package io.ktor.server.auth.jwt;

import com.auth0.jwk.Jwk;
import com.auth0.jwk.JwkException;
import com.auth0.jwk.JwkProvider;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.impl.JWTParser;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;
import com.auth0.jwt.interfaces.Payload;
import com.auth0.jwt.interfaces.Verification;
import io.ktor.http.ContentDisposition;
import io.ktor.http.auth.HttpAuthHeader;
import io.ktor.server.auth.AuthenticationContext;
import io.ktor.server.auth.AuthenticationFailedCause;
import io.ktor.server.auth.HeadersKt;
import io.ktor.server.request.ApplicationRequest;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Base64;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.coroutines.Continuation;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function4;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.Charsets;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;

/* compiled from: JWTUtils.kt */
@Metadata(mv = {2, 0, 0}, k = 2, xi = 48, d1 = {"��\u009a\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0002\n\u0002\u0010��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\u001a\u0013\u0010\u0002\u001a\u00020\u0001*\u00020��H��¢\u0006\u0004\b\u0002\u0010\u0003\u001a\u0082\u0001\u0010\u0016\u001a\u00020\u0011*\u00020\u00042\u0006\u0010\u0006\u001a\u00020\u00052\u0006\u0010\b\u001a\u00020\u00072\u0006\u0010\n\u001a\u00020\t2U\u0010\u0015\u001aQ\b\u0001\u0012\u0004\u0012\u00020\f\u0012\u0013\u0012\u00110\u0007¢\u0006\f\b\r\u0012\b\b\u000e\u0012\u0004\b\b(\u000f\u0012\u0013\u0012\u00110\u0007¢\u0006\f\b\r\u0012\b\b\u000e\u0012\u0004\b\b(\b\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00110\u0010\u0012\u0006\u0012\u0004\u0018\u00010\u00120\u000bj\u0002`\u0013¢\u0006\u0002\b\u0014H��¢\u0006\u0004\b\u0016\u0010\u0017\u001aL\u0010!\u001a\u0004\u0018\u00010 2\u0006\u0010\u0019\u001a\u00020\u00182\b\u0010\u001a\u001a\u0004\u0018\u00010\u00072\u0006\u0010\u001c\u001a\u00020\u001b2\u0006\u0010\n\u001a\u00020\t2\u0017\u0010\u001f\u001a\u0013\u0012\u0004\u0012\u00020\u001e\u0012\u0004\u0012\u00020\u00110\u001d¢\u0006\u0002\b\u0014H��¢\u0006\u0004\b!\u0010\"\u001aF\u0010!\u001a\u0004\u0018\u00010 2\u0006\u0010\u0019\u001a\u00020\u00182\u0006\u0010\u001c\u001a\u00020\u001b2\u0006\u0010\n\u001a\u00020\t2\u001b\u0010$\u001a\u0017\u0012\u0004\u0012\u00020\u001e\u0012\u0004\u0012\u00020\u00110\u001dj\u0002`#¢\u0006\u0002\b\u0014H��¢\u0006\u0004\b!\u0010%\u001ae\u0010,\u001a\u0004\u0018\u00010\u00122\u0006\u0010'\u001a\u00020&2\b\u0010(\u001a\u0004\u0018\u00010 2\u0006\u0010\u001c\u001a\u00020\u001b2\u0006\u0010\n\u001a\u00020\t2/\u0010+\u001a+\b\u0001\u0012\u0004\u0012\u00020&\u0012\u0004\u0012\u00020*\u0012\f\u0012\n\u0012\u0006\u0012\u0004\u0018\u00010\u00120\u0010\u0012\u0006\u0012\u0004\u0018\u00010\u00120)¢\u0006\u0002\b\u0014H\u0080@¢\u0006\u0004\b,\u0010-\u001a\u001d\u0010.\u001a\u0004\u0018\u00010\u0007*\u00020\u001b2\u0006\u0010\n\u001a\u00020\tH��¢\u0006\u0004\b.\u0010/\u001a\u0015\u00101\u001a\u0004\u0018\u00010\u001b*\u000200H��¢\u0006\u0004\b1\u00102\u001a\u0013\u00105\u001a\u000204*\u000203H��¢\u0006\u0004\b5\u00106¨\u00067"}, d2 = {"Lcom/auth0/jwk/Jwk;", "Lcom/auth0/jwt/algorithms/Algorithm;", "makeAlgorithm", "(Lcom/auth0/jwk/Jwk;)Lcom/auth0/jwt/algorithms/Algorithm;", "Lio/ktor/server/auth/AuthenticationContext;", "Lio/ktor/server/auth/AuthenticationFailedCause;", "cause", "", HttpAuthHeader.Parameters.Realm, "Lio/ktor/server/auth/jwt/JWTAuthSchemes;", "schemes", "Lkotlin/Function4;", "Lio/ktor/server/auth/jwt/JWTChallengeContext;", "Lkotlin/ParameterName;", ContentDisposition.Parameters.Name, "defaultScheme", "Lkotlin/coroutines/Continuation;", "", "", "Lio/ktor/server/auth/jwt/JWTAuthChallengeFunction;", "Lkotlin/ExtensionFunctionType;", "challengeFunction", "bearerChallenge", "(Lio/ktor/server/auth/AuthenticationContext;Lio/ktor/server/auth/AuthenticationFailedCause;Ljava/lang/String;Lio/ktor/server/auth/jwt/JWTAuthSchemes;Lkotlin/jvm/functions/Function4;)V", "Lcom/auth0/jwk/JwkProvider;", "jwkProvider", "issuer", "Lio/ktor/http/auth/HttpAuthHeader;", "token", "Lkotlin/Function1;", "Lcom/auth0/jwt/interfaces/Verification;", "jwtConfigure", "Lcom/auth0/jwt/interfaces/JWTVerifier;", "getVerifier", "(Lcom/auth0/jwk/JwkProvider;Ljava/lang/String;Lio/ktor/http/auth/HttpAuthHeader;Lio/ktor/server/auth/jwt/JWTAuthSchemes;Lkotlin/jvm/functions/Function1;)Lcom/auth0/jwt/interfaces/JWTVerifier;", "Lio/ktor/server/auth/jwt/JWTConfigureFunction;", "configure", "(Lcom/auth0/jwk/JwkProvider;Lio/ktor/http/auth/HttpAuthHeader;Lio/ktor/server/auth/jwt/JWTAuthSchemes;Lkotlin/jvm/functions/Function1;)Lcom/auth0/jwt/interfaces/JWTVerifier;", "Lio/ktor/server/application/ApplicationCall;", "call", "jwtVerifier", "Lkotlin/Function3;", "Lio/ktor/server/auth/jwt/JWTCredential;", "validate", "verifyAndValidate", "(Lio/ktor/server/application/ApplicationCall;Lcom/auth0/jwt/interfaces/JWTVerifier;Lio/ktor/http/auth/HttpAuthHeader;Lio/ktor/server/auth/jwt/JWTAuthSchemes;Lkotlin/jvm/functions/Function3;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "getBlob", "(Lio/ktor/http/auth/HttpAuthHeader;Lio/ktor/server/auth/jwt/JWTAuthSchemes;)Ljava/lang/String;", "Lio/ktor/server/request/ApplicationRequest;", "parseAuthorizationHeaderOrNull", "(Lio/ktor/server/request/ApplicationRequest;)Lio/ktor/http/auth/HttpAuthHeader;", "Lcom/auth0/jwt/interfaces/DecodedJWT;", "Lcom/auth0/jwt/interfaces/Payload;", "parsePayload", "(Lcom/auth0/jwt/interfaces/DecodedJWT;)Lcom/auth0/jwt/interfaces/Payload;", "ktor-server-auth-jwt"})
@SourceDebugExtension({"SMAP\nJWTUtils.kt\nKotlin\n*S Kotlin\n*F\n+ 1 JWTUtils.kt\nio/ktor/server/auth/jwt/JWTUtilsKt\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,128:1\n1#2:129\n*E\n"})
/* loaded from: input_file:io/ktor/server/auth/jwt/JWTUtilsKt.class */
public final class JWTUtilsKt {
    @NotNull
    public static final Algorithm makeAlgorithm(@NotNull Jwk jwk) {
        Intrinsics.checkNotNullParameter(jwk, "<this>");
        String algorithm = jwk.getAlgorithm();
        if (algorithm == null) {
            PublicKey publicKey = jwk.getPublicKey();
            Intrinsics.checkNotNull(publicKey, "null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
            Algorithm RSA256 = Algorithm.RSA256((RSAPublicKey) publicKey, null);
            Intrinsics.checkNotNullExpressionValue(RSA256, "RSA256(...)");
            return RSA256;
        }
        switch (algorithm.hashCode()) {
            case 66245349:
                if (algorithm.equals("ES256")) {
                    PublicKey publicKey2 = jwk.getPublicKey();
                    Intrinsics.checkNotNull(publicKey2, "null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
                    Algorithm ECDSA256 = Algorithm.ECDSA256((ECPublicKey) publicKey2, null);
                    Intrinsics.checkNotNullExpressionValue(ECDSA256, "ECDSA256(...)");
                    return ECDSA256;
                }
                break;
            case 66246401:
                if (algorithm.equals("ES384")) {
                    PublicKey publicKey3 = jwk.getPublicKey();
                    Intrinsics.checkNotNull(publicKey3, "null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
                    Algorithm ECDSA384 = Algorithm.ECDSA384((ECPublicKey) publicKey3, null);
                    Intrinsics.checkNotNullExpressionValue(ECDSA384, "ECDSA384(...)");
                    return ECDSA384;
                }
                break;
            case 66248104:
                if (algorithm.equals("ES512")) {
                    PublicKey publicKey4 = jwk.getPublicKey();
                    Intrinsics.checkNotNull(publicKey4, "null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
                    Algorithm ECDSA512 = Algorithm.ECDSA512((ECPublicKey) publicKey4, null);
                    Intrinsics.checkNotNullExpressionValue(ECDSA512, "ECDSA512(...)");
                    return ECDSA512;
                }
                break;
            case 78251122:
                if (algorithm.equals("RS256")) {
                    PublicKey publicKey5 = jwk.getPublicKey();
                    Intrinsics.checkNotNull(publicKey5, "null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
                    Algorithm RSA2562 = Algorithm.RSA256((RSAPublicKey) publicKey5, null);
                    Intrinsics.checkNotNullExpressionValue(RSA2562, "RSA256(...)");
                    return RSA2562;
                }
                break;
            case 78252174:
                if (algorithm.equals("RS384")) {
                    PublicKey publicKey6 = jwk.getPublicKey();
                    Intrinsics.checkNotNull(publicKey6, "null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
                    Algorithm RSA384 = Algorithm.RSA384((RSAPublicKey) publicKey6, null);
                    Intrinsics.checkNotNullExpressionValue(RSA384, "RSA384(...)");
                    return RSA384;
                }
                break;
            case 78253877:
                if (algorithm.equals("RS512")) {
                    PublicKey publicKey7 = jwk.getPublicKey();
                    Intrinsics.checkNotNull(publicKey7, "null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
                    Algorithm RSA512 = Algorithm.RSA512((RSAPublicKey) publicKey7, null);
                    Intrinsics.checkNotNullExpressionValue(RSA512, "RSA512(...)");
                    return RSA512;
                }
                break;
        }
        throw new IllegalArgumentException("Unsupported algorithm " + jwk.getAlgorithm());
    }

    public static final void bearerChallenge(@NotNull AuthenticationContext authenticationContext, @NotNull AuthenticationFailedCause authenticationFailedCause, @NotNull String str, @NotNull JWTAuthSchemes jWTAuthSchemes, @NotNull Function4<? super JWTChallengeContext, ? super String, ? super String, ? super Continuation<? super Unit>, ? extends Object> function4) {
        Intrinsics.checkNotNullParameter(authenticationContext, "<this>");
        Intrinsics.checkNotNullParameter(authenticationFailedCause, "cause");
        Intrinsics.checkNotNullParameter(str, HttpAuthHeader.Parameters.Realm);
        Intrinsics.checkNotNullParameter(jWTAuthSchemes, "schemes");
        Intrinsics.checkNotNullParameter(function4, "challengeFunction");
        authenticationContext.challenge(JWTAuthKt.getJWTAuthKey(), authenticationFailedCause, new JWTUtilsKt$bearerChallenge$1(function4, jWTAuthSchemes, str, null));
    }

    @Nullable
    public static final JWTVerifier getVerifier(@NotNull JwkProvider jwkProvider, @Nullable String str, @NotNull HttpAuthHeader httpAuthHeader, @NotNull JWTAuthSchemes jWTAuthSchemes, @NotNull Function1<? super Verification, Unit> function1) {
        Jwk jwk;
        Intrinsics.checkNotNullParameter(jwkProvider, "jwkProvider");
        Intrinsics.checkNotNullParameter(httpAuthHeader, "token");
        Intrinsics.checkNotNullParameter(jWTAuthSchemes, "schemes");
        Intrinsics.checkNotNullParameter(function1, "jwtConfigure");
        String blob = getBlob(httpAuthHeader, jWTAuthSchemes);
        if (blob == null) {
            return null;
        }
        try {
            jwk = jwkProvider.get(JWT.decode(blob).getKeyId());
        } catch (JwkException e) {
            JWTAuthKt.getJWTLogger().trace("Failed to get JWK", (Throwable) e);
            jwk = null;
        } catch (JWTDecodeException e2) {
            JWTAuthKt.getJWTLogger().trace("Illegal JWT", (Throwable) e2);
            jwk = null;
        }
        Jwk jwk2 = jwk;
        if (jwk2 == null) {
            return null;
        }
        try {
            Algorithm makeAlgorithm = makeAlgorithm(jwk2);
            Verification require = str == null ? JWT.require(makeAlgorithm) : JWT.require(makeAlgorithm).withIssuer(str);
            function1.invoke(require);
            return require.build();
        } catch (Throwable th) {
            Logger jWTLogger = JWTAuthKt.getJWTLogger();
            String algorithm = jwk2.getAlgorithm();
            String message = th.getMessage();
            if (message == null) {
                message = th.getClass().getSimpleName();
            }
            jWTLogger.trace("Failed to create algorithm {}: {}", algorithm, message);
            return null;
        }
    }

    @Nullable
    public static final JWTVerifier getVerifier(@NotNull JwkProvider jwkProvider, @NotNull HttpAuthHeader httpAuthHeader, @NotNull JWTAuthSchemes jWTAuthSchemes, @NotNull Function1<? super Verification, Unit> function1) {
        Intrinsics.checkNotNullParameter(jwkProvider, "jwkProvider");
        Intrinsics.checkNotNullParameter(httpAuthHeader, "token");
        Intrinsics.checkNotNullParameter(jWTAuthSchemes, "schemes");
        Intrinsics.checkNotNullParameter(function1, "configure");
        return getVerifier(jwkProvider, null, httpAuthHeader, jWTAuthSchemes, function1);
    }

    /* JADX WARN: Removed duplicated region for block: B:27:0x00fc  */
    /* JADX WARN: Removed duplicated region for block: B:35:0x00ee  */
    /* JADX WARN: Removed duplicated region for block: B:36:0x010a  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x005c  */
    @org.jetbrains.annotations.Nullable
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static final java.lang.Object verifyAndValidate(@org.jetbrains.annotations.NotNull io.ktor.server.application.ApplicationCall r7, @org.jetbrains.annotations.Nullable com.auth0.jwt.interfaces.JWTVerifier r8, @org.jetbrains.annotations.NotNull io.ktor.http.auth.HttpAuthHeader r9, @org.jetbrains.annotations.NotNull io.ktor.server.auth.jwt.JWTAuthSchemes r10, @org.jetbrains.annotations.NotNull kotlin.jvm.functions.Function3<? super io.ktor.server.application.ApplicationCall, ? super io.ktor.server.auth.jwt.JWTCredential, ? super kotlin.coroutines.Continuation<java.lang.Object>, ? extends java.lang.Object> r11, @org.jetbrains.annotations.NotNull kotlin.coroutines.Continuation<java.lang.Object> r12) {
        /*
            Method dump skipped, instructions count: 277
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.ktor.server.auth.jwt.JWTUtilsKt.verifyAndValidate(io.ktor.server.application.ApplicationCall, com.auth0.jwt.interfaces.JWTVerifier, io.ktor.http.auth.HttpAuthHeader, io.ktor.server.auth.jwt.JWTAuthSchemes, kotlin.jvm.functions.Function3, kotlin.coroutines.Continuation):java.lang.Object");
    }

    @Nullable
    public static final String getBlob(@NotNull HttpAuthHeader httpAuthHeader, @NotNull JWTAuthSchemes jWTAuthSchemes) {
        Intrinsics.checkNotNullParameter(httpAuthHeader, "<this>");
        Intrinsics.checkNotNullParameter(jWTAuthSchemes, "schemes");
        if ((httpAuthHeader instanceof HttpAuthHeader.Single) && jWTAuthSchemes.contains(httpAuthHeader.getAuthScheme())) {
            return ((HttpAuthHeader.Single) httpAuthHeader).getBlob();
        }
        return null;
    }

    @Nullable
    public static final HttpAuthHeader parseAuthorizationHeaderOrNull(@NotNull ApplicationRequest applicationRequest) {
        HttpAuthHeader httpAuthHeader;
        Intrinsics.checkNotNullParameter(applicationRequest, "<this>");
        try {
            httpAuthHeader = HeadersKt.parseAuthorizationHeader(applicationRequest);
        } catch (IllegalArgumentException e) {
            JWTAuthKt.getJWTLogger().trace("Illegal HTTP auth header", (Throwable) e);
            httpAuthHeader = null;
        }
        return httpAuthHeader;
    }

    @NotNull
    public static final Payload parsePayload(@NotNull DecodedJWT decodedJWT) {
        Intrinsics.checkNotNullParameter(decodedJWT, "<this>");
        byte[] decode = Base64.getUrlDecoder().decode(decodedJWT.getPayload());
        Intrinsics.checkNotNullExpressionValue(decode, "decode(...)");
        Payload parsePayload = new JWTParser().parsePayload(new String(decode, Charsets.UTF_8));
        Intrinsics.checkNotNullExpressionValue(parsePayload, "parsePayload(...)");
        return parsePayload;
    }
}
