package com.nimbusds.openid.connect.sdk.federation.entities;

import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.BadJWTException;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.util.DateUtils;
import com.nimbusds.oauth2.sdk.id.Audience;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import net.jcip.annotations.Immutable;

@Immutable
/* loaded from: input_file:web-author-ai-positron-enterprise-plugin-4.0.0-SNAPSHOT/lib/oauth2-oidc-sdk-11.18.jar:com/nimbusds/openid/connect/sdk/federation/entities/EntityStatementClaimsVerifier.class */
public class EntityStatementClaimsVerifier extends DefaultJWTClaimsVerifier {
    private final boolean isSelfIssued;

    public EntityStatementClaimsVerifier() {
        super(null, new HashSet(Arrays.asList("iss", "sub", "iat", "exp", EntityStatementClaimsSet.JWKS_CLAIM_NAME)));
        this.isSelfIssued = true;
    }

    public EntityStatementClaimsVerifier(Audience audience) {
        super(audience != null ? audience.getValue() : null, null, new HashSet(Arrays.asList("iss", "sub", "iat", "exp")));
        this.isSelfIssued = false;
    }

    @Override // com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier, com.nimbusds.jwt.proc.JWTClaimsSetVerifier
    public void verify(JWTClaimsSet jWTClaimsSet, SecurityContext securityContext) throws BadJWTException {
        super.verify(jWTClaimsSet, securityContext);
        if (this.isSelfIssued && !jWTClaimsSet.getIssuer().equals(jWTClaimsSet.getSubject())) {
            throw new BadJWTException("JWT not self-issued");
        }
        if (!DateUtils.isBefore(jWTClaimsSet.getIssueTime(), new Date(), getMaxClockSkew())) {
            throw new BadJWTException("JWT issue time after current time");
        }
    }
}
