package com.nimbusds.openid.connect.sdk.federation.trust;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.oauth2.sdk.id.Subject;
import com.nimbusds.oauth2.sdk.util.CollectionUtils;
import com.nimbusds.openid.connect.sdk.federation.entities.EntityID;
import com.nimbusds.openid.connect.sdk.federation.entities.EntityStatement;
import com.nimbusds.openid.connect.sdk.federation.entities.FederationMetadataType;
import com.nimbusds.openid.connect.sdk.federation.policy.MetadataPolicy;
import com.nimbusds.openid.connect.sdk.federation.policy.MetadataPolicyEntry;
import com.nimbusds.openid.connect.sdk.federation.policy.language.PolicyViolationException;
import com.nimbusds.openid.connect.sdk.federation.policy.operations.PolicyOperationCombinationValidator;
import java.security.ProviderException;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import net.jcip.annotations.Immutable;

@Immutable
/* loaded from: classes2.dex */
public final class TrustChain {
    private Date exp;
    private final EntityStatement leaf;
    private final List<EntityStatement> superiors;

    public TrustChain(EntityStatement entityStatement, List<EntityStatement> list) {
        if (entityStatement == null) {
            throw new IllegalArgumentException("The leaf statement must not be null");
        }
        this.leaf = entityStatement;
        if (CollectionUtils.isEmpty(list)) {
            throw new IllegalArgumentException("There must be at least one superior statement (issued by the trust anchor)");
        }
        this.superiors = list;
        if (!hasValidIssuerSubjectChain(entityStatement, list)) {
            throw new IllegalArgumentException("Broken subject - issuer chain");
        }
    }

    private static boolean hasJWKWithThumbprint(JWKSet jWKSet, Base64URL base64URL) {
        if (jWKSet == null) {
            return false;
        }
        Iterator<JWK> it2 = jWKSet.getKeys().iterator();
        while (it2.hasNext()) {
            try {
                if (base64URL.equals(it2.next().computeThumbprint())) {
                    return true;
                }
            } catch (JOSEException e) {
                throw new ProviderException(e.getMessage(), e);
            }
        }
        return false;
    }

    private static boolean hasValidIssuerSubjectChain(EntityStatement entityStatement, List<EntityStatement> list) {
        Subject subject = entityStatement.getClaimsSet().getSubject();
        for (EntityStatement entityStatement2 : list) {
            if (!subject.equals(entityStatement2.getClaimsSet().getSubject())) {
                return false;
            }
            subject = new Subject(entityStatement2.getClaimsSet().getIssuer().getValue());
        }
        return true;
    }

    public EntityStatement getLeafSelfStatement() {
        return this.leaf;
    }

    public List<EntityStatement> getSuperiorStatements() {
        return this.superiors;
    }

    public EntityID getTrustAnchorEntityID() {
        return getSuperiorStatements().get(getSuperiorStatements().size() - 1).getClaimsSet().getIssuerEntityID();
    }

    public Iterator<EntityStatement> iteratorFromLeaf() {
        final AtomicReference atomicReference = new AtomicReference(getLeafSelfStatement());
        final Iterator<EntityStatement> it2 = getSuperiorStatements().iterator();
        return new Iterator<EntityStatement>() { // from class: com.nimbusds.openid.connect.sdk.federation.trust.TrustChain.1
            @Override // java.util.Iterator
            public boolean hasNext() {
                return atomicReference.get() != null;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.Iterator
            public EntityStatement next() {
                EntityStatement entityStatement = (EntityStatement) atomicReference.get();
                if (entityStatement == null) {
                    return null;
                }
                if (entityStatement.equals(TrustChain.this.getLeafSelfStatement())) {
                    atomicReference.set(it2.next());
                } else if (it2.hasNext()) {
                    atomicReference.set(it2.next());
                } else {
                    atomicReference.set(null);
                }
                return entityStatement;
            }

            @Override // java.util.Iterator
            public void remove() {
                throw new UnsupportedOperationException();
            }
        };
    }

    public int length() {
        return getSuperiorStatements().size();
    }

    public MetadataPolicy resolveCombinedMetadataPolicy(FederationMetadataType federationMetadataType) throws PolicyViolationException {
        return resolveCombinedMetadataPolicy(federationMetadataType, MetadataPolicyEntry.DEFAULT_POLICY_COMBINATION_VALIDATOR);
    }

    public MetadataPolicy resolveCombinedMetadataPolicy(FederationMetadataType federationMetadataType, PolicyOperationCombinationValidator policyOperationCombinationValidator) throws PolicyViolationException {
        LinkedList linkedList = new LinkedList();
        Iterator<EntityStatement> it2 = getSuperiorStatements().iterator();
        while (it2.hasNext()) {
            MetadataPolicy metadataPolicy = it2.next().getClaimsSet().getMetadataPolicy(federationMetadataType);
            if (metadataPolicy != null) {
                linkedList.add(metadataPolicy);
            }
        }
        return MetadataPolicy.combine(linkedList, policyOperationCombinationValidator);
    }

    public Date resolveExpirationTime() {
        Date date = this.exp;
        if (date != null) {
            return date;
        }
        Iterator<EntityStatement> iteratorFromLeaf = iteratorFromLeaf();
        Date date2 = null;
        while (iteratorFromLeaf.hasNext()) {
            Date expirationTime = iteratorFromLeaf.next().getClaimsSet().getExpirationTime();
            if (date2 == null || expirationTime.before(date2)) {
                date2 = expirationTime;
            }
        }
        this.exp = date2;
        return date2;
    }

    public void verifySignatures(JWKSet jWKSet) throws BadJOSEException, JOSEException {
        try {
            Base64URL verifySignatureOfSelfStatement = this.leaf.verifySignatureOfSelfStatement();
            int i = 0;
            while (i < this.superiors.size()) {
                EntityStatement entityStatement = this.superiors.get(i);
                i++;
                JWKSet jWKSet2 = i == this.superiors.size() ? jWKSet : this.superiors.get(i).getClaimsSet().getJWKSet();
                if (!hasJWKWithThumbprint(entityStatement.getClaimsSet().getJWKSet(), verifySignatureOfSelfStatement)) {
                    throw new BadJOSEException("Signing JWK with thumbprint " + verifySignatureOfSelfStatement + " not found in entity statement issued from superior " + entityStatement.getClaimsSet().getIssuerEntityID());
                }
                try {
                    verifySignatureOfSelfStatement = entityStatement.verifySignature(jWKSet2);
                } catch (BadJOSEException e) {
                    throw new BadJOSEException("Invalid statement from " + entityStatement.getClaimsSet().getIssuer() + ": " + e.getMessage(), e);
                }
            }
        } catch (BadJOSEException e2) {
            throw new BadJOSEException("Invalid leaf statement: " + e2.getMessage(), e2);
        }
    }
}
