package com.google.crypto.tink.jwt;

import com.google.crypto.tink.internal.Util;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.subtle.Base64;
import com.google.gson.JsonObject;
import java.nio.ByteBuffer;
import java.nio.charset.CharacterCodingException;
import java.security.InvalidAlgorithmParameterException;
import java.util.Optional;
import org.eclipse.jgit.lib.BranchConfig;
import org.jose4j.jws.AlgorithmIdentifiers;

/* loaded from: input_file:test-dependencies/trilead-api.hpi:WEB-INF/lib/tink-1.10.0.jar:com/google/crypto/tink/jwt/JwtFormat.class */
final class JwtFormat {

    /* loaded from: input_file:test-dependencies/trilead-api.hpi:WEB-INF/lib/tink-1.10.0.jar:com/google/crypto/tink/jwt/JwtFormat$Parts.class */
    static class Parts {
        String unsignedCompact;
        byte[] signatureOrMac;
        String header;
        String payload;

        Parts(String str, byte[] bArr, String str2, String str3) {
            this.unsignedCompact = str;
            this.signatureOrMac = bArr;
            this.header = str2;
            this.payload = str3;
        }
    }

    private JwtFormat() {
    }

    static boolean isValidUrlsafeBase64Char(char c) {
        return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || ((c >= '0' && c <= '9') || c == '-' || c == '_');
    }

    static void validateUtf8(byte[] bArr) throws JwtInvalidException {
        try {
            Util.UTF_8.newDecoder().decode(ByteBuffer.wrap(bArr));
        } catch (CharacterCodingException e) {
            throw new JwtInvalidException(e.getMessage());
        }
    }

    static byte[] strictUrlSafeDecode(String str) throws JwtInvalidException {
        for (int i = 0; i < str.length(); i++) {
            if (!isValidUrlsafeBase64Char(str.charAt(i))) {
                throw new JwtInvalidException("invalid encoding");
            }
        }
        try {
            return Base64.urlSafeDecode(str);
        } catch (IllegalArgumentException e) {
            throw new JwtInvalidException("invalid encoding: " + e);
        }
    }

    private static void validateAlgorithm(String str) throws InvalidAlgorithmParameterException {
        boolean z = -1;
        switch (str.hashCode()) {
            case 66245349:
                if (str.equals(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256)) {
                    z = 3;
                    break;
                }
                break;
            case 66246401:
                if (str.equals(AlgorithmIdentifiers.ECDSA_USING_P384_CURVE_AND_SHA384)) {
                    z = 4;
                    break;
                }
                break;
            case 66248104:
                if (str.equals(AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512)) {
                    z = 5;
                    break;
                }
                break;
            case 69015912:
                if (str.equals(AlgorithmIdentifiers.HMAC_SHA256)) {
                    z = false;
                    break;
                }
                break;
            case 69016964:
                if (str.equals(AlgorithmIdentifiers.HMAC_SHA384)) {
                    z = true;
                    break;
                }
                break;
            case 69018667:
                if (str.equals(AlgorithmIdentifiers.HMAC_SHA512)) {
                    z = 2;
                    break;
                }
                break;
            case 76404080:
                if (str.equals(AlgorithmIdentifiers.RSA_PSS_USING_SHA256)) {
                    z = 9;
                    break;
                }
                break;
            case 76405132:
                if (str.equals(AlgorithmIdentifiers.RSA_PSS_USING_SHA384)) {
                    z = 10;
                    break;
                }
                break;
            case 76406835:
                if (str.equals(AlgorithmIdentifiers.RSA_PSS_USING_SHA512)) {
                    z = 11;
                    break;
                }
                break;
            case 78251122:
                if (str.equals(AlgorithmIdentifiers.RSA_USING_SHA256)) {
                    z = 6;
                    break;
                }
                break;
            case 78252174:
                if (str.equals(AlgorithmIdentifiers.RSA_USING_SHA384)) {
                    z = 7;
                    break;
                }
                break;
            case 78253877:
                if (str.equals(AlgorithmIdentifiers.RSA_USING_SHA512)) {
                    z = 8;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
                return;
            default:
                throw new InvalidAlgorithmParameterException("invalid algorithm: " + str);
        }
    }

    static String createHeader(String str, Optional<String> optional, Optional<String> optional2) throws InvalidAlgorithmParameterException {
        validateAlgorithm(str);
        JsonObject jsonObject = new JsonObject();
        if (optional2.isPresent()) {
            jsonObject.addProperty("kid", optional2.get());
        }
        jsonObject.addProperty("alg", str);
        if (optional.isPresent()) {
            jsonObject.addProperty("typ", optional.get());
        }
        return Base64.urlSafeEncode(jsonObject.toString().getBytes(Util.UTF_8));
    }

    private static void validateKidInHeader(String str, JsonObject jsonObject) throws JwtInvalidException {
        if (!getStringHeader(jsonObject, "kid").equals(str)) {
            throw new JwtInvalidException("invalid kid in header");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateHeader(String str, Optional<String> optional, Optional<String> optional2, JsonObject jsonObject) throws InvalidAlgorithmParameterException, JwtInvalidException {
        validateAlgorithm(str);
        String stringHeader = getStringHeader(jsonObject, "alg");
        if (!stringHeader.equals(str)) {
            throw new InvalidAlgorithmParameterException(String.format("invalid algorithm; expected %s, got %s", str, stringHeader));
        }
        if (jsonObject.has("crit")) {
            throw new JwtInvalidException("all tokens with crit headers are rejected");
        }
        if (optional.isPresent() && optional2.isPresent()) {
            throw new JwtInvalidException("custom_kid can only be set for RAW keys.");
        }
        boolean has = jsonObject.has("kid");
        if (optional.isPresent()) {
            if (!has) {
                throw new JwtInvalidException("missing kid in header");
            }
            validateKidInHeader(optional.get(), jsonObject);
        }
        if (optional2.isPresent() && has) {
            validateKidInHeader(optional2.get(), jsonObject);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Optional<String> getTypeHeader(JsonObject jsonObject) throws JwtInvalidException {
        return jsonObject.has("typ") ? Optional.of(getStringHeader(jsonObject, "typ")) : Optional.empty();
    }

    private static String getStringHeader(JsonObject jsonObject, String str) throws JwtInvalidException {
        if (!jsonObject.has(str)) {
            throw new JwtInvalidException("header " + str + " does not exist");
        }
        if (jsonObject.get(str).isJsonPrimitive() && jsonObject.get(str).getAsJsonPrimitive().isString()) {
            return jsonObject.get(str).getAsString();
        }
        throw new JwtInvalidException("header " + str + " is not a string");
    }

    static String decodeHeader(String str) throws JwtInvalidException {
        byte[] strictUrlSafeDecode = strictUrlSafeDecode(str);
        validateUtf8(strictUrlSafeDecode);
        return new String(strictUrlSafeDecode, Util.UTF_8);
    }

    static String encodePayload(String str) {
        return Base64.urlSafeEncode(str.getBytes(Util.UTF_8));
    }

    static String decodePayload(String str) throws JwtInvalidException {
        byte[] strictUrlSafeDecode = strictUrlSafeDecode(str);
        validateUtf8(strictUrlSafeDecode);
        return new String(strictUrlSafeDecode, Util.UTF_8);
    }

    static String encodeSignature(byte[] bArr) {
        return Base64.urlSafeEncode(bArr);
    }

    static byte[] decodeSignature(String str) throws JwtInvalidException {
        return strictUrlSafeDecode(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Optional<String> getKid(int i, OutputPrefixType outputPrefixType) throws JwtInvalidException {
        if (outputPrefixType == OutputPrefixType.RAW) {
            return Optional.empty();
        }
        if (outputPrefixType == OutputPrefixType.TINK) {
            return Optional.of(Base64.urlSafeEncode(ByteBuffer.allocate(4).putInt(i).array()));
        }
        throw new JwtInvalidException("unsupported output prefix type");
    }

    static Optional<Integer> getKeyId(String str) {
        byte[] urlSafeDecode = Base64.urlSafeDecode(str);
        return urlSafeDecode.length != 4 ? Optional.empty() : Optional.of(Integer.valueOf(ByteBuffer.wrap(urlSafeDecode).getInt()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Parts splitSignedCompact(String str) throws JwtInvalidException {
        validateASCII(str);
        int lastIndexOf = str.lastIndexOf(46);
        if (lastIndexOf < 0) {
            throw new JwtInvalidException("only tokens in JWS compact serialization format are supported");
        }
        String substring = str.substring(0, lastIndexOf);
        byte[] decodeSignature = decodeSignature(str.substring(lastIndexOf + 1));
        int indexOf = substring.indexOf(46);
        if (indexOf < 0) {
            throw new JwtInvalidException("only tokens in JWS compact serialization format are supported");
        }
        String substring2 = substring.substring(0, indexOf);
        String substring3 = substring.substring(indexOf + 1);
        if (substring3.indexOf(46) > 0) {
            throw new JwtInvalidException("only tokens in JWS compact serialization format are supported");
        }
        return new Parts(substring, decodeSignature, decodeHeader(substring2), decodePayload(substring3));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String createUnsignedCompact(String str, Optional<String> optional, RawJwt rawJwt) throws InvalidAlgorithmParameterException, JwtInvalidException {
        return createHeader(str, rawJwt.hasTypeHeader() ? Optional.of(rawJwt.getTypeHeader()) : Optional.empty(), optional) + BranchConfig.LOCAL_REPOSITORY + encodePayload(rawJwt.getJsonPayload());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String createSignedCompact(String str, byte[] bArr) {
        return str + BranchConfig.LOCAL_REPOSITORY + encodeSignature(bArr);
    }

    static void validateASCII(String str) throws JwtInvalidException {
        for (int i = 0; i < str.length(); i++) {
            if ((str.charAt(i) & 128) > 0) {
                throw new JwtInvalidException("Non ascii character");
            }
        }
    }
}
