package dev.fitko.fitconnect.jwkvalidator;

import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyOperation;
import com.nimbusds.jose.jwk.RSAKey;
import dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilder;
import dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps;
import dev.fitko.fitconnect.jwkvalidator.exceptions.JWKValidationException;
import dev.fitko.fitconnect.jwkvalidator.exceptions.LogHelper;
import dev.fitko.fitconnect.jwkvalidator.exceptions.LogLevel;
import dev.fitko.fitconnect.jwkvalidator.exceptions.X5CValidatorNotInitializedException;
import dev.fitko.fitconnect.jwkvalidator.parameter.JWKParameterValidator;
import dev.fitko.fitconnect.jwkvalidator.x5c.X5CValidator;
import java.net.Proxy;
import java.security.cert.TrustAnchor;
import java.util.List;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/fitko/fitconnect/jwkvalidator/JWKValidator.class */
public class JWKValidator {
    private static final Logger log = LoggerFactory.getLogger(JWKValidator.class);
    private final JWKParameterValidator jwkParameterValidator;
    private final X5CValidator x5cValidator;
    private final boolean isX5CValidationSilent;
    private final LogLevel logLevel;
    private final boolean isX5CValidationRequired;

    private JWKValidator(LogLevel logLevel) {
        this.jwkParameterValidator = new JWKParameterValidator(logLevel);
        this.x5cValidator = null;
        this.isX5CValidationSilent = true;
        this.logLevel = logLevel;
        this.isX5CValidationRequired = false;
    }

    private JWKValidator(Proxy proxy, Set<TrustAnchor> set, List<String> list, List<String> list2, boolean z, LogLevel logLevel) {
        this.jwkParameterValidator = new JWKParameterValidator(logLevel);
        this.x5cValidator = X5CValidator.of(proxy, set, list, list2, logLevel);
        if (this.x5cValidator == null) {
            throw new IllegalStateException("X5CValidator was not initialized properly (is null)");
        }
        this.isX5CValidationSilent = z;
        this.logLevel = logLevel;
        this.isX5CValidationRequired = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JWKValidator withoutX5CValidation(LogLevel logLevel) {
        return new JWKValidator(logLevel);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JWKValidator withX5CValidation(Proxy proxy, Set<TrustAnchor> set, List<String> list, List<String> list2, boolean z, LogLevel logLevel) {
        return new JWKValidator(proxy, set, list, list2, z, logLevel);
    }

    public static JWKValidatorBuilderSteps.JWKValidatorErrorLogLevel withoutX5CValidation() {
        return new JWKValidatorBuilder.Full(false);
    }

    public static JWKValidatorBuilderSteps.JWKValidatorWithX5CValidation withX5CValidation() {
        return new JWKValidatorBuilder.Full(true);
    }

    public static JWKValidatorBuilderSteps.RecommendedJWKValidatorWithX5CValidation withRecommendedDefaults() {
        return new JWKValidatorBuilder.Recommended();
    }

    public void validate(RSAKey rSAKey, KeyOperation keyOperation) throws IllegalArgumentException, JWKValidationException {
        this.jwkParameterValidator.validateForPurpose(rSAKey, keyOperation);
        if (this.isX5CValidationRequired) {
            hasValidX5c(rSAKey);
        }
    }

    public void validate(RSAKey rSAKey) throws IllegalArgumentException, JWKValidationException {
        this.jwkParameterValidator.validate(rSAKey);
        if (this.isX5CValidationRequired) {
            hasValidX5c(rSAKey);
        }
    }

    private void hasValidX5c(RSAKey rSAKey) throws JWKValidationException {
        if (this.x5cValidator == null) {
            throw X5CValidatorNotInitializedException.build((JWK) rSAKey, log, this.logLevel, "JWK with id {} could not be validated. X5CValidator is not initialized.", rSAKey.getKeyID());
        }
        try {
            this.x5cValidator.validate(rSAKey);
        } catch (Exception e) {
            if (this.isX5CValidationSilent) {
                LogHelper.log(log, this.logLevel, "Found following error with X5C chain in JWK {}: {}", e, rSAKey.getKeyID(), e.getMessage());
            } else {
                LogHelper.log(log, this.logLevel, "JWK with id {} has an invalid X5C with error", e, rSAKey.getKeyID());
                throw e;
            }
        }
    }
}
