package jp.co.yahoo.yconnect.core.oidc.idtoken;

import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.WorkerThread;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import jp.co.yahoo.yconnect.core.api.ApiClientException;
import jp.co.yahoo.yconnect.core.oidc.PublicKeysClient;
import jp.co.yahoo.yconnect.core.oidc.PublicKeysException;
import jp.co.yahoo.yconnect.core.util.YConnectLogger;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class IdTokenVerification {

    /* renamed from: a, reason: collision with root package name */
    private static final String f124836a = "IdTokenVerification";

    /* renamed from: b, reason: collision with root package name */
    private static long f124837b;

    @WorkerThread
    private static boolean a(String str, String str2, String str3) throws IdTokenException {
        if (j(str3)) {
            return i(str, str2, str3);
        }
        YConnectLogger.b(f124836a, "Invalid Signature.");
        return false;
    }

    private static String b(String str) throws IdTokenException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
            messageDigest.update(str.getBytes());
            byte[] digest = messageDigest.digest();
            byte[] bArr = new byte[digest.length / 2];
            System.arraycopy(digest, 0, bArr, 0, digest.length / 2);
            return Base64.encodeToString(bArr, 8);
        } catch (NoSuchAlgorithmException e2) {
            throw new IdTokenException("Failed to verification.", e2.getMessage());
        }
    }

    private static String[] c(String str) throws IdTokenException {
        String[] split = str.split("\\.", 0);
        if (split.length == 3) {
            return split;
        }
        throw new IdTokenException("Invalid ID Token.", "");
    }

    private static IdTokenObject d(String str) throws IdTokenException {
        return new IdTokenObject(str);
    }

    @WorkerThread
    public static boolean e(@NonNull String str, @NonNull String str2, @NonNull String str3, @Nullable String str4, @Nullable String str5, @Nullable String str6) {
        try {
            if (!a(str2, str3, str)) {
                return false;
            }
            IdTokenObject d2 = d(str);
            if (str4 != null && !h(str4, d2)) {
                return false;
            }
            if (str5 != null && !f(str5, d2)) {
                return false;
            }
            if (str6 != null) {
                return g(d2, Long.parseLong(str6));
            }
            return true;
        } catch (IdTokenException e2) {
            String str7 = f124836a;
            YConnectLogger.b(str7, "Invalid ID Token.");
            YConnectLogger.b(str7, "error=" + e2.b() + " error_description=" + e2.c());
            return false;
        }
    }

    private static boolean f(String str, IdTokenObject idTokenObject) throws IdTokenException {
        if (b(str).startsWith(idTokenObject.b())) {
            return true;
        }
        YConnectLogger.b(f124836a, "Not match Access Token.");
        return false;
    }

    private static boolean g(IdTokenObject idTokenObject, long j2) {
        long d2 = idTokenObject.d();
        if (f124837b - d2 > j2) {
            YConnectLogger.b(f124836a, "Over acceptable auth time.");
            return false;
        }
        String str = f124836a;
        YConnectLogger.a(str, "Current time - authTime = " + (f124837b - d2) + " sec");
        YConnectLogger.a(str, "Issued time: " + d2 + "(Current Time: " + f124837b + ")");
        return true;
    }

    private static boolean h(String str, IdTokenObject idTokenObject) throws IdTokenException {
        if (b(str).startsWith(idTokenObject.e())) {
            return true;
        }
        YConnectLogger.b(f124836a, "Not match Authorization Code.");
        return false;
    }

    private static boolean i(String str, String str2, String str3) throws IdTokenException {
        IdTokenObject d2 = d(str3);
        String i2 = d2.i();
        String c2 = d2.c();
        String j2 = d2.j();
        if (!i2.equals("https://yjapp.auth.login.yahoo.co.jp/yconnect/v2")) {
            YConnectLogger.b(f124836a, "Invalid issuer");
            return false;
        }
        if (!str.equals(c2)) {
            YConnectLogger.b(f124836a, "Invalid audience.");
            return false;
        }
        if (!str2.equals(j2)) {
            YConnectLogger.b(f124836a, "Not match nonce.");
            return false;
        }
        long f2 = d2.f();
        long g2 = d2.g();
        if (f2 < f124837b) {
            YConnectLogger.b(f124836a, "Expired ID Token.");
            return false;
        }
        String str4 = f124836a;
        YConnectLogger.a(str4, "Expiration: " + f2 + "(Current Time: " + f124837b + ")");
        if (f124837b - g2 > 600) {
            YConnectLogger.b(str4, "Over acceptable range.");
            return false;
        }
        YConnectLogger.a(str4, "Current time - iat = " + (f124837b - g2) + " sec");
        YConnectLogger.a(str4, "Issued time: " + g2 + "(Current Time: " + f124837b + ")");
        return true;
    }

    @WorkerThread
    private static boolean j(String str) throws IdTokenException {
        String[] c2 = c(str);
        String str2 = c2[0] + "." + c2[1];
        byte[] decode = Base64.decode(c2[2], 8);
        try {
            String optString = new JSONObject(new String(Base64.decode(c2[0], 8))).optString("kid");
            try {
                PublicKeysClient publicKeysClient = new PublicKeysClient();
                publicKeysClient.a();
                f124837b = publicKeysClient.b();
                PublicKey c3 = publicKeysClient.c(optString);
                if (c3 == null) {
                    YConnectLogger.b(f124836a, "There is no public key for the kid.");
                    return false;
                }
                try {
                    Signature signature = Signature.getInstance("SHA256withRSA");
                    signature.initVerify(c3);
                    signature.update(str2.getBytes());
                    return signature.verify(decode);
                } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
                    YConnectLogger.b(f124836a, e2.getMessage());
                    return false;
                }
            } catch (IOException | ApiClientException | PublicKeysException e3) {
                YConnectLogger.b(f124836a, e3.getMessage());
                return false;
            }
        } catch (JSONException unused) {
            YConnectLogger.b(f124836a, "Invalid ID Token.");
            return false;
        }
    }
}
