package com.yahoo.athenz.auth.oauth.validator;

import com.yahoo.athenz.auth.oauth.token.OAuthJwtAccessToken;
import com.yahoo.athenz.auth.oauth.token.OAuthJwtAccessTokenException;
import com.yahoo.athenz.auth.util.Crypto;
import com.yahoo.athenz.auth.util.CryptoException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Base64;

/* loaded from: input_file:com/yahoo/athenz/auth/oauth/validator/OAuthJwtAccessTokenValidator.class */
public interface OAuthJwtAccessTokenValidator {
    void validate(OAuthJwtAccessToken oAuthJwtAccessToken) throws OAuthJwtAccessTokenException;

    void validateClientId(OAuthJwtAccessToken oAuthJwtAccessToken, String str) throws OAuthJwtAccessTokenException;

    void validateCertificateBinding(OAuthJwtAccessToken oAuthJwtAccessToken, String str) throws OAuthJwtAccessTokenException;

    default void validateCertificateBinding(OAuthJwtAccessToken oAuthJwtAccessToken, X509Certificate x509Certificate) throws OAuthJwtAccessTokenException {
        try {
            validateCertificateBinding(oAuthJwtAccessToken, getX509CertificateThumbprint(x509Certificate));
        } catch (CryptoException | CertificateEncodingException e) {
            throw new OAuthJwtAccessTokenException(e);
        }
    }

    default String getX509CertificateCommonName(X509Certificate x509Certificate) {
        return Crypto.extractX509CertCommonName(x509Certificate);
    }

    default String getX509CertificateThumbprint(X509Certificate x509Certificate) throws CertificateEncodingException, CryptoException {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(Crypto.sha256(x509Certificate.getEncoded()));
    }
}
