package net.openid.appauth;

import XI.A;
import XI.B;
import XI.d;
import XI.o;
import XI.s;
import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import com.nimbusds.jwt.JWTClaimNames;
import jE.J1;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class b {

    /* renamed from: g, reason: collision with root package name */
    public static final Set f52514g = YD.b.g(JWTClaimNames.ISSUER, JWTClaimNames.SUBJECT, JWTClaimNames.AUDIENCE, "exp", "iat", "nonce", "azp");

    /* renamed from: a, reason: collision with root package name */
    public final String f52515a;

    /* renamed from: b, reason: collision with root package name */
    public final List f52516b;

    /* renamed from: c, reason: collision with root package name */
    public final Long f52517c;

    /* renamed from: d, reason: collision with root package name */
    public final Long f52518d;

    /* renamed from: e, reason: collision with root package name */
    public final String f52519e;

    /* renamed from: f, reason: collision with root package name */
    public final String f52520f;

    public b(String str, ArrayList arrayList, Long l10, Long l11, String str2, String str3) {
        this.f52515a = str;
        this.f52516b = arrayList;
        this.f52517c = l10;
        this.f52518d = l11;
        this.f52519e = str2;
        this.f52520f = str3;
    }

    public static b a(String str) {
        ArrayList arrayList;
        String[] split = str.split("\\.");
        if (split.length <= 1) {
            throw new Exception("ID token must have both header and claims section");
        }
        new JSONObject(new String(Base64.decode(split[0], 8)));
        JSONObject jSONObject = new JSONObject(new String(Base64.decode(split[1], 8)));
        String z10 = J1.z(jSONObject, JWTClaimNames.ISSUER);
        J1.z(jSONObject, JWTClaimNames.SUBJECT);
        try {
            arrayList = J1.B(jSONObject);
        } catch (JSONException unused) {
            arrayList = new ArrayList();
            arrayList.add(J1.z(jSONObject, JWTClaimNames.AUDIENCE));
        }
        ArrayList arrayList2 = arrayList;
        Long valueOf = Long.valueOf(jSONObject.getLong("exp"));
        Long valueOf2 = Long.valueOf(jSONObject.getLong("iat"));
        String A10 = J1.A(jSONObject, "nonce");
        String A11 = J1.A(jSONObject, "azp");
        Iterator it = f52514g.iterator();
        while (it.hasNext()) {
            jSONObject.remove((String) it.next());
        }
        J1.e0(jSONObject);
        return new b(z10, arrayList2, valueOf, valueOf2, A10, A11);
    }

    public final void b(B b10, s sVar, boolean z10) {
        o oVar = b10.f20662a.f20751e;
        if (oVar != null) {
            String str = (String) oVar.a(o.f20752b);
            String str2 = this.f52515a;
            if (!str2.equals(str)) {
                throw AuthorizationException.f(d.f20700g, new Exception("Issuer mismatch"));
            }
            Uri parse = Uri.parse(str2);
            if (!z10 && !parse.getScheme().equals("https")) {
                throw AuthorizationException.f(d.f20700g, new Exception("Issuer must be an https URL"));
            }
            if (TextUtils.isEmpty(parse.getHost())) {
                throw AuthorizationException.f(d.f20700g, new Exception("Issuer host can not be empty"));
            }
            if (parse.getFragment() != null || parse.getQueryParameterNames().size() > 0) {
                throw AuthorizationException.f(d.f20700g, new Exception("Issuer URL should not containt query parameters or fragment components"));
            }
        }
        List list = this.f52516b;
        String str3 = b10.f20664c;
        if (!list.contains(str3) && !str3.equals(this.f52520f)) {
            throw AuthorizationException.f(d.f20700g, new Exception("Audience mismatch"));
        }
        ((A) sVar).getClass();
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (currentTimeMillis > this.f52517c.longValue()) {
            throw AuthorizationException.f(d.f20700g, new Exception("ID Token expired"));
        }
        if (Math.abs(currentTimeMillis - this.f52518d.longValue()) > 600) {
            throw AuthorizationException.f(d.f20700g, new Exception("Issued at time is more than 10 minutes before or after the current time"));
        }
        if ("authorization_code".equals(b10.f20665d)) {
            if (!TextUtils.equals(this.f52519e, b10.f20663b)) {
                throw AuthorizationException.f(d.f20700g, new Exception("Nonce mismatch"));
            }
        }
    }
}
