package net.oauth.jsontoken;

import com.google.common.base.Preconditions;
import com.google.gson.JsonElement;
import com.google.gson.JsonParser;
import java.security.SignatureException;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import net.oauth.jsontoken.crypto.AsciiStringVerifier;
import net.oauth.jsontoken.crypto.Verifier;
import net.oauth.jsontoken.discovery.VerifierProviders;
import org.apache.commons.codec.binary.Base64;
import org.joda.time.Instant;

/* loaded from: input_file:lib/jsontoken-1.1.jar:net/oauth/jsontoken/JsonTokenParser.class */
public class JsonTokenParser {
    private final Clock clock;
    private final VerifierProviders verifierProviders;
    private final Checker[] checkers;

    public JsonTokenParser(VerifierProviders verifierProviders, Checker checker) {
        this(new SystemClock(), verifierProviders, checker);
    }

    public JsonTokenParser(Clock clock, VerifierProviders verifierProviders, Checker... checkerArr) {
        this.clock = (Clock) Preconditions.checkNotNull(clock);
        this.verifierProviders = verifierProviders;
        this.checkers = checkerArr;
    }

    public JsonToken deserialize(String str) {
        String[] splitTokenString = splitTokenString(str);
        String str2 = splitTokenString[0];
        String str3 = splitTokenString[1];
        Base64.decodeBase64(splitTokenString[2]);
        JsonParser jsonParser = new JsonParser();
        return new JsonToken(jsonParser.parse(JsonTokenUtil.fromBase64ToJsonString(str2)).getAsJsonObject(), jsonParser.parse(JsonTokenUtil.fromBase64ToJsonString(str3)).getAsJsonObject(), this.clock, str);
    }

    public void verify(JsonToken jsonToken) throws SignatureException {
        verify(jsonToken, provideVerifiers(jsonToken));
    }

    public JsonToken verifyAndDeserialize(String str) throws SignatureException {
        JsonToken deserialize = deserialize(str);
        verify(deserialize);
        return deserialize;
    }

    public void verify(JsonToken jsonToken, List<Verifier> list) throws SignatureException {
        if (!signatureIsValid(jsonToken.getTokenString(), list)) {
            throw new SignatureException("Invalid signature for token: " + jsonToken.getTokenString());
        }
        Instant issuedAt = jsonToken.getIssuedAt();
        Instant expiration = jsonToken.getExpiration();
        if (issuedAt == null && expiration != null) {
            issuedAt = new Instant(0L);
        }
        if (issuedAt != null && expiration == null) {
            expiration = new Instant(Long.MAX_VALUE);
        }
        if (issuedAt != null && expiration != null && (issuedAt.isAfter(expiration) || !this.clock.isCurrentTimeInInterval(issuedAt, expiration))) {
            throw new IllegalStateException(String.format("Invalid iat and/or exp. iat: %s exp: %s now: %s", jsonToken.getIssuedAt(), jsonToken.getExpiration(), this.clock.now()));
        }
        if (this.checkers != null) {
            for (Checker checker : this.checkers) {
                checker.check(jsonToken.getPayloadAsJsonObject());
            }
        }
    }

    public boolean signatureIsValid(String str, List<Verifier> list) {
        String[] splitTokenString = splitTokenString(str);
        byte[] decodeBase64 = Base64.decodeBase64(splitTokenString[2]);
        String dotFormat = JsonTokenUtil.toDotFormat(splitTokenString[0], splitTokenString[1]);
        boolean z = false;
        Iterator<Verifier> it = list.iterator();
        while (it.hasNext()) {
            try {
                new AsciiStringVerifier(it.next()).verifySignature(dotFormat, decodeBase64);
                z = true;
                break;
            } catch (SignatureException e) {
            }
        }
        return z;
    }

    public boolean expirationIsValid(JsonToken jsonToken, Instant instant) {
        Instant expiration = jsonToken.getExpiration();
        return expiration == null || !instant.isAfter(expiration);
    }

    public boolean issuedAtIsValid(JsonToken jsonToken, Instant instant) {
        Instant issuedAt = jsonToken.getIssuedAt();
        return issuedAt == null || !instant.isBefore(issuedAt);
    }

    private List<Verifier> provideVerifiers(JsonToken jsonToken) throws SignatureException {
        Preconditions.checkNotNull(this.verifierProviders);
        JsonElement jsonElement = jsonToken.getHeader().get(JsonToken.KEY_ID_HEADER);
        List<Verifier> findVerifier = this.verifierProviders.getVerifierProvider(jsonToken.getSignatureAlgorithm()).findVerifier(jsonToken.getIssuer(), jsonElement == null ? null : jsonElement.getAsString());
        if (findVerifier == null) {
            throw new IllegalStateException("No valid verifier for issuer: " + jsonToken.getIssuer());
        }
        return findVerifier;
    }

    private String[] splitTokenString(String str) {
        String[] split = str.split(Pattern.quote(JsonTokenUtil.DELIMITER));
        if (split.length != 3) {
            throw new IllegalStateException("Expected JWT to have 3 segments separated by '.', but it has " + split.length + " segments");
        }
        return split;
    }
}
