package net.openid.appauth;

import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import io.jsonwebtoken.Claims;
import java.util.ArrayList;
import java.util.List;
import net.openid.appauth.AuthorizationException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes7.dex */
class IdToken {

    /* renamed from: g, reason: collision with root package name */
    private static final Long f50567g = 1000L;

    /* renamed from: h, reason: collision with root package name */
    private static final Long f50568h = 600L;

    /* renamed from: a, reason: collision with root package name */
    public final String f50569a;

    /* renamed from: b, reason: collision with root package name */
    public final String f50570b;

    /* renamed from: c, reason: collision with root package name */
    public final List<String> f50571c;

    /* renamed from: d, reason: collision with root package name */
    public final Long f50572d;

    /* renamed from: e, reason: collision with root package name */
    public final Long f50573e;

    /* renamed from: f, reason: collision with root package name */
    public final String f50574f;

    /* loaded from: classes7.dex */
    static class IdTokenException extends Exception {
        IdTokenException(String str) {
            super(str);
        }
    }

    IdToken(@NonNull String str, @NonNull String str2, @NonNull List<String> list, @NonNull Long l2, @NonNull Long l3, @Nullable String str3) {
        this.f50569a = str;
        this.f50570b = str2;
        this.f50571c = list;
        this.f50572d = l2;
        this.f50573e = l3;
        this.f50574f = str3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public static IdToken a(String str) throws JSONException, IdTokenException {
        List list;
        String[] split = str.split("\\.");
        if (split.length <= 1) {
            throw new IdTokenException("ID token must have both header and claims section");
        }
        b(split[0]);
        JSONObject b2 = b(split[1]);
        String d2 = d.d(b2, Claims.ISSUER);
        String d3 = d.d(b2, Claims.SUBJECT);
        try {
            list = d.f(b2, Claims.AUDIENCE);
        } catch (JSONException unused) {
            List arrayList = new ArrayList();
            arrayList.add(d.d(b2, Claims.AUDIENCE));
            list = arrayList;
        }
        return new IdToken(d2, d3, list, Long.valueOf(b2.getLong(Claims.EXPIRATION)), Long.valueOf(b2.getLong(Claims.ISSUED_AT)), d.e(b2, "nonce"));
    }

    private static JSONObject b(String str) throws JSONException {
        return new JSONObject(new String(Base64.decode(str, 8)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void c(@NonNull TokenRequest tokenRequest, c cVar) throws AuthorizationException {
        AuthorizationServiceDiscovery authorizationServiceDiscovery = tokenRequest.configuration.discoveryDoc;
        if (authorizationServiceDiscovery != null) {
            if (!this.f50569a.equals(authorizationServiceDiscovery.getIssuer())) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new IdTokenException("Issuer mismatch"));
            }
            Uri parse = Uri.parse(this.f50569a);
            if (!parse.getScheme().equals("https")) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new IdTokenException("Issuer must be an https URL"));
            }
            if (TextUtils.isEmpty(parse.getHost())) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new IdTokenException("Issuer host can not be empty"));
            }
            if (parse.getFragment() != null || parse.getQueryParameterNames().size() > 0) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new IdTokenException("Issuer URL should not containt query parameters or fragment components"));
            }
        }
        if (!this.f50571c.contains(tokenRequest.clientId)) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new IdTokenException("Audience mismatch"));
        }
        Long valueOf = Long.valueOf(cVar.getCurrentTimeMillis() / f50567g.longValue());
        if (valueOf.longValue() > this.f50572d.longValue()) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new IdTokenException("ID Token expired"));
        }
        if (Math.abs(valueOf.longValue() - this.f50573e.longValue()) > f50568h.longValue()) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new IdTokenException("Issued at time is more than 10 minutes before or after the current time"));
        }
        if (GrantTypeValues.AUTHORIZATION_CODE.equals(tokenRequest.grantType)) {
            if (!TextUtils.equals(this.f50574f, tokenRequest.nonce)) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new IdTokenException("Nonce mismatch"));
            }
        }
    }
}
