package com.nimbusds.openid.connect.sdk.federation.trust;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.id.Subject;
import com.nimbusds.oauth2.sdk.util.CollectionUtils;
import com.nimbusds.oauth2.sdk.util.ListUtils;
import com.nimbusds.openid.connect.sdk.federation.entities.EntityID;
import com.nimbusds.openid.connect.sdk.federation.entities.EntityStatement;
import com.nimbusds.openid.connect.sdk.federation.entities.EntityType;
import com.nimbusds.openid.connect.sdk.federation.policy.MetadataPolicy;
import com.nimbusds.openid.connect.sdk.federation.policy.MetadataPolicyEntry;
import com.nimbusds.openid.connect.sdk.federation.policy.language.PolicyViolationException;
import com.nimbusds.openid.connect.sdk.federation.policy.operations.PolicyOperationCombinationValidator;
import java.security.ProviderException;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import net.jcip.annotations.Immutable;

@Immutable
/* loaded from: input_file:web-author-ai-positron-enterprise-plugin-4.0.0-SNAPSHOT/lib/oauth2-oidc-sdk-11.18.jar:com/nimbusds/openid/connect/sdk/federation/trust/TrustChain.class */
public final class TrustChain {
    private final EntityStatement leaf;
    private final List<EntityStatement> superiors;
    private final EntityStatement trustAnchor;
    private Date exp;

    public TrustChain(EntityStatement entityStatement, List<EntityStatement> list) {
        this(entityStatement, list, null);
    }

    public TrustChain(EntityStatement entityStatement, List<EntityStatement> list, EntityStatement entityStatement2) {
        if (entityStatement == null) {
            throw new IllegalArgumentException("The leaf entity configuration must not be null");
        }
        if (!entityStatement.getClaimsSet().isSelfStatement()) {
            throw new IllegalArgumentException("The leaf entity configuration must be a self-statement");
        }
        this.leaf = entityStatement;
        if (CollectionUtils.isEmpty(list)) {
            throw new IllegalArgumentException("There must be at least one superior statement (issued by the trust anchor)");
        }
        this.superiors = list;
        this.trustAnchor = entityStatement2;
        if (entityStatement2 != null && !entityStatement2.getClaimsSet().isSelfStatement()) {
            throw new IllegalArgumentException("The trust anchor entity configuration must be a self-statement");
        }
        if (!hasValidIssuerSubjectChain(entityStatement, list, entityStatement2)) {
            throw new IllegalArgumentException("Broken subject - issuer chain");
        }
    }

    private static boolean hasValidIssuerSubjectChain(EntityStatement entityStatement, List<EntityStatement> list, EntityStatement entityStatement2) {
        Subject subject = entityStatement.getClaimsSet().getSubject();
        for (EntityStatement entityStatement3 : list) {
            if (!subject.equals(entityStatement3.getClaimsSet().getSubject())) {
                return false;
            }
            subject = new Subject(entityStatement3.getClaimsSet().getIssuer().getValue());
        }
        if (entityStatement2 == null) {
            return true;
        }
        return list.get(list.size() - 1).getClaimsSet().getIssuer().equals(entityStatement2.getClaimsSet().getIssuer());
    }

    public EntityStatement getLeafConfiguration() {
        return this.leaf;
    }

    public List<EntityStatement> getSuperiorStatements() {
        return this.superiors;
    }

    public EntityStatement getTrustAnchorConfiguration() {
        return this.trustAnchor;
    }

    public EntityID getTrustAnchorEntityID() {
        return getSuperiorStatements().get(getSuperiorStatements().size() - 1).getClaimsSet().getIssuerEntityID();
    }

    public int length() {
        return getSuperiorStatements().size();
    }

    public MetadataPolicy resolveCombinedMetadataPolicy(EntityType entityType) throws PolicyViolationException {
        return resolveCombinedMetadataPolicy(entityType, MetadataPolicyEntry.DEFAULT_POLICY_COMBINATION_VALIDATOR);
    }

    public MetadataPolicy resolveCombinedMetadataPolicy(EntityType entityType, PolicyOperationCombinationValidator policyOperationCombinationValidator) throws PolicyViolationException {
        LinkedList linkedList = new LinkedList();
        Iterator<EntityStatement> it = getSuperiorStatements().iterator();
        while (it.hasNext()) {
            MetadataPolicy metadataPolicy = it.next().getClaimsSet().getMetadataPolicy(entityType);
            if (metadataPolicy != null) {
                linkedList.add(metadataPolicy);
            }
        }
        return MetadataPolicy.combine(linkedList, policyOperationCombinationValidator);
    }

    public Iterator<EntityStatement> iteratorFromLeaf() {
        final AtomicReference atomicReference = new AtomicReference(this.leaf);
        final Iterator<EntityStatement> it = this.superiors.iterator();
        return new Iterator<EntityStatement>() { // from class: com.nimbusds.openid.connect.sdk.federation.trust.TrustChain.1
            @Override // java.util.Iterator
            public boolean hasNext() {
                return atomicReference.get() != null;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.Iterator
            public EntityStatement next() {
                EntityStatement entityStatement = (EntityStatement) atomicReference.get();
                if (entityStatement == null) {
                    return null;
                }
                if (entityStatement.equals(TrustChain.this.leaf)) {
                    atomicReference.set(it.next());
                } else if (it.hasNext()) {
                    atomicReference.set(it.next());
                } else {
                    atomicReference.set(null);
                }
                return entityStatement;
            }

            @Override // java.util.Iterator
            public void remove() {
                throw new UnsupportedOperationException();
            }
        };
    }

    public Date resolveExpirationTime() {
        if (this.exp != null) {
            return this.exp;
        }
        Iterator<EntityStatement> iteratorFromLeaf = iteratorFromLeaf();
        Date date = null;
        while (iteratorFromLeaf.hasNext()) {
            Date expirationTime = iteratorFromLeaf.next().getClaimsSet().getExpirationTime();
            if (date == null) {
                date = expirationTime;
            } else if (expirationTime.before(date)) {
                date = expirationTime;
            }
        }
        this.exp = date;
        return this.exp;
    }

    public void verifySignatures(JWKSet jWKSet) throws BadJOSEException, JOSEException {
        try {
            Base64URL verifySignatureOfSelfStatement = this.leaf.verifySignatureOfSelfStatement();
            for (int i = 0; i < this.superiors.size(); i++) {
                EntityStatement entityStatement = this.superiors.get(i);
                JWKSet jWKSet2 = i + 1 == this.superiors.size() ? jWKSet : this.superiors.get(i + 1).getClaimsSet().getJWKSet();
                if (!hasJWKWithThumbprint(entityStatement.getClaimsSet().getJWKSet(), verifySignatureOfSelfStatement)) {
                    throw new BadJOSEException("Signing JWK with thumbprint " + verifySignatureOfSelfStatement + " not found in entity statement issued from superior " + entityStatement.getClaimsSet().getIssuerEntityID());
                }
                try {
                    verifySignatureOfSelfStatement = entityStatement.verifySignature(jWKSet2);
                } catch (BadJOSEException e) {
                    throw new BadJOSEException("Invalid statement from " + entityStatement.getClaimsSet().getIssuer() + ": " + e.getMessage(), e);
                }
            }
            if (this.trustAnchor != null) {
                if (!hasJWKWithThumbprint(this.trustAnchor.getClaimsSet().getJWKSet(), verifySignatureOfSelfStatement)) {
                    throw new BadJOSEException("Signing JWK with thumbprint " + verifySignatureOfSelfStatement + " not found in trust anchor entity configuration");
                }
                try {
                    this.trustAnchor.verifySignatureOfSelfStatement();
                } catch (BadJOSEException e2) {
                    throw new BadJOSEException("Invalid trust anchor entity configuration: " + e2.getMessage(), e2);
                }
            }
        } catch (BadJOSEException e3) {
            throw new BadJOSEException("Invalid leaf entity configuration: " + e3.getMessage(), e3);
        }
    }

    private static boolean hasJWKWithThumbprint(JWKSet jWKSet, Base64URL base64URL) {
        if (jWKSet == null) {
            return false;
        }
        Iterator<JWK> it = jWKSet.getKeys().iterator();
        while (it.hasNext()) {
            try {
                if (base64URL.equals(it.next().computeThumbprint())) {
                    return true;
                }
            } catch (JOSEException e) {
                throw new ProviderException(e.getMessage(), e);
            }
        }
        return false;
    }

    public List<SignedJWT> toJWTs() {
        LinkedList linkedList = new LinkedList();
        linkedList.add(this.leaf.getSignedStatement());
        Iterator<EntityStatement> it = this.superiors.iterator();
        while (it.hasNext()) {
            linkedList.add(it.next().getSignedStatement());
        }
        if (this.trustAnchor != null) {
            linkedList.add(this.trustAnchor.getSignedStatement());
        }
        return linkedList;
    }

    public List<String> toSerializedJWTs() {
        LinkedList linkedList = new LinkedList();
        Iterator<SignedJWT> it = toJWTs().iterator();
        while (it.hasNext()) {
            linkedList.add(it.next().serialize());
        }
        return linkedList;
    }

    public static TrustChain parse(List<SignedJWT> list) throws ParseException {
        if (list.size() < 2) {
            throw new ParseException("There must be at least 2 statement JWTs");
        }
        EntityStatement entityStatement = null;
        LinkedList linkedList = new LinkedList();
        EntityStatement entityStatement2 = null;
        for (SignedJWT signedJWT : ListUtils.removeNullItems(list)) {
            if (entityStatement == null) {
                try {
                    entityStatement = EntityStatement.parse(signedJWT);
                } catch (ParseException e) {
                    throw new ParseException("Invalid leaf entity configuration: " + e.getMessage(), e);
                }
            } else {
                try {
                    EntityStatement parse = EntityStatement.parse(signedJWT);
                    if (parse.getClaimsSet().isSelfStatement()) {
                        entityStatement2 = parse;
                    } else {
                        linkedList.add(parse);
                    }
                } catch (ParseException e2) {
                    throw new ParseException("Invalid superior entity statement: " + e2.getMessage(), e2);
                }
            }
        }
        try {
            return new TrustChain(entityStatement, linkedList, entityStatement2);
        } catch (Exception e3) {
            throw new ParseException("Illegal trust chain: " + e3.getMessage(), e3);
        }
    }

    public static TrustChain parseSerialized(List<String> list) throws ParseException {
        LinkedList linkedList = new LinkedList();
        Iterator it = ListUtils.removeNullItems(list).iterator();
        while (it.hasNext()) {
            try {
                linkedList.add(SignedJWT.parse((String) it.next()));
            } catch (java.text.ParseException e) {
                throw new ParseException("Invalid JWT in trust chain: " + e.getMessage(), e);
            }
        }
        return parse(linkedList);
    }
}
