package com.amazon.identity.auth.device.workflow;

import android.net.Uri;
import com.amazon.identity.auth.device.AuthError;
import com.amazon.identity.auth.device.utils.JWTDecoder;
import java.util.List;
import org.json.JSONObject;

/* compiled from: WorkflowToken.java */
/* loaded from: classes2.dex */
public class g {

    /* renamed from: a, reason: collision with root package name */
    private static final String f1716a = "type";

    /* renamed from: b, reason: collision with root package name */
    private static final String f1717b = "iss";

    /* renamed from: c, reason: collision with root package name */
    private static final String f1718c = "clientId";
    private static final String d = "scopes";
    private static final String e = "workflowEndpoints";
    private static final String f = "WorkflowToken";
    private static final String g = "Amazon";
    private final String h;
    private final String[] i;
    private final List<String> j;

    public g(String str) throws AuthError {
        JSONObject a2 = new JWTDecoder().a(str);
        if (a2 == null) {
            throw new AuthError("Workflow Token is invalid", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        if (!a2.optString("type").equals(f)) {
            throw new AuthError("Workflow Token has invalid type", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        if (!a2.optString("iss").equals(g)) {
            throw new AuthError("Workflow Token has invalid issuer", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        String optString = a2.optString("clientId");
        this.h = optString;
        if (optString == null) {
            throw new AuthError("Workflow Token missing clientId", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        String[] a3 = com.amazon.identity.auth.device.utils.b.a(a2, d);
        this.i = a3;
        if (a3 == null) {
            throw new AuthError("Workflow Token missing scopes", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        List<String> b2 = com.amazon.identity.auth.device.utils.b.b(a2, e);
        this.j = b2;
        if (b2 == null) {
            throw new AuthError("Workflow Token missing endpoints", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
    }

    private Uri b(String str) {
        return Uri.parse(str).buildUpon().query("").fragment("").build();
    }

    public String a() {
        return this.h;
    }

    public void a(String str) throws AuthError {
        if (!this.j.contains(b(str).toString())) {
            throw new AuthError(String.format("Workflow URL %s is not allowed", str), AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
    }

    public String[] b() {
        return this.i;
    }
}
