package com.nimbusds.jwt.proc;

import am.i;
import am.l;
import am.o;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import dm.b;
import dm.c;
import dm.d;
import java.security.Key;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.List;
import java.util.ListIterator;
import javax.crypto.SecretKey;
import kk.p;
import nm.a;
import xl.e;
import xl.m;
import xl.n;
import xl.q;

/* loaded from: classes2.dex */
public class DefaultJWTProcessor<C extends SecurityContext> {
    private a claimsSetAwareJWSKeySelector;
    private JWTClaimsSetVerifier<C> claimsVerifier;
    private b jweDecrypterFactory;
    private c jweKeySelector;
    private JOSEObjectTypeVerifier<C> jweTypeVerifier;
    private JWSKeySelector<C> jwsKeySelector;
    private JOSEObjectTypeVerifier<C> jwsTypeVerifier;
    private d jwsVerifierFactory;

    public DefaultJWTProcessor() {
        DefaultJOSEObjectTypeVerifier defaultJOSEObjectTypeVerifier = DefaultJOSEObjectTypeVerifier.JWT;
        this.jwsTypeVerifier = defaultJOSEObjectTypeVerifier;
        this.jweTypeVerifier = defaultJOSEObjectTypeVerifier;
        this.jwsVerifierFactory = new zl.b();
        this.jweDecrypterFactory = new zl.a();
        this.claimsVerifier = new DefaultJWTClaimsVerifier(null, null);
    }

    private JWTClaimsSet extractJWTClaimsSet(mm.a aVar) throws bx.b {
        try {
            return aVar.getJWTClaimsSet();
        } catch (ParseException e16) {
            throw new Exception(e16.getMessage(), e16);
        }
    }

    private List<? extends Key> selectKeys(JWSHeader jWSHeader, JWTClaimsSet jWTClaimsSet, C c8) throws m, a0.m {
        getJWTClaimsSetAwareJWSKeySelector();
        if (getJWSKeySelector() != null) {
            return getJWSKeySelector().selectJWSKeys(jWSHeader, c8);
        }
        throw new Exception("Signed JWT rejected: No JWS key selector is configured");
    }

    private JWTClaimsSet verifyClaims(JWTClaimsSet jWTClaimsSet, C c8) throws bx.b {
        if (getJWTClaimsSetVerifier() != null) {
            getJWTClaimsSetVerifier().verify(jWTClaimsSet, c8);
        }
        return jWTClaimsSet;
    }

    public b getJWEDecrypterFactory() {
        return this.jweDecrypterFactory;
    }

    public c getJWEKeySelector() {
        return null;
    }

    public JOSEObjectTypeVerifier<C> getJWETypeVerifier() {
        return this.jweTypeVerifier;
    }

    public JWSKeySelector<C> getJWSKeySelector() {
        return this.jwsKeySelector;
    }

    public JOSEObjectTypeVerifier<C> getJWSTypeVerifier() {
        return this.jwsTypeVerifier;
    }

    public d getJWSVerifierFactory() {
        return this.jwsVerifierFactory;
    }

    public a getJWTClaimsSetAwareJWSKeySelector() {
        return null;
    }

    public JWTClaimsSetVerifier<C> getJWTClaimsSetVerifier() {
        return this.claimsVerifier;
    }

    public JWTClaimsSet process(EncryptedJWT encryptedJWT, C c8) throws a0.m, xl.d {
        JOSEObjectTypeVerifier<C> jOSEObjectTypeVerifier = this.jweTypeVerifier;
        if (jOSEObjectTypeVerifier == null) {
            throw new Exception("Encrypted JWT rejected: No JWE header typ (type) verifier is configured");
        }
        jOSEObjectTypeVerifier.verify(encryptedJWT.m787getHeader().getType(), c8);
        getJWEKeySelector();
        throw new Exception("Encrypted JWT rejected: No JWE key selector is configured");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v4, types: [yl.c] */
    /* JADX WARN: Type inference failed for: r3v7, types: [yl.b] */
    /* JADX WARN: Type inference failed for: r8v0, types: [mm.a, xl.j, com.nimbusds.jwt.SignedJWT] */
    public JWTClaimsSet process(SignedJWT signedJWT, C c8) throws a0.m, xl.d {
        yl.a aVar;
        JOSEObjectTypeVerifier<C> jOSEObjectTypeVerifier = this.jwsTypeVerifier;
        if (jOSEObjectTypeVerifier == null) {
            throw new Exception("Signed JWT rejected: No JWS header typ (type) verifier is configured");
        }
        jOSEObjectTypeVerifier.verify(signedJWT.m3147getHeader().getType(), c8);
        if (getJWSKeySelector() == null) {
            getJWTClaimsSetAwareJWSKeySelector();
            throw new Exception("Signed JWT rejected: No JWS key selector is configured");
        }
        if (getJWSVerifierFactory() == null) {
            throw new Exception("No JWS verifier is configured");
        }
        JWTClaimsSet extractJWTClaimsSet = extractJWTClaimsSet(signedJWT);
        List<? extends Key> selectKeys = selectKeys(signedJWT.m3147getHeader(), extractJWTClaimsSet, c8);
        if (selectKeys == null || selectKeys.isEmpty()) {
            throw new Exception("Signed JWT rejected: Another algorithm expected, or no matching key(s) found");
        }
        ListIterator<? extends Key> listIterator = selectKeys.listIterator();
        while (listIterator.hasNext()) {
            d jWSVerifierFactory = getJWSVerifierFactory();
            JWSHeader m3147getHeader = signedJWT.m3147getHeader();
            Key next = listIterator.next();
            zl.b bVar = (zl.b) jWSVerifierFactory;
            bVar.getClass();
            if (l.f5080e.contains(m3147getHeader.getAlgorithm())) {
                if (!(next instanceof SecretKey)) {
                    throw new n(SecretKey.class);
                }
                aVar = new yl.b((SecretKey) next);
            } else if (o.f5086d.contains(m3147getHeader.getAlgorithm())) {
                if (!(next instanceof RSAPublicKey)) {
                    throw new n(RSAPublicKey.class);
                }
                aVar = new yl.c((RSAPublicKey) next);
            } else {
                if (!i.f5074d.contains(m3147getHeader.getAlgorithm())) {
                    throw new Exception("Unsupported JWS algorithm: " + m3147getHeader.getAlgorithm());
                }
                if (!(next instanceof ECPublicKey)) {
                    throw new n(ECPublicKey.class);
                }
                aVar = new yl.a((ECPublicKey) next);
            }
            ((bm.a) aVar.f32033c).setProvider(bVar.f95668a.getProvider());
            if (signedJWT.verify(aVar)) {
                return verifyClaims(extractJWTClaimsSet, c8);
            }
            if (!listIterator.hasNext()) {
                throw new Exception("Signed JWT rejected: Invalid signature");
            }
        }
        throw new Exception("JWS object rejected: No matching verifier(s) found");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [xl.q] */
    public JWTClaimsSet process(String str, C c8) throws ParseException, a0.m, xl.d {
        mm.a aVar;
        int indexOf = str.indexOf(".");
        if (indexOf == -1) {
            throw new ParseException("Invalid JWT serialization: Missing dot delimiter(s)", 0);
        }
        try {
            com.nimbusds.jose.a parseAlgorithm = com.nimbusds.jose.b.parseAlgorithm(p.f1(-1, new Base64URL(str.substring(0, indexOf)).decodeToString()));
            if (parseAlgorithm.equals(com.nimbusds.jose.a.NONE)) {
                Base64URL[] split = e.split(str);
                if (!split[2].toString().isEmpty()) {
                    throw new ParseException("Unexpected third Base64URL part in the unsecured JWT object", 0);
                }
                aVar = new q(split[0], split[1]);
            } else if (parseAlgorithm instanceof JWSAlgorithm) {
                aVar = SignedJWT.parse(str);
            } else {
                if (!(parseAlgorithm instanceof JWEAlgorithm)) {
                    throw new AssertionError("Unexpected algorithm type: " + parseAlgorithm);
                }
                aVar = EncryptedJWT.parse(str);
            }
            return process(aVar, (mm.a) c8);
        } catch (ParseException e16) {
            throw new ParseException("Invalid unsecured/JWS/JWE header: " + e16.getMessage(), 0);
        }
    }

    public JWTClaimsSet process(mm.a aVar, C c8) throws a0.m, xl.d {
        if (aVar instanceof SignedJWT) {
            return process((SignedJWT) aVar, (SignedJWT) c8);
        }
        if (aVar instanceof EncryptedJWT) {
            return process((EncryptedJWT) aVar, (EncryptedJWT) c8);
        }
        if (aVar instanceof mm.d) {
            return process((mm.d) aVar, (mm.d) c8);
        }
        throw new Exception("Unexpected JWT object type: " + aVar.getClass());
    }

    public JWTClaimsSet process(mm.d dVar, C c8) throws a0.m, xl.d {
        JOSEObjectTypeVerifier<C> jOSEObjectTypeVerifier = this.jwsTypeVerifier;
        if (jOSEObjectTypeVerifier == null) {
            throw new Exception("Plain JWT rejected: No JWS header typ (type) verifier is configured");
        }
        jOSEObjectTypeVerifier.verify(dVar.f90498a.getType(), c8);
        throw new Exception("Unsecured (plain) JWTs are rejected, extend class to handle");
    }

    public void setJWEDecrypterFactory(b bVar) {
        this.jweDecrypterFactory = bVar;
    }

    public void setJWEKeySelector(c cVar) {
    }

    public void setJWETypeVerifier(JOSEObjectTypeVerifier<C> jOSEObjectTypeVerifier) {
        this.jweTypeVerifier = jOSEObjectTypeVerifier;
    }

    public void setJWSKeySelector(JWSKeySelector<C> jWSKeySelector) {
        this.jwsKeySelector = jWSKeySelector;
    }

    public void setJWSTypeVerifier(JOSEObjectTypeVerifier<C> jOSEObjectTypeVerifier) {
        this.jwsTypeVerifier = jOSEObjectTypeVerifier;
    }

    public void setJWSVerifierFactory(d dVar) {
        this.jwsVerifierFactory = dVar;
    }

    public void setJWTClaimsSetAwareJWSKeySelector(a aVar) {
    }

    public void setJWTClaimsSetVerifier(JWTClaimsSetVerifier<C> jWTClaimsSetVerifier) {
        this.claimsVerifier = jWTClaimsSetVerifier;
    }
}
