package com.lightricks.auth.fortress;

import android.util.Base64;
import com.lightricks.auth.fortress.FortressJWTVerifyer;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Clock;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.SignatureException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.List;
import kotlin.Lazy;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import timber.log.Timber;

@Metadata
/* loaded from: classes3.dex */
public final class FortressLocalRSA256JwtVerifyer implements FortressJWTVerifyer {

    @NotNull
    public static final Companion d = new Companion(null);

    @NotNull
    public final Configuration a;

    @NotNull
    public final Clock b;

    @NotNull
    public final Lazy c;

    @Metadata
    /* loaded from: classes3.dex */
    public static final class Companion {
        public Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @Metadata
    /* loaded from: classes3.dex */
    public static final class Configuration {

        @NotNull
        public final String a;

        @NotNull
        public final String b;

        @NotNull
        public final String c;

        @NotNull
        public final List<String> d;

        @NotNull
        public final String e;
        public final long f;

        public final long a() {
            return this.f;
        }

        @NotNull
        public final String b() {
            return this.c;
        }

        @NotNull
        public final List<String> c() {
            return this.d;
        }

        @NotNull
        public final String d() {
            return this.e;
        }

        @NotNull
        public final String e() {
            return this.a;
        }

        public boolean equals(@Nullable Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Configuration)) {
                return false;
            }
            Configuration configuration = (Configuration) obj;
            return Intrinsics.a(this.a, configuration.a) && Intrinsics.a(this.b, configuration.b) && Intrinsics.a(this.c, configuration.c) && Intrinsics.a(this.d, configuration.d) && Intrinsics.a(this.e, configuration.e) && this.f == configuration.f;
        }

        @NotNull
        public final String f() {
            return this.b;
        }

        public int hashCode() {
            return (((((((((this.a.hashCode() * 31) + this.b.hashCode()) * 31) + this.c.hashCode()) * 31) + this.d.hashCode()) * 31) + this.e.hashCode()) * 31) + Long.hashCode(this.f);
        }

        @NotNull
        public String toString() {
            return "Configuration(publicKeyExponent=" + this.a + ", publicKeyModulus=" + this.b + ", expectedAudience=" + this.c + ", expectedIdps=" + this.d + ", expectedIssuer=" + this.e + ", allowedLeeway=" + this.f + ')';
        }
    }

    @Metadata
    /* loaded from: classes3.dex */
    public static final class InvalidPublicKeyException extends RuntimeException {
        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public InvalidPublicKeyException(@NotNull String message, @NotNull Exception innerException) {
            super(message, innerException);
            Intrinsics.e(message, "message");
            Intrinsics.e(innerException, "innerException");
        }
    }

    @Override // com.lightricks.auth.fortress.FortressJWTVerifyer
    @NotNull
    public FortressJWTVerifyer.VerificationResult a(@NotNull String jwtToken) {
        Intrinsics.e(jwtToken, "jwtToken");
        try {
            Jws<Claims> parseClaimsJws = Jwts.parserBuilder().requireAudience(this.a.b()).requireIssuer(this.a.d()).setSigningKey(e()).setClock(this.b).setAllowedClockSkewSeconds(this.a.a()).build().parseClaimsJws(jwtToken);
            String idp = (String) parseClaimsJws.getBody().get("idp", String.class);
            if (this.a.c().contains(idp)) {
                String ltId = (String) parseClaimsJws.getBody().get(Claims.SUBJECT, String.class);
                long time = parseClaimsJws.getBody().getExpiration().getTime();
                Intrinsics.d(ltId, "ltId");
                Intrinsics.d(idp, "idp");
                return new FortressJWTVerifyer.VerificationResult.Valid(time, ltId, idp);
            }
            String str = "Failed sign: " + jwtToken + ", msg: invalid idp: " + ((Object) idp);
            Timber.a.t("Fꀫ").c(str, new Object[0]);
            return new FortressJWTVerifyer.VerificationResult.Invalid(str);
        } catch (ExpiredJwtException e) {
            Timber.Forest forest = Timber.a;
            forest.t("Fꀫ").e(e, "Failed exp: " + jwtToken + ", msg: " + ((Object) e.getMessage()), new Object[0]);
            Claims claims = e.getClaims();
            String idp2 = (String) claims.get("idp", String.class);
            if (this.a.c().contains(idp2)) {
                String ltId2 = (String) claims.get(Claims.SUBJECT, String.class);
                Intrinsics.d(ltId2, "ltId");
                Intrinsics.d(idp2, "idp");
                return new FortressJWTVerifyer.VerificationResult.Expired(ltId2, idp2);
            }
            String str2 = "Failed sign: " + jwtToken + ", msg: invalid idp: " + ((Object) idp2);
            forest.t("Fꀫ").c(str2, new Object[0]);
            return new FortressJWTVerifyer.VerificationResult.Invalid(str2);
        } catch (SignatureException e2) {
            String str3 = "Failed sign: " + jwtToken + ", msg: " + ((Object) e2.getMessage());
            Timber.a.t("Fꀫ").e(e2, str3, new Object[0]);
            return new FortressJWTVerifyer.VerificationResult.Invalid(str3);
        } catch (Exception e3) {
            String str4 = "Failed general: " + jwtToken + ", msg: " + ((Object) e3.getMessage());
            Timber.a.t("Fꀫ").e(e3, str4, new Object[0]);
            return new FortressJWTVerifyer.VerificationResult.Invalid(str4);
        }
    }

    public final PublicKey d(Configuration configuration) {
        try {
            PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.decode(configuration.f(), 8)), new BigInteger(1, Base64.decode(configuration.e(), 8))));
            Intrinsics.d(generatePublic, "kf.generatePublic(RSAPub…ySpec(modulus, exponent))");
            return generatePublic;
        } catch (NoSuchAlgorithmException e) {
            Timber.a.t("Fꀫ").d(e);
            throw new InvalidPublicKeyException("Invalid algorithm to generate public key", e);
        } catch (InvalidKeySpecException e2) {
            Timber.a.t("Fꀫ").d(e2);
            throw new InvalidPublicKeyException("Invalid public key", e2);
        }
    }

    public final PublicKey e() {
        return (PublicKey) this.c.getValue();
    }
}
