package org.xdi.oxd.server.op;

import com.google.inject.Injector;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xdi.oxauth.client.JwkClient;
import org.xdi.oxauth.client.OpenIdConfigurationResponse;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.jws.RSASigner;
import org.xdi.oxauth.model.jwt.Jwt;
import org.xdi.oxauth.model.jwt.JwtClaimName;
import org.xdi.oxd.common.Command;
import org.xdi.oxd.common.CommandResponse;
import org.xdi.oxd.common.params.CheckAccessTokenParams;
import org.xdi.oxd.common.response.CheckAccessTokenResponse;

/* loaded from: input_file:org/xdi/oxd/server/op/CheckAccessTokenOperation.class */
public class CheckAccessTokenOperation extends BaseOperation<CheckAccessTokenParams> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CheckAccessTokenOperation.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public CheckAccessTokenOperation(Command command, Injector injector) {
        super(command, injector, CheckAccessTokenParams.class);
    }

    @Override // org.xdi.oxd.server.op.IOperation
    public CommandResponse execute(CheckAccessTokenParams checkAccessTokenParams) throws Exception {
        OpenIdConfigurationResponse connectDiscoveryResponseByOxdId = getDiscoveryService().getConnectDiscoveryResponseByOxdId(checkAccessTokenParams.getOxdId());
        String idToken = checkAccessTokenParams.getIdToken();
        String accessToken = checkAccessTokenParams.getAccessToken();
        Jwt parse = Jwt.parse(idToken);
        Date claimAsDate = parse.getClaims().getClaimAsDate(JwtClaimName.ISSUED_AT);
        Date claimAsDate2 = parse.getClaims().getClaimAsDate("exp");
        CheckAccessTokenResponse checkAccessTokenResponse = new CheckAccessTokenResponse();
        checkAccessTokenResponse.setActive(isAccessTokenValid(accessToken, parse, connectDiscoveryResponseByOxdId));
        checkAccessTokenResponse.setIssuedAt(claimAsDate);
        checkAccessTokenResponse.setExpiresAt(claimAsDate2);
        return okResponse(checkAccessTokenResponse);
    }

    private boolean isAccessTokenValid(String str, Jwt jwt, OpenIdConfigurationResponse openIdConfigurationResponse) {
        try {
            return new RSASigner(SignatureAlgorithm.fromString(jwt.getHeader().getClaimAsString("alg")), JwkClient.getRSAPublicKey(openIdConfigurationResponse.getJwksUri(), jwt.getHeader().getClaimAsString("kid"))).validateAccessToken(str, jwt);
        } catch (Exception e) {
            LOG.error(e.getMessage(), (Throwable) e);
            return false;
        }
    }
}
