package com.cht.kms.cli;

import com.cht.com.beust.jcommander.JCommander;
import com.cht.com.beust.jcommander.Parameter;
import com.cht.com.beust.jcommander.converters.FileConverter;
import com.cht.kms.client.jwt.JwtSignedDataParser;
import com.cht.kms.client.jwt.JwtValidateContext;
import com.cht.kms.client.util.CryptoUtil;
import com.cht.org.jose4j.jwa.AlgorithmConstraints;
import com.cht.org.jose4j.jws.AlgorithmIdentifiers;
import java.io.File;
import java.security.Key;

/* loaded from: input_file:com/cht/kms/cli/JWTVERIFY.class */
public class JWTVERIFY {

    @Parameter(names = {"-file"}, description = "input key file", converter = FileConverter.class, required = true)
    private File file;

    @Parameter(names = {"-jwt"}, description = "expected identifier of the issuer", required = true)
    private String jwt;

    @Parameter(names = {"-iss"}, description = "expected identifier of the issuer", required = true)
    private String iss;

    @Parameter(names = {"-aud"}, description = "expected identifier of the audience", required = true)
    private String aud;

    @Parameter(names = {"-help"}, help = true)
    private boolean help;
    private Key verifierKey;
    private AlgorithmConstraints algorithmConstraints;

    public static void main(String[] strArr) throws Exception {
        JWTVERIFY jwtverify = new JWTVERIFY();
        JCommander jCommander = new JCommander(jwtverify, strArr);
        jCommander.setProgramName("JWTVERIFY");
        if (jwtverify.help) {
            jCommander.usage();
        } else {
            jwtverify.run();
        }
    }

    public void run() throws Exception {
        this.verifierKey = CryptoUtil.loadKeyFromFile(this.file, null);
        this.algorithmConstraints = new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, AlgorithmIdentifiers.RSA_USING_SHA256);
        doSign();
    }

    private void doSign() throws Exception {
        System.out.println("subject = " + new JwtSignedDataParser(new JwtValidateContext.Builder().setExpectedIssuer(this.iss).setVerificationKey(this.verifierKey).setRequireExpirationTime().setRequireSubject().setExpectedAudience(this.aud).setJwsAlgorithmConstraints(this.algorithmConstraints).build(), this.jwt).getSignedContent().getSubject());
    }
}
