package io.ktor.auth.jwt;

import com.auth0.jwk.Jwk;
import com.auth0.jwk.JwkException;
import com.auth0.jwk.JwkProvider;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.impl.JWTParser;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;
import com.auth0.jwt.interfaces.Payload;
import com.auth0.jwt.interfaces.Verification;
import io.ktor.application.ApplicationCall;
import io.ktor.auth.Authentication;
import io.ktor.auth.AuthenticationContext;
import io.ktor.auth.AuthenticationFailedCause;
import io.ktor.auth.AuthenticationPipeline;
import io.ktor.auth.HeadersKt;
import io.ktor.auth.Principal;
import io.ktor.auth.jwt.JWTAuthenticationProvider;
import io.ktor.http.auth.HttpAuthHeader;
import io.ktor.request.ApplicationRequest;
import io.ktor.util.pipeline.PipelineContext;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Base64;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.coroutines.Continuation;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function3;
import kotlin.jvm.functions.Function4;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: JWTAuth.kt */
@Metadata(mv = {1, 4, 0}, bv = {1, 0, 3}, k = 2, d1 = {"��¦\u0001\n��\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\u001a?\u0010\u0004\u001a\u0004\u0018\u00010\u00052\u0006\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u001b\u0010\f\u001a\u0017\u0012\u0004\u0012\u00020\u000e\u0012\u0004\u0012\u00020\u000f0\rj\u0002`\u0010¢\u0006\u0002\b\u0011H\u0002\u001aE\u0010\u0004\u001a\u0004\u0018\u00010\u00052\u0006\u0010\u0006\u001a\u00020\u00072\b\u0010\u0012\u001a\u0004\u0018\u00010\u00132\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u0017\u0010\u0014\u001a\u0013\u0012\u0004\u0012\u00020\u000e\u0012\u0004\u0012\u00020\u000f0\r¢\u0006\u0002\b\u0011H\u0002\u001af\u0010\u0015\u001a\u0004\u0018\u00010\u00162\u0006\u0010\u0017\u001a\u00020\u00182\b\u0010\u0019\u001a\u0004\u0018\u00010\u00052\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2/\u0010\u001a\u001a+\b\u0001\u0012\u0004\u0012\u00020\u0018\u0012\u0004\u0012\u00020\u001c\u0012\f\u0012\n\u0012\u0006\u0012\u0004\u0018\u00010\u00160\u001d\u0012\u0006\u0012\u0004\u0018\u00010\u00010\u001b¢\u0006\u0002\b\u0011H\u0082@ø\u0001��¢\u0006\u0002\u0010\u001e\u001a\u0089\u0001\u0010\u001f\u001a\u00020\u000f*\u00020 2\u0006\u0010!\u001a\u00020\"2\u0006\u0010#\u001a\u00020\u00132\u0006\u0010\n\u001a\u00020\u000b2[\u0010$\u001aW\b\u0001\u0012\u000e\u0012\f\u0012\u0002\b\u0003\u0012\u0004\u0012\u00020\u00180&\u0012\u0013\u0012\u00110\u0013¢\u0006\f\b'\u0012\b\b(\u0012\u0004\b\b()\u0012\u0013\u0012\u00110\u0013¢\u0006\f\b'\u0012\b\b(\u0012\u0004\b\b(#\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u000f0\u001d\u0012\u0006\u0012\u0004\u0018\u00010\u00010%¢\u0006\u0002\b\u0011H\u0002ø\u0001��¢\u0006\u0002\u0010*\u001a\u0016\u0010+\u001a\u0004\u0018\u00010\u0013*\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH\u0002\u001a/\u0010,\u001a\u00020\u000f*\u00020-2\n\b\u0002\u0010(\u001a\u0004\u0018\u00010\u00132\u0017\u0010\f\u001a\u0013\u0012\u0004\u0012\u00020.\u0012\u0004\u0012\u00020\u000f0\r¢\u0006\u0002\b\u0011\u001a\f\u0010/\u001a\u000200*\u000201H��\u001a\u000e\u00102\u001a\u0004\u0018\u00010\t*\u000203H\u0002\u001a\f\u00104\u001a\u000205*\u000206H\u0002\"\u000e\u0010��\u001a\u00020\u0001X\u0082D¢\u0006\u0002\n��\"\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��*´\u0001\u00107\"W\b\u0001\u0012\u000e\u0012\f\u0012\u0002\b\u0003\u0012\u0004\u0012\u00020\u00180&\u0012\u0013\u0012\u00110\u0013¢\u0006\f\b'\u0012\b\b(\u0012\u0004\b\b()\u0012\u0013\u0012\u00110\u0013¢\u0006\f\b'\u0012\b\b(\u0012\u0004\b\b(#\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u000f0\u001d\u0012\u0006\u0012\u0004\u0018\u00010\u00010%¢\u0006\u0002\b\u00112W\b\u0001\u0012\u000e\u0012\f\u0012\u0002\b\u0003\u0012\u0004\u0012\u00020\u00180&\u0012\u0013\u0012\u00110\u0013¢\u0006\f\b'\u0012\b\b(\u0012\u0004\b\b()\u0012\u0013\u0012\u00110\u0013¢\u0006\f\b'\u0012\b\b(\u0012\u0004\b\b(#\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u000f0\u001d\u0012\u0006\u0012\u0004\u0018\u00010\u00010%¢\u0006\u0002\b\u0011*,\u00108\"\u0013\u0012\u0004\u0012\u00020\u000e\u0012\u0004\u0012\u00020\u000f0\r¢\u0006\u0002\b\u00112\u0013\u0012\u0004\u0012\u00020\u000e\u0012\u0004\u0012\u00020\u000f0\r¢\u0006\u0002\b\u0011\u0082\u0002\u0004\n\u0002\b\u0019¨\u00069"}, d2 = {"JWTAuthKey", "", "JWTLogger", "Lorg/slf4j/Logger;", "getVerifier", "Lcom/auth0/jwt/interfaces/JWTVerifier;", "jwkProvider", "Lcom/auth0/jwk/JwkProvider;", "token", "Lio/ktor/http/auth/HttpAuthHeader;", "schemes", "Lio/ktor/auth/jwt/JWTAuthSchemes;", "configure", "Lkotlin/Function1;", "Lcom/auth0/jwt/interfaces/Verification;", "", "Lio/ktor/auth/jwt/JWTConfigureFunction;", "Lkotlin/ExtensionFunctionType;", "issuer", "", "jwtConfigure", "verifyAndValidate", "Lio/ktor/auth/Principal;", "call", "Lio/ktor/application/ApplicationCall;", "jwtVerifier", "validate", "Lkotlin/Function3;", "Lio/ktor/auth/jwt/JWTCredential;", "Lkotlin/coroutines/Continuation;", "(Lio/ktor/application/ApplicationCall;Lcom/auth0/jwt/interfaces/JWTVerifier;Lio/ktor/http/auth/HttpAuthHeader;Lio/ktor/auth/jwt/JWTAuthSchemes;Lkotlin/jvm/functions/Function3;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "bearerChallenge", "Lio/ktor/auth/AuthenticationContext;", "cause", "Lio/ktor/auth/AuthenticationFailedCause;", "realm", "challengeFunction", "Lkotlin/Function4;", "Lio/ktor/util/pipeline/PipelineContext;", "Lkotlin/ParameterName;", "name", "defaultScheme", "(Lio/ktor/auth/AuthenticationContext;Lio/ktor/auth/AuthenticationFailedCause;Ljava/lang/String;Lio/ktor/auth/jwt/JWTAuthSchemes;Lkotlin/jvm/functions/Function4;)V", "getBlob", "jwt", "Lio/ktor/auth/Authentication$Configuration;", "Lio/ktor/auth/jwt/JWTAuthenticationProvider$Configuration;", "makeAlgorithm", "Lcom/auth0/jwt/algorithms/Algorithm;", "Lcom/auth0/jwk/Jwk;", "parseAuthorizationHeaderOrNull", "Lio/ktor/request/ApplicationRequest;", "parsePayload", "Lcom/auth0/jwt/interfaces/Payload;", "Lcom/auth0/jwt/interfaces/DecodedJWT;", "JWTAuthChallengeFunction", "JWTConfigureFunction", "ktor-auth-jwt"})
/* loaded from: input_file:io/ktor/auth/jwt/JWTAuthKt.class */
public final class JWTAuthKt {
    private static final Object JWTAuthKey = "JWTAuth";
    private static final Logger JWTLogger;

    public static final void jwt(@NotNull Authentication.Configuration configuration, @Nullable String str, @NotNull Function1<? super JWTAuthenticationProvider.Configuration, Unit> function1) {
        Intrinsics.checkNotNullParameter(configuration, "$this$jwt");
        Intrinsics.checkNotNullParameter(function1, "configure");
        JWTAuthenticationProvider.Configuration configuration2 = new JWTAuthenticationProvider.Configuration(str);
        function1.invoke(configuration2);
        JWTAuthenticationProvider build$ktor_auth_jwt = configuration2.build$ktor_auth_jwt();
        String realm$ktor_auth_jwt = build$ktor_auth_jwt.getRealm$ktor_auth_jwt();
        Function3<ApplicationCall, JWTCredential, Continuation<? super Principal>, Object> authenticationFunction$ktor_auth_jwt = build$ktor_auth_jwt.getAuthenticationFunction$ktor_auth_jwt();
        Function1<HttpAuthHeader, JWTVerifier> verifier$ktor_auth_jwt = build$ktor_auth_jwt.getVerifier$ktor_auth_jwt();
        build$ktor_auth_jwt.getPipeline().intercept(AuthenticationPipeline.Companion.getRequestAuthentication(), new JWTAuthKt$jwt$1(build$ktor_auth_jwt, realm$ktor_auth_jwt, build$ktor_auth_jwt.getSchemes$ktor_auth_jwt(), verifier$ktor_auth_jwt, authenticationFunction$ktor_auth_jwt, null));
        configuration.register(build$ktor_auth_jwt);
    }

    public static /* synthetic */ void jwt$default(Authentication.Configuration configuration, String str, Function1 function1, int i, Object obj) {
        if ((i & 1) != 0) {
            str = (String) null;
        }
        jwt(configuration, str, function1);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final void bearerChallenge(AuthenticationContext authenticationContext, AuthenticationFailedCause authenticationFailedCause, String str, JWTAuthSchemes jWTAuthSchemes, Function4<? super PipelineContext<?, ApplicationCall>, ? super String, ? super String, ? super Continuation<? super Unit>, ? extends Object> function4) {
        authenticationContext.challenge(JWTAuthKey, authenticationFailedCause, new JWTAuthKt$bearerChallenge$1(function4, jWTAuthSchemes, str, null));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final JWTVerifier getVerifier(JwkProvider jwkProvider, String str, HttpAuthHeader httpAuthHeader, JWTAuthSchemes jWTAuthSchemes, Function1<? super Verification, Unit> function1) {
        Jwk jwk;
        String blob = getBlob(httpAuthHeader, jWTAuthSchemes);
        if (blob == null) {
            return null;
        }
        try {
            DecodedJWT decode = JWT.decode(blob);
            Intrinsics.checkNotNullExpressionValue(decode, "JWT.decode(blob)");
            jwk = jwkProvider.get(decode.getKeyId());
        } catch (JWTDecodeException e) {
            JWTLogger.trace("Illegal JWT: {}", e.getMessage());
            jwk = null;
        } catch (JwkException e2) {
            JWTLogger.trace("Failed to get JWK: {}", e2.getMessage());
            jwk = null;
        }
        Jwk jwk2 = jwk;
        if (jwk2 == null) {
            return null;
        }
        try {
            Algorithm makeAlgorithm = makeAlgorithm(jwk2);
            Verification require = str == null ? JWT.require(makeAlgorithm) : JWT.require(makeAlgorithm).withIssuer(new String[]{str});
            function1.invoke(require);
            return require.build();
        } catch (Throwable th) {
            Logger logger = JWTLogger;
            String algorithm = jwk2.getAlgorithm();
            String message = th.getMessage();
            if (message == null) {
                message = th.getClass().getSimpleName();
            }
            logger.trace("Failed to create algorithm {}: {}", algorithm, message);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final JWTVerifier getVerifier(JwkProvider jwkProvider, HttpAuthHeader httpAuthHeader, JWTAuthSchemes jWTAuthSchemes, Function1<? super Verification, Unit> function1) {
        return getVerifier(jwkProvider, null, httpAuthHeader, jWTAuthSchemes, function1);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nullable
    public static final /* synthetic */ Object verifyAndValidate(@NotNull ApplicationCall applicationCall, @Nullable JWTVerifier jWTVerifier, @NotNull HttpAuthHeader httpAuthHeader, @NotNull JWTAuthSchemes jWTAuthSchemes, @NotNull Function3<? super ApplicationCall, ? super JWTCredential, ? super Continuation<? super Principal>, ? extends Object> function3, @NotNull Continuation<? super Principal> continuation) {
        DecodedJWT decodedJWT;
        try {
            String blob = getBlob(httpAuthHeader, jWTAuthSchemes);
            decodedJWT = blob != null ? jWTVerifier != null ? jWTVerifier.verify(blob) : null : null;
        } catch (JWTVerificationException e) {
            JWTLogger.trace("Token verification failed: {}", e.getMessage());
            decodedJWT = null;
        }
        DecodedJWT decodedJWT2 = decodedJWT;
        if (decodedJWT2 != null) {
            return function3.invoke(applicationCall, new JWTCredential(parsePayload(decodedJWT2)), continuation);
        }
        return null;
    }

    private static final String getBlob(HttpAuthHeader httpAuthHeader, JWTAuthSchemes jWTAuthSchemes) {
        if ((httpAuthHeader instanceof HttpAuthHeader.Single) && jWTAuthSchemes.contains(httpAuthHeader.getAuthScheme())) {
            return ((HttpAuthHeader.Single) httpAuthHeader).getBlob();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final HttpAuthHeader parseAuthorizationHeaderOrNull(ApplicationRequest applicationRequest) {
        HttpAuthHeader httpAuthHeader;
        try {
            httpAuthHeader = HeadersKt.parseAuthorizationHeader(applicationRequest);
        } catch (IllegalArgumentException e) {
            JWTLogger.trace("Illegal HTTP auth header", e);
            httpAuthHeader = null;
        }
        return httpAuthHeader;
    }

    @NotNull
    public static final Algorithm makeAlgorithm(@NotNull Jwk jwk) {
        Intrinsics.checkNotNullParameter(jwk, "$this$makeAlgorithm");
        String algorithm = jwk.getAlgorithm();
        if (algorithm == null) {
            PublicKey publicKey = jwk.getPublicKey();
            if (publicKey == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
            }
            Algorithm RSA256 = Algorithm.RSA256((RSAPublicKey) publicKey, (RSAPrivateKey) null);
            Intrinsics.checkNotNullExpressionValue(RSA256, "Algorithm.RSA256(publicKey as RSAPublicKey, null)");
            return RSA256;
        }
        switch (algorithm.hashCode()) {
            case 66245349:
                if (algorithm.equals("ES256")) {
                    PublicKey publicKey2 = jwk.getPublicKey();
                    if (publicKey2 == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
                    }
                    Algorithm ECDSA256 = Algorithm.ECDSA256((ECPublicKey) publicKey2, (ECPrivateKey) null);
                    Intrinsics.checkNotNullExpressionValue(ECDSA256, "Algorithm.ECDSA256(publicKey as ECPublicKey, null)");
                    return ECDSA256;
                }
                break;
            case 66246401:
                if (algorithm.equals("ES384")) {
                    PublicKey publicKey3 = jwk.getPublicKey();
                    if (publicKey3 == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
                    }
                    Algorithm ECDSA384 = Algorithm.ECDSA384((ECPublicKey) publicKey3, (ECPrivateKey) null);
                    Intrinsics.checkNotNullExpressionValue(ECDSA384, "Algorithm.ECDSA384(publicKey as ECPublicKey, null)");
                    return ECDSA384;
                }
                break;
            case 66248104:
                if (algorithm.equals("ES512")) {
                    PublicKey publicKey4 = jwk.getPublicKey();
                    if (publicKey4 == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
                    }
                    Algorithm ECDSA512 = Algorithm.ECDSA512((ECPublicKey) publicKey4, (ECPrivateKey) null);
                    Intrinsics.checkNotNullExpressionValue(ECDSA512, "Algorithm.ECDSA512(publicKey as ECPublicKey, null)");
                    return ECDSA512;
                }
                break;
            case 78251122:
                if (algorithm.equals("RS256")) {
                    PublicKey publicKey5 = jwk.getPublicKey();
                    if (publicKey5 == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
                    }
                    Algorithm RSA2562 = Algorithm.RSA256((RSAPublicKey) publicKey5, (RSAPrivateKey) null);
                    Intrinsics.checkNotNullExpressionValue(RSA2562, "Algorithm.RSA256(publicKey as RSAPublicKey, null)");
                    return RSA2562;
                }
                break;
            case 78252174:
                if (algorithm.equals("RS384")) {
                    PublicKey publicKey6 = jwk.getPublicKey();
                    if (publicKey6 == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
                    }
                    Algorithm RSA384 = Algorithm.RSA384((RSAPublicKey) publicKey6, (RSAPrivateKey) null);
                    Intrinsics.checkNotNullExpressionValue(RSA384, "Algorithm.RSA384(publicKey as RSAPublicKey, null)");
                    return RSA384;
                }
                break;
            case 78253877:
                if (algorithm.equals("RS512")) {
                    PublicKey publicKey7 = jwk.getPublicKey();
                    if (publicKey7 == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
                    }
                    Algorithm RSA512 = Algorithm.RSA512((RSAPublicKey) publicKey7, (RSAPrivateKey) null);
                    Intrinsics.checkNotNullExpressionValue(RSA512, "Algorithm.RSA512(publicKey as RSAPublicKey, null)");
                    return RSA512;
                }
                break;
        }
        throw new IllegalArgumentException("Unsupported algorithm " + jwk.getAlgorithm());
    }

    private static final Payload parsePayload(DecodedJWT decodedJWT) {
        byte[] decode = Base64.getUrlDecoder().decode(decodedJWT.getPayload());
        Intrinsics.checkNotNullExpressionValue(decode, "Base64.getUrlDecoder().decode(payload)");
        Payload parsePayload = new JWTParser().parsePayload(new String(decode, Charsets.UTF_8));
        Intrinsics.checkNotNullExpressionValue(parsePayload, "JWTParser().parsePayload(payloadString)");
        return parsePayload;
    }

    static {
        Logger logger = LoggerFactory.getLogger("io.ktor.auth.jwt");
        Intrinsics.checkNotNullExpressionValue(logger, "LoggerFactory.getLogger(\"io.ktor.auth.jwt\")");
        JWTLogger = logger;
    }
}
