package org.jose4j.jwt.consumer;

import java.security.Key;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.consumer.ErrorCodeValidator;
import org.jose4j.jwx.JsonWebStructure;
import org.jose4j.keys.KeyPersuasion;
import org.jose4j.keys.resolvers.DecryptionKeyResolver;
import org.jose4j.keys.resolvers.VerificationKeyResolver;
import org.jose4j.lang.JoseException;

/* loaded from: classes4.dex */
public class JwtConsumer {
    private DecryptionKeyResolver decryptionKeyResolver;
    private AlgorithmConstraints jweAlgorithmConstraints;
    private AlgorithmConstraints jweContentEncryptionAlgorithmConstraints;
    private JweCustomizer jweCustomizer;
    private ProviderContext jweProviderContext;
    private AlgorithmConstraints jwsAlgorithmConstraints;
    private JwsCustomizer jwsCustomizer;
    private ProviderContext jwsProviderContext;
    private boolean liberalContentTypeHandling;
    private boolean relaxDecryptionKeyValidation;
    private boolean relaxVerificationKeyValidation;
    private boolean requireEncryption;
    private boolean requireIntegrity;
    private boolean requireSignature = true;
    private boolean skipSignatureVerification;
    private boolean skipVerificationKeyResolutionOnNone;
    private List<ErrorCodeValidator> validators;
    private VerificationKeyResolver verificationKeyResolver;

    private boolean isNestedJwt(JsonWebStructure jsonWebStructure) {
        String contentTypeHeaderValue = jsonWebStructure.getContentTypeHeaderValue();
        return contentTypeHeaderValue != null && (contentTypeHeaderValue.equalsIgnoreCase("jwt") || contentTypeHeaderValue.equalsIgnoreCase("application/jwt"));
    }

    public JwtContext process(String str) throws InvalidJwtException {
        String payload;
        LinkedList linkedList = new LinkedList();
        JwtClaims jwtClaims = null;
        JwtContext jwtContext = new JwtContext(str, null, Collections.unmodifiableList(linkedList));
        String str2 = str;
        while (jwtClaims == null) {
            try {
                try {
                    try {
                        JsonWebStructure fromCompactSerialization = JsonWebStructure.fromCompactSerialization(str2);
                        if (fromCompactSerialization instanceof JsonWebSignature) {
                            payload = ((JsonWebSignature) fromCompactSerialization).getUnverifiedPayload();
                        } else {
                            JsonWebEncryption jsonWebEncryption = (JsonWebEncryption) fromCompactSerialization;
                            ProviderContext providerContext = this.jweProviderContext;
                            if (providerContext != null) {
                                jsonWebEncryption.setProviderContext(providerContext);
                            }
                            if (this.relaxDecryptionKeyValidation) {
                                jsonWebEncryption.setDoKeyValidation(false);
                            }
                            AlgorithmConstraints algorithmConstraints = this.jweContentEncryptionAlgorithmConstraints;
                            if (algorithmConstraints != null) {
                                jsonWebEncryption.setContentEncryptionAlgorithmConstraints(algorithmConstraints);
                            }
                            List<JsonWebStructure> unmodifiableList = Collections.unmodifiableList(linkedList);
                            jsonWebEncryption.setKey(this.decryptionKeyResolver.resolveKey(jsonWebEncryption, unmodifiableList));
                            AlgorithmConstraints algorithmConstraints2 = this.jweAlgorithmConstraints;
                            if (algorithmConstraints2 != null) {
                                jsonWebEncryption.setAlgorithmConstraints(algorithmConstraints2);
                            }
                            JweCustomizer jweCustomizer = this.jweCustomizer;
                            if (jweCustomizer != null) {
                                jweCustomizer.customize(jsonWebEncryption, unmodifiableList);
                            }
                            payload = jsonWebEncryption.getPayload();
                        }
                        if (!isNestedJwt(fromCompactSerialization)) {
                            try {
                                jwtClaims = JwtClaims.parse(payload, jwtContext);
                                jwtContext.setJwtClaims(jwtClaims);
                            } catch (InvalidJwtException e) {
                                if (!this.liberalContentTypeHandling) {
                                    throw e;
                                }
                                try {
                                    JsonWebStructure.fromCompactSerialization(str);
                                } catch (JoseException unused) {
                                    throw e;
                                }
                            }
                            linkedList.addFirst(fromCompactSerialization);
                        }
                        str2 = payload;
                        linkedList.addFirst(fromCompactSerialization);
                    } catch (JoseException e2) {
                        StringBuilder sb = new StringBuilder("Unable to process");
                        if (!linkedList.isEmpty()) {
                            sb.append(" nested");
                        }
                        sb.append(" JOSE object (cause: ");
                        sb.append(e2);
                        sb.append("): ");
                        sb.append(str2);
                        throw new InvalidJwtException("JWT processing failed.", new ErrorCodeValidator.Error(17, sb.toString()), e2, jwtContext);
                    }
                } catch (InvalidJwtException e3) {
                    throw e3;
                }
            } catch (Exception e4) {
                StringBuilder sb2 = new StringBuilder("Unexpected exception encountered while processing");
                if (!linkedList.isEmpty()) {
                    sb2.append(" nested");
                }
                sb2.append(" JOSE object (");
                sb2.append(e4);
                sb2.append("): ");
                sb2.append(str2);
                throw new InvalidJwtException("JWT processing failed.", new ErrorCodeValidator.Error(17, sb2.toString()), e4, jwtContext);
            }
        }
        processContext(jwtContext);
        return jwtContext;
    }

    public void processContext(JwtContext jwtContext) throws InvalidJwtException {
        ArrayList arrayList = new ArrayList(jwtContext.getJoseObjects());
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        for (int size = arrayList.size() - 1; size >= 0; size--) {
            List subList = arrayList.subList(size + 1, arrayList.size());
            List<JsonWebStructure> unmodifiableList = Collections.unmodifiableList(subList);
            JsonWebStructure jsonWebStructure = (JsonWebStructure) arrayList.get(size);
            try {
                if (jsonWebStructure instanceof JsonWebSignature) {
                    JsonWebSignature jsonWebSignature = (JsonWebSignature) jsonWebStructure;
                    boolean equals = "none".equals(jsonWebSignature.getAlgorithmHeaderValue());
                    if (!this.skipSignatureVerification) {
                        ProviderContext providerContext = this.jwsProviderContext;
                        if (providerContext != null) {
                            jsonWebSignature.setProviderContext(providerContext);
                        }
                        if (this.relaxVerificationKeyValidation) {
                            jsonWebSignature.setDoKeyValidation(false);
                        }
                        AlgorithmConstraints algorithmConstraints = this.jwsAlgorithmConstraints;
                        if (algorithmConstraints != null) {
                            jsonWebSignature.setAlgorithmConstraints(algorithmConstraints);
                        }
                        if (!equals || !this.skipVerificationKeyResolutionOnNone) {
                            jsonWebSignature.setKey(this.verificationKeyResolver.resolveKey(jsonWebSignature, unmodifiableList));
                        }
                        JwsCustomizer jwsCustomizer = this.jwsCustomizer;
                        if (jwsCustomizer != null) {
                            jwsCustomizer.customize(jsonWebSignature, unmodifiableList);
                        }
                        if (!jsonWebSignature.verifySignature()) {
                            throw new InvalidJwtSignatureException(jsonWebSignature, jwtContext);
                        }
                    }
                    if (!equals) {
                        z = true;
                    }
                } else {
                    JsonWebEncryption jsonWebEncryption = (JsonWebEncryption) jsonWebStructure;
                    Key resolveKey = this.decryptionKeyResolver.resolveKey(jsonWebEncryption, unmodifiableList);
                    if (resolveKey != null && !resolveKey.equals(jsonWebEncryption.getKey())) {
                        throw new InvalidJwtException("The resolved decryption key is different than the one originally used to decrypt the JWE.", Collections.singletonList(new ErrorCodeValidator.Error(17, "Key resolution problem.")), jwtContext);
                    }
                    AlgorithmConstraints algorithmConstraints2 = this.jweAlgorithmConstraints;
                    if (algorithmConstraints2 != null) {
                        algorithmConstraints2.checkConstraint(jsonWebEncryption.getAlgorithmHeaderValue());
                    }
                    AlgorithmConstraints algorithmConstraints3 = this.jweContentEncryptionAlgorithmConstraints;
                    if (algorithmConstraints3 != null) {
                        algorithmConstraints3.checkConstraint(jsonWebEncryption.getEncryptionMethodHeaderParameter());
                    }
                    z3 = jsonWebEncryption.getKeyManagementModeAlgorithm().getKeyPersuasion() == KeyPersuasion.SYMMETRIC;
                    z2 = true;
                }
            } catch (InvalidJwtException e) {
                throw e;
            } catch (JoseException e2) {
                StringBuilder sb = new StringBuilder("Unable to process");
                if (!subList.isEmpty()) {
                    sb.append(" nested");
                }
                sb.append(" JOSE object (cause: ");
                sb.append(e2);
                sb.append("): ");
                sb.append(jsonWebStructure);
                throw new InvalidJwtException("JWT processing failed.", new ErrorCodeValidator.Error(17, sb.toString()), e2, jwtContext);
            } catch (Exception e3) {
                StringBuilder sb2 = new StringBuilder("Unexpected exception encountered while processing");
                if (!subList.isEmpty()) {
                    sb2.append(" nested");
                }
                sb2.append(" JOSE object (");
                sb2.append(e3);
                sb2.append("): ");
                sb2.append(jsonWebStructure);
                throw new InvalidJwtException("JWT processing failed.", new ErrorCodeValidator.Error(17, sb2.toString()), e3, jwtContext);
            }
        }
        if (this.requireSignature && !z) {
            throw new InvalidJwtException("The JWT has no signature but the JWT Consumer is configured to require one: " + jwtContext.getJwt(), Collections.singletonList(new ErrorCodeValidator.Error(10, "Missing signature.")), jwtContext);
        }
        if (this.requireEncryption && !z2) {
            throw new InvalidJwtException("The JWT has no encryption but the JWT Consumer is configured to require it: " + jwtContext.getJwt(), Collections.singletonList(new ErrorCodeValidator.Error(19, "No encryption.")), jwtContext);
        }
        if (!this.requireIntegrity || z || z3) {
            validate(jwtContext);
            return;
        }
        throw new InvalidJwtException("The JWT has no integrity protection (signature/MAC or symmetric AEAD encryption) but the JWT Consumer is configured to require it: " + jwtContext.getJwt(), Collections.singletonList(new ErrorCodeValidator.Error(20, "Missing Integrity Protection")), jwtContext);
    }

    public JwtClaims processToClaims(String str) throws InvalidJwtException {
        return process(str).getJwtClaims();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setDecryptionKeyResolver(DecryptionKeyResolver decryptionKeyResolver) {
        this.decryptionKeyResolver = decryptionKeyResolver;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJweAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
        this.jweAlgorithmConstraints = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJweContentEncryptionAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
        this.jweContentEncryptionAlgorithmConstraints = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJweCustomizer(JweCustomizer jweCustomizer) {
        this.jweCustomizer = jweCustomizer;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJweProviderContext(ProviderContext providerContext) {
        this.jweProviderContext = providerContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJwsAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
        this.jwsAlgorithmConstraints = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJwsCustomizer(JwsCustomizer jwsCustomizer) {
        this.jwsCustomizer = jwsCustomizer;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setJwsProviderContext(ProviderContext providerContext) {
        this.jwsProviderContext = providerContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setLiberalContentTypeHandling(boolean z) {
        this.liberalContentTypeHandling = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRelaxDecryptionKeyValidation(boolean z) {
        this.relaxDecryptionKeyValidation = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRelaxVerificationKeyValidation(boolean z) {
        this.relaxVerificationKeyValidation = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRequireEncryption(boolean z) {
        this.requireEncryption = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRequireIntegrity(boolean z) {
        this.requireIntegrity = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRequireSignature(boolean z) {
        this.requireSignature = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSkipSignatureVerification(boolean z) {
        this.skipSignatureVerification = z;
    }

    public void setSkipVerificationKeyResolutionOnNone(boolean z) {
        this.skipVerificationKeyResolutionOnNone = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setValidators(List<ErrorCodeValidator> list) {
        this.validators = list;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setVerificationKeyResolver(VerificationKeyResolver verificationKeyResolver) {
        this.verificationKeyResolver = verificationKeyResolver;
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x000b A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:8:0x005a A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    void validate(org.jose4j.jwt.consumer.JwtContext r7) throws org.jose4j.jwt.consumer.InvalidJwtException {
        /*
            r6 = this;
            java.util.ArrayList r0 = new java.util.ArrayList
            r0.<init>()
            java.util.List<org.jose4j.jwt.consumer.ErrorCodeValidator> r1 = r6.validators
            java.util.Iterator r1 = r1.iterator()
        Lb:
            boolean r2 = r1.hasNext()
            if (r2 == 0) goto L5e
            java.lang.Object r2 = r1.next()
            org.jose4j.jwt.consumer.ErrorCodeValidator r2 = (org.jose4j.jwt.consumer.ErrorCodeValidator) r2
            org.jose4j.jwt.consumer.ErrorCodeValidator$Error r2 = r2.validate(r7)     // Catch: java.lang.Exception -> L1c org.jose4j.jwt.MalformedClaimException -> L4b
            goto L58
        L1c:
            r3 = move-exception
            java.lang.StringBuilder r4 = new java.lang.StringBuilder
            java.lang.String r5 = "Unexpected exception thrown from validator "
            r4.<init>(r5)
            java.lang.Class r2 = r2.getClass()
            java.lang.String r2 = r2.getName()
            r4.append(r2)
            java.lang.String r2 = ": "
            r4.append(r2)
            java.lang.Class r2 = r6.getClass()
            java.lang.String r2 = org.jose4j.lang.ExceptionHelp.toStringWithCausesAndAbbreviatedStack(r3, r2)
            r4.append(r2)
            java.lang.String r2 = r4.toString()
            org.jose4j.jwt.consumer.ErrorCodeValidator$Error r3 = new org.jose4j.jwt.consumer.ErrorCodeValidator$Error
            r4 = 17
            r3.<init>(r4, r2)
            goto L57
        L4b:
            r2 = move-exception
            org.jose4j.jwt.consumer.ErrorCodeValidator$Error r3 = new org.jose4j.jwt.consumer.ErrorCodeValidator$Error
            r4 = 18
            java.lang.String r2 = r2.getMessage()
            r3.<init>(r4, r2)
        L57:
            r2 = r3
        L58:
            if (r2 == 0) goto Lb
            r0.add(r2)
            goto Lb
        L5e:
            boolean r1 = r0.isEmpty()
            if (r1 == 0) goto L65
            return
        L65:
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            java.lang.String r2 = "JWT (claims->"
            r1.<init>(r2)
            org.jose4j.jwt.JwtClaims r2 = r7.getJwtClaims()
            java.lang.String r2 = r2.getRawJson()
            r1.append(r2)
            java.lang.String r2 = ") rejected due to invalid claims or other invalid content."
            r1.append(r2)
            java.lang.String r1 = r1.toString()
            org.jose4j.jwt.consumer.InvalidJwtException r2 = new org.jose4j.jwt.consumer.InvalidJwtException
            r2.<init>(r1, r0, r7)
            throw r2
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jose4j.jwt.consumer.JwtConsumer.validate(org.jose4j.jwt.consumer.JwtContext):void");
    }
}
