package org.apache.james.jwt;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import java.security.PublicKey;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/james/jwt/JwtTokenVerifier.class */
public class JwtTokenVerifier {
    private static final Logger LOGGER = LoggerFactory.getLogger(JwtTokenVerifier.class);
    private final List<PublicKey> publicKeys;

    /* loaded from: input_file:org/apache/james/jwt/JwtTokenVerifier$Factory.class */
    public interface Factory {
        JwtTokenVerifier create();
    }

    public static JwtTokenVerifier create(JwtConfiguration jwtConfiguration) {
        return new JwtTokenVerifier(new DefaultPublicKeyProvider(jwtConfiguration, new PublicKeyReader()));
    }

    public JwtTokenVerifier(PublicKeyProvider publicKeyProvider) {
        this.publicKeys = publicKeyProvider.get();
    }

    public Optional<String> verifyAndExtractLogin(String str) {
        return verifyAndExtractClaim(str, "sub", String.class).filter(str2 -> {
            return !str2.isEmpty();
        });
    }

    public <T> Optional<T> verifyAndExtractClaim(String str, String str2, Class<T> cls) {
        return this.publicKeys.stream().flatMap(publicKey -> {
            return verifyAndExtractClaim(str, str2, cls, publicKey).stream();
        }).findFirst();
    }

    private <T> Optional<T> verifyAndExtractClaim(String str, String str2, Class<T> cls, PublicKey publicKey) {
        try {
            Object obj = ((Claims) parseToken(str, publicKey).getBody()).get(str2, cls);
            if (obj == null) {
                throw new MalformedJwtException("'" + str2 + "' field in token is mandatory");
            }
            return Optional.of(obj);
        } catch (JwtException e) {
            LOGGER.info("Failed Jwt verification", e);
            return Optional.empty();
        }
    }

    public boolean hasAttribute(String str, Object obj, String str2) {
        try {
            Optional verifyAndExtractClaim = verifyAndExtractClaim(str2, str, Object.class);
            Objects.requireNonNull(obj);
            return ((Boolean) verifyAndExtractClaim.map(obj::equals).orElse(false)).booleanValue();
        } catch (JwtException e) {
            LOGGER.info("Jwt validation failed for claim {} to {}", new Object[]{str, obj, e});
            return false;
        }
    }

    private Jws<Claims> parseToken(String str, PublicKey publicKey) throws JwtException {
        return Jwts.parser().setSigningKey(publicKey).parseClaimsJws(str);
    }
}
