package net.openid.appauth;

import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.facebook.common.util.UriUtil;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.openid.appauth.AuthorizationException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes6.dex */
public class IdToken {

    /* renamed from: a, reason: collision with root package name */
    private static final Long f45711a = 1000L;

    /* renamed from: b, reason: collision with root package name */
    private static final Long f45712b = 600L;

    /* renamed from: c, reason: collision with root package name */
    private static final Set<String> f45713c = net.openid.appauth.a.a("iss", "sub", "aud", "exp", "iat", "nonce", "azp");

    @NonNull
    public final Map<String, Object> additionalClaims;

    @NonNull
    public final List<String> audience;

    @Nullable
    public final String authorizedParty;

    @NonNull
    public final Long expiration;

    @NonNull
    public final Long issuedAt;

    @NonNull
    public final String issuer;

    @Nullable
    public final String nonce;

    @NonNull
    public final String subject;

    /* loaded from: classes6.dex */
    static class a extends Exception {
        a(String str) {
            super(str);
        }
    }

    IdToken(@NonNull String str, @NonNull String str2, @NonNull List<String> list, @NonNull Long l3, @NonNull Long l4, @Nullable String str3, @Nullable String str4, @NonNull Map<String, Object> map) {
        this.issuer = str;
        this.subject = str2;
        this.audience = list;
        this.expiration = l3;
        this.issuedAt = l4;
        this.nonce = str3;
        this.authorizedParty = str4;
        this.additionalClaims = map;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public static IdToken a(String str) throws JSONException, a {
        List list;
        String[] split = str.split("\\.");
        if (split.length <= 1) {
            throw new a("ID token must have both header and claims section");
        }
        b(split[0]);
        JSONObject b4 = b(split[1]);
        String e4 = e.e(b4, "iss");
        String e5 = e.e(b4, "sub");
        try {
            list = e.g(b4, "aud");
        } catch (JSONException unused) {
            List arrayList = new ArrayList();
            arrayList.add(e.e(b4, "aud"));
            list = arrayList;
        }
        Long valueOf = Long.valueOf(b4.getLong("exp"));
        Long valueOf2 = Long.valueOf(b4.getLong("iat"));
        String f4 = e.f(b4, "nonce");
        String f5 = e.f(b4, "azp");
        Iterator<String> it = f45713c.iterator();
        while (it.hasNext()) {
            b4.remove(it.next());
        }
        return new IdToken(e4, e5, list, valueOf, valueOf2, f4, f5, e.x(b4));
    }

    private static JSONObject b(String str) throws JSONException {
        return new JSONObject(new String(Base64.decode(str, 8)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void c(@NonNull TokenRequest tokenRequest, d dVar, boolean z3) throws AuthorizationException {
        AuthorizationServiceDiscovery authorizationServiceDiscovery = tokenRequest.configuration.discoveryDoc;
        if (authorizationServiceDiscovery != null) {
            if (!this.issuer.equals(authorizationServiceDiscovery.getIssuer())) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issuer mismatch"));
            }
            Uri parse = Uri.parse(this.issuer);
            if (!z3 && !parse.getScheme().equals(UriUtil.HTTPS_SCHEME)) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issuer must be an https URL"));
            }
            if (TextUtils.isEmpty(parse.getHost())) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issuer host can not be empty"));
            }
            if (parse.getFragment() != null || parse.getQueryParameterNames().size() > 0) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issuer URL should not containt query parameters or fragment components"));
            }
        }
        String str = tokenRequest.clientId;
        if (!this.audience.contains(str) && !str.equals(this.authorizedParty)) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Audience mismatch"));
        }
        Long valueOf = Long.valueOf(dVar.getCurrentTimeMillis() / f45711a.longValue());
        if (valueOf.longValue() > this.expiration.longValue()) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("ID Token expired"));
        }
        if (Math.abs(valueOf.longValue() - this.issuedAt.longValue()) > f45712b.longValue()) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issued at time is more than 10 minutes before or after the current time"));
        }
        if (GrantTypeValues.AUTHORIZATION_CODE.equals(tokenRequest.grantType)) {
            if (!TextUtils.equals(this.nonce, tokenRequest.nonce)) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Nonce mismatch"));
            }
        }
    }
}
