package net.openid.appauth;

import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.openid.appauth.AuthorizationException;
import org.json.JSONException;
import org.json.JSONObject;
import tw.j;
import tw.r;

/* loaded from: classes12.dex */
public final class c {
    private static final String KEY_NONCE = "nonce";

    /* renamed from: a, reason: collision with root package name */
    @NonNull
    public final String f35216a;

    /* renamed from: b, reason: collision with root package name */
    @NonNull
    public final String f35217b;

    /* renamed from: c, reason: collision with root package name */
    @NonNull
    public final List<String> f35218c;

    /* renamed from: d, reason: collision with root package name */
    @NonNull
    public final Long f35219d;

    /* renamed from: e, reason: collision with root package name */
    @NonNull
    public final Long f35220e;

    /* renamed from: f, reason: collision with root package name */
    @Nullable
    public final String f35221f;

    @Nullable
    public final String g;

    /* renamed from: h, reason: collision with root package name */
    @NonNull
    public final Map<String, Object> f35222h;

    /* renamed from: i, reason: collision with root package name */
    private static final Long f35213i = 1000L;

    /* renamed from: j, reason: collision with root package name */
    private static final Long f35214j = 600L;
    private static final String KEY_ISSUER = "iss";
    private static final String KEY_SUBJECT = "sub";
    private static final String KEY_AUDIENCE = "aud";
    private static final String KEY_EXPIRATION = "exp";
    private static final String KEY_ISSUED_AT = "iat";
    private static final String KEY_AUTHORIZED_PARTY = "azp";

    /* renamed from: k, reason: collision with root package name */
    private static final Set<String> f35215k = tw.a.a(KEY_ISSUER, KEY_SUBJECT, KEY_AUDIENCE, KEY_EXPIRATION, KEY_ISSUED_AT, "nonce", KEY_AUTHORIZED_PARTY);

    /* loaded from: classes12.dex */
    public static class a extends Exception {
        public a(String str) {
            super(str);
        }
    }

    @VisibleForTesting
    public c(@NonNull String str, @NonNull String str2, @NonNull List<String> list, @NonNull Long l11, @NonNull Long l12) {
        this(str, str2, list, l11, l12, null, null, Collections.emptyMap());
    }

    @VisibleForTesting
    public c(@NonNull String str, @NonNull String str2, @NonNull List<String> list, @NonNull Long l11, @NonNull Long l12, @Nullable String str3, @Nullable String str4) {
        this(str, str2, list, l11, l12, str3, str4, Collections.emptyMap());
    }

    public c(@NonNull String str, @NonNull String str2, @NonNull List<String> list, @NonNull Long l11, @NonNull Long l12, @Nullable String str3, @Nullable String str4, @NonNull Map<String, Object> map) {
        this.f35216a = str;
        this.f35217b = str2;
        this.f35218c = list;
        this.f35219d = l11;
        this.f35220e = l12;
        this.f35221f = str3;
        this.g = str4;
        this.f35222h = map;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static c a(String str) throws JSONException, a {
        List list;
        String[] split = str.split("\\.");
        if (split.length <= 1) {
            throw new a("ID token must have both header and claims section");
        }
        b(split[0]);
        JSONObject b11 = b(split[1]);
        String e11 = d.e(b11, KEY_ISSUER);
        String e12 = d.e(b11, KEY_SUBJECT);
        try {
            list = d.g(b11, KEY_AUDIENCE);
        } catch (JSONException unused) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(d.e(b11, KEY_AUDIENCE));
            list = arrayList;
        }
        Long valueOf = Long.valueOf(b11.getLong(KEY_EXPIRATION));
        Long valueOf2 = Long.valueOf(b11.getLong(KEY_ISSUED_AT));
        String f11 = d.f(b11, "nonce");
        String f12 = d.f(b11, KEY_AUTHORIZED_PARTY);
        Iterator<String> it2 = f35215k.iterator();
        while (it2.hasNext()) {
            b11.remove(it2.next());
        }
        return new c(e11, e12, list, valueOf, valueOf2, f11, f12, d.y(b11));
    }

    private static JSONObject b(String str) throws JSONException {
        return new JSONObject(new String(Base64.decode(str, 8)));
    }

    @VisibleForTesting
    public void c(@NonNull r rVar, j jVar) throws AuthorizationException {
        d(rVar, jVar, false);
    }

    public void d(@NonNull r rVar, j jVar, boolean z11) throws AuthorizationException {
        AuthorizationServiceDiscovery authorizationServiceDiscovery = rVar.f44712a.f35208e;
        if (authorizationServiceDiscovery != null) {
            if (!this.f35216a.equals(authorizationServiceDiscovery.o())) {
                throw AuthorizationException.m(AuthorizationException.b.f35122j, new a("Issuer mismatch"));
            }
            Uri parse = Uri.parse(this.f35216a);
            if (!z11 && !parse.getScheme().equals("https")) {
                throw AuthorizationException.m(AuthorizationException.b.f35122j, new a("Issuer must be an https URL"));
            }
            if (TextUtils.isEmpty(parse.getHost())) {
                throw AuthorizationException.m(AuthorizationException.b.f35122j, new a("Issuer host can not be empty"));
            }
            if (parse.getFragment() != null || parse.getQueryParameterNames().size() > 0) {
                throw AuthorizationException.m(AuthorizationException.b.f35122j, new a("Issuer URL should not containt query parameters or fragment components"));
            }
        }
        String str = rVar.f44714c;
        if (!this.f35218c.contains(str) && !str.equals(this.g)) {
            throw AuthorizationException.m(AuthorizationException.b.f35122j, new a("Audience mismatch"));
        }
        Long valueOf = Long.valueOf(jVar.a() / f35213i.longValue());
        if (valueOf.longValue() > this.f35219d.longValue()) {
            throw AuthorizationException.m(AuthorizationException.b.f35122j, new a("ID Token expired"));
        }
        if (Math.abs(valueOf.longValue() - this.f35220e.longValue()) > f35214j.longValue()) {
            throw AuthorizationException.m(AuthorizationException.b.f35122j, new a("Issued at time is more than 10 minutes before or after the current time"));
        }
        if ("authorization_code".equals(rVar.f44715d)) {
            if (!TextUtils.equals(this.f35221f, rVar.f44713b)) {
                throw AuthorizationException.m(AuthorizationException.b.f35122j, new a("Nonce mismatch"));
            }
        }
    }
}
