package com.nimbusds.openid.connect.sdk.rp.statement;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.RemoteKeySourceException;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.DefaultResourceRetriever;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.util.CollectionUtils;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import java.net.URL;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import net.jcip.annotations.ThreadSafe;
import net.minidev.json.JSONObject;

@ThreadSafe
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/oauth2-client-plugin-3.0.6.jar:com/nimbusds/openid/connect/sdk/rp/statement/SoftwareStatementProcessor.class */
public class SoftwareStatementProcessor<C extends SecurityContext> {
    private final boolean required;
    private final DefaultJWTProcessor<C> processor;

    public SoftwareStatementProcessor(Issuer issuer, boolean z, Set<JWSAlgorithm> set, JWKSet jWKSet) {
        this(issuer, z, set, new ImmutableJWKSet(jWKSet));
    }

    public SoftwareStatementProcessor(Issuer issuer, boolean z, Set<JWSAlgorithm> set, URL url, int i, int i2, int i3) {
        this(issuer, z, set, new RemoteJWKSet(url, new DefaultResourceRetriever(i, i2, i3)));
    }

    public SoftwareStatementProcessor(Issuer issuer, boolean z, Set<JWSAlgorithm> set, JWKSource<C> jWKSource) {
        this(issuer, z, set, jWKSource, Collections.emptySet());
    }

    public SoftwareStatementProcessor(Issuer issuer, boolean z, Set<JWSAlgorithm> set, JWKSource<C> jWKSource, Set<String> set2) {
        this.required = z;
        HashSet hashSet = new HashSet();
        hashSet.add("iss");
        if (CollectionUtils.isNotEmpty(set2)) {
            hashSet.addAll(set2);
        }
        this.processor = new DefaultJWTProcessor<>();
        this.processor.setJWSKeySelector(new JWSVerificationKeySelector(set, jWKSource));
        this.processor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier(new JWTClaimsSet.Builder().issuer(issuer.getValue()).build(), hashSet));
    }

    public OIDCClientMetadata process(OIDCClientMetadata oIDCClientMetadata) throws InvalidSoftwareStatementException, JOSEException {
        return process(oIDCClientMetadata, null);
    }

    public OIDCClientMetadata process(OIDCClientMetadata oIDCClientMetadata, C c) throws InvalidSoftwareStatementException, JOSEException {
        SignedJWT softwareStatement = oIDCClientMetadata.getSoftwareStatement();
        if (softwareStatement == null) {
            if (this.required) {
                throw new InvalidSoftwareStatementException("Missing required software statement");
            }
            return oIDCClientMetadata;
        }
        try {
            JWTClaimsSet process = this.processor.process(softwareStatement, (SignedJWT) c);
            JSONObject jSONObject = new JSONObject();
            jSONObject.putAll(oIDCClientMetadata.toJSONObject());
            jSONObject.remove("software_statement");
            JSONObject jSONObject2 = JSONObjectUtils.toJSONObject(process);
            jSONObject2.remove("iss");
            jSONObject.putAll(jSONObject2);
            try {
                return OIDCClientMetadata.parse(jSONObject);
            } catch (ParseException e) {
                throw new InvalidSoftwareStatementException("Error merging software statement: " + e.getMessage(), e);
            }
        } catch (RemoteKeySourceException e2) {
            throw new InvalidSoftwareStatementException("Software statement JWT validation failed: " + e2.getMessage(), e2);
        } catch (BadJOSEException e3) {
            throw new InvalidSoftwareStatementException("Invalid software statement JWT: " + e3.getMessage(), e3);
        }
    }
}
