package org.jose4j.jwt.consumer;

import java.security.Key;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.consumer.ErrorCodeValidator;
import org.jose4j.jwx.JsonWebStructure;
import org.jose4j.keys.resolvers.DecryptionKeyResolver;
import org.jose4j.keys.resolvers.VerificationKeyResolver;
import org.jose4j.lang.ExceptionHelp;
import org.jose4j.lang.JoseException;

/* loaded from: classes2.dex */
public class JwtConsumer {
    private VerificationKeyResolver a;
    private DecryptionKeyResolver b;
    private List<ErrorCodeValidator> c;
    private AlgorithmConstraints d;
    private AlgorithmConstraints e;
    private AlgorithmConstraints f;
    private boolean g = true;
    private boolean h;
    private boolean i;
    private boolean j;
    private boolean k;
    private boolean l;

    /* renamed from: m, reason: collision with root package name */
    private boolean f156m;
    private ProviderContext n;
    private ProviderContext o;
    private JwsCustomizer p;
    private JweCustomizer q;

    private boolean a(JsonWebStructure jsonWebStructure) {
        String contentTypeHeaderValue = jsonWebStructure.getContentTypeHeaderValue();
        return contentTypeHeaderValue != null && (contentTypeHeaderValue.equalsIgnoreCase("jwt") || contentTypeHeaderValue.equalsIgnoreCase("application/jwt"));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(List<ErrorCodeValidator> list) {
        this.c = list;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(ProviderContext providerContext) {
        this.n = providerContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(AlgorithmConstraints algorithmConstraints) {
        this.d = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(JweCustomizer jweCustomizer) {
        this.q = jweCustomizer;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(JwsCustomizer jwsCustomizer) {
        this.p = jwsCustomizer;
    }

    void a(JwtContext jwtContext) throws InvalidJwtException {
        ErrorCodeValidator.Error error;
        ArrayList arrayList = new ArrayList();
        for (ErrorCodeValidator errorCodeValidator : this.c) {
            try {
                error = errorCodeValidator.validate(jwtContext);
            } catch (MalformedClaimException e) {
                error = new ErrorCodeValidator.Error(18, e.getMessage());
            } catch (Exception e2) {
                error = new ErrorCodeValidator.Error(17, "Unexpected exception thrown from validator " + errorCodeValidator.getClass().getName() + ": " + ExceptionHelp.toStringWithCausesAndAbbreviatedStack(e2, getClass()));
            }
            if (error != null) {
                arrayList.add(error);
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        throw new InvalidJwtException("JWT (claims->" + jwtContext.getJwtClaims().getRawJson() + ") rejected due to invalid claims.", arrayList, jwtContext);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(DecryptionKeyResolver decryptionKeyResolver) {
        this.b = decryptionKeyResolver;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(VerificationKeyResolver verificationKeyResolver) {
        this.a = verificationKeyResolver;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(boolean z) {
        this.g = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void b(ProviderContext providerContext) {
        this.o = providerContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void b(AlgorithmConstraints algorithmConstraints) {
        this.e = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void b(boolean z) {
        this.h = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void c(AlgorithmConstraints algorithmConstraints) {
        this.f = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void c(boolean z) {
        this.i = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void d(boolean z) {
        this.j = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void e(boolean z) {
        this.k = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void f(boolean z) {
        this.f156m = z;
    }

    public JwtContext process(String str) throws InvalidJwtException {
        String payload;
        JwtClaims jwtClaims;
        InvalidJwtException e;
        LinkedList linkedList = new LinkedList();
        JwtClaims jwtClaims2 = null;
        JwtContext jwtContext = new JwtContext(str, null, Collections.unmodifiableList(linkedList));
        String str2 = str;
        while (jwtClaims2 == null) {
            try {
                try {
                    try {
                        JsonWebStructure fromCompactSerialization = JsonWebStructure.fromCompactSerialization(str2);
                        if (fromCompactSerialization instanceof JsonWebSignature) {
                            payload = ((JsonWebSignature) fromCompactSerialization).getUnverifiedPayload();
                        } else {
                            JsonWebEncryption jsonWebEncryption = (JsonWebEncryption) fromCompactSerialization;
                            if (this.o != null) {
                                jsonWebEncryption.setProviderContext(this.o);
                            }
                            if (this.f156m) {
                                jsonWebEncryption.setDoKeyValidation(false);
                            }
                            if (this.f != null) {
                                jsonWebEncryption.setContentEncryptionAlgorithmConstraints(this.f);
                            }
                            List<JsonWebStructure> unmodifiableList = Collections.unmodifiableList(linkedList);
                            jsonWebEncryption.setKey(this.b.resolveKey(jsonWebEncryption, unmodifiableList));
                            if (this.e != null) {
                                jsonWebEncryption.setAlgorithmConstraints(this.e);
                            }
                            if (this.q != null) {
                                this.q.customize(jsonWebEncryption, unmodifiableList);
                            }
                            payload = jsonWebEncryption.getPayload();
                        }
                        if (a(fromCompactSerialization)) {
                            str2 = payload;
                        } else {
                            try {
                                jwtClaims = JwtClaims.parse(payload, jwtContext);
                                try {
                                    jwtContext.a(jwtClaims);
                                } catch (InvalidJwtException e2) {
                                    e = e2;
                                    if (!this.i) {
                                        throw e;
                                    }
                                    try {
                                        JsonWebStructure.fromCompactSerialization(str);
                                        str2 = payload;
                                        jwtClaims2 = jwtClaims;
                                        linkedList.addFirst(fromCompactSerialization);
                                    } catch (JoseException unused) {
                                        throw e;
                                    }
                                }
                            } catch (InvalidJwtException e3) {
                                jwtClaims = jwtClaims2;
                                e = e3;
                            }
                            jwtClaims2 = jwtClaims;
                        }
                        linkedList.addFirst(fromCompactSerialization);
                    } catch (JoseException e4) {
                        StringBuilder sb = new StringBuilder();
                        sb.append("Unable to process");
                        if (!linkedList.isEmpty()) {
                            sb.append(" nested");
                        }
                        sb.append(" JOSE object (cause: ");
                        sb.append(e4);
                        sb.append("): ");
                        sb.append(str2);
                        throw new InvalidJwtException("JWT processing failed.", new ErrorCodeValidator.Error(17, sb.toString()), e4, jwtContext);
                    }
                } catch (Exception e5) {
                    StringBuilder sb2 = new StringBuilder();
                    sb2.append("Unexpected exception encountered while processing");
                    if (!linkedList.isEmpty()) {
                        sb2.append(" nested");
                    }
                    sb2.append(" JOSE object (");
                    sb2.append(e5);
                    sb2.append("): ");
                    sb2.append(str2);
                    throw new InvalidJwtException("JWT processing failed.", new ErrorCodeValidator.Error(17, sb2.toString()), e5, jwtContext);
                }
            } catch (InvalidJwtException e6) {
                throw e6;
            }
        }
        processContext(jwtContext);
        return jwtContext;
    }

    public void processContext(JwtContext jwtContext) throws InvalidJwtException {
        ArrayList arrayList = new ArrayList(jwtContext.getJoseObjects());
        boolean z = false;
        boolean z2 = false;
        for (int size = arrayList.size() - 1; size >= 0; size--) {
            List subList = arrayList.subList(size + 1, arrayList.size());
            List<JsonWebStructure> unmodifiableList = Collections.unmodifiableList(subList);
            JsonWebStructure jsonWebStructure = (JsonWebStructure) arrayList.get(size);
            try {
                if (jsonWebStructure instanceof JsonWebSignature) {
                    JsonWebSignature jsonWebSignature = (JsonWebSignature) jsonWebStructure;
                    boolean equals = "none".equals(jsonWebSignature.getAlgorithmHeaderValue());
                    if (!this.j) {
                        if (this.n != null) {
                            jsonWebSignature.setProviderContext(this.n);
                        }
                        if (this.k) {
                            jsonWebSignature.setDoKeyValidation(false);
                        }
                        if (this.d != null) {
                            jsonWebSignature.setAlgorithmConstraints(this.d);
                        }
                        if (!equals || !this.l) {
                            jsonWebSignature.setKey(this.a.resolveKey(jsonWebSignature, unmodifiableList));
                        }
                        if (this.p != null) {
                            this.p.customize(jsonWebSignature, unmodifiableList);
                        }
                        if (!jsonWebSignature.verifySignature()) {
                            throw new InvalidJwtSignatureException(jsonWebSignature, jwtContext);
                        }
                    }
                    if (!equals) {
                        z = true;
                    }
                } else {
                    JsonWebEncryption jsonWebEncryption = (JsonWebEncryption) jsonWebStructure;
                    Key resolveKey = this.b.resolveKey(jsonWebEncryption, unmodifiableList);
                    if (resolveKey != null && !resolveKey.equals(jsonWebEncryption.getKey())) {
                        throw new InvalidJwtException("The resolved decryption key is different than the one originally used to decrypt the JWE.", Collections.singletonList(new ErrorCodeValidator.Error(17, "Key resolution problem.")), jwtContext);
                    }
                    if (this.e != null) {
                        this.e.checkConstraint(jsonWebEncryption.getAlgorithmHeaderValue());
                    }
                    if (this.f != null) {
                        this.f.checkConstraint(jsonWebEncryption.getEncryptionMethodHeaderParameter());
                    }
                    z2 = true;
                }
            } catch (InvalidJwtException e) {
                throw e;
            } catch (JoseException e2) {
                StringBuilder sb = new StringBuilder();
                sb.append("Unable to process");
                if (!subList.isEmpty()) {
                    sb.append(" nested");
                }
                sb.append(" JOSE object (cause: ");
                sb.append(e2);
                sb.append("): ");
                sb.append(jsonWebStructure);
                throw new InvalidJwtException("JWT processing failed.", new ErrorCodeValidator.Error(17, sb.toString()), e2, jwtContext);
            } catch (Exception e3) {
                StringBuilder sb2 = new StringBuilder();
                sb2.append("Unexpected exception encountered while processing");
                if (!subList.isEmpty()) {
                    sb2.append(" nested");
                }
                sb2.append(" JOSE object (");
                sb2.append(e3);
                sb2.append("): ");
                sb2.append(jsonWebStructure);
                throw new InvalidJwtException("JWT processing failed.", new ErrorCodeValidator.Error(17, sb2.toString()), e3, jwtContext);
            }
        }
        if (this.g && !z) {
            throw new InvalidJwtException("The JWT has no signature but the JWT Consumer is configured to require one: " + jwtContext.getJwt(), Collections.singletonList(new ErrorCodeValidator.Error(10, "Missing signature.")), jwtContext);
        }
        if (!this.h || z2) {
            a(jwtContext);
            return;
        }
        throw new InvalidJwtException("The JWT has no encryption but the JWT Consumer is configured to require it: " + jwtContext.getJwt(), Collections.singletonList(new ErrorCodeValidator.Error(19, "No encryption.")), jwtContext);
    }

    public JwtClaims processToClaims(String str) throws InvalidJwtException {
        return process(str).getJwtClaims();
    }

    public void setSkipVerificationKeyResolutionOnNone(boolean z) {
        this.l = z;
    }
}
