package org.apache.cxf.rs.security.jose.jws;

import java.security.PublicKey;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import org.apache.camel.component.flatpack.FlatpackComponent;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jws.JwsException;
import org.elasticsearch.index.mapper.core.CompletionFieldMapper;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-324.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-rs-security-jose-3.1.5.redhat-630324.jar:org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.class */
public class JwsJsonConsumer {
    protected static final Logger LOG = LogUtils.getL7dLogger(JwsJsonConsumer.class);
    private String jwsSignedDocument;
    private String jwsPayload;
    private List<JwsJsonSignatureEntry> signatures;

    public JwsJsonConsumer(String str) {
        this(str, null);
    }

    public JwsJsonConsumer(String str, String str2) {
        this.signatures = new LinkedList();
        this.jwsSignedDocument = str;
        prepare(str2);
    }

    private void prepare(String str) {
        JsonMapObject jsonMapObject = new JsonMapObject();
        new JsonMapObjectReaderWriter().fromJson(jsonMapObject, this.jwsSignedDocument);
        Map<String, Object> asMap = jsonMapObject.asMap();
        this.jwsPayload = (String) asMap.get(CompletionFieldMapper.Fields.CONTENT_FIELD_NAME_PAYLOAD);
        if (this.jwsPayload == null) {
            this.jwsPayload = str;
        } else if (str != null) {
            LOG.warning("JSON JWS includes a payload expected to be detached");
            throw new JwsException(JwsException.Error.INVALID_JSON_JWS);
        }
        if (this.jwsPayload == null) {
            LOG.warning("JSON JWS has no payload");
            throw new JwsException(JwsException.Error.INVALID_JSON_JWS);
        }
        List cast = CastUtils.cast((List<?>) asMap.get("signatures"));
        if (cast == null) {
            this.signatures.add(getSignatureObject(asMap));
        } else {
            if (asMap.containsKey("signature")) {
                LOG.warning("JSON JWS has a flattened 'signature' element and a 'signatures' object");
                throw new JwsException(JwsException.Error.INVALID_JSON_JWS);
            }
            Iterator it = cast.iterator();
            while (it.hasNext()) {
                this.signatures.add(getSignatureObject((Map) it.next()));
            }
        }
        if (this.signatures.isEmpty()) {
            LOG.warning("JSON JWS has no signatures");
            throw new JwsException(JwsException.Error.INVALID_JSON_JWS);
        }
        validateB64Status();
    }

    private Boolean validateB64Status() {
        return JwsJsonProducer.validateB64Status(this.signatures);
    }

    protected JwsJsonSignatureEntry getSignatureObject(Map<String, Object> map) {
        String str = (String) map.get("protected");
        Map cast = CastUtils.cast((Map<?, ?>) map.get(FlatpackComponent.HEADER_ID));
        return new JwsJsonSignatureEntry(this.jwsPayload, str, (String) map.get("signature"), cast != null ? new JwsHeaders((Map<String, Object>) cast) : null);
    }

    public String getSignedDocument() {
        return this.jwsSignedDocument;
    }

    public String getJwsPayload() {
        return this.jwsPayload;
    }

    public String getDecodedJwsPayload() {
        return validateB64Status().booleanValue() ? JoseUtils.decodeToString(this.jwsPayload) : this.jwsPayload;
    }

    public byte[] getDecodedJwsPayloadBytes() {
        return StringUtils.toBytesUTF8(getDecodedJwsPayload());
    }

    public List<JwsJsonSignatureEntry> getSignatureEntries() {
        return Collections.unmodifiableList(this.signatures);
    }

    public Map<SignatureAlgorithm, List<JwsJsonSignatureEntry>> getSignatureEntryMap() {
        return JwsUtils.getJwsJsonSignatureMap(this.signatures);
    }

    public boolean verifySignatureWith(JwsSignatureVerifier jwsSignatureVerifier) {
        return verifySignatureWith(jwsSignatureVerifier, (Map<String, Object>) null);
    }

    public boolean verifySignatureWith(JwsSignatureVerifier jwsSignatureVerifier, Map<String, Object> map) {
        List<JwsJsonSignatureEntry> list = getSignatureEntryMap().get(jwsSignatureVerifier.getAlgorithm());
        if (list == null) {
            return false;
        }
        for (JwsJsonSignatureEntry jwsJsonSignatureEntry : list) {
            if (map == null || jwsJsonSignatureEntry.getUnionHeader().asMap().entrySet().containsAll(map.entrySet())) {
                if (jwsJsonSignatureEntry.verifySignatureWith(jwsSignatureVerifier)) {
                    return true;
                }
            }
        }
        return false;
    }

    public boolean verifySignatureWith(PublicKey publicKey, SignatureAlgorithm signatureAlgorithm) {
        return verifySignatureWith(publicKey, signatureAlgorithm, (Map<String, Object>) null);
    }

    public boolean verifySignatureWith(PublicKey publicKey, SignatureAlgorithm signatureAlgorithm, Map<String, Object> map) {
        return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(publicKey, signatureAlgorithm), map);
    }

    public boolean verifySignatureWith(byte[] bArr, SignatureAlgorithm signatureAlgorithm) {
        return verifySignatureWith(bArr, signatureAlgorithm, (Map<String, Object>) null);
    }

    public boolean verifySignatureWith(byte[] bArr, SignatureAlgorithm signatureAlgorithm, Map<String, Object> map) {
        return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(bArr, signatureAlgorithm), map);
    }

    public boolean verifySignatureWith(JsonWebKey jsonWebKey) {
        return verifySignatureWith(JwsUtils.getSignatureVerifier(jsonWebKey));
    }

    public boolean verifySignatureWith(JsonWebKey jsonWebKey, SignatureAlgorithm signatureAlgorithm) {
        return verifySignatureWith(jsonWebKey, signatureAlgorithm, (Map<String, Object>) null);
    }

    public boolean verifySignatureWith(JsonWebKey jsonWebKey, SignatureAlgorithm signatureAlgorithm, Map<String, Object> map) {
        return verifySignatureWith(JwsUtils.getSignatureVerifier(jsonWebKey, signatureAlgorithm), map);
    }

    public boolean verifySignatureWith(List<JwsSignatureVerifier> list) {
        return verifySignatureWith(list, (Map<String, Object>) null);
    }

    public boolean verifySignatureWith(List<JwsSignatureVerifier> list, Map<String, Object> map) {
        try {
            verifyAndGetNonValidated(list, map);
            return true;
        } catch (JwsException e) {
            LOG.warning("One of JSON JWS signatures is invalid");
            return false;
        }
    }

    public List<JwsJsonSignatureEntry> verifyAndGetNonValidated(List<JwsSignatureVerifier> list) {
        return verifyAndGetNonValidated(list, null);
    }

    public List<JwsJsonSignatureEntry> verifyAndGetNonValidated(List<JwsSignatureVerifier> list, Map<String, Object> map) {
        LinkedList linkedList = new LinkedList();
        for (JwsSignatureVerifier jwsSignatureVerifier : list) {
            List<JwsJsonSignatureEntry> list2 = getSignatureEntryMap().get(jwsSignatureVerifier.getAlgorithm());
            if (list2 != null) {
                Iterator<JwsJsonSignatureEntry> it = list2.iterator();
                while (true) {
                    if (it.hasNext()) {
                        JwsJsonSignatureEntry next = it.next();
                        if (map == null || next.getUnionHeader().asMap().entrySet().containsAll(map.entrySet())) {
                            if (next.verifySignatureWith(jwsSignatureVerifier)) {
                                linkedList.add(next);
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (linkedList.isEmpty()) {
            throw new JwsException(JwsException.Error.INVALID_SIGNATURE);
        }
        LinkedList linkedList2 = new LinkedList();
        for (JwsJsonSignatureEntry jwsJsonSignatureEntry : this.signatures) {
            if (!linkedList.contains(jwsJsonSignatureEntry)) {
                linkedList2.add(jwsJsonSignatureEntry);
            }
        }
        return linkedList2;
    }

    public String verifyAndProduce(List<JwsSignatureVerifier> list) {
        return verifyAndProduce(list, null);
    }

    public String verifyAndProduce(List<JwsSignatureVerifier> list, Map<String, Object> map) {
        List<JwsJsonSignatureEntry> verifyAndGetNonValidated = verifyAndGetNonValidated(list, map);
        if (verifyAndGetNonValidated.isEmpty()) {
            return null;
        }
        JwsJsonProducer jwsJsonProducer = new JwsJsonProducer(getDecodedJwsPayload());
        jwsJsonProducer.getSignatureEntries().addAll(verifyAndGetNonValidated);
        return jwsJsonProducer.getJwsJsonSignedDocument();
    }
}
