package com.oracle.bmc.auth.internal;

import com.oracle.bmc.auth.SessionKeySupplier;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/oracle/bmc/auth/internal/SecurityTokenAdapter.class */
class SecurityTokenAdapter {
    private static final Logger LOG = LoggerFactory.getLogger(SecurityTokenAdapter.class);
    private final Optional<JwtClaimsSet> jwt;
    private final SessionKeySupplier sessionKeySupplier;
    private final String securityToken;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityTokenAdapter(String str, SessionKeySupplier sessionKeySupplier) {
        this.securityToken = str;
        if (str == null || str.isEmpty()) {
            this.jwt = Optional.empty();
        } else {
            this.jwt = Optional.of(new JwtClaimsSet(str));
        }
        this.sessionKeySupplier = sessionKeySupplier;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isValid() {
        return isValid(Optional.empty());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isValid(Optional<Duration> optional) {
        if (!this.jwt.isPresent()) {
            LOG.debug("Security token is not valid.");
            return false;
        }
        try {
            Date expirationTime = this.jwt.get().getExpirationTime();
            if (expirationTime == null) {
                return false;
            }
            if (!expirationTime.toInstant().minus((TemporalAmount) (optional.isPresent() ? optional.get() : Duration.ZERO)).isAfter(Instant.now())) {
                return false;
            }
            LOG.debug("Security token is not expired");
            String stringClaim = this.jwt.get().getStringClaim("jwk");
            if (stringClaim == null) {
                return false;
            }
            Optional<RSAPublicKey> publicKeyFromJson = AuthUtils.toPublicKeyFromJson(stringClaim);
            if (!publicKeyFromJson.isPresent() || !isEqualPublicKey(publicKeyFromJson.get(), (RSAPublicKey) this.sessionKeySupplier.getKeyPair().getPublic())) {
                return false;
            }
            LOG.debug("Security token is still valid. Public key matches with the JWK.");
            return true;
        } catch (IllegalArgumentException e) {
            LOG.debug("JWT parsing failed");
            return false;
        } catch (ParseException e2) {
            LOG.debug("JWT parsing failed");
            return false;
        }
    }

    private boolean isEqualPublicKey(RSAPublicKey rSAPublicKey, RSAPublicKey rSAPublicKey2) {
        if (rSAPublicKey == null || rSAPublicKey2 == null) {
            throw new IllegalArgumentException("Public key cannot be null");
        }
        return AuthUtils.base64EncodeNoChunking(rSAPublicKey).equals(AuthUtils.base64EncodeNoChunking(rSAPublicKey2));
    }

    public String getStringClaim(String str) {
        if (this.jwt.isPresent()) {
            try {
                return this.jwt.get().getStringClaim(str);
            } catch (ParseException e) {
                throw new IllegalStateException("JWT parsing failed");
            }
        }
        LOG.debug("Security token is not valid.");
        return null;
    }

    public String getSecurityToken() {
        return this.securityToken;
    }
}
