package net.trajano.auth.internal;

import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.json.Json;
import javax.json.JsonObject;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:net/trajano/auth/internal/Utils.class */
public final class Utils {
    private static final String MESSAGES = "META-INF/Messages";
    private static final Logger LOG = Logger.getLogger("net.trajano.auth.oauthsam", MESSAGES);

    public static byte[] getJwsPayload(String str, JsonWebKeySet jsonWebKeySet) throws GeneralSecurityException {
        if (LOG.isLoggable(Level.FINEST)) {
            LOG.finest("serialized payload = " + str);
        }
        String[] split = str.split("\\.");
        JsonObject readObject = Json.createReader(new ByteArrayInputStream(Base64.decode(split[0]))).readObject();
        if (!"none".equals(readObject.getString("alg"))) {
            String string = readObject.containsKey("kid") ? readObject.getString("kid") : "";
            PublicKey publicKey = (PublicKey) jsonWebKeySet.getKey(string, PublicKey.class);
            if (publicKey == null) {
                throw new GeneralSecurityException("No key with id " + string + " defined");
            }
            Signature signature = Signature.getInstance(toJavaAlgorithm(readObject.getString("alg")));
            byte[] decode = Base64.decode(split[2]);
            signature.initVerify(publicKey);
            signature.update((split[0] + "." + split[1]).getBytes());
            if (!signature.verify(decode)) {
                throw new GeneralSecurityException("signature verification failed");
            }
        }
        return Base64.decode(split[1]);
    }

    public static boolean isGetRequest(HttpServletRequest httpServletRequest) {
        return "GET".equals(httpServletRequest.getMethod());
    }

    public static boolean isHeadRequest(HttpServletRequest httpServletRequest) {
        return "HEAD".equals(httpServletRequest.getMethod());
    }

    public static boolean isNullOrEmpty(String str) {
        return str == null || str.trim().length() == 0;
    }

    public static boolean isRetrievalRequest(HttpServletRequest httpServletRequest) {
        return isGetRequest(httpServletRequest) || isHeadRequest(httpServletRequest);
    }

    public static String toJavaAlgorithm(String str) {
        return JsonWebAlgorithm.valueOf(str).toJca();
    }

    public static void validateIdToken(String str, JsonObject jsonObject) throws GeneralSecurityException {
        if (!str.equals(jsonObject.getString("aud"))) {
            throw new GeneralSecurityException(String.format("invalid 'aud' got' %s' expected '%s'", jsonObject.getString("aud"), str));
        }
        if (jsonObject.containsKey("azp") && !str.equals(jsonObject.getString("azp"))) {
            throw new GeneralSecurityException(String.format("invalid 'azp' got' %s' expected '%s'", jsonObject.getString("azp"), str));
        }
        if (jsonObject.containsKey("exp")) {
            long currentTimeMillis = System.currentTimeMillis() - (jsonObject.getInt("exp") * 1000);
            if (currentTimeMillis >= 0) {
                throw new GeneralSecurityException("expired " + currentTimeMillis + "ms ago");
            }
        }
    }

    private Utils() {
    }
}
