package com.atlassian.asap.nimbus.parser;

import com.atlassian.asap.api.JwsHeader;
import com.atlassian.asap.api.JwtClaims;
import com.atlassian.asap.core.SecurityProvider;
import com.atlassian.asap.core.exception.JwtParseException;
import com.atlassian.asap.core.exception.MissingRequiredClaimException;
import com.atlassian.asap.core.exception.MissingRequiredHeaderException;
import com.atlassian.asap.core.exception.UnsupportedAlgorithmException;
import com.atlassian.asap.core.parser.JwtParser;
import com.atlassian.asap.core.parser.VerifiableJwt;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jwt.JWTClaimsSet;
import java.security.Provider;
import java.text.ParseException;
import java.util.Collection;
import java.util.Objects;
import java.util.Optional;
import net.minidev.json.JSONObject;

/* loaded from: input_file:com/atlassian/asap/nimbus/parser/NimbusJwtParser.class */
public class NimbusJwtParser implements JwtParser {
    private final Provider provider;

    public NimbusJwtParser() {
        this(SecurityProvider.getProvider());
    }

    public NimbusJwtParser(Provider provider) {
        this.provider = provider;
    }

    @Override // com.atlassian.asap.core.parser.JwtParser
    public VerifiableJwt parse(String str) throws JwtParseException, UnsupportedAlgorithmException {
        try {
            JWSObject parse = JWSObject.parse((String) Objects.requireNonNull(str));
            validateRequiredHeaders(parse);
            JWTClaimsSet parse2 = JWTClaimsSet.parse((JSONObject) Optional.ofNullable(parse.getPayload()).map((v0) -> {
                return v0.toJSONObject();
            }).orElseThrow(() -> {
                return new JwtParseException("malformed payload");
            }));
            validateRequiredClaims(parse2);
            try {
                return NimbusVerifiableJwt.buildVerifiableJwt(parse, parse2, this.provider);
            } catch (NumberFormatException e) {
                throw new JwtParseException("unrepresentable JSON values", e);
            }
        } catch (ParseException e2) {
            throw new JwtParseException(e2);
        }
    }

    @Override // com.atlassian.asap.core.parser.JwtParser
    public Optional<String> determineUnverifiedIssuer(String str) {
        try {
            Optional map = Optional.ofNullable(JWSObject.parse((String) Objects.requireNonNull(str)).getPayload()).map((v0) -> {
                return v0.toJSONObject();
            });
            return map.isPresent() ? Optional.ofNullable(JWTClaimsSet.parse((JSONObject) map.get()).getIssuer()) : Optional.empty();
        } catch (ParseException e) {
            return Optional.empty();
        }
    }

    private void validateRequiredHeaders(JWSObject jWSObject) throws MissingRequiredHeaderException {
        if (jWSObject.getHeader().getAlgorithm() == null || jWSObject.getHeader().getAlgorithm() == Algorithm.NONE) {
            throw new MissingRequiredHeaderException(JwsHeader.Header.ALGORITHM);
        }
        if (jWSObject.getHeader().getKeyID() == null) {
            throw new MissingRequiredHeaderException(JwsHeader.Header.KEY_ID);
        }
    }

    private void validateRequiredClaims(JWTClaimsSet jWTClaimsSet) throws MissingRequiredClaimException {
        checkClaimNotEmpty(jWTClaimsSet.getAudience(), JwtClaims.RegisteredClaim.AUDIENCE);
        checkClaimNotNull(jWTClaimsSet.getIssuer(), JwtClaims.RegisteredClaim.ISSUER);
        checkClaimNotNull(jWTClaimsSet.getJWTID(), JwtClaims.RegisteredClaim.JWT_ID);
        checkClaimNotNull(jWTClaimsSet.getIssueTime(), JwtClaims.RegisteredClaim.ISSUED_AT);
        checkClaimNotNull(jWTClaimsSet.getExpirationTime(), JwtClaims.RegisteredClaim.EXPIRY);
    }

    private static void checkClaimNotNull(Object obj, JwtClaims.RegisteredClaim registeredClaim) throws MissingRequiredClaimException {
        if (obj == null) {
            throw new MissingRequiredClaimException(registeredClaim);
        }
    }

    private static void checkClaimNotEmpty(Collection collection, JwtClaims.RegisteredClaim registeredClaim) throws MissingRequiredClaimException {
        if (collection == null || collection.isEmpty()) {
            throw new MissingRequiredClaimException(registeredClaim);
        }
    }
}
