package io.vertx.ext.auth.oauth2.impl.crypto;

import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;

/* loaded from: input_file:io/vertx/ext/auth/oauth2/impl/crypto/TokenVerifier.class */
public final class TokenVerifier {
    private static final Logger log = LoggerFactory.getLogger(TokenVerifier.class);
    private static final JsonObject EMPTY_JSON = new JsonObject();
    private static final Charset UTF8 = StandardCharsets.UTF_8;
    private final Signature sig;
    private final PublicKey publicKey;

    public TokenVerifier(String str) {
        if (str == null) {
            this.sig = null;
            this.publicKey = null;
            return;
        }
        try {
            this.publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str)));
            this.sig = Signature.getInstance("SHA256withRSA");
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    public synchronized JsonObject verify(String str) {
        if (str == null || this.sig == null || this.publicKey == null) {
            return EMPTY_JSON;
        }
        try {
            String[] split = str.split("\\.");
            if (split.length == 3) {
                String str2 = split[0];
                String str3 = split[1];
                JsonObject jsonObject = new JsonObject(new String(base64urlDecode(str2), UTF8));
                if ("RS256".equals(jsonObject.getString("alg"))) {
                    String str4 = split[2];
                    this.sig.initVerify(this.publicKey);
                    this.sig.update((str2 + "." + str3).getBytes());
                    if (this.sig.verify(base64urlDecode(str4))) {
                        return new JsonObject(new String(base64urlDecode(str3), UTF8));
                    }
                    log.error("bad signature");
                } else {
                    log.error("token contains unknown alg: " + jsonObject.getString("alg"));
                }
            }
        } catch (RuntimeException | InvalidKeyException | SignatureException e) {
            log.error(e);
        }
        return EMPTY_JSON;
    }

    private static byte[] base64urlDecode(String str) {
        return Base64.getUrlDecoder().decode(str.getBytes(UTF8));
    }
}
