package com.atlassian.jwt.core.reader;

import com.atlassian.jwt.SigningAlgorithm;
import com.atlassian.jwt.core.JwtConfiguration;
import com.atlassian.jwt.core.SimpleJwt;
import com.atlassian.jwt.core.SystemPropertyJwtConfiguration;
import com.atlassian.jwt.exception.JwsUnsupportedAlgorithmException;
import com.atlassian.jwt.exception.JwtIssuerLacksSharedSecretException;
import com.atlassian.jwt.exception.JwtParseException;
import com.atlassian.jwt.exception.JwtUnknownIssuerException;
import com.atlassian.jwt.reader.JwtReader;
import com.atlassian.jwt.reader.JwtReaderFactory;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jwt.JWTClaimsSet;
import java.text.ParseException;
import javax.annotation.Nonnull;

/* loaded from: input_file:com/atlassian/jwt/core/reader/NimbusJwtReaderFactory.class */
public class NimbusJwtReaderFactory implements JwtReaderFactory {
    private final JwtConfiguration jwtConfiguration;
    private final JwtIssuerValidator jwtIssuerValidator;
    private final JwtIssuerSharedSecretService jwtIssuerSharedSecretService;

    /* loaded from: input_file:com/atlassian/jwt/core/reader/NimbusJwtReaderFactory$NimbusUnverifiedJwtReader.class */
    private static class NimbusUnverifiedJwtReader {
        private NimbusUnverifiedJwtReader() {
        }

        public SimpleUnverifiedJwt parse(String str) throws JwtParseException {
            JWSObject parseJWSObject = parseJWSObject(str);
            try {
                JWTClaimsSet parse = JWTClaimsSet.parse(parseJWSObject.getPayload().toJSONObject());
                return new SimpleUnverifiedJwt(parseJWSObject.getHeader().getAlgorithm().getName(), parse.getIssuer(), parse.getSubject(), parseJWSObject.getPayload().toString());
            } catch (ParseException e) {
                throw new JwtParseException(e);
            }
        }

        private JWSObject parseJWSObject(String str) throws JwtParseException {
            try {
                return JWSObject.parse(str);
            } catch (ParseException e) {
                throw new JwtParseException(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/jwt/core/reader/NimbusJwtReaderFactory$SimpleUnverifiedJwt.class */
    public static class SimpleUnverifiedJwt extends SimpleJwt {
        private final String algorithm;

        public SimpleUnverifiedJwt(String str, String str2, String str3, String str4) {
            super(str2, str3, str4);
            this.algorithm = str;
        }

        public String getAlgorithm() {
            return this.algorithm;
        }
    }

    public NimbusJwtReaderFactory(JwtIssuerValidator jwtIssuerValidator, JwtIssuerSharedSecretService jwtIssuerSharedSecretService) {
        this(new SystemPropertyJwtConfiguration(), jwtIssuerValidator, jwtIssuerSharedSecretService);
    }

    public NimbusJwtReaderFactory(JwtConfiguration jwtConfiguration, JwtIssuerValidator jwtIssuerValidator, JwtIssuerSharedSecretService jwtIssuerSharedSecretService) {
        this.jwtConfiguration = jwtConfiguration;
        this.jwtIssuerValidator = jwtIssuerValidator;
        this.jwtIssuerSharedSecretService = jwtIssuerSharedSecretService;
    }

    @Nonnull
    public JwtReader getReader(@Nonnull String str) throws JwtParseException, JwsUnsupportedAlgorithmException, JwtUnknownIssuerException, JwtIssuerLacksSharedSecretException {
        SimpleUnverifiedJwt parse = new NimbusUnverifiedJwtReader().parse(str);
        SigningAlgorithm validateAlgorithm = validateAlgorithm(parse);
        String validateIssuer = validateIssuer(parse);
        if (validateAlgorithm.requiresSharedSecret()) {
            return macVerifyingReader(this.jwtIssuerSharedSecretService.getSharedSecret(validateIssuer));
        }
        throw new JwsUnsupportedAlgorithmException(String.format("Currently we support only symmetric signing algorithms such as %s, and not %s. Try a symmetric algorithm.", SigningAlgorithm.HS256, validateAlgorithm.name()));
    }

    private JwtReader macVerifyingReader(String str) {
        return new NimbusMacJwtReader(str, this.jwtConfiguration);
    }

    private String validateIssuer(SimpleUnverifiedJwt simpleUnverifiedJwt) throws JwtUnknownIssuerException {
        String issuer = simpleUnverifiedJwt.getIssuer();
        if (this.jwtIssuerValidator.isValid(issuer)) {
            return issuer;
        }
        throw new JwtUnknownIssuerException(issuer);
    }

    private SigningAlgorithm validateAlgorithm(SimpleUnverifiedJwt simpleUnverifiedJwt) throws JwsUnsupportedAlgorithmException {
        return SigningAlgorithm.forName(simpleUnverifiedJwt.getAlgorithm());
    }
}
