAdapter;
import java.security.Key;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import ro.ghionoiu.kmsjwt.key.KeyDecrypt;
import ro.ghionoiu.kmsjwt.key.KeyOperationException;

/* loaded from: input_file:ro/ghionoiu/kmsjwt/token/JWTDecoder.class */
public class JWTDecoder {
    private final JwtParser jwtParser;

    /* loaded from: input_file:ro/ghionoiu/kmsjwt/token/JWTDecoder$DecryptSigningKeyUsingKID.class */
    private static final class DecryptSigningKeyUsingKID extends SigningKeyResolverAdapter {
        private KeyDecrypt keyDecrypt;

        DecryptSigningKeyUsingKID(KeyDecrypt keyDecrypt) {
            this.keyDecrypt = keyDecrypt;
        }

        public Key resolveSigningKey(JwsHeader jwsHeader, Claims claims) {
            String keyId = jwsHeader.getKeyId();
            if (keyId == null) {
                throw new IllegalArgumentException("No key ID has been found in the JWT header");
            }
            try {
                return new SecretKeySpec(this.keyDecrypt.decrypt(DatatypeConverter.parseBase64Binary(keyId)), SignatureAlgorithm.HS256.getJcaName());
            } catch (KeyOperationException e) {
                throw new IllegalArgumentException("Key decryption failed");
            }
        }
    }

    public JWTDecoder(KeyDecrypt keyDecrypt) {
        this.jwtParser = Jwts.parser().setSigningKeyResolver(new DecryptSigningKeyUsingKID(keyDecrypt)).setAllowedClockSkewSeconds(60L);
    }

    public Claims decodeAndVerify(String str) throws JWTVerificationException {
        try {
            return (Claims) this.jwtParser.parseClaimsJws(str).getBody();
        } catch (Exception e) {
            throw new JWTVerificationException(e.getMessage(), e);
        }
    }
}
