package com.atlassian.asap.nimbus.parser;

import com.atlassian.asap.api.JwsHeader;
import com.atlassian.asap.api.JwtClaims;
import com.atlassian.asap.core.SecurityProvider;
import com.atlassian.asap.core.exception.JwtParseException;
import com.atlassian.asap.core.exception.MissingRequiredClaimException;
import com.atlassian.asap.core.exception.MissingRequiredHeaderException;
import com.atlassian.asap.core.exception.UnsupportedAlgorithmException;
import com.atlassian.asap.core.parser.JwtParser;
import com.atlassian.asap.core.parser.VerifiableJwt;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jwt.JWTClaimsSet;
import java.security.Provider;
import java.text.ParseException;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-connect-server-plugin-2.0.0-39bf8e4.jar:com/atlassian/asap/nimbus/parser/NimbusJwtParser.class */
public class NimbusJwtParser implements JwtParser {
    private final Provider provider;

    public NimbusJwtParser() {
        this(SecurityProvider.getProvider());
    }

    public NimbusJwtParser(Provider provider) {
        this.provider = provider;
    }

    @Override // com.atlassian.asap.core.parser.JwtParser
    public VerifiableJwt parse(String str) throws JwtParseException, UnsupportedAlgorithmException {
        try {
            JWSObject parse = JWSObject.parse(str);
            validateRequiredHeaders(parse);
            JWTClaimsSet parse2 = JWTClaimsSet.parse(parse.getPayload().toJSONObject());
            validateRequiredClaims(parse2);
            return NimbusVerifiableJwt.buildVerifiableJwt(parse, parse2, this.provider);
        } catch (ParseException e) {
            throw new JwtParseException(e);
        }
    }

    private void validateRequiredHeaders(JWSObject jWSObject) throws MissingRequiredHeaderException {
        if (jWSObject.getHeader().getAlgorithm() == null || jWSObject.getHeader().getAlgorithm() == Algorithm.NONE) {
            throw new MissingRequiredHeaderException(JwsHeader.Header.ALGORITHM);
        }
        if (jWSObject.getHeader().getKeyID() == null) {
            throw new MissingRequiredHeaderException(JwsHeader.Header.KEY_ID);
        }
    }

    private void validateRequiredClaims(JWTClaimsSet jWTClaimsSet) throws MissingRequiredClaimException {
        checkClaimNotNull(jWTClaimsSet.getAudience(), JwtClaims.Claim.AUDIENCE);
        checkClaimNotNull(jWTClaimsSet.getIssuer(), JwtClaims.Claim.ISSUER);
        checkClaimNotNull(jWTClaimsSet.getJWTID(), JwtClaims.Claim.JWT_ID);
        checkClaimNotNull(jWTClaimsSet.getIssueTime(), JwtClaims.Claim.ISSUED_AT);
        checkClaimNotNull(jWTClaimsSet.getExpirationTime(), JwtClaims.Claim.EXPIRY);
    }

    private static void checkClaimNotNull(Object obj, JwtClaims.Claim claim) throws MissingRequiredClaimException {
        if (obj == null) {
            throw new MissingRequiredClaimException(claim);
        }
    }
}
