package io.nixer.nixerplugin.core.stigma.token.validation;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWT;
import io.nixer.nixerplugin.core.stigma.token.crypto.DecrypterFactory;
import javax.annotation.Nonnull;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/nixer-plugin-core-0.1.0.0.jar:io/nixer/nixerplugin/core/stigma/token/validation/EncryptedJwtValidator.class */
public class EncryptedJwtValidator implements JwtValidator {

    @Nonnull
    private final DecrypterFactory decrypterFactory;

    @Nonnull
    private final JwtValidator delegate;

    public EncryptedJwtValidator(@Nonnull DecrypterFactory decrypterFactory, @Nonnull JwtValidator jwtValidator) {
        Assert.notNull(decrypterFactory, "DecrypterFactory must not be null");
        this.decrypterFactory = decrypterFactory;
        Assert.notNull(jwtValidator, "JwtValidator must not be null");
        this.delegate = jwtValidator;
    }

    @Override // io.nixer.nixerplugin.core.stigma.token.validation.JwtValidator
    public ValidationResult validate(@Nonnull JWT jwt) {
        Assert.notNull(jwt, "JWT must not be null");
        if (!(jwt instanceof EncryptedJWT)) {
            return ValidationResult.invalid(ValidationStatus.NOT_ENCRYPTED, String.format("Expected EncryptedJWT, but got [%s]", jwt.getClass()));
        }
        EncryptedJWT encryptedJWT = (EncryptedJWT) jwt;
        JWEHeader header = encryptedJWT.getHeader();
        if (!this.decrypterFactory.getAlgorithm().equals(header.getAlgorithm())) {
            return ValidationResult.invalid(ValidationStatus.WRONG_ALG, String.format("Invalid encryption algorithm. Expected [%s] but got [%s]", this.decrypterFactory.getAlgorithm(), header.getAlgorithm()));
        }
        if (!this.decrypterFactory.getEncryptionMethod().equals(header.getEncryptionMethod())) {
            return ValidationResult.invalid(ValidationStatus.WRONG_ENC, String.format("Invalid encryption method. Expected [%s] but got [%s]", this.decrypterFactory.getEncryptionMethod(), header.getEncryptionMethod()));
        }
        try {
            encryptedJWT.decrypt(this.decrypterFactory.decrypter(header));
            return this.delegate.validate(encryptedJWT);
        } catch (JOSEException e) {
            return ValidationResult.invalid(ValidationStatus.DECRYPTION_ERROR, String.format("Decryption error: [%s]", e.getMessage()));
        }
    }
}
