package org.apache.cxf.rs.security.jose.jws;

import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jws.JwsException;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-356-01.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-rs-security-jose-3.1.5.redhat-630356-01.jar:org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.class */
public class JwsCompactConsumer {
    protected static final Logger LOG = LogUtils.getL7dLogger(JwsCompactConsumer.class);
    private JsonMapObjectReaderWriter reader;
    private String encodedSequence;
    private String encodedSignature;
    private String headersJson;
    private String jwsPayload;
    private String decodedJwsPayload;
    private JwsHeaders jwsHeaders;
    private boolean detached;

    public JwsCompactConsumer(String str) {
        this(str, null, null);
    }

    public JwsCompactConsumer(String str, String str2) {
        this(str, str2, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JwsCompactConsumer(String str, String str2, JsonMapObjectReaderWriter jsonMapObjectReaderWriter) {
        this.reader = new JsonMapObjectReaderWriter();
        if (jsonMapObjectReaderWriter != null) {
            this.reader = jsonMapObjectReaderWriter;
        }
        String[] compactParts = JoseUtils.getCompactParts(str);
        if (compactParts.length == 3) {
            this.encodedSignature = compactParts[2];
        } else {
            if (compactParts.length != 2 || !str.endsWith(".")) {
                LOG.warning("Compact JWS does not have 3 parts");
                throw new JwsException(JwsException.Error.INVALID_COMPACT_JWS);
            }
            this.encodedSignature = "";
        }
        this.jwsPayload = compactParts[1];
        if (str2 != null) {
            if (!StringUtils.isEmpty(this.jwsPayload)) {
                LOG.warning("Compact JWS includes a payload expected to be detached");
                throw new JwsException(JwsException.Error.INVALID_COMPACT_JWS);
            }
            this.detached = true;
            this.jwsPayload = str2;
        }
        this.encodedSequence = compactParts[0] + "." + this.jwsPayload;
        this.headersJson = JoseUtils.decodeToString(compactParts[0]);
    }

    public String getUnsignedEncodedSequence() {
        return this.encodedSequence;
    }

    public String getEncodedSignature() {
        return this.encodedSignature;
    }

    public String getDecodedJsonHeaders() {
        return this.headersJson;
    }

    public String getDecodedJwsPayload() {
        if (this.decodedJwsPayload == null) {
            if (JwsUtils.isPayloadUnencoded(this.jwsHeaders)) {
                this.decodedJwsPayload = this.jwsPayload;
            } else {
                this.decodedJwsPayload = JoseUtils.decodeToString(this.jwsPayload);
            }
        }
        return this.decodedJwsPayload;
    }

    public byte[] getDecodedJwsPayloadBytes() {
        return StringUtils.toBytesUTF8(getDecodedJwsPayload());
    }

    public byte[] getDecodedSignature() {
        return this.encodedSignature.isEmpty() ? new byte[0] : JoseUtils.decode(this.encodedSignature);
    }

    public JwsHeaders getJwsHeaders() {
        if (this.jwsHeaders == null) {
            JsonMapObject fromJsonToJsonObject = this.reader.fromJsonToJsonObject(this.headersJson);
            if (fromJsonToJsonObject.getUpdateCount() != null) {
                LOG.warning("Duplicate headers have been detected");
                throw new JwsException(JwsException.Error.INVALID_COMPACT_JWS);
            }
            this.jwsHeaders = new JwsHeaders(fromJsonToJsonObject.asMap());
            if (JwsUtils.isPayloadUnencoded(this.jwsHeaders) && !this.detached) {
                LOG.warning("Only detached payload can be unencoded");
                throw new JwsException(JwsException.Error.INVALID_COMPACT_JWS);
            }
        }
        return this.jwsHeaders;
    }

    public boolean verifySignatureWith(JwsSignatureVerifier jwsSignatureVerifier) {
        try {
            if (jwsSignatureVerifier.verify(getJwsHeaders(), getUnsignedEncodedSequence(), getDecodedSignature())) {
                return true;
            }
        } catch (JwsException e) {
        }
        LOG.warning("Invalid Signature");
        return false;
    }

    public boolean verifySignatureWith(JsonWebKey jsonWebKey) {
        return verifySignatureWith(JwsUtils.getSignatureVerifier(jsonWebKey));
    }

    public boolean verifySignatureWith(JsonWebKey jsonWebKey, SignatureAlgorithm signatureAlgorithm) {
        return verifySignatureWith(JwsUtils.getSignatureVerifier(jsonWebKey, signatureAlgorithm));
    }

    public boolean verifySignatureWith(X509Certificate x509Certificate, SignatureAlgorithm signatureAlgorithm) {
        return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(x509Certificate, signatureAlgorithm));
    }

    public boolean verifySignatureWith(PublicKey publicKey, SignatureAlgorithm signatureAlgorithm) {
        return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(publicKey, signatureAlgorithm));
    }

    public boolean verifySignatureWith(byte[] bArr, SignatureAlgorithm signatureAlgorithm) {
        return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(bArr, signatureAlgorithm));
    }

    public boolean validateCriticalHeaders() {
        return JwsUtils.validateCriticalHeaders(getJwsHeaders());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JsonMapObjectReaderWriter getReader() {
        return this.reader;
    }
}
