// 
// Decompiled by Procyon v0.6.0
// 

package com.google.crypto.tink.jwt;

import java.security.GeneralSecurityException;
import com.google.gson.JsonObject;
import com.google.crypto.tink.jwt.internal.JsonUtil;
import java.nio.charset.StandardCharsets;
import com.google.crypto.tink.PublicKeyVerify;
import com.google.crypto.tink.subtle.RsaSsaPkcs1VerifyJce;
import com.google.crypto.tink.AccessesPartialKey;
import com.google.crypto.tink.signature.RsaSsaPkcs1PublicKey;
import com.google.crypto.tink.internal.PrimitiveConstructor;

final class JwtRsaSsaPkcs1VerifyKeyManager
{
    static final PrimitiveConstructor<JwtRsaSsaPkcs1PublicKey, JwtPublicKeyVerify> PRIMITIVE_CONSTRUCTOR;
    
    @AccessesPartialKey
    static RsaSsaPkcs1PublicKey toRsaSsaPkcs1PublicKey(final JwtRsaSsaPkcs1PublicKey publicKey) {
        return publicKey.getRsaSsaPkcs1PublicKey();
    }
    
    static JwtPublicKeyVerify createFullPrimitive(final JwtRsaSsaPkcs1PublicKey publicKey) throws GeneralSecurityException {
        final RsaSsaPkcs1PublicKey rsaSsaPkcs1PublicKey = toRsaSsaPkcs1PublicKey(publicKey);
        final PublicKeyVerify verifier = RsaSsaPkcs1VerifyJce.create(rsaSsaPkcs1PublicKey);
        return new JwtPublicKeyVerify() {
            @Override
            public VerifiedJwt verifyAndDecode(final String compact, final JwtValidator validator) throws GeneralSecurityException {
                final JwtFormat.Parts parts = JwtFormat.splitSignedCompact(compact);
                verifier.verify(parts.signatureOrMac, parts.unsignedCompact.getBytes(StandardCharsets.US_ASCII));
                final JsonObject parsedHeader = JsonUtil.parseJson(parts.header);
                JwtFormat.validateHeader(parsedHeader, publicKey.getParameters().getAlgorithm().getStandardName(), publicKey.getKid(), publicKey.getParameters().allowKidAbsent());
                final RawJwt token = RawJwt.fromJsonPayload(JwtFormat.getTypeHeader(parsedHeader), parts.payload);
                return validator.validate(token);
            }
        };
    }
    
    static String getKeyType() {
        return "type.googleapis.com/google.crypto.tink.JwtRsaSsaPkcs1PublicKey";
    }
    
    private JwtRsaSsaPkcs1VerifyKeyManager() {
    }
    
    static {
        PRIMITIVE_CONSTRUCTOR = PrimitiveConstructor.create(JwtRsaSsaPkcs1VerifyKeyManager::createFullPrimitive, JwtRsaSsaPkcs1PublicKey.class, JwtPublicKeyVerify.class);
    }
}