package io.gravitee.policy.jwt.processor;

import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.KeyType;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import io.gravitee.policy.jwt.alg.Signature;

/* loaded from: input_file:io/gravitee/policy/jwt/processor/RSAKeyProcessor.class */
public class RSAKeyProcessor<C extends SecurityContext> extends AbstractKeyProcessor<C> {
    @Override // io.gravitee.policy.jwt.processor.AbstractKeyProcessor
    JWSKeySelector<C> jwsKeySelector(JWKSource<C> jWKSource, Signature signature) {
        return new JWSVerificationKeySelector<C>(signature.getAlg(), jWKSource) { // from class: io.gravitee.policy.jwt.processor.RSAKeyProcessor.1
            protected JWKMatcher createJWKMatcher(JWSHeader jWSHeader) {
                if (!getExpectedJWSAlgorithm().equals(jWSHeader.getAlgorithm())) {
                    return null;
                }
                if (JWSAlgorithm.Family.RSA.contains(getExpectedJWSAlgorithm()) || JWSAlgorithm.Family.EC.contains(getExpectedJWSAlgorithm())) {
                    return new JWKMatcher.Builder().keyType(KeyType.forAlgorithm(getExpectedJWSAlgorithm())).keyUses(new KeyUse[]{KeyUse.SIGNATURE, null}).algorithms(new Algorithm[]{getExpectedJWSAlgorithm(), null}).x509CertSHA256Thumbprint(jWSHeader.getX509CertSHA256Thumbprint()).build();
                }
                return null;
            }
        };
    }
}
