package org.jboss.resteasy.skeleton.key;

import java.io.IOException;
import java.security.PublicKey;
import org.jboss.resteasy.jose.jws.JWSInput;
import org.jboss.resteasy.jose.jws.crypto.RSAProvider;
import org.jboss.resteasy.jwt.JsonSerialization;
import org.jboss.resteasy.skeleton.key.representations.SkeletonKeyToken;

/* loaded from: input_file:WEB-INF/lib/skeleton-key-core-3.0-beta-2.jar:org/jboss/resteasy/skeleton/key/RSATokenVerifier.class */
public class RSATokenVerifier {
    public static SkeletonKeyToken verifyToken(String str, ResourceMetadata resourceMetadata) throws VerificationException {
        PublicKey realmKey = resourceMetadata.getRealmKey();
        String realm = resourceMetadata.getRealm();
        resourceMetadata.getResourceName();
        JWSInput jWSInput = new JWSInput(str);
        boolean z = false;
        try {
            z = RSAProvider.verify(jWSInput, realmKey);
        } catch (Exception e) {
        }
        if (!z) {
            throw new VerificationException("Token signature not validated");
        }
        try {
            SkeletonKeyToken skeletonKeyToken = (SkeletonKeyToken) JsonSerialization.fromBytes(SkeletonKeyToken.class, jWSInput.getContent());
            if (!skeletonKeyToken.isActive()) {
                throw new VerificationException("Token is not active.");
            }
            if (skeletonKeyToken.getPrincipal() == null) {
                throw new VerificationException("Token user was null");
            }
            if (realm.equals(skeletonKeyToken.getAudience())) {
                return skeletonKeyToken;
            }
            throw new VerificationException("Token audience doesn't match domain");
        } catch (IOException e2) {
            throw new VerificationException(e2);
        }
    }
}
