package dev.aohara.nimbuskms;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.impl.BaseJWSProvider;
import com.nimbusds.jose.crypto.impl.ECDSA;
import com.nimbusds.jose.util.Base64URL;
import dev.forkhandles.result4k.Failure;
import dev.forkhandles.result4k.Result;
import dev.forkhandles.result4k.Success;
import java.util.List;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.StringsKt;
import org.http4k.connect.RemoteFailure;
import org.http4k.connect.amazon.core.model.KMSKeyId;
import org.http4k.connect.amazon.kms.KMS;
import org.http4k.connect.amazon.kms.KmsExtensionsKt;
import org.http4k.connect.amazon.kms.action.VerifyResult;
import org.http4k.connect.amazon.kms.model.SigningAlgorithm;
import org.http4k.connect.model.Base64Blob;
import org.jetbrains.annotations.NotNull;

/* compiled from: KmsJwsVerifier.kt */
@Metadata(mv = {2, 0, 0}, k = 1, xi = 48, d1 = {"��4\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n��\n\u0002\u0018\u0002\n��\b��\u0018��2\u00020\u00012\u00020\u0002B\u0017\u0012\u0006\u0010\u0003\u001a\u00020\u0004\u0012\u0006\u0010\u0005\u001a\u00020\u0006¢\u0006\u0004\b\u0007\u0010\bJ \u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u0010H\u0016R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0011"}, d2 = {"Ldev/aohara/nimbuskms/KmsJwsVerifier;", "Lcom/nimbusds/jose/crypto/impl/BaseJWSProvider;", "Lcom/nimbusds/jose/JWSVerifier;", "kms", "Lorg/http4k/connect/amazon/kms/KMS;", "keyId", "Lorg/http4k/connect/amazon/core/model/KMSKeyId;", "<init>", "(Lorg/http4k/connect/amazon/kms/KMS;Lorg/http4k/connect/amazon/core/model/KMSKeyId;)V", "verify", "", "header", "Lcom/nimbusds/jose/JWSHeader;", "signedContent", "", "signature", "Lcom/nimbusds/jose/util/Base64URL;", "nimbus-kms"})
@SourceDebugExtension({"SMAP\nKmsJwsVerifier.kt\nKotlin\n*S Kotlin\n*F\n+ 1 KmsJwsVerifier.kt\ndev/aohara/nimbuskms/KmsJwsVerifier\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n+ 3 result.kt\ndev/forkhandles/result4k/ResultKt\n*L\n1#1,37:1\n1#2:38\n37#3,10:39\n72#3,4:49\n*S KotlinDebug\n*F\n+ 1 KmsJwsVerifier.kt\ndev/aohara/nimbuskms/KmsJwsVerifier\n*L\n33#1:39,10\n34#1:49,4\n*E\n"})
/* loaded from: input_file:dev/aohara/nimbuskms/KmsJwsVerifier.class */
public final class KmsJwsVerifier extends BaseJWSProvider implements JWSVerifier {

    @NotNull
    private final KMS kms;

    @NotNull
    private final KMSKeyId keyId;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public KmsJwsVerifier(@NotNull KMS kms, @NotNull KMSKeyId kMSKeyId) {
        super(SupportedAlgorithmsKt.getSupportedJwsAlgorithms());
        Intrinsics.checkNotNullParameter(kms, "kms");
        Intrinsics.checkNotNullParameter(kMSKeyId, "keyId");
        this.kms = kms;
        this.keyId = kMSKeyId;
    }

    public boolean verify(@NotNull JWSHeader jWSHeader, @NotNull byte[] bArr, @NotNull Base64URL base64URL) {
        Result result;
        Result success;
        Intrinsics.checkNotNullParameter(jWSHeader, "header");
        Intrinsics.checkNotNullParameter(bArr, "signedContent");
        Intrinsics.checkNotNullParameter(base64URL, "signature");
        JWSAlgorithm algorithm = jWSHeader.getAlgorithm();
        Intrinsics.checkNotNullExpressionValue(algorithm, "getAlgorithm(...)");
        SigningAlgorithm http4kOrThrow = SupportedAlgorithmsKt.toHttp4kOrThrow(algorithm);
        KMS kms = this.kms;
        KMSKeyId kMSKeyId = this.keyId;
        Base64Blob encode = Base64Blob.Companion.encode(bArr);
        byte[] decode = base64URL.decode();
        byte[] transcodeSignatureToDER = !SupportedAlgorithmsKt.isEcdsa(http4kOrThrow) ? decode : ECDSA.transcodeSignatureToDER(decode);
        Base64Blob.Companion companion = Base64Blob.Companion;
        Intrinsics.checkNotNull(transcodeSignatureToDER);
        Result verify$default = KmsExtensionsKt.verify$default(kms, kMSKeyId, encode, companion.encode(transcodeSignatureToDER), http4kOrThrow, (String) null, (List) null, 48, (Object) null);
        if (verify$default instanceof Success) {
            result = new Success(Boolean.valueOf(((VerifyResult) ((Success) verify$default).getValue()).getSignatureValid()));
        } else {
            if (!(verify$default instanceof Failure)) {
                throw new NoWhenBranchMatchedException();
            }
            result = verify$default;
        }
        Result result2 = result;
        if (result2 instanceof Success) {
            success = result2;
        } else {
            if (!(result2 instanceof Failure)) {
                throw new NoWhenBranchMatchedException();
            }
            RemoteFailure remoteFailure = (RemoteFailure) ((Failure) result2).getReason();
            String message = remoteFailure.getMessage();
            if (message == null) {
                message = "";
            }
            success = StringsKt.contains$default(message, "KMSInvalidSignatureException", false, 2, (Object) null) ? new Success(false) : new Failure(remoteFailure);
        }
        return ((Boolean) Http4kUtilsKt.valueOrThrow(success)).booleanValue();
    }
}
