package be.atbash.ee.security.octopus.nimbus.jwt.proc;

import be.atbash.ee.security.octopus.config.JwtSupportConfiguration;
import be.atbash.ee.security.octopus.jwt.JWTValidationConstant;
import be.atbash.ee.security.octopus.jwt.decoder.JWTVerifier;
import be.atbash.ee.security.octopus.nimbus.jwt.CommonJWTHeader;
import be.atbash.ee.security.octopus.nimbus.jwt.JWTClaimsSet;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSHeader;
import be.atbash.ee.security.octopus.nimbus.jwt.util.DateUtils;
import java.util.Date;
import org.slf4j.MDC;

/* loaded from: input_file:be/atbash/ee/security/octopus/nimbus/jwt/proc/DefaultJWTClaimsVerifier.class */
public class DefaultJWTClaimsVerifier implements JWTVerifier {
    private final int maxClockSkew = JwtSupportConfiguration.getInstance().getClockSkewSeconds();

    @Override // be.atbash.ee.security.octopus.jwt.decoder.JWTVerifier
    public boolean verify(CommonJWTHeader commonJWTHeader, JWTClaimsSet jWTClaimsSet) {
        Date date = new Date();
        Date expirationTime = jWTClaimsSet.getExpirationTime();
        if (expirationTime != null && !DateUtils.isAfter(expirationTime, date, this.maxClockSkew)) {
            MDC.put(JWTValidationConstant.JWT_VERIFICATION_FAIL_REASON, String.format("The token was expired (exp = %s)", expirationTime));
            return false;
        }
        Date notBeforeTime = jWTClaimsSet.getNotBeforeTime();
        if (notBeforeTime != null && !DateUtils.isBefore(notBeforeTime, date, this.maxClockSkew)) {
            MDC.put(JWTValidationConstant.JWT_VERIFICATION_FAIL_REASON, String.format("The token should not be used (nbf = %s)", notBeforeTime));
            return false;
        }
        if (!(commonJWTHeader instanceof JWSHeader) || ((JWSHeader) commonJWTHeader).isBase64URLEncodePayload()) {
            return true;
        }
        MDC.put(JWTValidationConstant.JWT_VERIFICATION_FAIL_REASON, "The token has a payload that is not encoded (b64=false)");
        return false;
    }
}
