package com.nimbusds.jwt.proc;

import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.util.DateUtils;
import java.util.Date;
import java.util.List;
import net.jcip.annotations.ThreadSafe;

@ThreadSafe
/* loaded from: input_file:com/nimbusds/jwt/proc/DefaultJWTClaimsVerifier.class */
public class DefaultJWTClaimsVerifier<C extends SecurityContext> implements JWTClaimsSetVerifier<C>, JWTClaimsVerifier, ClockSkewAware {
    public static final int DEFAULT_MAX_CLOCK_SKEW_SECONDS = 60;
    private int maxClockSkew = 60;
    private boolean iatRequired = false;
    private boolean expRequired = false;
    private boolean nbfRequired = false;
    private String acceptedIssuer;
    private String acceptedAudience;

    @Override // com.nimbusds.jwt.proc.ClockSkewAware
    public int getMaxClockSkew() {
        return this.maxClockSkew;
    }

    @Override // com.nimbusds.jwt.proc.ClockSkewAware
    public void setMaxClockSkew(int i) {
        this.maxClockSkew = i;
    }

    public boolean requiresIssuedAtTime() {
        return this.iatRequired;
    }

    public void requiresIssuedAtTime(boolean z) {
        this.iatRequired = z;
    }

    public boolean requiresExpirationTime() {
        return this.expRequired;
    }

    public void requiresExpirationTime(boolean z) {
        this.expRequired = z;
    }

    public boolean requiresNotBeforeTime() {
        return this.nbfRequired;
    }

    public void requiresNotBeforeTime(boolean z) {
        this.nbfRequired = z;
    }

    public String getAcceptedIssuer() {
        return this.acceptedIssuer;
    }

    public void setAcceptedIssuer(String str) {
        this.acceptedIssuer = str;
    }

    public String getAcceptedAudience() {
        return this.acceptedAudience;
    }

    public void setAcceptedAudience(String str) {
        this.acceptedAudience = str;
    }

    @Override // com.nimbusds.jwt.proc.JWTClaimsVerifier
    public void verify(JWTClaimsSet jWTClaimsSet) throws BadJWTException {
        verify(jWTClaimsSet, null);
    }

    @Override // com.nimbusds.jwt.proc.JWTClaimsSetVerifier
    public void verify(JWTClaimsSet jWTClaimsSet, C c) throws BadJWTException {
        if (this.iatRequired && jWTClaimsSet.getIssueTime() == null) {
            throw new BadJWTException("JWT issued-at time missing");
        }
        Date date = new Date();
        Date expirationTime = jWTClaimsSet.getExpirationTime();
        if (this.expRequired && expirationTime == null) {
            throw new BadJWTException("JWT expiration time missing");
        }
        if (expirationTime != null && !DateUtils.isAfter(expirationTime, date, this.maxClockSkew)) {
            throw new BadJWTException("Expired JWT");
        }
        Date notBeforeTime = jWTClaimsSet.getNotBeforeTime();
        if (this.nbfRequired && notBeforeTime == null) {
            throw new BadJWTException("JWT not-before time missing");
        }
        if (notBeforeTime != null && !DateUtils.isBefore(notBeforeTime, date, this.maxClockSkew)) {
            throw new BadJWTException("JWT before use time");
        }
        if (this.acceptedIssuer != null) {
            String issuer = jWTClaimsSet.getIssuer();
            if (issuer == null) {
                throw new BadJWTException("JWT issuer missing");
            }
            if (!this.acceptedIssuer.equals(issuer)) {
                throw new BadJWTException("JWT issuer not accepted: " + issuer);
            }
        }
        if (this.acceptedAudience != null) {
            List<String> audience = jWTClaimsSet.getAudience();
            if (audience == null || audience.isEmpty()) {
                throw new BadJWTException("JWT audience missing");
            }
            if (!audience.contains(this.acceptedAudience)) {
                throw new BadJWTException("JWT audience not accepted: " + audience);
            }
        }
    }
}
