package org.apache.geronimo.microprofile.impl.jwtauth.jwt;

import java.io.ByteArrayInputStream;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonReaderFactory;
import javax.json.JsonString;
import org.apache.geronimo.microprofile.impl.jwtauth.JwtException;
import org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension;
import org.apache.geronimo.microprofile.impl.jwtauth.config.GeronimoJwtAuthConfig;
import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.JsonWebToken;

@ApplicationScoped
/* loaded from: input_file:org/apache/geronimo/microprofile/impl/jwtauth/jwt/JwtParser.class */
public class JwtParser {

    @Inject
    private GeronimoJwtAuthConfig config;

    @Inject
    private KidMapper kidMapper;

    @Inject
    private DateValidator dateValidator;

    @Inject
    private SignatureValidator signatureValidator;

    @Inject
    private GeronimoJwtAuthExtension extension;
    private JsonReaderFactory readerFactory;
    private String defaultKid;
    private String defaultAlg;
    private String defaultTyp;
    private boolean validateTyp;

    @PostConstruct
    private void init() {
        this.readerFactory = Json.createReaderFactory(Collections.emptyMap());
        this.defaultKid = this.config.read("jwt.header.kid.default", null);
        this.defaultAlg = this.config.read("jwt.header.alg.default", "RS256");
        this.defaultTyp = this.config.read("jwt.header.typ.default", "JWT");
        this.validateTyp = Boolean.parseBoolean(this.config.read("jwt.header.typ.validate", "true"));
    }

    public JsonWebToken parse(String str) {
        int indexOf = str.indexOf(46);
        if (indexOf < 0) {
            throw new JwtException("JWT is not valid", 400);
        }
        int indexOf2 = str.indexOf(46, indexOf + 1);
        if (indexOf2 < 0 || str.indexOf(46, indexOf2 + 1) > 0 || str.length() <= indexOf2) {
            throw new JwtException("JWT is not valid", 400);
        }
        JsonObject loadJson = loadJson(str.substring(0, indexOf));
        if (this.validateTyp && !getAttribute(loadJson, "typ", this.defaultTyp).equalsIgnoreCase("jwt")) {
            throw new JwtException("Invalid typ", 401);
        }
        JsonObject loadJson2 = loadJson(str.substring(indexOf + 1, indexOf2));
        this.dateValidator.checkInterval(loadJson2);
        String attribute = getAttribute(loadJson, "alg", this.defaultAlg);
        String attribute2 = getAttribute(loadJson, "kid", this.defaultKid);
        Collection<String> loadIssuers = this.kidMapper.loadIssuers(attribute2);
        if (!loadIssuers.isEmpty() && loadIssuers.stream().noneMatch(str2 -> {
            return str2.equals(loadJson2.getString(Claims.iss.name()));
        })) {
            throw new JwtException("Invalid issuer", 401);
        }
        this.signatureValidator.verifySignature(attribute, this.kidMapper.loadKey(attribute2), str.substring(0, indexOf2), str.substring(indexOf2 + 1));
        return createToken(str, loadJson2);
    }

    public GeronimoJsonWebToken createToken(String str, JsonObject jsonObject) {
        return new GeronimoJsonWebToken(str, jsonObject);
    }

    private String getAttribute(JsonObject jsonObject, String str, String str2) {
        JsonString jsonString = jsonObject.getJsonString(str);
        String string = jsonString != null ? jsonString.getString() : str2;
        if (string == null) {
            throw new JwtException("No " + str + " in JWT", 401);
        }
        return string;
    }

    private JsonObject loadJson(String str) {
        return this.readerFactory.createReader(new ByteArrayInputStream(Base64.getUrlDecoder().decode(str))).readObject();
    }
}
