package com.adobe.granite.oauth.jwt.impl;

import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.oauth.jwt.JwsValidator;
import com.adobe.granite.oauth.jwt.JwtConstants;
import com.adobe.granite.oauth.jwt.JwtValidator;
import java.security.Key;
import javax.crypto.spec.SecretKeySpec;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.oltu.jose.jws.JWS;
import org.apache.oltu.jose.jws.io.JWSReader;
import org.apache.oltu.jose.jws.signature.SignatureMethod;
import org.apache.oltu.jose.jws.signature.VerifyingKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component
/* loaded from: input_file:com/adobe/granite/oauth/jwt/impl/JwsValidatorImpl.class */
public class JwsValidatorImpl implements JwsValidator {
    private static final Logger logger = LoggerFactory.getLogger(JwsValidatorImpl.class);

    @Reference
    private CryptoSupport cryptoSupport;

    @Reference
    JwtValidator jwtValidator;

    @Override // com.adobe.granite.oauth.jwt.JwsValidator
    public boolean validate(String str, Key key) {
        VerifyingKey verifyingKey;
        try {
            JWS jws = (JWS) new JWSReader().read(str);
            String algorithm = jws.getHeader().getAlgorithm();
            SignatureMethod signatureMethod = getSignatureMethod(algorithm);
            if (signatureMethod == null || (verifyingKey = getVerifyingKey(algorithm, key)) == null) {
                return false;
            }
            boolean validate = jws.validate(signatureMethod, verifyingKey);
            if (validate) {
                validate = this.jwtValidator.validate(str, System.currentTimeMillis());
            }
            return validate;
        } catch (Exception e) {
            logger.warn("exception while validating the token ", e);
            return false;
        }
    }

    @Override // com.adobe.granite.oauth.jwt.JwsValidator
    public boolean validate(String str) {
        return validate(str, null);
    }

    private SignatureMethod getSignatureMethod(String str) {
        SignatureMethod signatureMethod = null;
        if (JwtConstants.HS256.equals(str)) {
            signatureMethod = new HMACSignatureMethodsImpl(this.cryptoSupport);
        } else if (JwtConstants.RS256.equals(str) || JwtConstants.RS384.equals(str) || JwtConstants.RS512.equals(str)) {
            signatureMethod = new RSASignatureMethodImpl(this.cryptoSupport, str);
        } else {
            logger.warn("algorithm " + str + " not supported");
        }
        return signatureMethod;
    }

    private VerifyingKey getVerifyingKey(String str, Key key) {
        org.apache.oltu.jose.jws.signature.SymmetricKey symmetricKey = null;
        if (JwtConstants.HS256.equals(str)) {
            if (key == null) {
                symmetricKey = new SymmetricKey(null);
            } else if (key instanceof SecretKeySpec) {
                symmetricKey = new SymmetricKey(key.getEncoded());
            } else {
                logger.warn("The given algorithm " + str + " is not compatible with the given key " + key);
            }
        } else if (!JwtConstants.RS256.equals(str) && !JwtConstants.RS384.equals(str) && !JwtConstants.RS512.equals(str)) {
            logger.warn("algorithm " + str + " not supported");
        } else if (key instanceof java.security.PublicKey) {
            symmetricKey = new PublicKey((java.security.PublicKey) key);
        } else {
            logger.warn("The given algorithm " + str + " is not compatible with the given key " + key);
        }
        return symmetricKey;
    }

    protected void bindCryptoSupport(CryptoSupport cryptoSupport) {
        this.cryptoSupport = cryptoSupport;
    }

    protected void unbindCryptoSupport(CryptoSupport cryptoSupport) {
        if (this.cryptoSupport == cryptoSupport) {
            this.cryptoSupport = null;
        }
    }

    protected void bindJwtValidator(JwtValidator jwtValidator) {
        this.jwtValidator = jwtValidator;
    }

    protected void unbindJwtValidator(JwtValidator jwtValidator) {
        if (this.jwtValidator == jwtValidator) {
            this.jwtValidator = null;
        }
    }
}
