package org.jenkinsci.plugins.oic;

import com.google.api.client.auth.openidconnect.IdToken;
import com.google.api.client.auth.openidconnect.IdTokenVerifier;
import com.google.api.client.json.webtoken.JsonWebSignature;
import hudson.Util;
import java.io.IOException;
import java.util.logging.Logger;

/* loaded from: input_file:WEB-INF/lib/oic-auth.jar:org/jenkinsci/plugins/oic/OicJsonWebTokenVerifier.class */
public class OicJsonWebTokenVerifier extends IdTokenVerifier {
    private boolean jwksServerUrlAvailable;
    private static final Logger LOGGER = Logger.getLogger(OicJsonWebTokenVerifier.class.getName());
    private static final IdToken.Payload NO_PAYLOAD = new IdToken.Payload();

    public OicJsonWebTokenVerifier() {
        this.jwksServerUrlAvailable = false;
    }

    public OicJsonWebTokenVerifier(String str, IdTokenVerifier.Builder builder) {
        super(builder.setCertificatesLocation(str));
        this.jwksServerUrlAvailable = Util.fixEmptyAndTrim(str) != null;
    }

    public boolean isJwksServerUrlAvailable() {
        return this.jwksServerUrlAvailable;
    }

    public boolean verifyIdToken(IdToken idToken) throws IOException {
        if (isJwksServerUrlAvailable()) {
            try {
                return verifyOrThrow(idToken);
            } catch (IOException e) {
                LOGGER.warning("IdToken signature verification failed '" + e.toString() + "' - jwks signature verification disabled");
                this.jwksServerUrlAvailable = false;
            }
        }
        return super.verifyPayload(idToken);
    }

    public boolean verifyUserInfo(JsonWebSignature jsonWebSignature) throws IOException {
        if (!isJwksServerUrlAvailable()) {
            return true;
        }
        try {
            return verifyOrThrow(new IdToken(jsonWebSignature.getHeader(), NO_PAYLOAD, jsonWebSignature.getSignatureBytes(), jsonWebSignature.getSignedContentBytes()));
        } catch (IOException e) {
            LOGGER.warning("UserInfo signature verification failed '" + e.toString() + "' - ignore");
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.google.api.client.auth.openidconnect.IdTokenVerifier
    public boolean verifyPayload(IdToken idToken) {
        if (idToken.getPayload() == NO_PAYLOAD) {
            return true;
        }
        return super.verifyPayload(idToken);
    }
}
