package net.openid.appauth;

import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.openid.appauth.AuthorizationException;
import org.json.JSONException;
import org.json.JSONObject;
import uq.g;
import uq.m;
import uq.n;

/* compiled from: IdToken.java */
/* loaded from: classes3.dex */
public final class c {
    private static final String KEY_AUDIENCE = "aud";
    private static final String KEY_EXPIRATION = "exp";
    private static final String KEY_ISSUED_AT = "iat";
    private static final String KEY_ISSUER = "iss";
    private static final String KEY_NONCE = "nonce";
    private static final String KEY_SUBJECT = "sub";

    /* renamed from: a, reason: collision with root package name */
    @NonNull
    public final String f11214a;

    /* renamed from: b, reason: collision with root package name */
    @NonNull
    public final List<String> f11215b;

    /* renamed from: c, reason: collision with root package name */
    @NonNull
    public final Long f11216c;

    /* renamed from: d, reason: collision with root package name */
    @NonNull
    public final Long f11217d;

    /* renamed from: e, reason: collision with root package name */
    public final String f11218e;

    /* renamed from: f, reason: collision with root package name */
    public final String f11219f;

    /* renamed from: g, reason: collision with root package name */
    @NonNull
    public final Map<String, Object> f11220g;
    private static final Long MILLIS_PER_SECOND = 1000L;
    private static final Long TEN_MINUTES_IN_SECONDS = 600L;
    private static final String KEY_AUTHORIZED_PARTY = "azp";
    private static final Set<String> BUILT_IN_CLAIMS = uq.a.a("iss", "sub", "aud", "exp", "iat", "nonce", KEY_AUTHORIZED_PARTY);

    /* compiled from: IdToken.java */
    /* loaded from: classes3.dex */
    public static class a extends Exception {
    }

    public c(@NonNull String str, @NonNull ArrayList arrayList, @NonNull Long l10, @NonNull Long l11, String str2, String str3, @NonNull HashMap hashMap) {
        this.f11214a = str;
        this.f11215b = arrayList;
        this.f11216c = l10;
        this.f11217d = l11;
        this.f11218e = str2;
        this.f11219f = str3;
    }

    public static c a(String str) {
        ArrayList arrayList;
        String[] split = str.split("\\.");
        if (split.length <= 1) {
            throw new Exception("ID token must have both header and claims section");
        }
        new JSONObject(new String(Base64.decode(split[0], 8)));
        JSONObject jSONObject = new JSONObject(new String(Base64.decode(split[1], 8)));
        String b10 = d.b("iss", jSONObject);
        d.b("sub", jSONObject);
        try {
            arrayList = d.d(jSONObject);
        } catch (JSONException unused) {
            arrayList = new ArrayList();
            arrayList.add(d.b("aud", jSONObject));
        }
        ArrayList arrayList2 = arrayList;
        Long valueOf = Long.valueOf(jSONObject.getLong("exp"));
        Long valueOf2 = Long.valueOf(jSONObject.getLong("iat"));
        String c10 = d.c("nonce", jSONObject);
        String c11 = d.c(KEY_AUTHORIZED_PARTY, jSONObject);
        Iterator<String> it = BUILT_IN_CLAIMS.iterator();
        while (it.hasNext()) {
            jSONObject.remove(it.next());
        }
        return new c(b10, arrayList2, valueOf, valueOf2, c10, c11, d.o(jSONObject));
    }

    public final void b(@NonNull n nVar, g gVar, boolean z10) {
        AuthorizationServiceDiscovery authorizationServiceDiscovery = nVar.f14029a.f11213e;
        if (authorizationServiceDiscovery != null) {
            String str = (String) authorizationServiceDiscovery.a(AuthorizationServiceDiscovery.f11202b);
            String str2 = this.f11214a;
            if (!str2.equals(str)) {
                throw AuthorizationException.e(AuthorizationException.b.f11199g, new Exception("Issuer mismatch"));
            }
            Uri parse = Uri.parse(str2);
            if (!z10 && !parse.getScheme().equals("https")) {
                throw AuthorizationException.e(AuthorizationException.b.f11199g, new Exception("Issuer must be an https URL"));
            }
            if (TextUtils.isEmpty(parse.getHost())) {
                throw AuthorizationException.e(AuthorizationException.b.f11199g, new Exception("Issuer host can not be empty"));
            }
            if (parse.getFragment() != null || parse.getQueryParameterNames().size() > 0) {
                throw AuthorizationException.e(AuthorizationException.b.f11199g, new Exception("Issuer URL should not containt query parameters or fragment components"));
            }
        }
        List<String> list = this.f11215b;
        String str3 = nVar.f14031c;
        if (!list.contains(str3) && !str3.equals(this.f11219f)) {
            throw AuthorizationException.e(AuthorizationException.b.f11199g, new Exception("Audience mismatch"));
        }
        ((m) gVar).getClass();
        Long valueOf = Long.valueOf(System.currentTimeMillis() / MILLIS_PER_SECOND.longValue());
        if (valueOf.longValue() > this.f11216c.longValue()) {
            throw AuthorizationException.e(AuthorizationException.b.f11199g, new Exception("ID Token expired"));
        }
        if (Math.abs(valueOf.longValue() - this.f11217d.longValue()) > TEN_MINUTES_IN_SECONDS.longValue()) {
            throw AuthorizationException.e(AuthorizationException.b.f11199g, new Exception("Issued at time is more than 10 minutes before or after the current time"));
        }
        if ("authorization_code".equals(nVar.f14032d)) {
            if (!TextUtils.equals(this.f11218e, nVar.f14030b)) {
                throw AuthorizationException.e(AuthorizationException.b.f11199g, new Exception("Nonce mismatch"));
            }
        }
    }
}
