package cn.hutool.jwt;

import cn.hutool.core.date.DateUtil;
import cn.hutool.core.exceptions.ValidateException;
import cn.hutool.core.util.StrUtil;
import cn.hutool.jwt.signers.JWTSigner;
import cn.hutool.jwt.signers.NoneJWTSigner;
import java.util.Date;

/* loaded from: input_file:BOOT-INF/lib/hutool-all-5.7.2.jar:cn/hutool/jwt/JWTValidator.class */
public class JWTValidator {
    private final JWT jwt;

    public static JWTValidator of(String str) {
        return new JWTValidator(JWT.of(str));
    }

    public static JWTValidator of(JWT jwt) {
        return new JWTValidator(jwt);
    }

    public JWTValidator(JWT jwt) {
        this.jwt = jwt;
    }

    public JWTValidator validateAlgorithm() throws ValidateException {
        return validateAlgorithm(null);
    }

    public JWTValidator validateAlgorithm(JWTSigner jWTSigner) throws ValidateException {
        validateAlgorithm(this.jwt, jWTSigner);
        return this;
    }

    public JWTValidator validateDate(Date date) throws ValidateException {
        validateDate(this.jwt.getPayload(), date);
        return this;
    }

    private static void validateAlgorithm(JWT jwt, JWTSigner jWTSigner) throws ValidateException {
        String algorithm = jwt.getAlgorithm();
        if (null == jWTSigner) {
            jWTSigner = jwt.getSigner();
        }
        if (StrUtil.isEmpty(algorithm)) {
            if (null != jWTSigner && !(jWTSigner instanceof NoneJWTSigner)) {
                throw new ValidateException("No algorithm defined in header!");
            }
        } else {
            if (null == jWTSigner) {
                throw new IllegalArgumentException("No Signer for validate algorithm!");
            }
            String algorithmId = jWTSigner.getAlgorithmId();
            if (false == StrUtil.equals(algorithm, algorithmId)) {
                throw new ValidateException("Algorithm [{}] defined in header doesn't match to [{}]!", algorithm, algorithmId);
            }
            if (false == jwt.verify(jWTSigner)) {
                throw new ValidateException("Signature verification failed!");
            }
        }
    }

    private static void validateDate(JWTPayload jWTPayload, Date date) throws ValidateException {
        if (null == date) {
            date = DateUtil.date();
        }
        Date date2 = jWTPayload.getClaimsJson().getDate("nbf");
        if (null != date2 && date.before(date2)) {
            throw new ValidateException("Current date [{}] is before 'nbf' [{}]", date, DateUtil.date(date2));
        }
        Date date3 = jWTPayload.getClaimsJson().getDate("exp");
        if (null != date3 && date.after(date3)) {
            throw new ValidateException("Current date [{}] is after 'exp' [{}]", date, DateUtil.date(date3));
        }
        Date date4 = jWTPayload.getClaimsJson().getDate("iat");
        if (null != date4 && date.before(date4)) {
            throw new ValidateException("Current date [{}] is before 'iat' [{}]", date, DateUtil.date(date4));
        }
    }
}
