package com.bastiaanjansen.jwt;

import com.bastiaanjansen.jwt.Exceptions.JWTExpiredException;
import com.bastiaanjansen.jwt.Exceptions.JWTValidationException;
import com.bastiaanjansen.jwt.Header;
import com.bastiaanjansen.jwt.Payload;
import com.bastiaanjansen.jwt.Utils.Base64Utils;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.json.JSONObject;

/* loaded from: input_file:com/bastiaanjansen/jwt/DefaultJWTValidator.class */
public class DefaultJWTValidator implements JWTValidator {
    private final Map<String, ClaimValidator> headerValidators;
    private final Map<String, ClaimValidator> payloadValidators;

    /* loaded from: input_file:com/bastiaanjansen/jwt/DefaultJWTValidator$Builder.class */
    public static class Builder {
        private final Map<String, ClaimValidator> headerValidators = new HashMap();
        private final Map<String, ClaimValidator> payloadValidators = new HashMap();

        public Builder withType(String str) {
            String str2 = Header.Registered.TYPE;
            Objects.requireNonNull(str);
            withHeader(str2, str::equals);
            return this;
        }

        public Builder withContentType(String str) {
            String str2 = Header.Registered.CONTENT_TYPE;
            Objects.requireNonNull(str);
            withHeader(str2, str::equals);
            return this;
        }

        public Builder withAlgorithm(String str) {
            String str2 = Header.Registered.ALGORITHM;
            Objects.requireNonNull(str);
            withHeader(str2, str::equals);
            return this;
        }

        public Builder withIssuer(String str) {
            String str2 = Payload.Registered.ISSUER;
            Objects.requireNonNull(str);
            withClaim(str2, str::equals);
            return this;
        }

        public Builder withSubject(String str) {
            String str2 = Payload.Registered.SUBJECT;
            Objects.requireNonNull(str);
            withClaim(str2, str::equals);
            return this;
        }

        public Builder withOneOfAudience(String... strArr) {
            withClaim(Payload.Registered.AUDIENCE, obj -> {
                for (String str : strArr) {
                    if (Arrays.asList((Object[]) obj).contains(str)) {
                        return true;
                    }
                }
                return false;
            });
            return this;
        }

        public Builder withExpirationTime(Date date) {
            withClaim(Payload.Registered.EXPIRATION_TIME, obj -> {
                return obj.equals(Long.valueOf(date.getTime()));
            });
            return this;
        }

        public Builder withNotBefore(Date date) {
            withClaim(Payload.Registered.NOT_BEFORE, obj -> {
                return obj.equals(Long.valueOf(date.getTime()));
            });
            return this;
        }

        public Builder withIssuedAt(Date date) {
            withClaim(Payload.Registered.ISSUED_AT, obj -> {
                return obj.equals(Long.valueOf(date.getTime()));
            });
            return this;
        }

        public Builder withID(String str) {
            String str2 = Payload.Registered.JWT_ID;
            Objects.requireNonNull(str);
            withClaim(str2, str::equals);
            return this;
        }

        public Builder withHeader(String str, Object obj) {
            Objects.requireNonNull(obj);
            withHeader(str, obj::equals);
            return this;
        }

        public Builder withHeader(String str, ClaimValidator claimValidator) {
            if (str == null) {
                throw new IllegalArgumentException("name cannot be null");
            }
            if (claimValidator == null) {
                throw new IllegalArgumentException("validator cannot be null");
            }
            this.headerValidators.put(str, claimValidator);
            return this;
        }

        public Builder withClaim(String str, Object obj) {
            Objects.requireNonNull(obj);
            withClaim(str, obj::equals);
            return this;
        }

        public Builder withClaim(String str, ClaimValidator claimValidator) {
            if (str == null) {
                throw new IllegalArgumentException("name cannot be null");
            }
            if (claimValidator == null) {
                throw new IllegalArgumentException("validator cannot be null");
            }
            this.payloadValidators.put(str, claimValidator);
            return this;
        }

        public DefaultJWTValidator build() {
            return new DefaultJWTValidator(this);
        }
    }

    public DefaultJWTValidator() {
        this(new Builder().withType("JWT"));
    }

    public DefaultJWTValidator(Builder builder) {
        this.headerValidators = builder.headerValidators;
        this.payloadValidators = builder.payloadValidators;
    }

    @Override // com.bastiaanjansen.jwt.JWTValidator
    public void validate(JWT jwt) throws JWTValidationException {
        validateAlgorithm(jwt);
        verifyValidators(jwt.getHeader(), this.headerValidators);
        verifyPayload(jwt.getPayload());
    }

    private void validateAlgorithm(JWT jwt) throws JWTValidationException {
        if (!jwt.getAlgorithm().verify((Base64Utils.encodeBase64URL(new JSONObject(jwt.getHeader()).toString()) + "." + Base64Utils.encodeBase64URL(new JSONObject(jwt.getPayload()).toString())).getBytes(StandardCharsets.UTF_8), Base64.getUrlDecoder().decode(jwt.getSignature()))) {
            throw new JWTValidationException("Signature is not valid");
        }
    }

    private void verifyValidators(Map<String, Object> map, Map<String, ClaimValidator> map2) throws JWTValidationException {
        for (Map.Entry<String, ClaimValidator> entry : map2.entrySet()) {
            String key = entry.getKey();
            ClaimValidator value = entry.getValue();
            if (!map.containsKey(key)) {
                throw new JWTValidationException(key + " is not present in payload");
            }
            if (map.get(key) == null) {
                throw new JWTValidationException(key + " is null");
            }
            if (!value.validate(map.get(key))) {
                throw new JWTValidationException(key + " does not conform to constraint");
            }
        }
    }

    private void verifyPayload(Payload payload) throws JWTValidationException {
        Date date = new Date();
        if (payload.containsKey(Payload.Registered.EXPIRATION_TIME)) {
            Date expirationTime = payload.getExpirationTime();
            if (date.getTime() > expirationTime.getTime()) {
                throw new JWTExpiredException("JWT expired on " + expirationTime);
            }
        }
        if (payload.containsKey(Payload.Registered.NOT_BEFORE)) {
            Date notBefore = payload.getNotBefore();
            if (date.getTime() <= notBefore.getTime()) {
                throw new JWTValidationException("JWT is only valid after " + notBefore);
            }
        }
        verifyValidators(payload, this.payloadValidators);
    }

    public Map<String, ClaimValidator> getHeaderValidators() {
        return this.headerValidators;
    }

    public Map<String, ClaimValidator> getPayloadValidators() {
        return this.payloadValidators;
    }
}
