package de.adorsys.sdjwt;

import com.fasterxml.jackson.databind.JsonNode;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.util.Base64URL;
import de.adorsys.sdjwt.exception.SdJwtVerificationException;
import java.io.IOException;
import java.text.ParseException;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;

/* loaded from: input_file:de/adorsys/sdjwt/SdJws.class */
public abstract class SdJws {
    private final JWSObject signedJwt;
    private final String jwsString;
    private final JsonNode payload;

    public String toJws() {
        if (this.jwsString == null) {
            throw new IllegalStateException("JWS not yet signed");
        }
        return this.jwsString;
    }

    public JsonNode getPayload() {
        return this.payload;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SdJws(JsonNode jsonNode) {
        this.payload = jsonNode;
        this.signedJwt = null;
        this.jwsString = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SdJws(String str) {
        try {
            this.jwsString = str;
            this.signedJwt = parse(str);
            this.payload = readPayload(this.signedJwt);
        } catch (IOException | ParseException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SdJws(JsonNode jsonNode, JWSObject jWSObject) {
        this.payload = jsonNode;
        this.signedJwt = jWSObject;
        this.jwsString = jWSObject.serialize();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SdJws(JsonNode jsonNode, JWSSigner jWSSigner, String str, JWSAlgorithm jWSAlgorithm, String str2) {
        this.payload = jsonNode;
        this.signedJwt = new JWSObject(new JWSHeader.Builder(jWSAlgorithm).type(new JOSEObjectType(str2)).keyID(str).build(), new Payload(Base64URL.encode(jsonNode.toString())));
        try {
            this.signedJwt.sign(jWSSigner);
            this.jwsString = this.signedJwt.serialize();
        } catch (JOSEException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SdJws(Base64URL base64URL, JWSSigner jWSSigner, String str, JWSAlgorithm jWSAlgorithm, String str2) {
        try {
            this.payload = SdJwtUtils.mapper.readTree(base64URL.decode());
            this.signedJwt = new JWSObject(new JWSHeader.Builder(jWSAlgorithm).type(new JOSEObjectType(str2)).keyID(str).build(), new Payload(base64URL));
            try {
                this.signedJwt.sign(jWSSigner);
                this.jwsString = this.signedJwt.serialize();
            } catch (JOSEException e) {
                throw new RuntimeException((Throwable) e);
            }
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }

    public JsonNode getHeader() {
        return SdJwtUtils.mapper.valueToTree(this.signedJwt.getHeader().toJSONObject());
    }

    public void verifySignature(JWSVerifier jWSVerifier) throws JOSEException {
        if (!this.signedJwt.verify(jWSVerifier)) {
            throw new JOSEException("Invalid JWS signature");
        }
    }

    public void verifyIssuedAtClaim() throws SdJwtVerificationException {
        if (Instant.now().getEpochSecond() < SdJwtUtils.readTimeClaim(this.payload, "iat")) {
            throw new SdJwtVerificationException("jwt issued in the future");
        }
    }

    public void verifyExpClaim() throws SdJwtVerificationException {
        if (Instant.now().getEpochSecond() >= SdJwtUtils.readTimeClaim(this.payload, "exp")) {
            throw new SdJwtVerificationException("jwt has expired");
        }
    }

    public void verifyNotBeforeClaim() throws SdJwtVerificationException {
        if (Instant.now().getEpochSecond() < SdJwtUtils.readTimeClaim(this.payload, "nbf")) {
            throw new SdJwtVerificationException("jwt not valid yet");
        }
    }

    public void verifyIssClaim(List<String> list) throws SdJwtVerificationException {
        verifyClaimAgainstTrustedValues(list, "iss");
    }

    public void verifyVctClaim(List<String> list) throws SdJwtVerificationException {
        verifyClaimAgainstTrustedValues(list, "vct");
    }

    private void verifyClaimAgainstTrustedValues(List<String> list, String str) throws SdJwtVerificationException {
        String readClaim = SdJwtUtils.readClaim(this.payload, str);
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().toLowerCase());
        }
        if (!arrayList.contains(readClaim.toLowerCase())) {
            throw new SdJwtVerificationException(String.format("Unknown '%s' claim value: %s", str, readClaim));
        }
    }

    private static JWSObject parse(String str) throws ParseException {
        return JWSObject.parse((String) Objects.requireNonNull(str, "jwsString must not be null"));
    }

    private static JsonNode readPayload(JWSObject jWSObject) throws ParseException, IOException {
        return (JsonNode) SdJwtUtils.mapper.readValue(jWSObject.getParsedParts()[1].decode(), JsonNode.class);
    }
}
