package space.crickets.jwtverifier.core;

import io.jsonwebtoken.Claims;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.springframework.stereotype.Component;
import space.crickets.jwtverifier.annotations.Authorize;
import space.crickets.jwtverifier.annotations.MatchClaim;
import space.crickets.jwtverifier.exceptions.UnauthorizedException;

@Component
/* loaded from: input_file:space/crickets/jwtverifier/core/JwtVerifier.class */
public class JwtVerifier {
    private final JwtParser jwtParser;

    public JwtVerifier(JwtParser jwtParser) {
        this.jwtParser = jwtParser;
    }

    public Claims verify(String str, Authorize authorize, Map<MatchClaim, Object> map) {
        if (str == null) {
            throw new UnauthorizedException("There's no JWT to verify.");
        }
        try {
            Claims parse = this.jwtParser.parse(str);
            verifyScopesAndGroups(parse, authorize);
            verifyClaims(parse, map);
            return parse;
        } catch (Exception e) {
            throw new UnauthorizedException("Failed to parse jwt", e);
        }
    }

    private void verifyClaims(Claims claims, Map<MatchClaim, Object> map) {
        map.forEach((matchClaim, obj) -> {
            String value = matchClaim.value();
            if (!claims.containsKey(value)) {
                if (matchClaim.ensureClaimExists()) {
                    throw new UnauthorizedException(String.format("Claim %s was missing in the JWT", value));
                }
            } else {
                Object obj = claims.get(value);
                if (!Objects.equals(obj, obj)) {
                    throw new UnauthorizedException(String.format("Claim %s was %s, but we expected %s", value, obj, obj));
                }
            }
        });
    }

    private void verifyScopesAndGroups(Claims claims, Authorize authorize) {
        if (authorize.groups().length == 0 && authorize.scopes().length == 0) {
            return;
        }
        if (claims.containsKey("scp")) {
            List list = (List) claims.get("scp", List.class);
            for (String str : authorize.scopes()) {
                if (list.contains(str)) {
                    return;
                }
            }
        }
        if (claims.containsKey("groups")) {
            List list2 = (List) claims.get("groups", List.class);
            for (String str2 : authorize.groups()) {
                if (list2.contains(str2)) {
                    return;
                }
            }
        }
        throw new UnauthorizedException("Token did not have required groups or scopes");
    }
}
