package com.gradle.maven.extension.internal.dep.com.auth0.jwt;

import com.gradle.maven.extension.internal.dep.com.auth0.jwt.algorithms.Algorithm;
import com.gradle.maven.extension.internal.dep.com.auth0.jwt.exceptions.AlgorithmMismatchException;
import com.gradle.maven.extension.internal.dep.com.auth0.jwt.exceptions.IncorrectClaimException;
import com.gradle.maven.extension.internal.dep.com.auth0.jwt.exceptions.InvalidClaimException;
import com.gradle.maven.extension.internal.dep.com.auth0.jwt.exceptions.JWTVerificationException;
import com.gradle.maven.extension.internal.dep.com.auth0.jwt.exceptions.MissingClaimException;
import com.gradle.maven.extension.internal.dep.com.auth0.jwt.exceptions.TokenExpiredException;
import com.gradle.maven.extension.internal.dep.com.auth0.jwt.impl.ExpectedCheckHolder;
import com.gradle.maven.extension.internal.dep.com.auth0.jwt.impl.JWTParser;
import com.gradle.maven.extension.internal.dep.com.auth0.jwt.interfaces.Claim;
import com.gradle.maven.extension.internal.dep.com.auth0.jwt.interfaces.DecodedJWT;
import com.gradle.maven.extension.internal.dep.com.auth0.jwt.interfaces.Verification;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.BiPredicate;

/* loaded from: input_file:WEB-INF/lib/gradle-rc929.c5c723830e87.jar:hudson/plugins/gradle/injection/develocity-maven-extension-1.21.jar:com/gradle/maven/extension/internal/dep/com/auth0/jwt/JWTVerifier.class */
public final class JWTVerifier {
    private final Algorithm algorithm;
    final List<ExpectedCheckHolder> expectedChecks;
    private final JWTParser parser = new JWTParser();

    /* loaded from: input_file:WEB-INF/lib/gradle-rc929.c5c723830e87.jar:hudson/plugins/gradle/injection/develocity-maven-extension-1.21.jar:com/gradle/maven/extension/internal/dep/com/auth0/jwt/JWTVerifier$BaseVerification.class */
    public static class BaseVerification implements Verification {
        private final Algorithm algorithm;
        private final List<ExpectedCheckHolder> expectedChecks;
        private long defaultLeeway;
        private final Map<String, Long> customLeeways;
        private boolean ignoreIssuedAt;
        private Clock clock;

        BaseVerification(Algorithm algorithm) throws IllegalArgumentException {
            if (algorithm == null) {
                throw new IllegalArgumentException("The Algorithm cannot be null.");
            }
            this.algorithm = algorithm;
            this.expectedChecks = new ArrayList();
            this.customLeeways = new HashMap();
            this.defaultLeeway = 0L;
        }

        @Override // com.gradle.maven.extension.internal.dep.com.auth0.jwt.interfaces.Verification
        public Verification withSubject(String str) {
            addCheck("sub", (claim, decodedJWT) -> {
                return verifyNull(claim, str) || str.equals(claim.asString());
            });
            return this;
        }

        @Override // com.gradle.maven.extension.internal.dep.com.auth0.jwt.interfaces.Verification
        public Verification acceptLeeway(long j) throws IllegalArgumentException {
            assertPositive(j);
            this.defaultLeeway = j;
            return this;
        }

        @Override // com.gradle.maven.extension.internal.dep.com.auth0.jwt.interfaces.Verification
        public JWTVerifier build() {
            return build(Clock.systemUTC());
        }

        public JWTVerifier build(Clock clock) {
            this.clock = clock;
            addMandatoryClaimChecks();
            return new JWTVerifier(this.algorithm, this.expectedChecks);
        }

        public long getLeewayFor(String str) {
            return this.customLeeways.getOrDefault(str, Long.valueOf(this.defaultLeeway)).longValue();
        }

        private void addMandatoryClaimChecks() {
            long leewayFor = getLeewayFor("exp");
            long leewayFor2 = getLeewayFor("nbf");
            long leewayFor3 = getLeewayFor("iat");
            this.expectedChecks.add(constructExpectedCheck("exp", (claim, decodedJWT) -> {
                return assertValidInstantClaim("exp", claim, leewayFor, true);
            }));
            this.expectedChecks.add(constructExpectedCheck("nbf", (claim2, decodedJWT2) -> {
                return assertValidInstantClaim("nbf", claim2, leewayFor2, false);
            }));
            if (this.ignoreIssuedAt) {
                return;
            }
            this.expectedChecks.add(constructExpectedCheck("iat", (claim3, decodedJWT3) -> {
                return assertValidInstantClaim("iat", claim3, leewayFor3, false);
            }));
        }

        private boolean assertValidInstantClaim(String str, Claim claim, long j, boolean z) {
            Instant asInstant = claim.asInstant();
            Instant truncatedTo = this.clock.instant().truncatedTo(ChronoUnit.SECONDS);
            if (z) {
                if (assertInstantIsFuture(asInstant, j, truncatedTo)) {
                    return true;
                }
                throw new TokenExpiredException(String.format("The Token has expired on %s.", asInstant), asInstant);
            }
            if (assertInstantIsLessThanOrEqualToNow(asInstant, j, truncatedTo)) {
                return true;
            }
            throw new IncorrectClaimException(String.format("The Token can't be used before %s.", asInstant), str, claim);
        }

        private boolean assertInstantIsFuture(Instant instant, long j, Instant instant2) {
            return instant == null || instant2.minus((TemporalAmount) Duration.ofSeconds(j)).isBefore(instant);
        }

        private boolean assertInstantIsLessThanOrEqualToNow(Instant instant, long j, Instant instant2) {
            return instant == null || !instant2.plus((TemporalAmount) Duration.ofSeconds(j)).isBefore(instant);
        }

        private void assertPositive(long j) {
            if (j < 0) {
                throw new IllegalArgumentException("Leeway value can't be negative.");
            }
        }

        private void addCheck(String str, BiPredicate<Claim, DecodedJWT> biPredicate) {
            this.expectedChecks.add(constructExpectedCheck(str, (claim, decodedJWT) -> {
                if (claim.isMissing()) {
                    throw new MissingClaimException(str);
                }
                return biPredicate.test(claim, decodedJWT);
            }));
        }

        private ExpectedCheckHolder constructExpectedCheck(final String str, final BiPredicate<Claim, DecodedJWT> biPredicate) {
            return new ExpectedCheckHolder() { // from class: com.gradle.maven.extension.internal.dep.com.auth0.jwt.JWTVerifier.BaseVerification.1
                @Override // com.gradle.maven.extension.internal.dep.com.auth0.jwt.impl.ExpectedCheckHolder
                public String getClaimName() {
                    return str;
                }

                @Override // com.gradle.maven.extension.internal.dep.com.auth0.jwt.impl.ExpectedCheckHolder
                public boolean verify(Claim claim, DecodedJWT decodedJWT) {
                    return biPredicate.test(claim, decodedJWT);
                }
            };
        }

        private boolean verifyNull(Claim claim, Object obj) {
            return obj == null && claim.isNull();
        }
    }

    JWTVerifier(Algorithm algorithm, List<ExpectedCheckHolder> list) {
        this.algorithm = algorithm;
        this.expectedChecks = Collections.unmodifiableList(list);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Verification init(Algorithm algorithm) throws IllegalArgumentException {
        return new BaseVerification(algorithm);
    }

    public DecodedJWT verify(String str) throws JWTVerificationException {
        return verify(new JWTDecoder(this.parser, str));
    }

    public DecodedJWT verify(DecodedJWT decodedJWT) throws JWTVerificationException {
        verifyAlgorithm(decodedJWT, this.algorithm);
        this.algorithm.verify(decodedJWT);
        verifyClaims(decodedJWT, this.expectedChecks);
        return decodedJWT;
    }

    private void verifyAlgorithm(DecodedJWT decodedJWT, Algorithm algorithm) throws AlgorithmMismatchException {
        if (!algorithm.getName().equals(decodedJWT.getAlgorithm())) {
            throw new AlgorithmMismatchException("The provided Algorithm doesn't match the one defined in the JWT's Header.");
        }
    }

    private void verifyClaims(DecodedJWT decodedJWT, List<ExpectedCheckHolder> list) throws TokenExpiredException, InvalidClaimException {
        for (ExpectedCheckHolder expectedCheckHolder : list) {
            String claimName = expectedCheckHolder.getClaimName();
            Claim claim = decodedJWT.getClaim(claimName);
            if (!expectedCheckHolder.verify(claim, decodedJWT)) {
                throw new IncorrectClaimException(String.format("The Claim '%s' value doesn't match the required one.", claimName), claimName, claim);
            }
        }
    }
}
