package org.apache.cxf.rs.security.jose.jws;

import com.gargoylesoftware.htmlunit.html.HtmlHeader;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.jaxrs.provider.json.JsonMapObject;
import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
import org.apache.cxf.rs.security.jose.JoseUtils;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.class */
public class JwsJsonConsumer {
    private String jwsSignedDocument;
    private String encodedJwsPayload;
    private List<JwsJsonSignatureEntry> signatureEntries;

    public JwsJsonConsumer(String str) {
        this(str, null);
    }

    public JwsJsonConsumer(String str, String str2) {
        this.signatureEntries = new LinkedList();
        this.jwsSignedDocument = str;
        prepare(str2);
    }

    private void prepare(String str) {
        JsonMapObject jsonMapObject = new JsonMapObject();
        new JsonMapObjectReaderWriter().fromJson(jsonMapObject, this.jwsSignedDocument);
        Map<String, Object> asMap = jsonMapObject.asMap();
        this.encodedJwsPayload = (String) asMap.get("payload");
        if (this.encodedJwsPayload == null) {
            this.encodedJwsPayload = str;
        }
        if (this.encodedJwsPayload == null) {
            throw new SecurityException("Invalid JWS JSON sequence: no payload is available");
        }
        List cast = CastUtils.cast((List<?>) asMap.get("signatures"));
        if (cast == null) {
            this.signatureEntries.add(getSignatureObject(asMap));
        } else {
            if (asMap.containsKey("signature")) {
                throw new SecurityException("Invalid JWS JSON sequence");
            }
            Iterator it = cast.iterator();
            while (it.hasNext()) {
                this.signatureEntries.add(getSignatureObject((Map) it.next()));
            }
        }
        if (this.signatureEntries.isEmpty()) {
            throw new SecurityException("Invalid JWS JSON sequence: no signatures are available");
        }
    }

    protected JwsJsonSignatureEntry getSignatureObject(Map<String, Object> map) {
        String str = (String) map.get("protected");
        Map cast = CastUtils.cast((Map<?, ?>) map.get(HtmlHeader.TAG_NAME));
        return new JwsJsonSignatureEntry(this.encodedJwsPayload, str, (String) map.get("signature"), cast != null ? new JwsJsonUnprotectedHeader((Map<String, Object>) cast) : null);
    }

    public String getSignedDocument() {
        return this.jwsSignedDocument;
    }

    public String getEncodedJwsPayload() {
        return this.encodedJwsPayload;
    }

    public String getDecodedJwsPayload() {
        return JoseUtils.decodeToString(this.encodedJwsPayload);
    }

    public byte[] getDecodedJwsPayloadBytes() {
        return StringUtils.toBytesUTF8(getDecodedJwsPayload());
    }

    public List<JwsJsonSignatureEntry> getSignatureEntries() {
        return Collections.unmodifiableList(this.signatureEntries);
    }

    public MultivaluedMap<String, JwsJsonSignatureEntry> getSignatureEntryMap() {
        return JwsUtils.getJwsJsonSignatureMap(this.signatureEntries);
    }

    public boolean verifySignatureWith(JwsSignatureVerifier jwsSignatureVerifier) {
        List list = (List) getSignatureEntryMap().get(jwsSignatureVerifier.getAlgorithm());
        if (list == null) {
            return false;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            if (((JwsJsonSignatureEntry) it.next()).verifySignatureWith(jwsSignatureVerifier)) {
                return true;
            }
        }
        return false;
    }

    public boolean verifySignatureWith(RSAPublicKey rSAPublicKey, String str) {
        return verifySignatureWith(JwsUtils.getRSAKeySignatureVerifier(rSAPublicKey, str));
    }

    public boolean verifySignatureWith(byte[] bArr, String str) {
        return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(bArr, str));
    }

    public boolean verifySignatureWith(List<JwsSignatureVerifier> list) {
        try {
            verifyAndGetNonValidated(list);
            return true;
        } catch (SecurityException e) {
            return false;
        }
    }

    public List<JwsJsonSignatureEntry> verifyAndGetNonValidated(List<JwsSignatureVerifier> list) {
        if (list.size() > this.signatureEntries.size()) {
            throw new SecurityException("Too many signature validators");
        }
        LinkedList linkedList = new LinkedList();
        for (JwsSignatureVerifier jwsSignatureVerifier : list) {
            boolean z = false;
            List list2 = (List) getSignatureEntryMap().get(jwsSignatureVerifier.getAlgorithm());
            if (list2 != null) {
                Iterator it = list2.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    JwsJsonSignatureEntry jwsJsonSignatureEntry = (JwsJsonSignatureEntry) it.next();
                    if (jwsJsonSignatureEntry.verifySignatureWith(jwsSignatureVerifier)) {
                        linkedList.add(jwsJsonSignatureEntry);
                        z = true;
                        break;
                    }
                }
            }
            if (!z) {
                throw new SecurityException();
            }
        }
        if (linkedList.isEmpty()) {
            throw new SecurityException();
        }
        LinkedList linkedList2 = new LinkedList();
        for (JwsJsonSignatureEntry jwsJsonSignatureEntry2 : this.signatureEntries) {
            if (!linkedList.contains(jwsJsonSignatureEntry2)) {
                linkedList2.add(jwsJsonSignatureEntry2);
            }
        }
        return linkedList2;
    }

    public boolean verifySignatureWith(JsonWebKey jsonWebKey) {
        return verifySignatureWith(JwsUtils.getSignatureVerifier(jsonWebKey));
    }

    public boolean verifySignatureWith(JsonWebKey jsonWebKey, String str) {
        return verifySignatureWith(JwsUtils.getSignatureVerifier(jsonWebKey, str));
    }

    public JwsJsonProducer toProducer() {
        JwsJsonProducer jwsJsonProducer = new JwsJsonProducer(getDecodedJwsPayload());
        jwsJsonProducer.getSignatureEntries().addAll(this.signatureEntries);
        return jwsJsonProducer;
    }
}
