package com.microsoft.graph.core.models;

import com.microsoft.graph.core.models.DecryptableContent;
import com.microsoft.graph.core.models.EncryptedContentBearer;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;

/* loaded from: input_file:com/microsoft/graph/core/models/TokenValidable.class */
public interface TokenValidable<U extends DecryptableContent, T extends EncryptedContentBearer<U>> {
    public static final String graphNotificationPublisher = "0bf30f3b-4a52-48df-9a82-234910c4a086";

    void setValidationTokens(@Nullable List<String> list);

    @Nullable
    List<String> getValidationTokens();

    void setValue(@Nullable List<T> list);

    @Nullable
    List<T> getValue();

    static <U extends DecryptableContent, T extends EncryptedContentBearer<U>> boolean areTokensValid(@Nonnull TokenValidable<U, T> tokenValidable, @Nonnull List<UUID> list, @Nonnull List<UUID> list2, @Nonnull String str) {
        Objects.requireNonNull(tokenValidable);
        Objects.requireNonNull(list);
        Objects.requireNonNull(list2);
        Objects.requireNonNull(str);
        if (tokenValidable.getValidationTokens() == null || tokenValidable.getValidationTokens().isEmpty() || tokenValidable.getValue().stream().allMatch(encryptedContentBearer -> {
            return encryptedContentBearer.getEncryptedContent() == null;
        })) {
            return true;
        }
        if (list.isEmpty() || list2.isEmpty()) {
            throw new IllegalArgumentException("tenantIds, appIds and issuer formats must be provided");
        }
        Iterator<String> it = tokenValidable.getValidationTokens().iterator();
        while (it.hasNext()) {
            if (!isTokenValid(it.next(), list, list2, str)) {
                return false;
            }
        }
        return true;
    }

    static <U extends DecryptableContent, T extends EncryptedContentBearer<U>> boolean areTokensValid(@Nonnull TokenValidable<U, T> tokenValidable, @Nonnull List<UUID> list, @Nonnull List<UUID> list2) {
        return areTokensValid(tokenValidable, list, list2, "https://login.microsoftonline.com/common/discovery/keys");
    }

    static <U extends DecryptableContent, T extends EncryptedContentBearer<U>> boolean isTokenValid(@Nonnull String str, @Nonnull List<UUID> list, @Nonnull List<UUID> list2, @Nonnull String str2) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(list);
        Objects.requireNonNull(list2);
        Objects.requireNonNull(str2);
        if (list.isEmpty() || list2.isEmpty()) {
            throw new IllegalArgumentException("tenantIds, appIds and issuer formats must be provided");
        }
        try {
            Claims claims = (Claims) Jwts.parser().keyLocator(new DiscoverUrlAdapter(str2)).build().parseSignedClaims(str).getPayload();
            if (claims.getExpiration().before(new Date())) {
                throw new IllegalArgumentException("Token is expired");
            }
            String issuer = claims.getIssuer();
            Set audience = claims.getAudience();
            boolean z = false;
            Iterator<UUID> it = list2.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (audience.contains(it.next().toString())) {
                    z = true;
                    break;
                }
            }
            boolean z2 = false;
            Iterator<UUID> it2 = list.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (issuer.contains(it2.next().toString())) {
                    z2 = true;
                    break;
                }
            }
            if (((String) claims.get("azp", String.class)).equals(graphNotificationPublisher)) {
                return z && z2;
            }
            throw new IllegalArgumentException("Invalid token publisher. Expected Graph notification publisher (azp): 0bf30f3b-4a52-48df-9a82-234910c4a086");
        } catch (Exception e) {
            throw new IllegalArgumentException("Invalid token", e);
        }
    }
}
