package com.ibm.ws.security.openidconnect.token;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.openidconnect.clients.common.OidcUtil;
import com.ibm.ws.security.openidconnect.token.impl.IdTokenImpl;
import java.util.Iterator;
import java.util.List;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/openidconnect/token/IDToken.class */
public class IDToken extends JWT {
    private static final TraceComponent tc = Tr.register(IDToken.class, "OpenIdConnect", "com.ibm.ws.security.openidconnect.common.internal.resources.OidcCommonMessages");
    Payload payload;
    String ath;
    static final long serialVersionUID = 5380828378834957669L;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.ibm.ws.security.openidconnect.token.IDToken$1, reason: invalid class name */
    /* loaded from: input_file:com/ibm/ws/security/openidconnect/token/IDToken$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter = new int[PayloadParameter.values().length];

        static {
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.EXP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.NBF.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.IAT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.ISS.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.AUD.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.JTI.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.TYP.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.SUB.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.AUTH_TIME.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.AZP.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.NONCE.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.AT_HASH.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.ACR.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.AMR.ordinal()] = 14;
            } catch (NoSuchFieldError e14) {
            }
        }
    }

    public IDToken(JWSHeader jWSHeader, Payload payload, @Sensitive Object obj) {
        super(jWSHeader, payload, obj);
        this.payload = null;
        this.ath = null;
        this.payload = payload;
    }

    public IDToken(JWSHeader jWSHeader, Payload payload) {
        super(jWSHeader, payload);
        this.payload = null;
        this.ath = null;
        this.payload = payload;
    }

    public IDToken(JWSHeader jWSHeader, Payload payload, @Sensitive Object obj, String str) {
        super(jWSHeader, payload, obj);
        this.payload = null;
        this.ath = null;
        this.payload = payload;
        if (str != null) {
            this.payload.setAccessTokenHash(accessTokenHash(str));
        }
    }

    public IDToken(String str, @Sensitive Object obj, String str2, String str3, String str4) {
        super(str, obj, str2, str3, str4);
        this.payload = null;
        this.ath = null;
        this.payload = new Payload();
    }

    public IDToken(String str, @Sensitive String str2, String str3, String str4) {
        super(str, str2, str3, str4);
        this.payload = null;
        this.ath = null;
        this.payload = new Payload();
    }

    public IDToken(String str, @Sensitive Object obj, String str2, String str3, String str4, String str5) {
        super(str, obj, str2, str3, str4);
        this.payload = null;
        this.ath = null;
        this.payload = new Payload();
        if (str5 != null) {
            this.ath = accessTokenHash(str5);
        }
    }

    public String accessTokenHash(String str) {
        return JsonTokenUtil.accessTokenHash(str);
    }

    public boolean verifyAccessTokenHash(String str) {
        String decodeFromBase64String = JsonTokenUtil.decodeFromBase64String(str);
        String decodeFromBase64String2 = JsonTokenUtil.decodeFromBase64String(this.ath);
        return decodeFromBase64String2 != null && decodeFromBase64String2.equalsIgnoreCase(decodeFromBase64String);
    }

    @Override // com.ibm.ws.security.openidconnect.token.JWT
    public Payload getPayload() {
        return this.payload;
    }

    @FFDCIgnore({IllegalArgumentException.class})
    protected void addToPayloadFields(String str) {
        try {
            switch (AnonymousClass1.$SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.valueOf(str.toUpperCase()).ordinal()]) {
                case 1:
                    this.payload.setExpirationTimeSeconds((Long) this.payload.get("exp"));
                    break;
                case 2:
                    this.payload.setNotBeforeTimeSeconds((Long) this.payload.get(PayloadConstants.NOT_BEFORE_TIME_IN_SECS));
                    break;
                case 3:
                    this.payload.setIssuedAtTimeSeconds((Long) this.payload.get("iat"));
                    break;
                case 4:
                    this.payload.setIssuer((String) this.payload.get("iss"));
                    break;
                case 5:
                    this.payload.setAudience(this.payload.get("aud"));
                    break;
                case 6:
                    this.payload.setJwtId((String) this.payload.get("jti"));
                    break;
                case 7:
                    this.payload.setType((String) this.payload.get("typ"));
                    break;
                case 8:
                    this.payload.setSubject((String) this.payload.get("sub"));
                    break;
                case OidcUtil.RANDOM_LENGTH /* 9 */:
                    this.payload.setAuthorizationTimeSeconds((Long) this.payload.get(PayloadConstants.AUTHZ_TIME_IN_SECS));
                    break;
                case 10:
                    this.payload.setAuthorizedParty((String) this.payload.get(PayloadConstants.AUTHORIZED_PARTY));
                    break;
                case 11:
                    this.payload.setNonce((String) this.payload.get("nonce"));
                    break;
                case 12:
                    this.payload.setAccessTokenHash((String) this.payload.get(PayloadConstants.AT_HASH));
                    break;
                case 13:
                    this.payload.setClassReference((String) this.payload.get(PayloadConstants.CLASS_REFERENCE));
                    break;
                case 14:
                    this.payload.setMethodsReferences((List) this.payload.get(PayloadConstants.METHODS_REFERENCE));
                    break;
            }
        } catch (IllegalArgumentException e) {
        }
    }

    @FFDCIgnore({IllegalArgumentException.class})
    protected void addToPayloadFields(IdTokenImpl idTokenImpl, String str) {
        try {
            switch (AnonymousClass1.$SwitchMap$com$ibm$ws$security$openidconnect$token$PayloadParameter[PayloadParameter.valueOf(str.toUpperCase()).ordinal()]) {
                case 1:
                    idTokenImpl.setExpirationTimeSeconds(((Long) this.payload.get("exp")).longValue());
                    break;
                case 2:
                    idTokenImpl.setNotBeforeTimeSeconds(((Long) this.payload.get(PayloadConstants.NOT_BEFORE_TIME_IN_SECS)).longValue());
                    break;
                case 3:
                    idTokenImpl.setIssuedAtTimeSeconds(((Long) this.payload.get("iat")).longValue());
                    break;
                case 4:
                    idTokenImpl.setIssuer((String) this.payload.get("iss"));
                    break;
                case 5:
                    idTokenImpl.setAudience(this.payload.get("aud"));
                    break;
                case 6:
                    idTokenImpl.setJwtId((String) this.payload.get("jti"));
                    break;
                case 7:
                    idTokenImpl.setType((String) this.payload.get("typ"));
                    break;
                case 8:
                    idTokenImpl.setSubject((String) this.payload.get("sub"));
                    break;
                case OidcUtil.RANDOM_LENGTH /* 9 */:
                    idTokenImpl.setAuthorizationTimeSeconds(((Long) this.payload.get(PayloadConstants.AUTHZ_TIME_IN_SECS)).longValue());
                    break;
                case 10:
                    idTokenImpl.setAuthorizedParty((String) this.payload.get(PayloadConstants.AUTHORIZED_PARTY));
                    break;
                case 11:
                    idTokenImpl.setNonce((String) this.payload.get("nonce"));
                    break;
                case 12:
                    idTokenImpl.setAccessTokenHash((String) this.payload.get(PayloadConstants.AT_HASH));
                    break;
                case 13:
                    idTokenImpl.setClassReference((String) this.payload.get(PayloadConstants.CLASS_REFERENCE));
                    break;
                case 14:
                    idTokenImpl.setMethodsReferences((List) this.payload.get(PayloadConstants.METHODS_REFERENCE));
                    break;
                default:
                    idTokenImpl.setOtherClaims(str, this.payload.get(str));
                    break;
            }
        } catch (IllegalArgumentException e) {
            idTokenImpl.setOtherClaims(str, this.payload.get(str));
        }
    }

    protected void addToPayload() {
        Iterator it = super.getPayload().keySet().iterator();
        while (it.hasNext()) {
            addToPayloadFields((String) it.next());
        }
    }

    public void addToIdTokenImpl(IdTokenImpl idTokenImpl) {
        Iterator it = super.getPayload().keySet().iterator();
        while (it.hasNext()) {
            addToPayloadFields(idTokenImpl, (String) it.next());
        }
        if (getClientId() != null) {
            idTokenImpl.setClientId(getClientId());
        }
    }

    @Override // com.ibm.ws.security.openidconnect.token.JWT
    public boolean verify() throws IDTokenValidationFailedException {
        return verify(180L);
    }

    @Override // com.ibm.ws.security.openidconnect.token.JWT
    public boolean verify(long j) throws IDTokenValidationFailedException {
        return verify(j, getKey());
    }

    @Override // com.ibm.ws.security.openidconnect.token.JWT
    @FFDCIgnore({IDTokenValidationFailedException.class})
    public boolean verify(long j, Object obj) throws IDTokenValidationFailedException {
        boolean z = false;
        try {
            if (super.verify(j, obj)) {
                this.payload.putAll(super.getPayload());
                addToPayload();
                if (this.payload.getAccessTokenHash() != null) {
                    String accessTokenHash = this.payload.getAccessTokenHash();
                    if (this.ath == null) {
                        Tr.error(tc, "OIDC_IDTOKEN_VERIFY_ATHASH_ERR", new Object[]{getClientId(), this.ath, accessTokenHash});
                        throw IDTokenValidationFailedException.format("OIDC_IDTOKEN_VERIFY_ATHASH_ERR", getClientId(), this.ath, accessTokenHash);
                    }
                    if (!verifyAccessTokenHash(accessTokenHash)) {
                        Tr.error(tc, "OIDC_IDTOKEN_VERIFY_ATHASH_ERR", new Object[]{getClientId(), this.ath, accessTokenHash});
                        throw IDTokenValidationFailedException.format("OIDC_IDTOKEN_VERIFY_ATHASH_ERR", getClientId(), this.ath, accessTokenHash);
                    }
                    z = true;
                } else {
                    z = true;
                }
            }
            return z;
        } catch (IDTokenValidationFailedException e) {
            throw e;
        }
    }
}
