package io.mapsmessaging.security.identity.impl.external;

import com.auth0.jwk.JwkException;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.time.LocalDate;
import java.time.ZoneId;

/* loaded from: input_file:io/mapsmessaging/security/identity/impl/external/JwtValidator.class */
public class JwtValidator {
    private final TokenProvider tokenProvider;

    public JwtValidator(TokenProvider tokenProvider) {
        this.tokenProvider = tokenProvider;
    }

    public DecodedJWT validateJwt(String str, String str2) throws JwkException {
        DecodedJWT decode = JWT.decode(str2);
        String issuer = decode.getIssuer();
        DecodedJWT verify = JWT.require(Algorithm.RSA256((RSAPublicKey) this.tokenProvider.getJwkProvider(issuer).get(decode.getKeyId()).getPublicKey(), (RSAPrivateKey) null)).withIssuer(issuer).build().verify(str2);
        return validate(str, verify) ? verify : verify;
    }

    private boolean validate(String str, DecodedJWT decodedJWT) {
        if (decodedJWT.getExpiresAt().toInstant().atZone(ZoneId.systemDefault()).toLocalDate().isBefore(LocalDate.now())) {
            return false;
        }
        return str.equals(decodedJWT.getClaim("name").asString());
    }
}
