package org.forgerock.json.jose.common;

import org.forgerock.json.fluent.JsonValue;
import org.forgerock.json.jose.exceptions.InvalidJwtException;
import org.forgerock.json.jose.exceptions.JwtReconstructionException;
import org.forgerock.json.jose.jwe.EncryptedJwt;
import org.forgerock.json.jose.jwe.JweHeader;
import org.forgerock.json.jose.jws.JwsHeader;
import org.forgerock.json.jose.jws.SignedEncryptedJwt;
import org.forgerock.json.jose.jws.SignedJwt;
import org.forgerock.json.jose.jwt.Jwt;
import org.forgerock.json.jose.jwt.JwtClaimsSet;
import org.forgerock.json.jose.jwt.JwtType;
import org.forgerock.json.jose.utils.Utils;
import org.forgerock.util.encode.Base64url;

/* loaded from: input_file:org/forgerock/json/jose/common/JwtReconstruction.class */
public final class JwtReconstruction {
    private static final int JWS_NUM_PARTS = 3;
    private static final int JWE_NUM_PARTS = 5;

    public <T extends Jwt> T reconstructJwt(String str, Class<T> cls) {
        EncryptedJwt reconstructSignedJwt;
        String[] split = str.split("\\.", -1);
        if (split.length != JWS_NUM_PARTS && split.length != JWE_NUM_PARTS) {
            throw new InvalidJwtException("not right number of dots, " + split.length);
        }
        JsonValue jsonValue = new JsonValue(Utils.parseJson(Utils.base64urlDecode(split[0])));
        JwtType jwtType = JwtType.JWT;
        if (jsonValue.isDefined("jwt")) {
            jwtType = JwtType.valueOf(jsonValue.get("typ").asString().toUpperCase());
        }
        if (jsonValue.isDefined("enc")) {
            verifyNumberOfParts(split, JWE_NUM_PARTS);
            reconstructSignedJwt = reconstructEncryptedJwt(split);
        } else if (JwtType.JWE.equals(jwtType)) {
            verifyNumberOfParts(split, JWS_NUM_PARTS);
            reconstructSignedJwt = reconstructSignedEncryptedJwt(split);
        } else if (jsonValue.isDefined("alg")) {
            verifyNumberOfParts(split, JWS_NUM_PARTS);
            reconstructSignedJwt = reconstructSignedJwt(split);
        } else {
            verifyNumberOfParts(split, JWS_NUM_PARTS);
            if (!split[2].isEmpty()) {
                throw new InvalidJwtException("Third part of Plaintext JWT not empty.");
            }
            reconstructSignedJwt = reconstructSignedJwt(split);
        }
        return cls.cast(reconstructSignedJwt);
    }

    private void verifyNumberOfParts(String[] strArr, int i) {
        if (strArr.length != i) {
            throw new JwtReconstructionException("Not the correct number of JWT parts. Expecting, " + i + ", actually, " + strArr.length);
        }
    }

    private SignedJwt reconstructSignedJwt(String[] strArr) {
        String str = strArr[0];
        String str2 = strArr[1];
        String str3 = strArr[2];
        return new SignedJwt(new JwsHeader(Utils.parseJson(Utils.base64urlDecode(str))), new JwtClaimsSet(Utils.parseJson(Utils.base64urlDecode(str2))), (str + "." + str2).getBytes(Utils.CHARSET), Base64url.decode(str3));
    }

    private EncryptedJwt reconstructEncryptedJwt(String[] strArr) {
        String str = strArr[0];
        String str2 = strArr[1];
        String str3 = strArr[2];
        String str4 = strArr[JWS_NUM_PARTS];
        String str5 = strArr[4];
        String base64urlDecode = Utils.base64urlDecode(str);
        return new EncryptedJwt(new JweHeader(Utils.parseJson(base64urlDecode)), Base64url.decode(str2), Base64url.decode(str3), Base64url.decode(str4), Base64url.decode(str5));
    }

    private SignedEncryptedJwt reconstructSignedEncryptedJwt(String[] strArr) {
        String str = strArr[0];
        String str2 = strArr[1];
        String str3 = strArr[2];
        String base64urlDecode = Utils.base64urlDecode(str);
        String base64urlDecode2 = Utils.base64urlDecode(str2);
        byte[] decode = Base64url.decode(str3);
        JwsHeader jwsHeader = new JwsHeader(Utils.parseJson(base64urlDecode));
        String[] split = base64urlDecode2.split("\\.", -1);
        verifyNumberOfParts(split, JWE_NUM_PARTS);
        return new SignedEncryptedJwt(jwsHeader, reconstructEncryptedJwt(split), (str + "." + str2).getBytes(Utils.CHARSET), decode);
    }
}
