package com.nimbusds.openid.connect.sdk.federation.entities;

import com.nimbusds.common.contenttype.ContentType;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.openid.connect.sdk.federation.utils.JWTUtils;
import net.jcip.annotations.Immutable;

@Immutable
/* loaded from: input_file:applicationinsights-agent-3.7.2.jar:inst/com/nimbusds/openid/connect/sdk/federation/entities/EntityStatement.classdata */
public final class EntityStatement {
    public static final JOSEObjectType JOSE_OBJECT_TYPE = new JOSEObjectType("entity-statement+jwt");
    public static final ContentType CONTENT_TYPE = new ContentType("application", JOSE_OBJECT_TYPE.getType(), new ContentType.Parameter[0]);
    private final SignedJWT statementJWT;
    private final EntityStatementClaimsSet claimsSet;

    private EntityStatement(SignedJWT signedJWT, EntityStatementClaimsSet entityStatementClaimsSet) {
        if (signedJWT == null) {
            throw new IllegalArgumentException("The entity statement must not be null");
        }
        if (JWSObject.State.UNSIGNED.equals(signedJWT.getState())) {
            throw new IllegalArgumentException("The statement is not signed");
        }
        this.statementJWT = signedJWT;
        if (entityStatementClaimsSet == null) {
            throw new IllegalArgumentException("The entity statement claims set must not be null");
        }
        this.claimsSet = entityStatementClaimsSet;
    }

    public EntityID getEntityID() {
        return getClaimsSet().getSubjectEntityID();
    }

    public SignedJWT getSignedStatement() {
        return this.statementJWT;
    }

    public EntityStatementClaimsSet getClaimsSet() {
        return this.claimsSet;
    }

    public Base64URL verifySignatureOfSelfStatement() throws BadJOSEException, JOSEException {
        if (getClaimsSet().isSelfStatement()) {
            return verifySignature(getClaimsSet().getJWKSet());
        }
        throw new BadJOSEException("Entity statement not self-issued");
    }

    public Base64URL verifySignature(JWKSet jWKSet) throws BadJOSEException, JOSEException {
        return JWTUtils.verifySignature(this.statementJWT, JOSE_OBJECT_TYPE, new EntityStatementClaimsVerifier(null), jWKSet);
    }

    public static EntityStatement sign(EntityStatementClaimsSet entityStatementClaimsSet, JWK jwk) throws JOSEException {
        return sign(entityStatementClaimsSet, jwk, JWTUtils.resolveSigningAlgorithm(jwk));
    }

    public static EntityStatement sign(EntityStatementClaimsSet entityStatementClaimsSet, JWK jwk, JWSAlgorithm jWSAlgorithm) throws JOSEException {
        if (entityStatementClaimsSet.isSelfStatement() && !entityStatementClaimsSet.getJWKSet().containsJWK(jwk)) {
            throw new JOSEException("Signing JWK not found in JWK set of self-statement");
        }
        try {
            return new EntityStatement(JWTUtils.sign(jwk, jWSAlgorithm, JOSE_OBJECT_TYPE, entityStatementClaimsSet.toJWTClaimsSet()), entityStatementClaimsSet);
        } catch (ParseException e) {
            throw new JOSEException(e.getMessage(), e);
        }
    }

    public static EntityStatement parse(SignedJWT signedJWT) throws ParseException {
        return new EntityStatement(signedJWT, new EntityStatementClaimsSet(JWTUtils.parseSignedJWTClaimsSet(signedJWT)));
    }

    public static EntityStatement parse(String str) throws ParseException {
        try {
            return parse(SignedJWT.parse(str));
        } catch (java.text.ParseException e) {
            throw new ParseException("Invalid entity statement: " + e.getMessage(), e);
        }
    }
}
