package org.sd_jwt;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.Ed25519Signer;
import com.nimbusds.jose.crypto.Ed25519Verifier;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyType;
import com.nimbusds.jose.jwk.OctetKeyPair;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.SignedJWT;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.Base64;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.NotImplementedError;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.Intrinsics;
import kotlin.reflect.KType;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import kotlinx.serialization.DeserializationStrategy;
import kotlinx.serialization.KSerializer;
import kotlinx.serialization.SerializationStrategy;
import kotlinx.serialization.SerializersKt;
import kotlinx.serialization.StringFormat;
import kotlinx.serialization.json.Json;
import kotlinx.serialization.json.JsonKt;
import kotlinx.serialization.modules.SerializersModule;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.json.JSONArray;
import org.json.JSONObject;

/* compiled from: SdJwt.kt */
@Metadata(mv = {1, 7, 1}, k = 2, xi = 48, d1 = {"��R\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010��\n\u0002\b\u001b\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010$\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\u001a\u000e\u0010��\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u0001\u001a\u000e\u0010\u0003\u001a\u00020\u00012\u0006\u0010\u0004\u001a\u00020\u0005\u001a\u000e\u0010\u0003\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u0001\u001a\u0018\u0010\u0006\u001a\u00020\u00012\u0006\u0010\u0007\u001a\u00020\u00012\b\u0010\b\u001a\u0004\u0018\u00010\t\u001a\u001a\u0010\n\u001a\u0004\u0018\u00010\u00012\b\u0010\u000b\u001a\u0004\u0018\u00010\f2\u0006\u0010\r\u001a\u00020\f\u001aD\u0010\u000e\u001a\u00020\u0001\"\u0006\b��\u0010\u000f\u0018\u00012\u0006\u0010\u0007\u001a\u0002H\u000f2\b\u0010\u0010\u001a\u0004\u0018\u00010\t2\u0006\u0010\u0011\u001a\u00020\u00012\u0006\u0010\u0012\u001a\u00020\t2\n\b\u0002\u0010\u0013\u001a\u0004\u0018\u0001H\u000fH\u0086\b¢\u0006\u0002\u0010\u0014\u001a\u0018\u0010\u0015\u001a\u00020\u00012\b\u0010\u0016\u001a\u0004\u0018\u00010\f2\u0006\u0010\u0017\u001a\u00020\f\u001a\u000e\u0010\u0018\u001a\u00020\u00012\u0006\u0010\u0019\u001a\u00020\u0001\u001a@\u0010\u001a\u001a\u00020\u0001\"\u0006\b��\u0010\u000f\u0018\u00012\u0006\u0010\u001b\u001a\u00020\u00012\u0006\u0010\u001c\u001a\u0002H\u000f2\u0006\u0010\u001d\u001a\u00020\u00012\u0006\u0010\u001e\u001a\u00020\u00012\b\u0010\u001f\u001a\u0004\u0018\u00010\tH\u0086\b¢\u0006\u0002\u0010 \u001a\u0018\u0010!\u001a\u00020\u00012\b\u0010\u0016\u001a\u0004\u0018\u00010\f2\u0006\u0010\u0017\u001a\u00020\f\u001a\u000e\u0010\"\u001a\u00020\u00012\u0006\u0010#\u001a\u00020\t\u001a\u0018\u0010$\u001a\u00020\f2\b\u0010%\u001a\u0004\u0018\u00010\f2\u0006\u0010&\u001a\u00020\f\u001a\u0016\u0010'\u001a\u00020(2\u0006\u0010)\u001a\u00020\u00012\u0006\u0010*\u001a\u00020\u0001\u001a&\u0010+\u001a\u00020,2\u0006\u0010\u0007\u001a\u00020-2\n\b\u0002\u0010.\u001a\u0004\u0018\u00010\u00012\n\b\u0002\u0010/\u001a\u0004\u0018\u00010\u0001\u001aB\u00100\u001a\u0002H\u000f\"\u0006\b��\u0010\u000f\u0018\u00012\u0006\u00101\u001a\u00020\u00012\u0012\u00102\u001a\u000e\u0012\u0004\u0012\u00020\u0001\u0012\u0004\u0012\u00020\u0001032\u0006\u0010.\u001a\u00020\u00012\u0006\u0010/\u001a\u00020\u0001H\u0086\b¢\u0006\u0002\u00104\u001a\"\u00105\u001a\u00020-2\u0006\u0010)\u001a\u00020\u00012\u0012\u00102\u001a\u000e\u0012\u0004\u0012\u00020\u0001\u0012\u0004\u0012\u00020\u000103\u001a\u0018\u00106\u001a\u00020-2\u0006\u0010)\u001a\u00020\u00012\b\u0010\u0010\u001a\u0004\u0018\u00010\u0001\u001aR\u00107\u001a\u0002082\u0006\u00109\u001a\u0002082\u0006\u0010:\u001a\u0002082:\u0010;\u001a6\u0012\u0015\u0012\u0013\u0018\u00010\f¢\u0006\f\b=\u0012\b\b>\u0012\u0004\b\b(\u0016\u0012\u0013\u0012\u00110\f¢\u0006\f\b=\u0012\b\b>\u0012\u0004\b\b(?\u0012\u0006\u0012\u0004\u0018\u00010\f0<\u001aR\u00107\u001a\u00020-2\u0006\u00109\u001a\u00020-2\u0006\u0010:\u001a\u00020-2:\u0010;\u001a6\u0012\u0015\u0012\u0013\u0018\u00010\f¢\u0006\f\b=\u0012\b\b>\u0012\u0004\b\b(\u0016\u0012\u0013\u0012\u00110\f¢\u0006\f\b=\u0012\b\b>\u0012\u0004\b\b(?\u0012\u0006\u0012\u0004\u0018\u00010\f0<¨\u0006@"}, d2 = {"b64Decode", "", "str", "b64Encoder", "b", "", "buildJWT", "claims", "key", "Lcom/nimbusds/jose/jwk/JWK;", "chooseClaim", "releaseClaim", "", "svcValue", "createCredential", "T", "holderPubKey", "issuer", "issuerKey", "discloseStructure", "(Ljava/lang/Object;Lcom/nimbusds/jose/jwk/JWK;Ljava/lang/String;Lcom/nimbusds/jose/jwk/JWK;Ljava/lang/Object;)Ljava/lang/String;", "createDigest", "s", "claim", "createHash", "value", "createPresentation", "credential", "releaseClaims", "audience", "nonce", "holderKey", "(Ljava/lang/String;Ljava/lang/Object;Ljava/lang/String;Ljava/lang/String;Lcom/nimbusds/jose/jwk/JWK;)Ljava/lang/String;", "createSvcClaim", "jwkThumbprint", "jwk", "verifyClaim", "sdDigest", "svc", "verifyJWTSignature", "", "jwt", "jwkStr", "verifyJwtClaims", "", "Lorg/json/JSONObject;", "expectedNonce", "expectedAud", "verifyPresentation", "presentation", "trustedIssuer", "", "(Ljava/lang/String;Ljava/util/Map;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/Object;", "verifySDJWT", "verifySDJWTR", "walkByStructure", "Lorg/json/JSONArray;", "structure", "obj", "fn", "Lkotlin/Function2;", "Lkotlin/ParameterName;", "name", "o", "sd-jwt-kotlin"})
/* loaded from: input_file:org/sd_jwt/SdJwtKt.class */
public final class SdJwtKt {
    @NotNull
    public static final String createHash(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "value");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        byte[] bytes = str.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        byte[] digest = messageDigest.digest(bytes);
        Intrinsics.checkNotNullExpressionValue(digest, "messageDigest");
        return b64Encoder(digest);
    }

    @NotNull
    public static final String createSvcClaim(@Nullable Object obj, @NotNull Object obj2) {
        Intrinsics.checkNotNullParameter(obj2, "claim");
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        String jSONArray = new JSONArray().put(b64Encoder(bArr)).put(obj2).toString();
        Intrinsics.checkNotNullExpressionValue(jSONArray, "JSONArray().put(salt).put(claim).toString()");
        return jSONArray;
    }

    @NotNull
    public static final String createDigest(@Nullable Object obj, @NotNull Object obj2) {
        Intrinsics.checkNotNullParameter(obj2, "claim");
        if (obj2 instanceof String) {
            return createHash((String) obj2);
        }
        throw new Exception("SVC value is not a string. Can't create digest.");
    }

    public static final /* synthetic */ <T> String createCredential(T t, JWK jwk, String str, JWK jwk2, T t2) {
        JSONObject jSONObject;
        Intrinsics.checkNotNullParameter(str, "issuer");
        Intrinsics.checkNotNullParameter(jwk2, "issuerKey");
        StringFormat Json$default = JsonKt.Json$default((Json) null, SdJwtKt$createCredential$format$1.INSTANCE, 1, (Object) null);
        StringFormat stringFormat = Json$default;
        SerializersModule serializersModule = stringFormat.getSerializersModule();
        Intrinsics.reifiedOperationMarker(6, "T");
        SerializationStrategy serializer = SerializersKt.serializer(serializersModule, (KType) null);
        Intrinsics.checkNotNull(serializer, "null cannot be cast to non-null type kotlinx.serialization.KSerializer<T of kotlinx.serialization.internal.Platform_commonKt.cast>");
        JSONObject jSONObject2 = new JSONObject(stringFormat.encodeToString((KSerializer) serializer, t));
        if (t2 != null) {
            StringFormat stringFormat2 = Json$default;
            SerializersModule serializersModule2 = stringFormat2.getSerializersModule();
            Intrinsics.reifiedOperationMarker(6, "T");
            SerializationStrategy serializer2 = SerializersKt.serializer(serializersModule2, (KType) null);
            Intrinsics.checkNotNull(serializer2, "null cannot be cast to non-null type kotlinx.serialization.KSerializer<T of kotlinx.serialization.internal.Platform_commonKt.cast>");
            jSONObject = new JSONObject(stringFormat2.encodeToString((KSerializer) serializer2, t2));
        } else {
            jSONObject = new JSONObject();
        }
        JSONObject jSONObject3 = jSONObject;
        JSONObject walkByStructure = walkByStructure(jSONObject3, jSONObject2, SdJwtKt$createCredential$svcClaims$1.INSTANCE);
        String jSONObject4 = new JSONObject().put("sd_release", walkByStructure).toString();
        Intrinsics.checkNotNullExpressionValue(jSONObject4, "svc.toString()");
        String b64Encoder = b64Encoder(jSONObject4);
        JSONObject walkByStructure2 = walkByStructure(jSONObject3, walkByStructure, SdJwtKt$createCredential$sdDigest$1.INSTANCE);
        long epochSecond = LocalDateTime.now().toEpochSecond(ZoneOffset.UTC);
        JSONObject put = new JSONObject().put("iss", str).put("iat", epochSecond).put("exp", epochSecond + 86400).put("sd_hash_alg", "sha-256").put("sd_digests", walkByStructure2);
        if (jwk != null) {
            put.put("cnf", jwk.toJSONObject());
        }
        String jSONObject5 = put.toString();
        Intrinsics.checkNotNullExpressionValue(jSONObject5, "claimsSet.toString()");
        return buildJWT(jSONObject5, jwk2) + '.' + b64Encoder;
    }

    public static /* synthetic */ String createCredential$default(Object obj, JWK jwk, String str, JWK jwk2, Object obj2, int i, Object obj3) {
        JSONObject jSONObject;
        if ((i & 16) != 0) {
            obj2 = null;
        }
        Intrinsics.checkNotNullParameter(str, "issuer");
        Intrinsics.checkNotNullParameter(jwk2, "issuerKey");
        StringFormat Json$default = JsonKt.Json$default((Json) null, SdJwtKt$createCredential$format$1.INSTANCE, 1, (Object) null);
        StringFormat stringFormat = Json$default;
        SerializersModule serializersModule = stringFormat.getSerializersModule();
        Intrinsics.reifiedOperationMarker(6, "T");
        SerializationStrategy serializer = SerializersKt.serializer(serializersModule, (KType) null);
        Intrinsics.checkNotNull(serializer, "null cannot be cast to non-null type kotlinx.serialization.KSerializer<T of kotlinx.serialization.internal.Platform_commonKt.cast>");
        JSONObject jSONObject2 = new JSONObject(stringFormat.encodeToString((KSerializer) serializer, obj));
        if (obj2 != null) {
            StringFormat stringFormat2 = Json$default;
            SerializersModule serializersModule2 = stringFormat2.getSerializersModule();
            Intrinsics.reifiedOperationMarker(6, "T");
            SerializationStrategy serializer2 = SerializersKt.serializer(serializersModule2, (KType) null);
            Intrinsics.checkNotNull(serializer2, "null cannot be cast to non-null type kotlinx.serialization.KSerializer<T of kotlinx.serialization.internal.Platform_commonKt.cast>");
            jSONObject = new JSONObject(stringFormat2.encodeToString((KSerializer) serializer2, obj2));
        } else {
            jSONObject = new JSONObject();
        }
        JSONObject jSONObject3 = jSONObject;
        JSONObject walkByStructure = walkByStructure(jSONObject3, jSONObject2, SdJwtKt$createCredential$svcClaims$1.INSTANCE);
        String jSONObject4 = new JSONObject().put("sd_release", walkByStructure).toString();
        Intrinsics.checkNotNullExpressionValue(jSONObject4, "svc.toString()");
        String b64Encoder = b64Encoder(jSONObject4);
        JSONObject walkByStructure2 = walkByStructure(jSONObject3, walkByStructure, SdJwtKt$createCredential$sdDigest$1.INSTANCE);
        long epochSecond = LocalDateTime.now().toEpochSecond(ZoneOffset.UTC);
        JSONObject put = new JSONObject().put("iss", str).put("iat", epochSecond).put("exp", epochSecond + 86400).put("sd_hash_alg", "sha-256").put("sd_digests", walkByStructure2);
        if (jwk != null) {
            put.put("cnf", jwk.toJSONObject());
        }
        String jSONObject5 = put.toString();
        Intrinsics.checkNotNullExpressionValue(jSONObject5, "claimsSet.toString()");
        return buildJWT(jSONObject5, jwk2) + '.' + b64Encoder;
    }

    @Nullable
    public static final String chooseClaim(@Nullable Object obj, @NotNull Object obj2) {
        Intrinsics.checkNotNullParameter(obj2, "svcValue");
        if (obj == null || !(obj2 instanceof String)) {
            return null;
        }
        return (String) obj2;
    }

    public static final /* synthetic */ <T> String createPresentation(String str, T t, String str2, String str3, JWK jwk) {
        Intrinsics.checkNotNullParameter(str, "credential");
        Intrinsics.checkNotNullParameter(str2, "audience");
        Intrinsics.checkNotNullParameter(str3, "nonce");
        List split$default = StringsKt.split$default(str, new String[]{"."}, false, 0, 6, (Object) null);
        JSONObject jSONObject = new JSONObject(b64Decode((String) split$default.get(3)));
        StringFormat stringFormat = Json.Default;
        SerializersModule serializersModule = stringFormat.getSerializersModule();
        Intrinsics.reifiedOperationMarker(6, "T");
        SerializationStrategy serializer = SerializersKt.serializer(serializersModule, (KType) null);
        Intrinsics.checkNotNull(serializer, "null cannot be cast to non-null type kotlinx.serialization.KSerializer<T of kotlinx.serialization.internal.Platform_commonKt.cast>");
        JSONObject jSONObject2 = new JSONObject(stringFormat.encodeToString((KSerializer) serializer, t));
        JSONObject jSONObject3 = new JSONObject();
        jSONObject3.put("nonce", str3);
        jSONObject3.put("aud", str2);
        JSONObject jSONObject4 = jSONObject.getJSONObject("sd_release");
        Intrinsics.checkNotNullExpressionValue(jSONObject4, "svc.getJSONObject(\"sd_release\")");
        jSONObject3.put("sd_release", walkByStructure(jSONObject2, jSONObject4, SdJwtKt$createPresentation$1.INSTANCE));
        JSONObject jSONObject5 = new JSONObject(b64Decode((String) split$default.get(1)));
        if (!jSONObject5.isNull("cnf") && jwk == null) {
            throw new Exception("SD-JWT has holder binding. SD-JWT-R must be signed with the holder key.");
        }
        if (!jSONObject5.isNull("cnf") && jwk != null) {
            JWK parse = JWK.parse(jSONObject5.getJSONObject("cnf").toString());
            Intrinsics.checkNotNullExpressionValue(parse, "boundKey");
            if (!Intrinsics.areEqual(jwkThumbprint(parse), jwkThumbprint(jwk))) {
                throw new Exception("Passed holder key is not the same as in the credential");
            }
        }
        String jSONObject6 = jSONObject3.toString();
        Intrinsics.checkNotNullExpressionValue(jSONObject6, "releaseDocument.toString()");
        return ((String) split$default.get(0)) + '.' + ((String) split$default.get(1)) + '.' + ((String) split$default.get(2)) + '.' + buildJWT(jSONObject6, jwk);
    }

    @NotNull
    public static final String buildJWT(@NotNull String str, @Nullable JWK jwk) {
        Intrinsics.checkNotNullParameter(str, "claims");
        if (jwk == null) {
            return b64Encoder("{\"alg\":\"none\"}") + '.' + b64Encoder(str) + '.';
        }
        KeyType keyType = jwk.getKeyType();
        if (Intrinsics.areEqual(keyType, KeyType.OKP)) {
            JWSSigner ed25519Signer = new Ed25519Signer((OctetKeyPair) jwk);
            JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.EdDSA).keyID(((OctetKeyPair) jwk).getKeyID()).build(), new Payload(str));
            jWSObject.sign(ed25519Signer);
            String serialize = jWSObject.serialize();
            Intrinsics.checkNotNullExpressionValue(serialize, "{\n            val signer…Jwt.serialize()\n        }");
            return serialize;
        }
        if (!Intrinsics.areEqual(keyType, KeyType.RSA)) {
            throw new NotImplementedError("JWK signing algorithm not implemented");
        }
        JWSSigner rSASSASigner = new RSASSASigner((RSAKey) jwk);
        JWSObject jWSObject2 = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(((RSAKey) jwk).getKeyID()).build(), new Payload(str));
        jWSObject2.sign(rSASSASigner);
        String serialize2 = jWSObject2.serialize();
        Intrinsics.checkNotNullExpressionValue(serialize2, "{\n            val signer…Jwt.serialize()\n        }");
        return serialize2;
    }

    @NotNull
    public static final Object verifyClaim(@Nullable Object obj, @NotNull Object obj2) {
        Intrinsics.checkNotNullParameter(obj2, "svc");
        if (!(obj instanceof String) || !(obj2 instanceof String)) {
            throw new Exception("sd_digest and SVC structure is different");
        }
        if (!Intrinsics.areEqual(createHash((String) obj2), obj)) {
            throw new Exception("Could not verify credential claims (Claim " + obj2 + " has wrong hash value)");
        }
        JSONArray jSONArray = new JSONArray((String) obj2);
        if (jSONArray.length() != 2) {
            throw new Exception("Could not verify credential claims (Claim " + obj2 + " has wrong number of array entries)");
        }
        Object obj3 = jSONArray.get(1);
        Intrinsics.checkNotNullExpressionValue(obj3, "sVArray[1]");
        return obj3;
    }

    public static final /* synthetic */ <T> T verifyPresentation(String str, Map<String, String> map, String str2, String str3) {
        Intrinsics.checkNotNullParameter(str, "presentation");
        Intrinsics.checkNotNullParameter(map, "trustedIssuer");
        Intrinsics.checkNotNullParameter(str2, "expectedNonce");
        Intrinsics.checkNotNullParameter(str3, "expectedAud");
        List split$default = StringsKt.split$default(str, new String[]{"."}, false, 0, 6, (Object) null);
        if (split$default.size() != 6) {
            throw new Exception("Presentation has wrong format (Needed 6 parts separated by '.')");
        }
        JSONObject verifySDJWT = verifySDJWT(((String) split$default.get(0)) + '.' + ((String) split$default.get(1)) + '.' + ((String) split$default.get(2)), map);
        verifyJwtClaims$default(verifySDJWT, null, null, 6, null);
        JSONObject verifySDJWTR = verifySDJWTR(((String) split$default.get(3)) + '.' + ((String) split$default.get(4)) + '.' + ((String) split$default.get(5)), !verifySDJWT.isNull("cnf") ? verifySDJWT.getJSONObject("cnf").toString() : (String) null);
        verifyJwtClaims(verifySDJWTR, str2, str3);
        JSONObject jSONObject = verifySDJWT.getJSONObject("sd_digests");
        Intrinsics.checkNotNullExpressionValue(jSONObject, "sdJwtParsed.getJSONObject(\"sd_digests\")");
        JSONObject jSONObject2 = verifySDJWTR.getJSONObject("sd_release");
        Intrinsics.checkNotNullExpressionValue(jSONObject2, "sdJwtReleaseParsed.getJSONObject(\"sd_release\")");
        JSONObject walkByStructure = walkByStructure(jSONObject, jSONObject2, SdJwtKt$verifyPresentation$sdClaimsParsed$1.INSTANCE);
        StringFormat stringFormat = Json.Default;
        String jSONObject3 = walkByStructure.toString();
        Intrinsics.checkNotNullExpressionValue(jSONObject3, "sdClaimsParsed.toString()");
        SerializersModule serializersModule = stringFormat.getSerializersModule();
        Intrinsics.reifiedOperationMarker(6, "T");
        DeserializationStrategy serializer = SerializersKt.serializer(serializersModule, (KType) null);
        Intrinsics.checkNotNull(serializer, "null cannot be cast to non-null type kotlinx.serialization.KSerializer<T of kotlinx.serialization.internal.Platform_commonKt.cast>");
        return (T) stringFormat.decodeFromString((KSerializer) serializer, jSONObject3);
    }

    @NotNull
    public static final JSONObject verifySDJWT(@NotNull String str, @NotNull Map<String, String> map) {
        Intrinsics.checkNotNullParameter(str, "jwt");
        Intrinsics.checkNotNullParameter(map, "trustedIssuer");
        JSONObject jSONObject = new JSONObject(b64Decode((String) StringsKt.split$default(str, new String[]{"."}, false, 0, 6, (Object) null).get(1)));
        if (jSONObject.isNull("iss")) {
            throw new Exception("Could not find issuer in JWT");
        }
        String string = jSONObject.getString("iss");
        if (!map.containsKey(string)) {
            throw new Exception("Could not find signing key to verify JWT");
        }
        String str2 = map.get(string);
        Intrinsics.checkNotNull(str2);
        if (verifyJWTSignature(str, str2)) {
            return jSONObject;
        }
        throw new Exception("Could not verify SD-JWT");
    }

    @NotNull
    public static final JSONObject verifySDJWTR(@NotNull String str, @Nullable String str2) {
        Intrinsics.checkNotNullParameter(str, "jwt");
        JSONObject jSONObject = new JSONObject(b64Decode((String) StringsKt.split$default(str, new String[]{"."}, false, 0, 6, (Object) null).get(1)));
        String str3 = str2;
        if ((str3 == null || str3.length() == 0) || verifyJWTSignature(str, str2)) {
            return jSONObject;
        }
        throw new Exception("Could not verify SD-JWT-Release");
    }

    public static final boolean verifyJWTSignature(@NotNull String str, @NotNull String str2) {
        Ed25519Verifier rSASSAVerifier;
        Intrinsics.checkNotNullParameter(str, "jwt");
        Intrinsics.checkNotNullParameter(str2, "jwkStr");
        JWK parse = JWK.parse(str2);
        KeyType keyType = parse.getKeyType();
        if (Intrinsics.areEqual(keyType, KeyType.OKP)) {
            rSASSAVerifier = new Ed25519Verifier(parse.toOctetKeyPair());
        } else {
            if (!Intrinsics.areEqual(keyType, KeyType.RSA)) {
                throw new NotImplementedError("JWK signing algorithm not implemented");
            }
            rSASSAVerifier = new RSASSAVerifier(parse.toRSAKey());
        }
        return SignedJWT.parse(str).verify((JWSVerifier) rSASSAVerifier);
    }

    public static final void verifyJwtClaims(@NotNull JSONObject jSONObject, @Nullable String str, @Nullable String str2) {
        Intrinsics.checkNotNullParameter(jSONObject, "claims");
        if (str != null && !Intrinsics.areEqual(jSONObject.getString("nonce"), str)) {
            throw new Exception("JWT claims verification failed (invalid nonce)");
        }
        if (str2 != null && !Intrinsics.areEqual(jSONObject.getString("aud"), str2)) {
            throw new Exception("JWT claims verification failed (invalid audience)");
        }
        Date date = new Date(LocalDateTime.now().toEpochSecond(ZoneOffset.UTC) * 1000);
        if (!jSONObject.isNull("iat") && !date.after(new Date((jSONObject.getLong("iat") - 30) * 1000))) {
            throw new Exception("JWT not yet valid");
        }
        if (!jSONObject.isNull("exp") && !date.before(new Date(jSONObject.getLong("exp") * 1000))) {
            throw new Exception("JWT is expired");
        }
    }

    public static /* synthetic */ void verifyJwtClaims$default(JSONObject jSONObject, String str, String str2, int i, Object obj) {
        if ((i & 2) != 0) {
            str = null;
        }
        if ((i & 4) != 0) {
            str2 = null;
        }
        verifyJwtClaims(jSONObject, str, str2);
    }

    @NotNull
    public static final JSONArray walkByStructure(@NotNull JSONArray jSONArray, @NotNull JSONArray jSONArray2, @NotNull Function2<Object, Object, ? extends Object> function2) {
        Intrinsics.checkNotNullParameter(jSONArray, "structure");
        Intrinsics.checkNotNullParameter(jSONArray2, "obj");
        Intrinsics.checkNotNullParameter(function2, "fn");
        JSONArray jSONArray3 = new JSONArray();
        Object obj = jSONArray.get(0);
        int length = jSONArray2.length();
        for (int i = 0; i < length; i++) {
            if (jSONArray.length() > 1) {
                obj = jSONArray.get(i);
            }
            if ((obj instanceof JSONObject) && (jSONArray2.get(i) instanceof JSONObject)) {
                JSONObject jSONObject = jSONArray2.getJSONObject(i);
                Intrinsics.checkNotNullExpressionValue(jSONObject, "obj.getJSONObject(i)");
                jSONArray3.put(walkByStructure((JSONObject) obj, jSONObject, function2));
            } else if ((obj instanceof JSONArray) && (jSONArray2.get(i) instanceof JSONArray)) {
                JSONArray jSONArray4 = jSONArray2.getJSONArray(i);
                Intrinsics.checkNotNullExpressionValue(jSONArray4, "obj.getJSONArray(i)");
                jSONArray3.put(walkByStructure((JSONArray) obj, jSONArray4, function2));
            } else {
                Object obj2 = jSONArray2.get(i);
                Intrinsics.checkNotNullExpressionValue(obj2, "obj[i]");
                jSONArray3.put(function2.invoke(obj, obj2));
            }
        }
        return jSONArray3;
    }

    @NotNull
    public static final JSONObject walkByStructure(@NotNull JSONObject jSONObject, @NotNull JSONObject jSONObject2, @NotNull Function2<Object, Object, ? extends Object> function2) {
        Intrinsics.checkNotNullParameter(jSONObject, "structure");
        Intrinsics.checkNotNullParameter(jSONObject2, "obj");
        Intrinsics.checkNotNullParameter(function2, "fn");
        JSONObject jSONObject3 = new JSONObject();
        Iterator<String> keys = jSONObject2.keys();
        Intrinsics.checkNotNullExpressionValue(keys, "obj.keys()");
        while (keys.hasNext()) {
            String next = keys.next();
            if ((jSONObject.opt(next) instanceof JSONObject) && (jSONObject2.get(next) instanceof JSONObject)) {
                JSONObject jSONObject4 = jSONObject.getJSONObject(next);
                Intrinsics.checkNotNullExpressionValue(jSONObject4, "structure.getJSONObject(key)");
                JSONObject jSONObject5 = jSONObject2.getJSONObject(next);
                Intrinsics.checkNotNullExpressionValue(jSONObject5, "obj.getJSONObject(key)");
                jSONObject3.put(next, walkByStructure(jSONObject4, jSONObject5, function2));
            } else if ((jSONObject.opt(next) instanceof JSONArray) && (jSONObject2.get(next) instanceof JSONArray)) {
                JSONArray jSONArray = jSONObject.getJSONArray(next);
                Intrinsics.checkNotNullExpressionValue(jSONArray, "structure.getJSONArray(key)");
                JSONArray jSONArray2 = jSONObject2.getJSONArray(next);
                Intrinsics.checkNotNullExpressionValue(jSONArray2, "obj.getJSONArray(key)");
                jSONObject3.put(next, walkByStructure(jSONArray, jSONArray2, function2));
            } else {
                Object opt = jSONObject.opt(next);
                Object obj = jSONObject2.get(next);
                Intrinsics.checkNotNullExpressionValue(obj, "obj[key]");
                jSONObject3.put(next, function2.invoke(opt, obj));
            }
        }
        return jSONObject3;
    }

    @NotNull
    public static final String b64Encoder(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "str");
        Base64.Encoder withoutPadding = Base64.getUrlEncoder().withoutPadding();
        byte[] bytes = str.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        String encodeToString = withoutPadding.encodeToString(bytes);
        Intrinsics.checkNotNullExpressionValue(encodeToString, "getUrlEncoder().withoutP…String(str.toByteArray())");
        return encodeToString;
    }

    @NotNull
    public static final String b64Encoder(@NotNull byte[] bArr) {
        Intrinsics.checkNotNullParameter(bArr, "b");
        String encodeToString = Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
        Intrinsics.checkNotNullExpressionValue(encodeToString, "getUrlEncoder().withoutPadding().encodeToString(b)");
        return encodeToString;
    }

    @NotNull
    public static final String b64Decode(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "str");
        byte[] decode = Base64.getUrlDecoder().decode(str);
        Intrinsics.checkNotNullExpressionValue(decode, "getUrlDecoder().decode(str)");
        return new String(decode, Charsets.UTF_8);
    }

    @NotNull
    public static final String jwkThumbprint(@NotNull JWK jwk) {
        Intrinsics.checkNotNullParameter(jwk, "jwk");
        byte[] decode = jwk.computeThumbprint().decode();
        Intrinsics.checkNotNullExpressionValue(decode, "jwk.computeThumbprint().decode()");
        return b64Encoder(decode);
    }
}
