package no.difi.move.common.oauth;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyType;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.proc.BadJWSException;
import com.nimbusds.jose.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URL;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;

/* loaded from: input_file:no/difi/move/common/oauth/JWTDecoder.class */
public class JWTDecoder {
    private final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");

    public String getPayload(String str, URL url) throws BadJWSException {
        try {
            JWSObject parse = JWSObject.parse(str);
            try {
                try {
                    if (parse.verify(new RSASSAVerifier((RSAKey) JWKSet.load(url).getKeys().stream().filter(jwk -> {
                        return jwk.getKeyType() == KeyType.RSA;
                    }).findFirst().map(jwk2 -> {
                        return (RSAKey) jwk2;
                    }).orElseThrow(() -> {
                        return new BadJWSException("RSA keytype not found in JWK");
                    })))) {
                        return parse.getPayload().toString();
                    }
                    throw new BadJWSException("Signature did not successfully verify");
                } catch (JOSEException e) {
                    throw new BadJWSException("Could not verify JWS", e);
                }
            } catch (IOException | ParseException e2) {
                throw new BadJWSException(String.format("Could not load JWK Set from url %s", url));
            }
        } catch (ParseException e3) {
            throw new BadJWSException("Could not parse signed string", e3);
        }
    }

    public String getPayload(String str, PublicKey publicKey) throws BadJWSException {
        try {
            JWSObject parse = JWSObject.parse(str);
            try {
                if (parse.verify(new RSASSAVerifier((RSAPublicKey) publicKey))) {
                    return parse.getPayload().toString();
                }
                throw new BadJWSException("Signature did not successfully verify");
            } catch (JOSEException e) {
                throw new BadJWSException("Could not verify JWS", e);
            }
        } catch (ParseException e2) {
            throw new BadJWSException("Could not parse signed string", e2);
        }
    }

    public String getPayload(String str) throws BadJWSException {
        try {
            JWSObject parse = JWSObject.parse(str);
            try {
                try {
                    if (parse.verify(new RSASSAVerifier((RSAPublicKey) this.certificateFactory.generateCertificate(new ByteArrayInputStream(((Base64) parse.getHeader().getX509CertChain().get(0)).decode())).getPublicKey()))) {
                        return parse.getPayload().toString();
                    }
                    throw new BadJWSException("Signature did not successfully verify");
                } catch (JOSEException e) {
                    throw new BadJWSException("Could not verify JWS", e);
                }
            } catch (CertificateException e2) {
                throw new BadJWSException("Could not generate certificate object from JWS", e2);
            }
        } catch (ParseException e3) {
            throw new BadJWSException("Could not parse signed string", e3);
        }
    }
}
