package com.nimbusds.oauth2.sdk.auth;

import com.nimbusds.common.contenttype.ContentType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.SerializeException;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.util.MultivaluedMapUtils;
import com.nimbusds.oauth2.sdk.util.URLUtils;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:META-INF/lib/oauth2-oidc-sdk-10.7.1.jar:com/nimbusds/oauth2/sdk/auth/JWTAuthentication.class */
public abstract class JWTAuthentication extends ClientAuthentication {
    public static final String CLIENT_ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
    private final SignedJWT clientAssertion;
    private final JWTAuthenticationClaimsSet jwtAuthClaimsSet;

    private static ClientID parseClientID(SignedJWT signedJWT) {
        try {
            String subject = signedJWT.getJWTClaimsSet().getSubject();
            String issuer = signedJWT.getJWTClaimsSet().getIssuer();
            if (subject == null) {
                throw new IllegalArgumentException("Missing subject in client JWT assertion");
            }
            if (issuer == null) {
                throw new IllegalArgumentException("Missing issuer in client JWT assertion");
            }
            return new ClientID(subject);
        } catch (ParseException e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JWTAuthentication(ClientAuthenticationMethod clientAuthenticationMethod, SignedJWT signedJWT) {
        super(clientAuthenticationMethod, parseClientID(signedJWT));
        if (!signedJWT.getState().equals(JWSObject.State.SIGNED)) {
            throw new IllegalArgumentException("The client assertion JWT must be signed");
        }
        this.clientAssertion = signedJWT;
        try {
            this.jwtAuthClaimsSet = JWTAuthenticationClaimsSet.parse(signedJWT.getJWTClaimsSet());
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }

    public SignedJWT getClientAssertion() {
        return this.clientAssertion;
    }

    public JWTAuthenticationClaimsSet getJWTAuthenticationClaimsSet() {
        return this.jwtAuthClaimsSet;
    }

    @Override // com.nimbusds.oauth2.sdk.auth.ClientAuthentication
    public Set<String> getFormParameterNames() {
        return Collections.unmodifiableSet(new HashSet(Arrays.asList("client_assertion", "client_assertion_type", "client_id")));
    }

    public Map<String, List<String>> toParameters() {
        HashMap hashMap = new HashMap();
        try {
            hashMap.put("client_assertion", Collections.singletonList(this.clientAssertion.serialize()));
            hashMap.put("client_assertion_type", Collections.singletonList(CLIENT_ASSERTION_TYPE));
            return hashMap;
        } catch (IllegalStateException e) {
            throw new SerializeException("Couldn't serialize JWT to a client assertion string: " + e.getMessage(), e);
        }
    }

    @Override // com.nimbusds.oauth2.sdk.auth.ClientAuthentication
    public void applyTo(HTTPRequest hTTPRequest) {
        if (hTTPRequest.getMethod() != HTTPRequest.Method.POST) {
            throw new SerializeException("The HTTP request method must be POST");
        }
        ContentType entityContentType = hTTPRequest.getEntityContentType();
        if (entityContentType == null) {
            throw new SerializeException("Missing HTTP Content-Type header");
        }
        if (!entityContentType.matches(ContentType.APPLICATION_URLENCODED)) {
            throw new SerializeException("The HTTP Content-Type header must be " + ContentType.APPLICATION_URLENCODED);
        }
        Map<String, List<String>> queryParameters = hTTPRequest.getQueryParameters();
        queryParameters.putAll(toParameters());
        hTTPRequest.setQuery(URLUtils.serializeParameters(queryParameters));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void ensureClientAssertionType(Map<String, List<String>> map) throws com.nimbusds.oauth2.sdk.ParseException {
        String str = (String) MultivaluedMapUtils.getFirstValue(map, "client_assertion_type");
        if (str == null) {
            throw new com.nimbusds.oauth2.sdk.ParseException("Missing client_assertion_type parameter");
        }
        if (!str.equals(CLIENT_ASSERTION_TYPE)) {
            throw new com.nimbusds.oauth2.sdk.ParseException("Invalid client_assertion_type parameter, must be urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SignedJWT parseClientAssertion(Map<String, List<String>> map) throws com.nimbusds.oauth2.sdk.ParseException {
        String str = (String) MultivaluedMapUtils.getFirstValue(map, "client_assertion");
        if (str == null) {
            throw new com.nimbusds.oauth2.sdk.ParseException("Missing client_assertion parameter");
        }
        try {
            return SignedJWT.parse(str);
        } catch (ParseException e) {
            throw new com.nimbusds.oauth2.sdk.ParseException("Invalid client_assertion JWT: " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ClientID parseClientID(Map<String, List<String>> map) {
        String str = (String) MultivaluedMapUtils.getFirstValue(map, "client_id");
        if (str != null) {
            return new ClientID(str);
        }
        return null;
    }

    public static JWTAuthentication parse(HTTPRequest hTTPRequest) throws com.nimbusds.oauth2.sdk.ParseException {
        hTTPRequest.ensureMethod(HTTPRequest.Method.POST);
        hTTPRequest.ensureEntityContentType(ContentType.APPLICATION_URLENCODED);
        String query = hTTPRequest.getQuery();
        if (query == null) {
            throw new com.nimbusds.oauth2.sdk.ParseException("Missing HTTP POST request entity body");
        }
        Map<String, List<String>> parseParameters = URLUtils.parseParameters(query);
        JWSAlgorithm algorithm = parseClientAssertion(parseParameters).getHeader().getAlgorithm();
        if (ClientSecretJWT.supportedJWAs().contains(algorithm)) {
            return ClientSecretJWT.parse(parseParameters);
        }
        if (PrivateKeyJWT.supportedJWAs().contains(algorithm)) {
            return PrivateKeyJWT.parse(parseParameters);
        }
        throw new com.nimbusds.oauth2.sdk.ParseException("Unsupported signed JWT algorithm: " + algorithm);
    }
}
