package com.atlassian.connect.spring.internal.jwt;

import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.text.ParseException;
import java.util.Base64;

/* loaded from: input_file:WEB-INF/lib/sync-token-1.45-springless.jar:com/atlassian/connect/spring/internal/jwt/RsaJwtReader.class */
public class RsaJwtReader extends AbstractJwtReader {
    private static Algorithm supportedAlgorithm = JWSAlgorithm.RS256;
    public static final String BEGIN = "-----BEGIN PUBLIC KEY-----";
    public static final String END = "-----END PUBLIC KEY-----";

    public static String getKeyIdAndCheckSigningAlgorithm(String str) throws JwtInvalidSigningAlgorithmException, JwtParseException {
        try {
            JWSObject parse = JWSObject.parse(str);
            JWSAlgorithm algorithm = parse.getHeader().getAlgorithm();
            if (supportedAlgorithm.equals(algorithm)) {
                return parse.getHeader().getKeyID();
            }
            throw new JwtInvalidSigningAlgorithmException(String.format("Expected JWT to be signed with '%s' but it was signed with '%s' instead", supportedAlgorithm, algorithm));
        } catch (ParseException e) {
            throw new JwtParseException(e);
        }
    }

    @Override // com.atlassian.connect.spring.internal.jwt.AbstractJwtReader
    protected Algorithm getSupportedAlgorithm() {
        return supportedAlgorithm;
    }

    private static RSAPublicKey fromPEMEncodedKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str.replace(BEGIN, "").replace(END, "").replaceAll("\\R", ""))));
    }

    public RsaJwtReader(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        this(fromPEMEncodedKey(str));
    }

    public RsaJwtReader(RSAPublicKey rSAPublicKey) {
        super(new RSASSAVerifier(rSAPublicKey));
    }
}
