package io.micronaut.security.token.jwt.nimbus;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jwt.SignedJWT;
import io.micronaut.core.annotation.Internal;
import io.micronaut.core.annotation.NonNull;
import io.micronaut.security.token.jwt.signature.SignatureConfiguration;
import io.micronaut.security.token.jwt.validator.JsonWebTokenSignatureValidator;
import jakarta.inject.Singleton;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Internal
/* loaded from: input_file:io/micronaut/security/token/jwt/nimbus/NimbusJsonWebTokenSignatureValidator.class */
class NimbusJsonWebTokenSignatureValidator implements JsonWebTokenSignatureValidator<SignedJWT> {
    private static final Logger LOG = LoggerFactory.getLogger(NimbusJsonWebTokenSignatureValidator.class);
    private final List<SignatureConfiguration> signatures;
    private final ConcurrentHashMap<JWSAlgorithm, List<SignatureConfiguration>> sortedSignaturesMap = new ConcurrentHashMap<>();

    public NimbusJsonWebTokenSignatureValidator(List<SignatureConfiguration> list) {
        this.signatures = list;
    }

    @Override // io.micronaut.security.token.jwt.validator.JsonWebTokenSignatureValidator
    public boolean validateSignature(@NonNull SignedJWT signedJWT) {
        return validate(signedJWT, this.sortedSignaturesMap.computeIfAbsent(signedJWT.getHeader().getAlgorithm(), jWSAlgorithm -> {
            ArrayList arrayList = new ArrayList(this.signatures);
            arrayList.sort(comparator(jWSAlgorithm));
            if (LOG.isDebugEnabled()) {
                LOG.debug("Sorted signature configurations for algorithm {} : {}", jWSAlgorithm, arrayList);
            }
            return arrayList;
        }));
    }

    private static boolean validate(SignedJWT signedJWT, SignatureConfiguration signatureConfiguration) {
        try {
            if (signatureConfiguration.verify(signedJWT)) {
                return true;
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("JWT Signature verification failed: {}", signedJWT.getParsedString());
            }
            return false;
        } catch (JOSEException e) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("Verification failed with signature configuration: {}, passing to the next one", signatureConfiguration);
            return false;
        }
    }

    private static boolean validate(SignedJWT signedJWT, List<SignatureConfiguration> list) {
        Iterator<SignatureConfiguration> it = list.iterator();
        while (it.hasNext()) {
            if (validate(signedJWT, it.next())) {
                return true;
            }
        }
        return false;
    }

    private static Comparator<SignatureConfiguration> comparator(JWSAlgorithm jWSAlgorithm) {
        return (signatureConfiguration, signatureConfiguration2) -> {
            boolean supports = signatureConfiguration.supports(jWSAlgorithm);
            if (supports == signatureConfiguration2.supports(jWSAlgorithm)) {
                return 0;
            }
            return supports ? -1 : 1;
        };
    }
}
