package com.nimbusds.oauth2.sdk.auth;

import com.nimbusds.common.contenttype.ContentType;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.assertions.jwt.JWTAssertionFactory;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.Audience;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.util.URLUtils;
import java.net.URI;
import java.security.Provider;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.jcip.annotations.Immutable;

@Immutable
/* loaded from: input_file:WEB-INF/lib/oauth2-oidc-sdk-8.36.jar:com/nimbusds/oauth2/sdk/auth/PrivateKeyJWT.class */
public final class PrivateKeyJWT extends JWTAuthentication {
    public static Set<JWSAlgorithm> supportedJWAs() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(JWSAlgorithm.Family.RSA);
        hashSet.addAll(JWSAlgorithm.Family.EC);
        return Collections.unmodifiableSet(hashSet);
    }

    public PrivateKeyJWT(ClientID clientID, URI uri, JWSAlgorithm jWSAlgorithm, RSAPrivateKey rSAPrivateKey, String str, Provider provider) throws JOSEException {
        this(new JWTAuthenticationClaimsSet(clientID, new Audience(uri.toString())), jWSAlgorithm, rSAPrivateKey, str, provider);
    }

    public PrivateKeyJWT(JWTAuthenticationClaimsSet jWTAuthenticationClaimsSet, JWSAlgorithm jWSAlgorithm, RSAPrivateKey rSAPrivateKey, String str, Provider provider) throws JOSEException {
        this(JWTAssertionFactory.create(jWTAuthenticationClaimsSet, jWSAlgorithm, rSAPrivateKey, str, provider));
    }

    public PrivateKeyJWT(ClientID clientID, URI uri, JWSAlgorithm jWSAlgorithm, ECPrivateKey eCPrivateKey, String str, Provider provider) throws JOSEException {
        this(new JWTAuthenticationClaimsSet(clientID, new Audience(uri.toString())), jWSAlgorithm, eCPrivateKey, str, provider);
    }

    public PrivateKeyJWT(JWTAuthenticationClaimsSet jWTAuthenticationClaimsSet, JWSAlgorithm jWSAlgorithm, ECPrivateKey eCPrivateKey, String str, Provider provider) throws JOSEException {
        this(JWTAssertionFactory.create(jWTAuthenticationClaimsSet, jWSAlgorithm, eCPrivateKey, str, provider));
    }

    public PrivateKeyJWT(SignedJWT signedJWT) {
        super(ClientAuthenticationMethod.PRIVATE_KEY_JWT, signedJWT);
        JWSAlgorithm algorithm = signedJWT.getHeader().getAlgorithm();
        if (!JWSAlgorithm.Family.RSA.contains(algorithm) && !JWSAlgorithm.Family.EC.contains(algorithm)) {
            throw new IllegalArgumentException("The client assertion JWT must be RSA or ECDSA-signed (RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384 or ES512)");
        }
    }

    public static PrivateKeyJWT parse(Map<String, List<String>> map) throws ParseException {
        JWTAuthentication.ensureClientAssertionType(map);
        try {
            PrivateKeyJWT privateKeyJWT = new PrivateKeyJWT(JWTAuthentication.parseClientAssertion(map));
            ClientID parseClientID = JWTAuthentication.parseClientID(map);
            if (parseClientID == null || parseClientID.equals(privateKeyJWT.getClientID())) {
                return privateKeyJWT;
            }
            throw new ParseException("Invalid private key JWT authentication: The client identifier doesn't match the client assertion subject / issuer");
        } catch (IllegalArgumentException e) {
            throw new ParseException(e.getMessage(), e);
        }
    }

    public static PrivateKeyJWT parse(String str) throws ParseException {
        return parse(URLUtils.parseParameters(str));
    }

    public static PrivateKeyJWT parse(HTTPRequest hTTPRequest) throws ParseException {
        hTTPRequest.ensureMethod(HTTPRequest.Method.POST);
        hTTPRequest.ensureEntityContentType(ContentType.APPLICATION_URLENCODED);
        return parse(hTTPRequest.getQueryParameters());
    }
}
