package io.nixer.nixerplugin.core.stigma.token.validation;

import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import io.nixer.nixerplugin.core.stigma.token.StigmaTokenConstants;
import java.text.ParseException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import java.util.function.Supplier;
import javax.annotation.Nonnull;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/nixer-plugin-core-0.1.0.0.jar:io/nixer/nixerplugin/core/stigma/token/validation/StigmaTokenPayloadValidator.class */
public class StigmaTokenPayloadValidator implements JwtValidator {

    @Nonnull
    private final Supplier<Instant> nowSource;

    @Nonnull
    private final Duration tokenLifetime;

    public StigmaTokenPayloadValidator(@Nonnull Supplier<Instant> supplier, @Nonnull Duration duration) {
        Assert.notNull(supplier, "nowSource must not be null");
        this.nowSource = supplier;
        Assert.notNull(duration, "Duration must not be null");
        this.tokenLifetime = duration;
    }

    @Override // io.nixer.nixerplugin.core.stigma.token.validation.JwtValidator
    public ValidationResult validate(@Nonnull JWT jwt) {
        Assert.notNull(jwt, "JWT must not be null");
        try {
            return validatePayload(jwt.getJWTClaimsSet());
        } catch (ParseException e) {
            return ValidationResult.invalid(ValidationStatus.PAYLOAD_PARSING_ERROR, String.format("Payload parsing error: [%s]", e.getMessage()));
        }
    }

    private ValidationResult validatePayload(JWTClaimsSet jWTClaimsSet) {
        Instant instant = this.nowSource.get();
        Object claim = jWTClaimsSet.getClaim(StigmaTokenConstants.STIGMA_VALUE_FIELD_NAME);
        if (claim == null || StringUtils.isEmpty(claim.toString())) {
            return ValidationResult.invalid(ValidationStatus.MISSING_STIGMA, "Missing stigma value");
        }
        String obj = claim.toString();
        if (!StigmaTokenConstants.SUBJECT.equals(jWTClaimsSet.getSubject())) {
            return ValidationResult.invalid(ValidationStatus.INVALID_PAYLOAD, String.format("Invalid subject: [%s]", jWTClaimsSet.getSubject()), obj);
        }
        Date issueTime = jWTClaimsSet.getIssueTime();
        return issueTime == null ? ValidationResult.invalid(ValidationStatus.INVALID_PAYLOAD, "Missing issued-at", obj) : instant.isAfter(issueTime.toInstant().plus((TemporalAmount) this.tokenLifetime)) ? ValidationResult.invalid(ValidationStatus.EXPIRED, String.format("Expired token. Issued at: [%s], validation time: [%s], token lifetime: [%s] ", issueTime, instant, this.tokenLifetime), obj) : ValidationResult.valid(obj);
    }
}
