package com.netflexity.software.qflex.mule.policies.jwt;

import com.netflexity.software.qflex.mule.policies.common.KeyLoader;
import java.nio.charset.Charset;
import java.util.Base64;
import java.util.Date;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/netflexity/software/qflex/mule/policies/jwt/JwtValidation.class */
public class JwtValidation {
    public static String validateSignature(JwsHeader jwsHeader, String str, String str2, String str3, String str4) {
        System.out.println("-------------------------------------");
        System.out.println(jwsHeader.getAlgorithm());
        System.out.println(jwsHeader.getType());
        System.out.println(str);
        System.out.println(str2);
        System.out.println(str3);
        System.out.println(str4);
        System.out.println("-------------------------------------");
        if (str != null) {
            try {
                if (!str.isEmpty()) {
                    if (str2 == null || str2.isEmpty()) {
                        throw new JwtException("A signature key must be specified to validate JWT signature.");
                    }
                    SignatureAlgorithm signatureAlgorithm = null;
                    String algorithm = jwsHeader.getAlgorithm();
                    if (algorithm != null && !algorithm.isEmpty()) {
                        signatureAlgorithm = SignatureAlgorithm.forName(algorithm);
                    }
                    if (jwsHeader.getAlgorithm() == null || signatureAlgorithm == SignatureAlgorithm.NONE) {
                        throw new JwtException("JWT string has a digest/signature, but the header does not reference a valid signature algorithm.");
                    }
                    if (!jwsHeader.getAlgorithm().equalsIgnoreCase(str)) {
                        throw new JwtException("JWT header signature algorithm differs from configured value.");
                    }
                    if (SignatureProviderFactory.createSignatureProvider(signatureAlgorithm, signatureAlgorithm.isHmac() ? new SecretKeySpec(str2.getBytes(), signatureAlgorithm.getJcaName()) : KeyLoader.createRSAPublicKeySpec(KeyLoader.decodePEMFormatFromString(str2))).isValid(str3.getBytes(Charset.forName("US-ASCII")), Base64.getUrlDecoder().decode(str4))) {
                        return "";
                    }
                    throw new JwtException("JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.");
                }
            } catch (Exception e) {
                return e.getMessage();
            }
        }
        throw new JwtException("A signature algorithm must be specified to validate JWT signature.");
    }

    public static void validateClaims(JwsHeader jwsHeader, JwtClaims jwtClaims) {
        if (jwtClaims == null) {
            return;
        }
        Date date = new Date();
        long time = date.getTime();
        Date expiration = jwtClaims.getExpiration();
        if (expiration != null && date.after(expiration)) {
            throw new JwtException("JWT expired at " + DateFormats.formatIso8601(expiration, false) + ". Current time: " + DateFormats.formatIso8601(date, false) + ", a difference of " + (time - expiration.getTime()) + " milliseconds.");
        }
        Date notBefore = jwtClaims.getNotBefore();
        if (notBefore == null || !date.before(notBefore)) {
            return;
        }
        throw new JwtException("JWT must not be accepted before " + DateFormats.formatIso8601(notBefore, false) + ". Current time: " + DateFormats.formatIso8601(date, false) + ", a difference of " + (notBefore.getTime() - time) + " milliseconds.");
    }

    public static void validateExpectedClaims(JwsHeader jwsHeader, JwtClaims jwtClaims, JwtClaims jwtClaims2) {
        for (String str : jwtClaims2.keySet()) {
            Object normalize = normalize(jwtClaims2.get(str));
            Object normalize2 = normalize(jwtClaims.get(str));
            if (normalize instanceof Date) {
                try {
                    normalize2 = jwtClaims.get(str, Date.class);
                } catch (Exception e) {
                    throw new JwtException("JWT Claim '" + str + "' was expected to be a Date, but its value cannot be converted to a Date using current heuristics.  Value: " + normalize2);
                }
            }
            if (normalize2 == null) {
                throw new JwtException(String.format("Expected %s claim to be: %s, but was not present in the JWT claims.", str, normalize));
            }
            if (!normalize.equals(normalize2)) {
                throw new JwtException(String.format("Expected %s claim to be: %s, but was: %s.", str, normalize, normalize2));
            }
        }
    }

    private static Object normalize(Object obj) {
        if (obj instanceof Integer) {
            obj = Long.valueOf(((Integer) obj).longValue());
        }
        return obj;
    }
}
