package be.atbash.ee.security.octopus.jwt.decoder;

import be.atbash.ee.security.octopus.jwt.InvalidJWTException;
import be.atbash.ee.security.octopus.jwt.JWTEncoding;
import be.atbash.ee.security.octopus.jwt.keys.KeySelector;
import be.atbash.json.JSONValue;
import be.atbash.util.StringUtils;
import be.atbash.util.exception.AtbashIllegalActionException;
import be.atbash.util.exception.AtbashUnexpectedException;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory;
import com.nimbusds.jwt.SignedJWT;
import java.security.Key;
import java.text.ParseException;
import javax.enterprise.context.ApplicationScoped;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/octopus-jwt-support-0.5.0.jar:be/atbash/ee/security/octopus/jwt/decoder/JWTDecoder.class */
public class JWTDecoder {
    private DefaultJWSVerifierFactory jwsVerifierFactory = new DefaultJWSVerifierFactory();

    public <T> T decode(String str, Class<T> cls) {
        return decode(str, cls, null, null).getData();
    }

    public <T> JWTData<T> decode(String str, Class<T> cls, KeySelector keySelector, JWTVerifier jWTVerifier) {
        JWTData<T> jWTData;
        JWTEncoding determineEncoding = determineEncoding(str);
        if (determineEncoding == null) {
            throw new IllegalArgumentException("Unable to determine the encoding of the data");
        }
        try {
            switch (determineEncoding) {
                case NONE:
                    jWTData = readJSONString(str, cls);
                    break;
                case JWS:
                    if (keySelector != null) {
                        jWTData = readSignedJWT(str, keySelector, cls, jWTVerifier);
                        break;
                    } else {
                        throw new AtbashIllegalActionException("(OCT-DEV-101) keySelector required for decoding a JWT encoded value");
                    }
                case JWE:
                    jWTData = null;
                    break;
                default:
                    throw new IllegalArgumentException(String.format("JWTEncoding not supported %s", determineEncoding));
            }
            return jWTData;
        } catch (JOSEException e) {
            throw new AtbashUnexpectedException(e);
        } catch (ParseException e2) {
            throw new InvalidJWTException("Invalid JWT structure");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T> JWTData<T> readSignedJWT(String str, KeySelector keySelector, Class<T> cls, JWTVerifier jWTVerifier) throws ParseException, JOSEException {
        SignedJWT parse = SignedJWT.parse(str);
        String keyID = parse.getHeader().getKeyID();
        Key selectSecretKey = keySelector.selectSecretKey(keyID);
        if (selectSecretKey == null) {
            throw new InvalidJWTException(String.format("No key found for %s", keyID));
        }
        if (!parse.verify(this.jwsVerifierFactory.createJWSVerifier(parse.getHeader(), selectSecretKey))) {
            throw new InvalidJWTException("JWT Signature verification failed");
        }
        if (jWTVerifier == null || jWTVerifier.verify(parse.getHeader(), parse.getJWTClaimsSet())) {
            return readJSONString(parse.getPayload().toString(), cls, new MetaJWTData(keyID, parse.getHeader().getCustomParams()));
        }
        throw new InvalidJWTException("JWT verification failed");
    }

    private <T> JWTData<T> readJSONString(String str, Class<T> cls) {
        return readJSONString(str, cls, new MetaJWTData());
    }

    private <T> JWTData<T> readJSONString(String str, Class<T> cls, MetaJWTData metaJWTData) {
        return new JWTData<>(JSONValue.parse(str, cls), metaJWTData);
    }

    private JWTEncoding determineEncoding(String str) {
        JWTEncoding jWTEncoding = null;
        if (str.startsWith("{")) {
            jWTEncoding = JWTEncoding.NONE;
        }
        if (str.startsWith("ey")) {
            int countOccurrences = StringUtils.countOccurrences(str, '.');
            if (countOccurrences == 2) {
                jWTEncoding = JWTEncoding.JWS;
            }
            if (countOccurrences == 4) {
                jWTEncoding = JWTEncoding.JWS;
            }
        }
        return jWTEncoding;
    }
}
