package org.openziti.identity;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SigningKeyResolver;
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
import java.security.Key;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.NotImplementedError;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.openziti.Enrollment;

/* compiled from: ZitiJWT.kt */
@Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��8\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0006\u0018�� !2\u00020\u0001:\u0003!\"#B\u0017\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0004\b\u0006\u0010\u0007R\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n��\u001a\u0004\b\b\u0010\tR\u000e\u0010\n\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u001b\u0010\u000b\u001a\u00020\f8FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\u000f\u0010\u0010\u001a\u0004\b\r\u0010\u000eR\u001b\u0010\u0011\u001a\u00020\u00128FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\u0015\u0010\u0010\u001a\u0004\b\u0013\u0010\u0014R\u001b\u0010\u0016\u001a\u00020\u00178FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\u001a\u0010\u0010\u001a\u0004\b\u0018\u0010\u0019R\u0011\u0010\u001b\u001a\u00020\u00128F¢\u0006\u0006\u001a\u0004\b\u001c\u0010\u0014R\u0011\u0010\u001d\u001a\u00020\u001e8F¢\u0006\u0006\u001a\u0004\b\u001f\u0010 ¨\u0006$"}, d2 = {"Lorg/openziti/identity/ZitiJWT;", "", "cl", "Lio/jsonwebtoken/Claims;", "serverKey", "Ljava/security/Key;", "<init>", "(Lio/jsonwebtoken/Claims;Ljava/security/Key;)V", "getServerKey", "()Ljava/security/Key;", "claims", "controller", "Ljava/net/URI;", "getController", "()Ljava/net/URI;", "controller$delegate", "Lkotlin/Lazy;", "token", "", "getToken", "()Ljava/lang/String;", "token$delegate", "method", "Lorg/openziti/Enrollment$Method;", "getMethod", "()Lorg/openziti/Enrollment$Method;", "method$delegate", "name", "getName", "enrollmentURL", "Ljava/net/URL;", "getEnrollmentURL", "()Ljava/net/URL;", "Companion", "JwtTrustManager", "KeyResolver", "ziti"})
/* loaded from: input_file:org/openziti/identity/ZitiJWT.class */
public final class ZitiJWT {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private final Key serverKey;

    @NotNull
    private final Claims claims;

    @NotNull
    private final Lazy controller$delegate;

    @NotNull
    private final Lazy token$delegate;

    @NotNull
    private final Lazy method$delegate;

    /* compiled from: ZitiJWT.kt */
    @Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��\u0018\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\b\u0086\u0003\u0018��2\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003J\u000e\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u0007¨\u0006\b"}, d2 = {"Lorg/openziti/identity/ZitiJWT$Companion;", "", "<init>", "()V", "fromJWT", "Lorg/openziti/identity/ZitiJWT;", "jwt", "", "ziti"})
    /* loaded from: input_file:org/openziti/identity/ZitiJWT$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        @NotNull
        public final ZitiJWT fromJWT(@NotNull String str) {
            Intrinsics.checkNotNullParameter(str, "jwt");
            JwtTrustManager jwtTrustManager = new JwtTrustManager();
            Object body = Jwts.parser().setSigningKeyResolver(new KeyResolver(jwtTrustManager)).build().parse(str).getBody();
            Intrinsics.checkNotNull(body, "null cannot be cast to non-null type io.jsonwebtoken.Claims");
            return new ZitiJWT((Claims) body, jwtTrustManager.getServerKey());
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: ZitiJWT.kt */
    @Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��4\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0001\n��\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0006\u0018��2\u00020\u0001B\u0007¢\u0006\u0004\b\u0002\u0010\u0003J)\u0010\n\u001a\u00020\u000b2\u0010\u0010\f\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u000e\u0018\u00010\r2\b\u0010\u000f\u001a\u0004\u0018\u00010\u0010H\u0016¢\u0006\u0002\u0010\u0011J'\u0010\u0012\u001a\u00020\u00132\u0010\u0010\u0014\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u000e\u0018\u00010\r2\u0006\u0010\u0015\u001a\u00020\u0010H\u0016¢\u0006\u0002\u0010\u0016J\u0013\u0010\u0017\u001a\b\u0012\u0004\u0012\u00020\u000e0\rH\u0016¢\u0006\u0002\u0010\u0018R\u001a\u0010\u0004\u001a\u00020\u0005X\u0086.¢\u0006\u000e\n��\u001a\u0004\b\u0006\u0010\u0007\"\u0004\b\b\u0010\t¨\u0006\u0019"}, d2 = {"Lorg/openziti/identity/ZitiJWT$JwtTrustManager;", "Ljavax/net/ssl/X509TrustManager;", "<init>", "()V", "serverKey", "Ljava/security/Key;", "getServerKey", "()Ljava/security/Key;", "setServerKey", "(Ljava/security/Key;)V", "checkClientTrusted", "", "p0", "", "Ljava/security/cert/X509Certificate;", "p1", "", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;)Ljava/lang/Void;", "checkServerTrusted", "", "certs", "authType", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "getAcceptedIssuers", "()[Ljava/security/cert/X509Certificate;", "ziti"})
    /* loaded from: input_file:org/openziti/identity/ZitiJWT$JwtTrustManager.class */
    public static final class JwtTrustManager implements X509TrustManager {
        public Key serverKey;

        @NotNull
        public final Key getServerKey() {
            Key key = this.serverKey;
            if (key != null) {
                return key;
            }
            Intrinsics.throwUninitializedPropertyAccessException("serverKey");
            return null;
        }

        public final void setServerKey(@NotNull Key key) {
            Intrinsics.checkNotNullParameter(key, "<set-?>");
            this.serverKey = key;
        }

        @Override // javax.net.ssl.X509TrustManager
        @NotNull
        public Void checkClientTrusted(@Nullable X509Certificate[] x509CertificateArr, @Nullable String str) {
            throw new NotImplementedError("An operation is not implemented: not needed");
        }

        /* JADX WARN: Removed duplicated region for block: B:11:0x0032  */
        /* JADX WARN: Removed duplicated region for block: B:8:0x0023  */
        @Override // javax.net.ssl.X509TrustManager
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public void checkServerTrusted(@org.jetbrains.annotations.Nullable java.security.cert.X509Certificate[] r6, @org.jetbrains.annotations.NotNull java.lang.String r7) {
            /*
                r5 = this;
                r0 = r7
                java.lang.String r1 = "authType"
                kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r0, r1)
                r0 = r5
                r1 = r6
                r2 = r1
                if (r2 == 0) goto L1c
                java.lang.Object r1 = kotlin.collections.ArraysKt.first(r1)
                java.security.cert.X509Certificate r1 = (java.security.cert.X509Certificate) r1
                r2 = r1
                if (r2 == 0) goto L1c
                java.security.PublicKey r1 = r1.getPublicKey()
                goto L1e
            L1c:
                r1 = 0
            L1e:
                r2 = r1
                if (r2 != 0) goto L32
            L23:
                java.lang.String r1 = "Required value was null."
                r8 = r1
                java.lang.IllegalStateException r1 = new java.lang.IllegalStateException
                r2 = r1
                r3 = r8
                java.lang.String r3 = r3.toString()
                r2.<init>(r3)
                throw r1
            L32:
                java.security.Key r1 = (java.security.Key) r1
                r0.setServerKey(r1)
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: org.openziti.identity.ZitiJWT.JwtTrustManager.checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String):void");
        }

        @Override // javax.net.ssl.X509TrustManager
        @NotNull
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* compiled from: ZitiJWT.kt */
    @Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��.\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0010\u0001\n��\n\u0002\u0010\u0012\n��\u0018��2\u00020\u0001B\u000f\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0004\b\u0004\u0010\u0005J\u0018\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH\u0016J\u001c\u0010\b\u001a\u00020\u000e2\b\u0010\n\u001a\u0004\u0018\u00010\u000b2\b\u0010\u000f\u001a\u0004\u0018\u00010\u0010H\u0016R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\u0006\u0010\u0007¨\u0006\u0011"}, d2 = {"Lorg/openziti/identity/ZitiJWT$KeyResolver;", "Lio/jsonwebtoken/SigningKeyResolver;", "tm", "Lorg/openziti/identity/ZitiJWT$JwtTrustManager;", "<init>", "(Lorg/openziti/identity/ZitiJWT$JwtTrustManager;)V", "getTm", "()Lorg/openziti/identity/ZitiJWT$JwtTrustManager;", "resolveSigningKey", "Ljava/security/Key;", "header", "Lio/jsonwebtoken/JwsHeader;", "claims", "Lio/jsonwebtoken/Claims;", "", "content", "", "ziti"})
    /* loaded from: input_file:org/openziti/identity/ZitiJWT$KeyResolver.class */
    public static final class KeyResolver implements SigningKeyResolver {

        @NotNull
        private final JwtTrustManager tm;

        public KeyResolver(@NotNull JwtTrustManager jwtTrustManager) {
            Intrinsics.checkNotNullParameter(jwtTrustManager, "tm");
            this.tm = jwtTrustManager;
        }

        @NotNull
        public final JwtTrustManager getTm() {
            return this.tm;
        }

        @NotNull
        public Key resolveSigningKey(@NotNull JwsHeader jwsHeader, @NotNull Claims claims) {
            Intrinsics.checkNotNullParameter(jwsHeader, "header");
            Intrinsics.checkNotNullParameter(claims, "claims");
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(null, new JwtTrustManager[]{this.tm}, new SecureRandom());
            URLConnection openConnection = URI.create(String.valueOf(claims.get("iss"))).toURL().openConnection();
            Intrinsics.checkNotNull(openConnection, "null cannot be cast to non-null type javax.net.ssl.HttpsURLConnection");
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) openConnection;
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            try {
                httpsURLConnection.connect();
                Key serverKey = this.tm.getServerKey();
                httpsURLConnection.disconnect();
                return serverKey;
            } catch (Throwable th) {
                httpsURLConnection.disconnect();
                throw th;
            }
        }

        @NotNull
        public Void resolveSigningKey(@Nullable JwsHeader jwsHeader, @Nullable byte[] bArr) {
            throw new NotImplementedError((String) null, 1, (DefaultConstructorMarker) null);
        }

        /* renamed from: resolveSigningKey, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ Key m54resolveSigningKey(JwsHeader jwsHeader, byte[] bArr) {
            return (Key) resolveSigningKey(jwsHeader, bArr);
        }
    }

    public ZitiJWT(@NotNull Claims claims, @NotNull Key key) {
        Intrinsics.checkNotNullParameter(claims, "cl");
        Intrinsics.checkNotNullParameter(key, "serverKey");
        this.serverKey = key;
        this.claims = claims;
        this.controller$delegate = LazyKt.lazy(() -> {
            return controller_delegate$lambda$0(r1);
        });
        this.token$delegate = LazyKt.lazy(() -> {
            return token_delegate$lambda$1(r1);
        });
        this.method$delegate = LazyKt.lazy(() -> {
            return method_delegate$lambda$2(r1);
        });
    }

    @NotNull
    public final Key getServerKey() {
        return this.serverKey;
    }

    @NotNull
    public final URI getController() {
        Object value = this.controller$delegate.getValue();
        Intrinsics.checkNotNullExpressionValue(value, "getValue(...)");
        return (URI) value;
    }

    @NotNull
    public final String getToken() {
        Object value = this.token$delegate.getValue();
        Intrinsics.checkNotNullExpressionValue(value, "getValue(...)");
        return (String) value;
    }

    @NotNull
    public final Enrollment.Method getMethod() {
        return (Enrollment.Method) this.method$delegate.getValue();
    }

    @NotNull
    public final String getName() {
        Object obj = this.claims.get("sub", String.class);
        Intrinsics.checkNotNullExpressionValue(obj, "get(...)");
        return (String) obj;
    }

    @NotNull
    public final URL getEnrollmentURL() {
        URL url = getController().resolve("/enroll?method=" + getMethod() + "&token=" + getToken()).toURL();
        Intrinsics.checkNotNullExpressionValue(url, "toURL(...)");
        return url;
    }

    private static final URI controller_delegate$lambda$0(ZitiJWT zitiJWT) {
        return URI.create((String) zitiJWT.claims.get("iss", String.class));
    }

    private static final String token_delegate$lambda$1(ZitiJWT zitiJWT) {
        return (String) zitiJWT.claims.get("jti", String.class);
    }

    private static final Enrollment.Method method_delegate$lambda$2(ZitiJWT zitiJWT) {
        String str = (String) zitiJWT.claims.get("em", String.class);
        Intrinsics.checkNotNull(str);
        return Enrollment.Method.valueOf(str);
    }
}
