package org.apache.cxf.rs.security.oauth2.grants.jwt;

import java.util.List;
import java.util.Set;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.class */
public abstract class AbstractJwtHandler extends AbstractGrantHandler {
    private Set<String> supportedIssuers;
    private JwsSignatureVerifier jwsVerifier;
    private int ttl;
    private int clockOffset;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractJwtHandler(List<String> list) {
        super(list);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateSignature(JwsHeaders jwsHeaders, String str, byte[] bArr) {
        if (!getInitializedSigVerifier(jwsHeaders).verify(jwsHeaders, str, bArr)) {
            throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateClaims(Client client, JwtClaims jwtClaims) {
        JwtUtils.validateTokenClaims(jwtClaims, this.ttl, this.clockOffset, true);
        validateIssuer(jwtClaims.getIssuer());
        validateSubject(client, jwtClaims.getSubject());
        if (jwtClaims.getClaim(JwtConstants.CLAIM_EXPIRY) == null) {
            throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
        }
    }

    protected void validateIssuer(String str) {
        if (str == null || !(this.supportedIssuers == null || this.supportedIssuers.contains(str))) {
            throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
        }
    }

    protected void validateSubject(Client client, String str) {
        if (str == null) {
            throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
        }
    }

    public void setSupportedIssuers(Set<String> set) {
        this.supportedIssuers = set;
    }

    public void setJwsVerifier(JwsSignatureVerifier jwsSignatureVerifier) {
        this.jwsVerifier = jwsSignatureVerifier;
    }

    protected JwsSignatureVerifier getInitializedSigVerifier(JwsHeaders jwsHeaders) {
        return this.jwsVerifier != null ? this.jwsVerifier : JwsUtils.loadSignatureVerifier(jwsHeaders, true);
    }

    public int getTtl() {
        return this.ttl;
    }

    public void setTtl(int i) {
        this.ttl = i;
    }

    public int getClockOffset() {
        return this.clockOffset;
    }

    public void setClockOffset(int i) {
        this.clockOffset = i;
    }
}
