package io.corbel.iam.auth.rule;

import io.corbel.iam.auth.AuthorizationRequestContext;
import io.corbel.iam.auth.AuthorizationRule;
import io.corbel.iam.exception.UnauthorizedException;
import io.corbel.iam.exception.UnauthorizedTimeException;

/* loaded from: input_file:io/corbel/iam/auth/rule/MaxExpireAuthorizationRule.class */
public class MaxExpireAuthorizationRule implements AuthorizationRule {
    private final int maxExpirationInMillis;

    public MaxExpireAuthorizationRule(int i) {
        this.maxExpirationInMillis = i;
    }

    @Override // io.corbel.iam.auth.AuthorizationRule
    public void process(AuthorizationRequestContext authorizationRequestContext) throws UnauthorizedException {
        long currentTimeMillis = System.currentTimeMillis() + this.maxExpirationInMillis;
        if (authorizationRequestContext.getAuthorizationExpiration().longValue() > currentTimeMillis) {
            if (!authorizationRequestContext.getRequestedDomain().getCapabilities().getOrDefault("allowTokensWithInvalidExpirationTimes", true).booleanValue()) {
                throw new UnauthorizedTimeException("Authorization request exceds maximum expiration. Maximum is " + this.maxExpirationInMillis + " milliseconds since its issued time");
            }
            authorizationRequestContext.setAuthorizationExpiration(currentTimeMillis);
        }
    }
}
