package com.oracle.bmc.auth.internal;

import com.google.common.base.Optional;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.oracle.bmc.auth.SessionKeySupplier;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.36.0.jar:com/oracle/bmc/auth/internal/SecurityTokenAdapter.class */
class SecurityTokenAdapter {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SecurityTokenAdapter.class);
    private final JWTClaimsSet jwt;
    private final SessionKeySupplier sessionKeySupplier;
    private final String securityToken;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityTokenAdapter(String str, SessionKeySupplier sessionKeySupplier) {
        this.securityToken = str;
        if (str == null || str.isEmpty()) {
            this.jwt = null;
        } else {
            this.jwt = parse(str);
        }
        this.sessionKeySupplier = sessionKeySupplier;
    }

    private JWTClaimsSet parse(String str) {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            if (parse.getSignature().toString().isEmpty()) {
                throw new IllegalArgumentException("The token doesn't have a signature");
            }
            return parse.getJWTClaimsSet();
        } catch (ParseException e) {
            throw new IllegalArgumentException("The token does not conform to signed JWT format. " + e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isValid() {
        if (this.jwt == null) {
            LOG.debug("Security token is not valid.");
            return false;
        }
        try {
            Date expirationTime = this.jwt.getExpirationTime();
            if (expirationTime == null || !expirationTime.after(new Date())) {
                return false;
            }
            LOG.debug("Security token is not expired");
            String stringClaim = this.jwt.getStringClaim("jwk");
            if (stringClaim == null) {
                return false;
            }
            Optional<RSAPublicKey> publicKeyFromJson = AuthUtils.toPublicKeyFromJson(stringClaim);
            if (!publicKeyFromJson.isPresent() || !isEqualPublicKey(publicKeyFromJson.get(), (RSAPublicKey) this.sessionKeySupplier.getKeyPair().getPublic())) {
                return false;
            }
            LOG.debug("Security token is still valid. Public key matches with the JWK.");
            return true;
        } catch (IllegalArgumentException e) {
            LOG.debug("JWT parsing failed");
            return false;
        } catch (ParseException e2) {
            LOG.debug("JWT parsing failed");
            return false;
        }
    }

    private boolean isEqualPublicKey(RSAPublicKey rSAPublicKey, RSAPublicKey rSAPublicKey2) {
        if (rSAPublicKey == null || rSAPublicKey2 == null) {
            throw new IllegalArgumentException("Public key cannot be null");
        }
        return AuthUtils.base64EncodeNoChunking(rSAPublicKey).equals(AuthUtils.base64EncodeNoChunking(rSAPublicKey2));
    }

    public String getStringClaim(String str) {
        if (this.jwt == null) {
            LOG.debug("Security token is not valid.");
            return null;
        }
        try {
            return this.jwt.getStringClaim(str);
        } catch (ParseException e) {
            throw new IllegalStateException("JWT parsing failed");
        }
    }

    public String getSecurityToken() {
        return this.securityToken;
    }
}
