package csip;

import com.auth0.jwk.Jwk;
import com.auth0.jwk.JwkException;
import com.auth0.jwk.JwkProvider;
import com.auth0.jwk.UrlJwkProvider;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Calendar;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:csip/JWTAuthentication.class */
public class JWTAuthentication implements TokenAuthentication {
    JwkProvider provider;
    String alg = Config.getString("csip.jwt.alg", "RSA256").toLowerCase();

    /* JADX INFO: Access modifiers changed from: package-private */
    public JWTAuthentication(String str) {
        if (str == null) {
            throw new RuntimeException("Missing configuration:'csip.jwk.provider.url'");
        }
        this.provider = new UrlJwkProvider(str);
    }

    @Override // csip.TokenAuthentication
    public void validate(String str) throws SecurityException {
        Algorithm RSA512;
        if (str != null) {
            try {
                if (!str.isEmpty()) {
                    try {
                        DecodedJWT decode = JWT.decode(str);
                        Jwk jwk = this.provider.get(decode.getKeyId());
                        String str2 = this.alg;
                        boolean z = -1;
                        switch (str2.hashCode()) {
                            case -922099693:
                                if (str2.equals("rsa256")) {
                                    z = false;
                                    break;
                                }
                                break;
                            case -922098641:
                                if (str2.equals("rsa384")) {
                                    z = 2;
                                    break;
                                }
                                break;
                            case -922096938:
                                if (str2.equals("rsa512")) {
                                    z = 4;
                                    break;
                                }
                                break;
                            case 108757106:
                                if (str2.equals("rs256")) {
                                    z = true;
                                    break;
                                }
                                break;
                            case 108758158:
                                if (str2.equals("rs384")) {
                                    z = 3;
                                    break;
                                }
                                break;
                            case 108759861:
                                if (str2.equals("rs512")) {
                                    z = 5;
                                    break;
                                }
                                break;
                        }
                        switch (z) {
                            case false:
                            case ModelData.INSERTION_ORDER /* 1 */:
                                RSA512 = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(), (RSAPrivateKey) null);
                                break;
                            case ModelData.ALPHABETICAL_ORDER /* 2 */:
                            case true:
                                RSA512 = Algorithm.RSA384((RSAPublicKey) jwk.getPublicKey(), (RSAPrivateKey) null);
                                break;
                            case true:
                            case true:
                                RSA512 = Algorithm.RSA512((RSAPublicKey) jwk.getPublicKey(), (RSAPrivateKey) null);
                                break;
                            default:
                                throw new SecurityException("Invalid Algorithm: " + this.alg);
                        }
                        RSA512.verify(decode);
                        if (decode.getExpiresAt().before(Calendar.getInstance().getTime())) {
                            throw new SecurityException("JWT expired.");
                        }
                        return;
                    } catch (JWTVerificationException e) {
                        throw new SecurityException("Signature verification error.", e);
                    }
                }
            } catch (JwkException e2) {
                throw new SecurityException("JWK exception.", e2);
            }
        }
        throw new SecurityException("JWT missing.");
    }
}
