package org.smallmind.web.jwt.jose4j;

import java.security.Key;
import java.util.ArrayList;
import java.util.LinkedList;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwx.JsonWebStructure;
import org.jose4j.keys.KeyPersuasion;
import org.smallmind.web.json.scaffold.util.JsonCodec;

/* loaded from: input_file:org/smallmind/web/jwt/jose4j/JWTConsumer.class */
public class JWTConsumer {
    private boolean skipSignatureVerification;
    private boolean requireSignature = true;
    private boolean requireEncryption;
    private boolean requireIntegrity;

    public JWTConsumer setSkipSignatureVerification(boolean z) {
        this.skipSignatureVerification = z;
        return this;
    }

    public JWTConsumer setRequireSignature(boolean z) {
        this.requireSignature = z;
        return this;
    }

    public JWTConsumer setRequireEncryption(boolean z) {
        this.requireEncryption = z;
        return this;
    }

    public JWTConsumer setRequireIntegrity(boolean z) {
        this.requireIntegrity = z;
        return this;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T> T process(String str, Key key, Class<T> cls) throws Exception {
        String payload;
        T t = null;
        LinkedList<JsonWebStructure> linkedList = new LinkedList<>();
        String str2 = str;
        while (t == null) {
            JsonWebSignature fromCompactSerialization = JsonWebStructure.fromCompactSerialization(str2);
            if (fromCompactSerialization instanceof JsonWebSignature) {
                payload = fromCompactSerialization.getUnverifiedPayload();
            } else {
                JsonWebEncryption jsonWebEncryption = (JsonWebEncryption) fromCompactSerialization;
                jsonWebEncryption.setKey(key);
                payload = jsonWebEncryption.getPayload();
            }
            if (isNestedJwt(fromCompactSerialization)) {
                str2 = payload;
            } else {
                t = JsonCodec.read(payload, cls);
            }
            linkedList.addFirst(fromCompactSerialization);
        }
        processContext(str, key, linkedList);
        return t;
    }

    private void processContext(String str, Key key, LinkedList<JsonWebStructure> linkedList) throws Exception {
        ArrayList arrayList = new ArrayList(linkedList);
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        for (int size = arrayList.size() - 1; size >= 0; size--) {
            JsonWebSignature jsonWebSignature = (JsonWebStructure) arrayList.get(size);
            if (jsonWebSignature instanceof JsonWebSignature) {
                JsonWebSignature jsonWebSignature2 = jsonWebSignature;
                boolean equals = "none".equals(jsonWebSignature2.getAlgorithmHeaderValue());
                if (!this.skipSignatureVerification) {
                    if (!equals) {
                        jsonWebSignature2.setKey(key);
                    }
                    if (!jsonWebSignature2.verifySignature()) {
                        throw new InvalidJWTSignatureException(jsonWebSignature2.getAlgorithmHeaderValue(), new Object[0]);
                    }
                }
                if (!equals) {
                    z = true;
                }
            } else {
                z2 = true;
                z3 = ((JsonWebEncryption) jsonWebSignature).getKeyManagementModeAlgorithm().getKeyPersuasion() == KeyPersuasion.SYMMETRIC;
            }
        }
        if (this.requireSignature && !z) {
            throw new InvalidJWTException("The JWT has no signature but the JWT Consumer is configured to require one: " + str, new Object[0]);
        }
        if (this.requireEncryption && !z2) {
            throw new InvalidJWTException("The JWT has no encryption but the JWT Consumer is configured to require it: " + str, new Object[0]);
        }
        if (this.requireIntegrity && !z && !z3) {
            throw new InvalidJWTException("The JWT has no integrity protection (signature/MAC or symmetric AEAD encryption) but the JWT Consumer is configured to require it: " + str, new Object[0]);
        }
    }

    private boolean isNestedJwt(JsonWebStructure jsonWebStructure) {
        String contentTypeHeaderValue = jsonWebStructure.getContentTypeHeaderValue();
        return contentTypeHeaderValue != null && (contentTypeHeaderValue.equalsIgnoreCase("jwt") || contentTypeHeaderValue.equalsIgnoreCase("application/jwt"));
    }
}
