package de.governikus.autent.open.id.connect.utils;

import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.BadJWTException;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.util.DateUtils;
import de.governikus.autent.open.id.connect.utils.exceptions.JwtExpiredException;
import de.governikus.autent.open.id.connect.utils.exceptions.JwtInconsistentTimestampsException;
import de.governikus.autent.open.id.connect.utils.exceptions.JwtInvalidAudienceException;
import de.governikus.autent.open.id.connect.utils.exceptions.JwtInvalidIssuerException;
import de.governikus.autent.open.id.connect.utils.exceptions.JwtInvalidNonceException;
import de.governikus.autent.open.id.connect.utils.exceptions.JwtNotValidYetException;
import java.util.Date;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/governikus/autent/open/id/connect/utils/JwtClaimsSetVerifier.class */
public class JwtClaimsSetVerifier extends DefaultJWTClaimsVerifier {
    private static final Logger log = LoggerFactory.getLogger(JwtClaimsSetVerifier.class);
    private String clientId;
    private String issuer;
    private String nonce;

    /* loaded from: input_file:de/governikus/autent/open/id/connect/utils/JwtClaimsSetVerifier$JwtClaimsSetVerifierBuilder.class */
    public static class JwtClaimsSetVerifierBuilder {
        private String clientId;
        private String issuer;
        private String nonce;

        JwtClaimsSetVerifierBuilder() {
        }

        public JwtClaimsSetVerifierBuilder clientId(String str) {
            this.clientId = str;
            return this;
        }

        public JwtClaimsSetVerifierBuilder issuer(String str) {
            this.issuer = str;
            return this;
        }

        public JwtClaimsSetVerifierBuilder nonce(String str) {
            this.nonce = str;
            return this;
        }

        public JwtClaimsSetVerifier build() {
            return new JwtClaimsSetVerifier(this.clientId, this.issuer, this.nonce);
        }

        public String toString() {
            return "JwtClaimsSetVerifier.JwtClaimsSetVerifierBuilder(clientId=" + this.clientId + ", issuer=" + this.issuer + ", nonce=" + this.nonce + ")";
        }
    }

    public JwtClaimsSetVerifier(String str, String str2, String str3) {
        this.clientId = str;
        this.issuer = str2;
        this.nonce = str3;
    }

    public void verify(JWTClaimsSet jWTClaimsSet, SecurityContext securityContext) throws BadJWTException {
        String valueOf;
        log.trace("verifying claimsSet: {}", jWTClaimsSet.toJSONObject().toJSONString());
        Date date = new Date();
        Date expirationTime = jWTClaimsSet.getExpirationTime();
        if (expirationTime != null && !DateUtils.isAfter(expirationTime, date, getMaxClockSkew())) {
            throw new JwtExpiredException("Expired JWT: " + expirationTime);
        }
        Date notBeforeTime = jWTClaimsSet.getNotBeforeTime();
        if (notBeforeTime != null && !DateUtils.isBefore(notBeforeTime, date, getMaxClockSkew())) {
            throw new JwtNotValidYetException("JWT before use time: " + notBeforeTime);
        }
        if (StringUtils.isNotBlank(this.issuer) && !jWTClaimsSet.getIssuer().equals(this.issuer)) {
            throw new JwtInvalidIssuerException("field 'iss':'" + jWTClaimsSet.getIssuer() + "' does not match expected issuer: '" + this.issuer + "'");
        }
        if (StringUtils.isNotBlank(this.clientId) && jWTClaimsSet.getAudience() != null && !jWTClaimsSet.getAudience().contains(this.clientId)) {
            throw new JwtInvalidAudienceException("field 'aud':'" + jWTClaimsSet.getAudience() + "' does not contain our client_id: '" + this.clientId + "'");
        }
        if (StringUtils.isNotBlank(this.nonce) && (valueOf = String.valueOf(jWTClaimsSet.getClaim("nonce"))) != null && !valueOf.equals(this.nonce)) {
            throw new JwtInvalidNonceException("field 'nonce':'" + valueOf + "' does not contain the given nonce: '" + this.nonce + "'");
        }
        Date issueTime = jWTClaimsSet.getIssueTime();
        Date expirationTime2 = jWTClaimsSet.getExpirationTime();
        if (issueTime != null && expirationTime2 != null && issueTime.after(expirationTime2)) {
            throw new JwtInconsistentTimestampsException("JWT issue time after expiration time. \n issued: " + issueTime + "\nexpiration: " + expirationTime2);
        }
        Date notBeforeTime2 = jWTClaimsSet.getNotBeforeTime();
        if (issueTime != null && notBeforeTime2 != null && issueTime.after(notBeforeTime2)) {
            throw new JwtInconsistentTimestampsException("JWT issue time after not before time. \n issue_time: " + issueTime + "\nnot_before: " + notBeforeTime2);
        }
    }

    public static JwtClaimsSetVerifierBuilder builder() {
        return new JwtClaimsSetVerifierBuilder();
    }

    public String getClientId() {
        return this.clientId;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public String getNonce() {
        return this.nonce;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public void setNonce(String str) {
        this.nonce = str;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof JwtClaimsSetVerifier)) {
            return false;
        }
        JwtClaimsSetVerifier jwtClaimsSetVerifier = (JwtClaimsSetVerifier) obj;
        if (!jwtClaimsSetVerifier.canEqual(this)) {
            return false;
        }
        String clientId = getClientId();
        String clientId2 = jwtClaimsSetVerifier.getClientId();
        if (clientId == null) {
            if (clientId2 != null) {
                return false;
            }
        } else if (!clientId.equals(clientId2)) {
            return false;
        }
        String issuer = getIssuer();
        String issuer2 = jwtClaimsSetVerifier.getIssuer();
        if (issuer == null) {
            if (issuer2 != null) {
                return false;
            }
        } else if (!issuer.equals(issuer2)) {
            return false;
        }
        String nonce = getNonce();
        String nonce2 = jwtClaimsSetVerifier.getNonce();
        return nonce == null ? nonce2 == null : nonce.equals(nonce2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof JwtClaimsSetVerifier;
    }

    public int hashCode() {
        String clientId = getClientId();
        int hashCode = (1 * 59) + (clientId == null ? 43 : clientId.hashCode());
        String issuer = getIssuer();
        int hashCode2 = (hashCode * 59) + (issuer == null ? 43 : issuer.hashCode());
        String nonce = getNonce();
        return (hashCode2 * 59) + (nonce == null ? 43 : nonce.hashCode());
    }

    public String toString() {
        return "JwtClaimsSetVerifier(super=" + super/*java.lang.Object*/.toString() + ", clientId=" + getClientId() + ", issuer=" + getIssuer() + ", nonce=" + getNonce() + ")";
    }
}
