package com.google.crypto.tink.jwt;

import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Objects;
import java.util.Optional;

/* compiled from: JwtValidator.java */
@g2.j
/* loaded from: classes2.dex */
public final class x {

    /* renamed from: k, reason: collision with root package name */
    private static final Duration f23733k = Duration.ofMinutes(10);

    /* renamed from: a, reason: collision with root package name */
    private final Optional<String> f23734a;

    /* renamed from: b, reason: collision with root package name */
    private final boolean f23735b;

    /* renamed from: c, reason: collision with root package name */
    private final Optional<String> f23736c;

    /* renamed from: d, reason: collision with root package name */
    private final boolean f23737d;

    /* renamed from: e, reason: collision with root package name */
    private final Optional<String> f23738e;

    /* renamed from: f, reason: collision with root package name */
    private final boolean f23739f;

    /* renamed from: g, reason: collision with root package name */
    private final boolean f23740g;

    /* renamed from: h, reason: collision with root package name */
    private final boolean f23741h;

    /* renamed from: i, reason: collision with root package name */
    private final Clock f23742i;

    /* renamed from: j, reason: collision with root package name */
    private final Duration f23743j;

    /* compiled from: JwtValidator.java */
    /* loaded from: classes2.dex */
    public static final class b {

        /* renamed from: a, reason: collision with root package name */
        private Optional<String> f23744a;

        /* renamed from: b, reason: collision with root package name */
        private boolean f23745b;

        /* renamed from: c, reason: collision with root package name */
        private Optional<String> f23746c;

        /* renamed from: d, reason: collision with root package name */
        private boolean f23747d;

        /* renamed from: e, reason: collision with root package name */
        private Optional<String> f23748e;

        /* renamed from: f, reason: collision with root package name */
        private boolean f23749f;

        /* renamed from: g, reason: collision with root package name */
        private boolean f23750g;

        /* renamed from: h, reason: collision with root package name */
        private boolean f23751h;

        /* renamed from: i, reason: collision with root package name */
        private Clock f23752i;

        /* renamed from: j, reason: collision with root package name */
        private Duration f23753j;

        private b() {
            this.f23752i = Clock.systemUTC();
            this.f23753j = Duration.ZERO;
            this.f23744a = Optional.empty();
            this.f23745b = false;
            this.f23746c = Optional.empty();
            this.f23747d = false;
            this.f23748e = Optional.empty();
            this.f23749f = false;
            this.f23750g = false;
            this.f23751h = false;
        }

        @g2.a
        public b k() {
            this.f23750g = true;
            return this;
        }

        public x l() {
            if (this.f23745b && this.f23744a.isPresent()) {
                throw new IllegalArgumentException("ignoreTypeHeader() and expectedTypeHeader() cannot be used together.");
            }
            if (this.f23747d && this.f23746c.isPresent()) {
                throw new IllegalArgumentException("ignoreIssuer() and expectedIssuer() cannot be used together.");
            }
            if (this.f23749f && this.f23748e.isPresent()) {
                throw new IllegalArgumentException("ignoreAudiences() and expectedAudience() cannot be used together.");
            }
            return new x(this);
        }

        @g2.a
        public b m(String str) {
            Objects.requireNonNull(str, "audience cannot be null");
            this.f23748e = Optional.of(str);
            return this;
        }

        @g2.a
        public b n() {
            this.f23751h = true;
            return this;
        }

        @g2.a
        public b o(String str) {
            Objects.requireNonNull(str, "issuer cannot be null");
            this.f23746c = Optional.of(str);
            return this;
        }

        @g2.a
        public b p(String str) {
            Objects.requireNonNull(str, "typ header cannot be null");
            this.f23744a = Optional.of(str);
            return this;
        }

        @g2.a
        public b q() {
            this.f23749f = true;
            return this;
        }

        @g2.a
        public b r() {
            this.f23747d = true;
            return this;
        }

        @g2.a
        public b s() {
            this.f23745b = true;
            return this;
        }

        @g2.a
        public b t(Clock clock) {
            Objects.requireNonNull(clock, "clock cannot be null");
            this.f23752i = clock;
            return this;
        }

        @g2.a
        public b u(Duration duration) {
            if (duration.compareTo(x.f23733k) > 0) {
                throw new IllegalArgumentException("Clock skew too large, max is 10 minutes");
            }
            this.f23753j = duration;
            return this;
        }
    }

    private x(b bVar) {
        this.f23734a = bVar.f23744a;
        this.f23735b = bVar.f23745b;
        this.f23736c = bVar.f23746c;
        this.f23737d = bVar.f23747d;
        this.f23738e = bVar.f23748e;
        this.f23739f = bVar.f23749f;
        this.f23740g = bVar.f23750g;
        this.f23741h = bVar.f23751h;
        this.f23742i = bVar.f23752i;
        this.f23743j = bVar.f23753j;
    }

    public static b b() {
        return new b();
    }

    private void d(y yVar) throws g {
        if (this.f23738e.isPresent()) {
            if (!yVar.s() || !yVar.c().contains(this.f23738e.get())) {
                throw new g(String.format("invalid JWT; missing expected audience %s.", this.f23738e.get()));
            }
        } else if (yVar.s() && !this.f23739f) {
            throw new g("invalid JWT; token has audience set, but validator not.");
        }
    }

    private void e(y yVar) throws g {
        if (!this.f23736c.isPresent()) {
            if (yVar.w() && !this.f23737d) {
                throw new g("invalid JWT; token has issuer set, but validator not.");
            }
        } else {
            if (!yVar.w()) {
                throw new g(String.format("invalid JWT; missing expected issuer %s.", this.f23736c.get()));
            }
            if (!yVar.h().equals(this.f23736c.get())) {
                throw new g(String.format("invalid JWT; expected issuer %s, but got %s", this.f23736c.get(), yVar.h()));
            }
        }
    }

    private void f(y yVar) throws g {
        Instant instant = this.f23742i.instant();
        if (!yVar.u() && !this.f23740g) {
            throw new g("token does not have an expiration set");
        }
        if (yVar.u() && !yVar.e().isAfter(instant.minus((TemporalAmount) this.f23743j))) {
            throw new g("token has expired since " + yVar.e());
        }
        if (yVar.A() && yVar.m().isAfter(instant.plus((TemporalAmount) this.f23743j))) {
            throw new g("token cannot be used before " + yVar.m());
        }
        if (this.f23741h) {
            if (!yVar.v()) {
                throw new g("token does not have an iat claim");
            }
            if (yVar.g().isAfter(instant.plus((TemporalAmount) this.f23743j))) {
                throw new g("token has a invalid iat claim in the future: " + yVar.g());
            }
        }
    }

    private void g(y yVar) throws g {
        if (!this.f23734a.isPresent()) {
            if (yVar.E() && !this.f23735b) {
                throw new g("invalid JWT; token has type header set, but validator not.");
            }
        } else {
            if (!yVar.E()) {
                throw new g(String.format("invalid JWT; missing expected type header %s.", this.f23734a.get()));
            }
            if (!yVar.r().equals(this.f23734a.get())) {
                throw new g(String.format("invalid JWT; expected type header %s, but got %s", this.f23734a.get(), yVar.r()));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public z c(y yVar) throws g {
        f(yVar);
        g(yVar);
        e(yVar);
        d(yVar);
        return new z(yVar);
    }

    public String toString() {
        ArrayList<String> arrayList = new ArrayList();
        if (this.f23734a.isPresent()) {
            arrayList.add("expectedTypeHeader=" + this.f23734a.get());
        }
        if (this.f23735b) {
            arrayList.add("ignoreTypeHeader");
        }
        if (this.f23736c.isPresent()) {
            arrayList.add("expectedIssuer=" + this.f23736c.get());
        }
        if (this.f23737d) {
            arrayList.add("ignoreIssuer");
        }
        if (this.f23738e.isPresent()) {
            arrayList.add("expectedAudience=" + this.f23738e.get());
        }
        if (this.f23739f) {
            arrayList.add("ignoreAudiences");
        }
        if (this.f23740g) {
            arrayList.add("allowMissingExpiration");
        }
        if (this.f23741h) {
            arrayList.add("expectIssuedInThePast");
        }
        if (!this.f23743j.isZero()) {
            arrayList.add("clockSkew=" + this.f23743j);
        }
        StringBuilder sb = new StringBuilder();
        sb.append("JwtValidator{");
        String str = "";
        for (String str2 : arrayList) {
            sb.append(str);
            sb.append(str2);
            str = ",";
        }
        sb.append("}");
        return sb.toString();
    }
}
