package net.openid.appauth;

import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.webkit.ProxyConfig;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.openid.appauth.AuthorizationException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes4.dex */
public final class g {

    /* renamed from: h, reason: collision with root package name */
    public static final Long f22901h = 1000L;

    /* renamed from: i, reason: collision with root package name */
    public static final Long f22902i = 600L;

    /* renamed from: j, reason: collision with root package name */
    public static final Set<String> f22903j = gm.a.a("iss", "sub", "aud", "exp", "iat", "nonce", "azp");

    /* renamed from: a, reason: collision with root package name */
    @NonNull
    public final String f22904a;

    /* renamed from: b, reason: collision with root package name */
    @NonNull
    public final List<String> f22905b;

    /* renamed from: c, reason: collision with root package name */
    @NonNull
    public final Long f22906c;

    @NonNull
    public final Long d;

    @Nullable
    public final String e;

    @Nullable
    public final String f;

    @NonNull
    public final Map<String, Object> g;

    /* loaded from: classes4.dex */
    public static class a extends Exception {
    }

    public g(@NonNull String str, @NonNull ArrayList arrayList, @NonNull Long l10, @NonNull Long l11, @Nullable String str2, @Nullable String str3, @NonNull HashMap hashMap) {
        this.f22904a = str;
        this.f22905b = arrayList;
        this.f22906c = l10;
        this.d = l11;
        this.e = str2;
        this.f = str3;
        this.g = hashMap;
    }

    public static g a(String str) throws JSONException, a {
        ArrayList arrayList;
        String[] split = str.split("\\.");
        if (split.length <= 1) {
            throw new a("ID token must have both header and claims section");
        }
        new JSONObject(new String(Base64.decode(split[0], 8)));
        JSONObject jSONObject = new JSONObject(new String(Base64.decode(split[1], 8)));
        String b10 = h.b("iss", jSONObject);
        h.b("sub", jSONObject);
        try {
            arrayList = h.d(jSONObject);
        } catch (JSONException unused) {
            arrayList = new ArrayList();
            arrayList.add(h.b("aud", jSONObject));
        }
        ArrayList arrayList2 = arrayList;
        Long valueOf = Long.valueOf(jSONObject.getLong("exp"));
        Long valueOf2 = Long.valueOf(jSONObject.getLong("iat"));
        String c10 = h.c("nonce", jSONObject);
        String c11 = h.c("azp", jSONObject);
        Iterator<String> it = f22903j.iterator();
        while (it.hasNext()) {
            jSONObject.remove(it.next());
        }
        return new g(b10, arrayList2, valueOf, valueOf2, c10, c11, h.o(jSONObject));
    }

    public final void b(@NonNull i iVar, gm.g gVar, boolean z10) throws AuthorizationException {
        AuthorizationServiceDiscovery authorizationServiceDiscovery = iVar.f22910a.e;
        if (authorizationServiceDiscovery != null) {
            String str = (String) authorizationServiceDiscovery.a(AuthorizationServiceDiscovery.f22871b);
            String str2 = this.f22904a;
            if (!str2.equals(str)) {
                throw AuthorizationException.f(AuthorizationException.b.f, new a("Issuer mismatch"));
            }
            Uri parse = Uri.parse(str2);
            if (!z10 && !parse.getScheme().equals(ProxyConfig.MATCH_HTTPS)) {
                throw AuthorizationException.f(AuthorizationException.b.f, new a("Issuer must be an https URL"));
            }
            if (TextUtils.isEmpty(parse.getHost())) {
                throw AuthorizationException.f(AuthorizationException.b.f, new a("Issuer host can not be empty"));
            }
            if (parse.getFragment() != null || parse.getQueryParameterNames().size() > 0) {
                throw AuthorizationException.f(AuthorizationException.b.f, new a("Issuer URL should not containt query parameters or fragment components"));
            }
        }
        List<String> list = this.f22905b;
        String str3 = iVar.f22912c;
        if (!list.contains(str3) && !str3.equals(this.f)) {
            throw AuthorizationException.f(AuthorizationException.b.f, new a("Audience mismatch"));
        }
        ((com.google.gson.internal.c) gVar).getClass();
        Long valueOf = Long.valueOf(System.currentTimeMillis() / f22901h.longValue());
        if (valueOf.longValue() > this.f22906c.longValue()) {
            throw AuthorizationException.f(AuthorizationException.b.f, new a("ID Token expired"));
        }
        if (Math.abs(valueOf.longValue() - this.d.longValue()) > f22902i.longValue()) {
            throw AuthorizationException.f(AuthorizationException.b.f, new a("Issued at time is more than 10 minutes before or after the current time"));
        }
        if ("authorization_code".equals(iVar.d)) {
            if (!TextUtils.equals(this.e, iVar.f22911b)) {
                throw AuthorizationException.f(AuthorizationException.b.f, new a("Nonce mismatch"));
            }
        }
    }
}
