package org.xdi.oxd.server.op;

import com.google.inject.Injector;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xdi.oxauth.client.JwkClient;
import org.xdi.oxauth.client.OpenIdConfigurationResponse;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.jws.RSASigner;
import org.xdi.oxauth.model.jwt.Jwt;
import org.xdi.oxauth.model.jwt.JwtClaimName;
import org.xdi.oxd.common.Command;
import org.xdi.oxd.common.CommandResponse;
import org.xdi.oxd.common.params.CheckIdTokenParams;
import org.xdi.oxd.common.response.CheckIdTokenResponse;
import org.xdi.oxd.server.DiscoveryService;

/* loaded from: input_file:org/xdi/oxd/server/op/CheckIdTokenOperation.class */
public class CheckIdTokenOperation extends BaseOperation {
    private static final Logger LOG = LoggerFactory.getLogger(CheckIdTokenOperation.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public CheckIdTokenOperation(Command command, Injector injector) {
        super(command, injector);
    }

    @Override // org.xdi.oxd.server.op.IOperation
    public CommandResponse execute() {
        try {
            CheckIdTokenParams checkIdTokenParams = (CheckIdTokenParams) asParams(CheckIdTokenParams.class);
            if (checkIdTokenParams != null) {
                OpenIdConfigurationResponse discoveryResponse = DiscoveryService.getInstance().getDiscoveryResponse(checkIdTokenParams.getDiscoveryUrl());
                Jwt parse = Jwt.parse(checkIdTokenParams.getIdToken());
                Date claimAsDate = parse.getClaims().getClaimAsDate(JwtClaimName.ISSUED_AT);
                Date claimAsDate2 = parse.getClaims().getClaimAsDate("exp");
                CheckIdTokenResponse checkIdTokenResponse = new CheckIdTokenResponse();
                checkIdTokenResponse.setActive(isValid(parse, discoveryResponse));
                checkIdTokenResponse.setIssuedAt(claimAsDate != null ? claimAsDate.getTime() / 1000 : 0L);
                checkIdTokenResponse.setExpiresAt(claimAsDate2 != null ? claimAsDate2.getTime() / 1000 : 0L);
                checkIdTokenResponse.setClaims(parse.getClaims().toMap());
                return okResponse(checkIdTokenResponse);
            }
        } catch (Throwable th) {
            LOG.error(th.getMessage(), th);
        }
        return CommandResponse.INTERNAL_ERROR_RESPONSE;
    }

    private boolean isValid(Jwt jwt, OpenIdConfigurationResponse openIdConfigurationResponse) {
        try {
            String claimAsString = jwt.getHeader().getClaimAsString("alg");
            String jwksUri = openIdConfigurationResponse.getJwksUri();
            String claimAsString2 = jwt.getHeader().getClaimAsString("kid");
            String claimAsString3 = jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER);
            if (!new Date().after(jwt.getClaims().getClaimAsDate("exp")) && claimAsString3.equals(openIdConfigurationResponse.getIssuer())) {
                return new RSASigner(SignatureAlgorithm.fromName(claimAsString), JwkClient.getRSAPublicKey(jwksUri, claimAsString2)).validate(jwt);
            }
            return false;
        } catch (Exception e) {
            LOG.error(e.getMessage(), (Throwable) e);
            return false;
        }
    }
}
