package net.trajano.openidconnect.jaspic.internal;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import javax.json.JsonObject;
import javax.servlet.http.HttpServletRequest;
import net.trajano.openidconnect.crypto.Encoding;

/* loaded from: input_file:net/trajano/openidconnect/jaspic/internal/Utils.class */
public final class Utils {
    @Deprecated
    public static boolean isGetRequest(HttpServletRequest httpServletRequest) {
        return "GET".equals(httpServletRequest.getMethod());
    }

    public static boolean isHeadRequest(HttpServletRequest httpServletRequest) {
        return "HEAD".equals(httpServletRequest.getMethod());
    }

    public static boolean isNullOrEmpty(String str) {
        return str == null || str.trim().length() == 0;
    }

    public static boolean isRetrievalRequest(HttpServletRequest httpServletRequest) {
        return isGetRequest(httpServletRequest) || isHeadRequest(httpServletRequest);
    }

    public static void validateIdToken(String str, JsonObject jsonObject, String str2, String str3) throws GeneralSecurityException {
        if (!str.equals(jsonObject.getString("aud"))) {
            throw new GeneralSecurityException(String.format("invalid 'aud' got' %s' expected '%s'", jsonObject.getString("aud"), str));
        }
        if (str2 != null && !str2.equals(jsonObject.getString("nonce"))) {
            throw new GeneralSecurityException(String.format("invalid 'nonce' got' %s' expected '%s'", jsonObject.getString("nonce"), str));
        }
        if (jsonObject.containsKey("azp") && !str.equals(jsonObject.getString("azp"))) {
            throw new GeneralSecurityException(String.format("invalid 'azp' got' %s' expected '%s'", jsonObject.getString("azp"), str));
        }
        if (jsonObject.containsKey("exp")) {
            long currentTimeMillis = System.currentTimeMillis() - (jsonObject.getInt("exp") * 1000);
            if (currentTimeMillis >= 0) {
                throw new GeneralSecurityException("expired " + currentTimeMillis + "ms ago");
            }
        }
        if (jsonObject.containsKey("at_hash") && !Encoding.base64urlEncode(MessageDigest.getInstance("SHA-256").digest(str3.getBytes()), 0, 16).equals(jsonObject.getString("at_hash"))) {
            throw new GeneralSecurityException("access token hash mismatch");
        }
    }

    private Utils() {
    }
}
