package com.appiancorp.security.auth.mobile;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/appiancorp/security/auth/mobile/MobileAuthTokenValidator.class */
public class MobileAuthTokenValidator {
    public void validate(MobileAuthToken mobileAuthToken, String str) throws MobileAuthTokenException {
        validateTokenHasNotExpired(mobileAuthToken.getTimestamp());
        validatePKCECodeChallenge(mobileAuthToken, str);
    }

    private void validateTokenHasNotExpired(long j) throws MobileAuthTokenException {
        long j2 = j + 60000;
        if (j2 < System.currentTimeMillis()) {
            throw new MobileAuthTokenException("Authentication token is not valid. It expired at: " + j2);
        }
        if (j > System.currentTimeMillis() + 15000) {
            throw new MobileAuthTokenException("Authentication token is not valid. It is from the future: " + j);
        }
    }

    private void validatePKCECodeChallenge(MobileAuthToken mobileAuthToken, String str) throws MobileAuthTokenException {
        if (!generateCodeChallenge(str).equals(mobileAuthToken.getPKCECodeChallenge())) {
            throw new MobileAuthTokenException("Code verifier is incorrect.");
        }
    }

    private String generateCodeChallenge(String str) throws MobileAuthTokenException {
        byte[] bytes = str.getBytes(StandardCharsets.US_ASCII);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bytes, 0, bytes.length);
            return Base64.encodeBase64URLSafeString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new MobileAuthTokenException("Cannot hash the code verifier. No such algorithm.", e);
        }
    }
}
