package net.openid.appauth;

import Ko.o;
import Ko.p;
import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import io.jsonwebtoken.Claims;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.openid.appauth.AuthorizationException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes5.dex */
public final class IdToken {

    /* renamed from: h, reason: collision with root package name */
    public static final Set<String> f61706h = Ko.a.a(Claims.ISSUER, Claims.SUBJECT, Claims.AUDIENCE, Claims.EXPIRATION, Claims.ISSUED_AT, "nonce", "azp");

    /* renamed from: a, reason: collision with root package name */
    @NonNull
    public final String f61707a;

    /* renamed from: b, reason: collision with root package name */
    @NonNull
    public final List<String> f61708b;

    /* renamed from: c, reason: collision with root package name */
    @NonNull
    public final Long f61709c;

    /* renamed from: d, reason: collision with root package name */
    @NonNull
    public final Long f61710d;

    /* renamed from: e, reason: collision with root package name */
    public final String f61711e;

    /* renamed from: f, reason: collision with root package name */
    public final String f61712f;

    /* renamed from: g, reason: collision with root package name */
    @NonNull
    public final Map<String, Object> f61713g;

    /* loaded from: classes5.dex */
    public static class IdTokenException extends Exception {
        public IdTokenException(String str) {
            super(str);
        }
    }

    public IdToken(@NonNull String str, @NonNull ArrayList arrayList, @NonNull Long l10, @NonNull Long l11, String str2, String str3, @NonNull HashMap hashMap) {
        this.f61707a = str;
        this.f61708b = arrayList;
        this.f61709c = l10;
        this.f61710d = l11;
        this.f61711e = str2;
        this.f61712f = str3;
    }

    public static IdToken a(String str) throws JSONException, IdTokenException {
        ArrayList arrayList;
        String[] split = str.split("\\.");
        if (split.length <= 1) {
            throw new IdTokenException("ID token must have both header and claims section");
        }
        new JSONObject(new String(Base64.decode(split[0], 8)));
        JSONObject jSONObject = new JSONObject(new String(Base64.decode(split[1], 8)));
        String c10 = d.c(jSONObject, Claims.ISSUER);
        d.c(jSONObject, Claims.SUBJECT);
        try {
        } catch (JSONException unused) {
            arrayList = new ArrayList();
            arrayList.add(d.c(jSONObject, Claims.AUDIENCE));
        }
        if (!jSONObject.has(Claims.AUDIENCE)) {
            throw new JSONException("field \"aud\" not found in json object");
        }
        arrayList = d.s(jSONObject.getJSONArray(Claims.AUDIENCE));
        ArrayList arrayList2 = arrayList;
        Long valueOf = Long.valueOf(jSONObject.getLong(Claims.EXPIRATION));
        Long valueOf2 = Long.valueOf(jSONObject.getLong(Claims.ISSUED_AT));
        String d10 = d.d(jSONObject, "nonce");
        String d11 = d.d(jSONObject, "azp");
        Iterator<String> it = f61706h.iterator();
        while (it.hasNext()) {
            jSONObject.remove(it.next());
        }
        return new IdToken(c10, arrayList2, valueOf, valueOf2, d10, d11, d.r(jSONObject));
    }

    public final void b(@NonNull p pVar, o oVar, boolean z10) throws AuthorizationException {
        AuthorizationServiceDiscovery authorizationServiceDiscovery = pVar.f5486a.f61747e;
        if (authorizationServiceDiscovery != null) {
            String str = (String) authorizationServiceDiscovery.a(AuthorizationServiceDiscovery.f61699b);
            String str2 = this.f61707a;
            if (!str2.equals(str)) {
                throw AuthorizationException.fromTemplate(AuthorizationException.b.f61690f, new IdTokenException("Issuer mismatch"));
            }
            Uri parse = Uri.parse(str2);
            if (!z10 && !parse.getScheme().equals("https")) {
                throw AuthorizationException.fromTemplate(AuthorizationException.b.f61690f, new IdTokenException("Issuer must be an https URL"));
            }
            if (TextUtils.isEmpty(parse.getHost())) {
                throw AuthorizationException.fromTemplate(AuthorizationException.b.f61690f, new IdTokenException("Issuer host can not be empty"));
            }
            if (parse.getFragment() != null || parse.getQueryParameterNames().size() > 0) {
                throw AuthorizationException.fromTemplate(AuthorizationException.b.f61690f, new IdTokenException("Issuer URL should not containt query parameters or fragment components"));
            }
        }
        List<String> list = this.f61708b;
        String str3 = pVar.f5488c;
        if (!list.contains(str3) && !str3.equals(this.f61712f)) {
            throw AuthorizationException.fromTemplate(AuthorizationException.b.f61690f, new IdTokenException("Audience mismatch"));
        }
        oVar.getClass();
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (currentTimeMillis > this.f61709c.longValue()) {
            throw AuthorizationException.fromTemplate(AuthorizationException.b.f61690f, new IdTokenException("ID Token expired"));
        }
        if (Math.abs(currentTimeMillis - this.f61710d.longValue()) > 600) {
            throw AuthorizationException.fromTemplate(AuthorizationException.b.f61690f, new IdTokenException("Issued at time is more than 10 minutes before or after the current time"));
        }
        if ("authorization_code".equals(pVar.f5489d)) {
            if (!TextUtils.equals(this.f61711e, pVar.f5487b)) {
                throw AuthorizationException.fromTemplate(AuthorizationException.b.f61690f, new IdTokenException("Nonce mismatch"));
            }
        }
    }
}
