package no.difi.meldingsutveksling.dpi.client.internal;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.util.X509CertChainUtils;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import lombok.Generated;
import no.difi.certvalidator.BusinessCertificateValidator;
import no.difi.meldingsutveksling.dpi.client.Blame;
import no.difi.meldingsutveksling.dpi.client.DpiException;
import org.springframework.util.Assert;

/* loaded from: input_file:no/difi/meldingsutveksling/dpi/client/internal/UnpackJWT.class */
public class UnpackJWT {
    private final BusinessCertificateValidator businessCertificateValidator;

    public Payload getPayload(String str) {
        JWSObject jwsObject = getJwsObject(str);
        verify(jwsObject);
        return jwsObject.getPayload();
    }

    private void verify(JWSObject jWSObject) {
        try {
            Assert.state(jWSObject.verify(getVerifier(jWSObject)), "Verifying JWT failed!");
        } catch (IllegalStateException | JOSEException e) {
            throw new IllegalStateException("Verifying JWT failed!", e);
        }
    }

    private RSASSAVerifier getVerifier(JWSObject jWSObject) {
        return new RSASSAVerifier((RSAPublicKey) getValidatedSigningCertificate(jWSObject).getPublicKey());
    }

    private JWSObject getJwsObject(String str) {
        try {
            return JWSObject.parse(str);
        } catch (ParseException e) {
            throw new IllegalStateException("Parsing JWT failed!", e);
        }
    }

    private X509Certificate getValidatedSigningCertificate(JWSObject jWSObject) {
        X509Certificate signingCertificate = getSigningCertificate(jWSObject);
        this.businessCertificateValidator.validate(signingCertificate);
        return signingCertificate;
    }

    private X509Certificate getSigningCertificate(JWSObject jWSObject) {
        try {
            return (X509Certificate) X509CertChainUtils.parse(jWSObject.getHeader().getX509CertChain()).stream().findFirst().orElseThrow(() -> {
                return new DpiException("Can not find signing certificate!", Blame.SERVER);
            });
        } catch (ParseException e) {
            throw new IllegalStateException("Can parse signing certificate!", e);
        }
    }

    @Generated
    public UnpackJWT(BusinessCertificateValidator businessCertificateValidator) {
        this.businessCertificateValidator = businessCertificateValidator;
    }
}
