package org.xdi.oxauth.model.jws;

import org.apache.commons.lang.StringUtils;
import org.xdi.oxauth.model.crypto.PublicKey;
import org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey;
import org.xdi.oxauth.model.crypto.signature.RSAPublicKey;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.jwt.Jwt;
import org.xdi.oxauth.model.util.JwtUtil;

/* loaded from: input_file:org/xdi/oxauth/model/jws/JwsValidator.class */
public class JwsValidator {
    private Jwt jwt;
    private String sharedKey;
    private PublicKey publicKey;

    public JwsValidator(Jwt jwt, String str) {
        this.jwt = jwt;
        this.sharedKey = str;
    }

    public JwsValidator(Jwt jwt, String str, String str2, String str3) {
        this.jwt = jwt;
        this.sharedKey = str;
        if (jwt != null) {
            SignatureAlgorithm algorithm = jwt.getHeader().getAlgorithm();
            if (StringUtils.isNotBlank(str2) || StringUtils.isNotBlank(str3)) {
                this.publicKey = JwtUtil.getPublicKey(str2, str3, algorithm, jwt.getHeader().getKeyId());
            }
        }
    }

    public boolean validateSignature() {
        boolean z = false;
        if (this.jwt != null) {
            SignatureAlgorithm algorithm = this.jwt.getHeader().getAlgorithm();
            if (algorithm == SignatureAlgorithm.NONE) {
                z = StringUtils.isBlank(this.jwt.getEncodedSignature());
            } else if (algorithm == SignatureAlgorithm.HS256 || algorithm == SignatureAlgorithm.HS384 || algorithm == SignatureAlgorithm.HS512) {
                if (StringUtils.isNotBlank(this.sharedKey)) {
                    z = new HMACSigner(algorithm, this.sharedKey).validate(this.jwt);
                }
            } else if (algorithm == SignatureAlgorithm.RS256 || algorithm == SignatureAlgorithm.RS384 || algorithm == SignatureAlgorithm.RS512) {
                if (this.publicKey != null && (this.publicKey instanceof RSAPublicKey)) {
                    z = new RSASigner(algorithm, (RSAPublicKey) this.publicKey).validate(this.jwt);
                }
            } else if ((algorithm == SignatureAlgorithm.ES256 || algorithm == SignatureAlgorithm.ES384 || algorithm == SignatureAlgorithm.ES512) && this.publicKey != null && (this.publicKey instanceof ECDSAPublicKey)) {
                z = new ECDSASigner(algorithm, (ECDSAPublicKey) this.publicKey).validate(this.jwt);
            }
        }
        return z;
    }
}
