package com.amazon.identity.auth.device.workflow;

import android.net.Uri;
import com.amazon.identity.auth.device.AuthError;
import com.amazon.identity.auth.device.utils.JSONUtils;
import com.amazon.identity.auth.device.utils.JWTDecoder;
import java.util.List;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class WorkflowToken {

    /* renamed from: a, reason: collision with root package name */
    public final String f3382a;

    /* renamed from: b, reason: collision with root package name */
    public final String[] f3383b;

    /* renamed from: c, reason: collision with root package name */
    public final List<String> f3384c;

    public WorkflowToken(String str) throws AuthError {
        JSONObject a2 = new JWTDecoder().a(str);
        if (a2 == null) {
            throw new AuthError("Workflow Token is invalid", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        if (!a2.optString("type").equals("WorkflowToken")) {
            throw new AuthError("Workflow Token has invalid type", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        if (!a2.optString("iss").equals("Amazon")) {
            throw new AuthError("Workflow Token has invalid issuer", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        String optString = a2.optString("clientId");
        this.f3382a = optString;
        if (optString == null) {
            throw new AuthError("Workflow Token missing clientId", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        String[] a3 = JSONUtils.a(a2, "scopes");
        this.f3383b = a3;
        if (a3 == null) {
            throw new AuthError("Workflow Token missing scopes", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        List<String> b2 = JSONUtils.b(a2, "workflowEndpoints");
        this.f3384c = b2;
        if (b2 == null) {
            throw new AuthError("Workflow Token missing endpoints", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
    }

    public void a(String str) throws AuthError {
        if (!this.f3384c.contains(d(str).toString())) {
            throw new AuthError(String.format("Workflow URL %s is not allowed", str), AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
    }

    public String b() {
        return this.f3382a;
    }

    public String[] c() {
        return this.f3383b;
    }

    public final Uri d(String str) {
        return Uri.parse(str).buildUpon().query("").fragment("").build();
    }
}
