package net.openid.appauth;

import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import com.microsoft.identity.common.java.AuthenticationConstants;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.openid.appauth.AuthorizationException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes4.dex */
public class IdToken {

    /* renamed from: i, reason: collision with root package name */
    public static final Long f27179i = 1000L;

    /* renamed from: j, reason: collision with root package name */
    public static final Long f27180j = 600L;

    /* renamed from: k, reason: collision with root package name */
    public static final Set<String> f27181k = a.a("iss", "sub", "aud", "exp", "iat", "nonce", "azp");

    /* renamed from: a, reason: collision with root package name */
    public final String f27182a;

    /* renamed from: b, reason: collision with root package name */
    public final String f27183b;

    /* renamed from: c, reason: collision with root package name */
    public final List<String> f27184c;

    /* renamed from: d, reason: collision with root package name */
    public final Long f27185d;

    /* renamed from: e, reason: collision with root package name */
    public final Long f27186e;

    /* renamed from: f, reason: collision with root package name */
    public final String f27187f;

    /* renamed from: g, reason: collision with root package name */
    public final String f27188g;

    /* renamed from: h, reason: collision with root package name */
    public final Map<String, Object> f27189h;

    /* loaded from: classes4.dex */
    public static class IdTokenException extends Exception {
        public IdTokenException(String str) {
            super(str);
        }
    }

    public IdToken(String str, String str2, List<String> list, Long l10, Long l11, String str3, String str4, Map<String, Object> map) {
        this.f27182a = str;
        this.f27183b = str2;
        this.f27184c = list;
        this.f27185d = l10;
        this.f27186e = l11;
        this.f27187f = str3;
        this.f27188g = str4;
        this.f27189h = map;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static IdToken a(String str) {
        List list;
        String[] split = str.split("\\.");
        if (split.length <= 1) {
            throw new IdTokenException("ID token must have both header and claims section");
        }
        b(split[0]);
        JSONObject b10 = b(split[1]);
        String d10 = o.d(b10, "iss");
        String d11 = o.d(b10, "sub");
        try {
            list = o.f(b10, "aud");
        } catch (JSONException unused) {
            List arrayList = new ArrayList();
            arrayList.add(o.d(b10, "aud"));
            list = arrayList;
        }
        Long valueOf = Long.valueOf(b10.getLong("exp"));
        Long valueOf2 = Long.valueOf(b10.getLong("iat"));
        String e10 = o.e(b10, "nonce");
        String e11 = o.e(b10, "azp");
        Iterator<String> it2 = f27181k.iterator();
        while (it2.hasNext()) {
            b10.remove(it2.next());
        }
        return new IdToken(d10, d11, list, valueOf, valueOf2, e10, e11, o.w(b10));
    }

    public static JSONObject b(String str) {
        return new JSONObject(new String(Base64.decode(str, 8)));
    }

    public void c(t tVar, k kVar, boolean z10) {
        AuthorizationServiceDiscovery authorizationServiceDiscovery = tVar.f27311a.f27280e;
        if (authorizationServiceDiscovery != null) {
            if (!this.f27182a.equals(authorizationServiceDiscovery.e())) {
                throw AuthorizationException.fromTemplate(AuthorizationException.b.f27126j, new IdTokenException("Issuer mismatch"));
            }
            Uri parse = Uri.parse(this.f27182a);
            if (!z10 && !parse.getScheme().equals(AuthenticationConstants.HTTPS_PROTOCOL_STRING)) {
                throw AuthorizationException.fromTemplate(AuthorizationException.b.f27126j, new IdTokenException("Issuer must be an https URL"));
            }
            if (TextUtils.isEmpty(parse.getHost())) {
                throw AuthorizationException.fromTemplate(AuthorizationException.b.f27126j, new IdTokenException("Issuer host can not be empty"));
            }
            if (parse.getFragment() != null || parse.getQueryParameterNames().size() > 0) {
                throw AuthorizationException.fromTemplate(AuthorizationException.b.f27126j, new IdTokenException("Issuer URL should not containt query parameters or fragment components"));
            }
        }
        String str = tVar.f27313c;
        if (!this.f27184c.contains(str) && !str.equals(this.f27188g)) {
            throw AuthorizationException.fromTemplate(AuthorizationException.b.f27126j, new IdTokenException("Audience mismatch"));
        }
        Long valueOf = Long.valueOf(kVar.getCurrentTimeMillis() / f27179i.longValue());
        if (valueOf.longValue() > this.f27185d.longValue()) {
            throw AuthorizationException.fromTemplate(AuthorizationException.b.f27126j, new IdTokenException("ID Token expired"));
        }
        if (Math.abs(valueOf.longValue() - this.f27186e.longValue()) > f27180j.longValue()) {
            throw AuthorizationException.fromTemplate(AuthorizationException.b.f27126j, new IdTokenException("Issued at time is more than 10 minutes before or after the current time"));
        }
        if ("authorization_code".equals(tVar.f27314d)) {
            if (!TextUtils.equals(this.f27187f, tVar.f27312b)) {
                throw AuthorizationException.fromTemplate(AuthorizationException.b.f27126j, new IdTokenException("Nonce mismatch"));
            }
        }
    }
}
