package com.idsmanager.oidc.rs;

import com.idsmanager.oidc.Constants;
import com.idsmanager.oidc.rs.result.VerifyIdTokenResult;
import java.security.PublicKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.NumericDate;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class IdTokenVerifier {
    private static final Logger LOG = LoggerFactory.getLogger(IdTokenVerifier.class);
    protected final String idToken;
    protected PublicKey publicKey;

    public IdTokenVerifier(String str, PublicKey publicKey) {
        this.idToken = str;
        this.publicKey = publicKey;
    }

    protected boolean checkingIdTokenExpired(JwtClaims jwtClaims) {
        if (jwtClaims.getExpirationTime() != null) {
            return !r0.isAfter(NumericDate.now());
        }
        LOG.debug("Not found expirationTime from JwtClaims: {}, ignore checking id_token expired", jwtClaims);
        return false;
    }

    protected JwtClaims getJwtClaims(String str) {
        return JwtClaims.parse(str);
    }

    protected String getKeyId(JsonWebSignature jsonWebSignature) {
        return jsonWebSignature.getKeyIdHeaderValue();
    }

    protected String getPayload(JsonWebSignature jsonWebSignature) {
        return jsonWebSignature.getPayload();
    }

    protected boolean getVerifySignature(JsonWebSignature jsonWebSignature) {
        return jsonWebSignature.verifySignature();
    }

    protected VerifyIdTokenResult handleError(int i, String str) {
        return new VerifyIdTokenResult(i, str);
    }

    public VerifyIdTokenResult verify() {
        if (this.idToken == null) {
            throw new NullPointerException("idToken is null");
        }
        if (this.publicKey == null) {
            throw new NullPointerException("publicKey is null");
        }
        LOG.debug(String.format("Start verify idToken: %s, publicKey: %s", this.idToken, this.publicKey));
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        try {
            jsonWebSignature.setCompactSerialization(this.idToken);
            String keyId = getKeyId(jsonWebSignature);
            LOG.debug(String.format("Get keyId: %s from the idToken", keyId));
            jsonWebSignature.setKey(this.publicKey);
            try {
                if (!getVerifySignature(jsonWebSignature)) {
                    LOG.debug("Verify idToken signature failed");
                    return handleError(Constants.VERIFY_SIGNATURE_FAILED, "Verify signature failed");
                }
                try {
                    try {
                        JwtClaims jwtClaims = getJwtClaims(getPayload(jsonWebSignature));
                        try {
                            if (!checkingIdTokenExpired(jwtClaims)) {
                                return verifySuccessful(jwtClaims, keyId);
                            }
                            LOG.debug("Expired idToken");
                            return handleError(Constants.ID_TOKEN_EXPIRED, "idToken expired");
                        } catch (MalformedClaimException e) {
                            LOG.warn("Get ExpirationTime from JwtClaims exception", (Throwable) e);
                            return handleError(Constants.GET_EXPIRATION_TIME_EXCEPTION, "Get ExpirationTime from JwtClaims exception: " + e.getMessage());
                        }
                    } catch (InvalidJwtException e2) {
                        LOG.warn("Parse payload to JwtClaims exception", (Throwable) e2);
                        return handleError(Constants.PARSE_PAYLOAD_EXCEPTION, "Parse payload to JwtClaims exception: " + e2.getMessage());
                    }
                } catch (JoseException e3) {
                    LOG.warn("JWS get payload exception", (Throwable) e3);
                    return handleError(Constants.GET_PAYLOAD_EXCEPTION, "JWS get payload exception: " + e3.getMessage());
                }
            } catch (JoseException e4) {
                LOG.warn("JWS verify signature exception", (Throwable) e4);
                return handleError(Constants.VERIFY_SIGNATURE_EXCEPTION, "JWS verify signature exception: " + e4.getMessage());
            }
        } catch (JoseException e5) {
            LOG.warn("JWS set idToken exception", (Throwable) e5);
            return handleError(Constants.INVALID_ID_TOKEN, "JWS set idToken exception: " + e5.getMessage());
        }
    }

    protected VerifyIdTokenResult verifySuccessful(JwtClaims jwtClaims, String str) {
        return new VerifyIdTokenResult(jwtClaims.getClaimsMap());
    }
}
