package edu.utexas.tacc.tapis.sharedapi.security;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import java.security.PublicKey;
import java.util.Objects;

/* loaded from: input_file:edu/utexas/tacc/tapis/sharedapi/security/TapisJWTValidator.class */
public class TapisJWTValidator {
    private String encodedJWT;
    private static final String CLAIM_TENANT = "tapis/tenant_id";
    private static final String CLAIM_USERNAME = "tapis/username";
    private static final String CLAIM_TOKEN_TYPE = "tapis/token_type";
    private static final String CLAIM_ACCOUNT_TYPE = "tapis/account_type";
    private static final String CLAIM_SITE = "tapis/target_site";
    private static final String CLAIM_DELEGATION = "tapis/delegation";
    private static final String CLAIM_DELEGATION_SUB = "tapis/delegation_sub";

    public TapisJWTValidator(String str) {
        this.encodedJWT = str;
    }

    public Jws<Claims> validate(PublicKey publicKey) throws JwtException {
        Jws<Claims> parseClaimsJws = Jwts.parser().setSigningKey(publicKey).parseClaimsJws(this.encodedJWT);
        Claims claims = (Claims) parseClaimsJws.getBody();
        try {
            Objects.requireNonNull(claims.get(CLAIM_TENANT));
            Objects.requireNonNull(claims.get(CLAIM_USERNAME));
            Objects.requireNonNull(claims.get(CLAIM_TOKEN_TYPE));
            Objects.requireNonNull(claims.get(CLAIM_ACCOUNT_TYPE));
            Objects.requireNonNull(claims.get(CLAIM_SITE));
            if (claims.get(CLAIM_DELEGATION) != null) {
                Objects.requireNonNull(claims.get(CLAIM_DELEGATION_SUB));
            }
            return parseClaimsJws;
        } catch (NullPointerException e) {
            throw new JwtException("Claims are not valid");
        }
    }

    public Claims getClaimsNoValidation() {
        return (Claims) Jwts.parser().parseClaimsJwt(this.encodedJWT.substring(0, this.encodedJWT.lastIndexOf(46) + 1)).getBody();
    }
}
