package io.micronaut.security.token.jwt.signature.jwks;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.SignedJWT;
import io.micronaut.core.util.functional.ThrowingFunction;
import io.micronaut.core.util.functional.ThrowingSupplier;
import jakarta.inject.Singleton;
import java.util.Objects;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:META-INF/rewrite/classpath/micronaut-security-jwt-4.0.0.jar:io/micronaut/security/token/jwt/signature/jwks/DefaultJwkValidator.class */
public class DefaultJwkValidator implements JwkValidator {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultJwkValidator.class);

    @Override // io.micronaut.security.token.jwt.signature.jwks.JwkValidator
    public boolean validate(SignedJWT signedJWT, JWK jwk) {
        Optional<JWSVerifier> verifier = getVerifier(jwk);
        if (!verifier.isPresent()) {
            return false;
        }
        try {
            return signedJWT.verify(verifier.get());
        } catch (JOSEException e) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("JOSEException when verifying jwt", e);
            return false;
        }
    }

    protected Optional<JWSVerifier> getVerifier(JWK jwk) {
        if (jwk instanceof RSAKey) {
            RSAKey rSAKey = (RSAKey) jwk;
            Objects.requireNonNull(rSAKey);
            return getVerifier(rSAKey::toRSAPublicKey, RSASSAVerifier::new);
        }
        if (!(jwk instanceof ECKey)) {
            return Optional.empty();
        }
        ECKey eCKey = (ECKey) jwk;
        Objects.requireNonNull(eCKey);
        return getVerifier(eCKey::toECPublicKey, ECDSAVerifier::new);
    }

    private <T, R extends JWSVerifier> Optional<R> getVerifier(ThrowingSupplier<T, JOSEException> throwingSupplier, ThrowingFunction<T, R, JOSEException> throwingFunction) {
        T t = null;
        try {
            t = throwingSupplier.get();
        } catch (JOSEException e) {
            if (LOG.isErrorEnabled()) {
                LOG.error("JOSEException when retrieving public key", e);
            }
        }
        if (t != null) {
            try {
                return Optional.of(throwingFunction.apply(t));
            } catch (JOSEException e2) {
                if (LOG.isErrorEnabled()) {
                    LOG.error("JOSEException when instantiating the verifier", e2);
                }
            }
        }
        return Optional.empty();
    }
}
