package com.nttdocomo.android.openidconnectsdk.auth;

import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.nttdocomo.android.openidconnectsdk.auth.AuthorizationException;
import java.security.SignatureException;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.List;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes24.dex */
public class r0 {

    /* renamed from: g, reason: collision with root package name */
    private static final Long f68695g = 1000L;

    /* renamed from: h, reason: collision with root package name */
    private static final Long f68696h = 600L;

    /* renamed from: a, reason: collision with root package name */
    public final String f68697a;

    /* renamed from: b, reason: collision with root package name */
    public final String f68698b;

    /* renamed from: c, reason: collision with root package name */
    public final List<String> f68699c;

    /* renamed from: d, reason: collision with root package name */
    public final Long f68700d;

    /* renamed from: e, reason: collision with root package name */
    public final Long f68701e;

    /* renamed from: f, reason: collision with root package name */
    public final String f68702f;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes24.dex */
    public static class a extends Exception {
        a(String str) {
            super(str);
        }
    }

    r0(@NonNull String str, @NonNull String str2, @NonNull List<String> list, @NonNull Long l5, @NonNull Long l6, @Nullable String str3) {
        this.f68697a = str;
        this.f68698b = str2;
        this.f68699c = list;
        this.f68700d = l5;
        this.f68701e = l6;
        this.f68702f = str3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public static r0 a(String str) throws JSONException, a {
        List list;
        String[] split = str.split("\\.");
        if (split.length <= 1) {
            throw new a("ID token must have both header and claims section");
        }
        c(split[0]);
        JSONObject c6 = c(split[1]);
        String e6 = s0.e(c6, "iss");
        String e7 = s0.e(c6, "sub");
        try {
            list = s0.g(c6, "aud");
        } catch (JSONException unused) {
            List arrayList = new ArrayList();
            arrayList.add(s0.e(c6, "aud"));
            list = arrayList;
        }
        return new r0(e6, e7, list, Long.valueOf(c6.getLong("exp")), Long.valueOf(c6.getLong("iat")), s0.f(c6, "nonce"));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public static r0 b(String str) throws JSONException, ParseException, SignatureException {
        List list;
        JSONObject parseJWT = Utils.parseJWT(str);
        String e6 = s0.e(parseJWT, "iss");
        String e7 = s0.e(parseJWT, "sub");
        try {
            list = s0.g(parseJWT, "aud");
        } catch (JSONException unused) {
            List arrayList = new ArrayList();
            arrayList.add(s0.e(parseJWT, "aud"));
            list = arrayList;
        }
        return new r0(e6, e7, list, Long.valueOf(parseJWT.getLong("exp")), Long.valueOf(parseJWT.getLong("iat")), s0.f(parseJWT, "nonce"));
    }

    private static JSONObject c(String str) throws JSONException {
        return new JSONObject(new String(Base64.decode(str, 8)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void d(@NonNull TokenRequest tokenRequest, InterfaceC3347l0 interfaceC3347l0) throws AuthorizationException {
        AuthorizationServiceDiscovery authorizationServiceDiscovery = tokenRequest.configuration.discoveryDoc;
        if (authorizationServiceDiscovery != null) {
            if (!this.f68697a.equals(authorizationServiceDiscovery.getIssuer())) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issuer mismatch"));
            }
            Uri parse = Uri.parse(this.f68697a);
            if (!parse.getScheme().equals("https")) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issuer must be an https URL"));
            }
            if (TextUtils.isEmpty(parse.getHost())) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issuer host can not be empty"));
            }
            if (parse.getFragment() != null || parse.getQueryParameterNames().size() > 0) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issuer URL should not containt query parameters or fragment components"));
            }
        }
        if (!this.f68699c.contains(tokenRequest.clientId)) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Audience mismatch"));
        }
        long currentTimeMillis = interfaceC3347l0.getCurrentTimeMillis() / f68695g.longValue();
        if (currentTimeMillis > this.f68700d.longValue()) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("ID Token expired"));
        }
        if (Math.abs(currentTimeMillis - this.f68701e.longValue()) > f68696h.longValue()) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issued at time is more than 10 minutes before or after the current time"));
        }
        if (GrantTypeValues.AUTHORIZATION_CODE.equals(tokenRequest.grantType)) {
            if (!TextUtils.equals(this.f68702f, tokenRequest.nonce)) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Nonce mismatch"));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void e(@NonNull TokenRequest tokenRequest, InterfaceC3347l0 interfaceC3347l0, String str) throws AuthorizationException {
        if (!this.f68697a.equals(str)) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issuer mismatch"));
        }
        Uri parse = Uri.parse(this.f68697a);
        if (!parse.getScheme().equals("https")) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issuer must be an https URL"));
        }
        if (TextUtils.isEmpty(parse.getHost())) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issuer host can not be empty"));
        }
        if (parse.getFragment() != null || parse.getQueryParameterNames().size() > 0) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issuer URL should not containt query parameters or fragment components"));
        }
        if (!this.f68699c.contains(tokenRequest.clientId)) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Audience mismatch"));
        }
        long currentTimeMillis = interfaceC3347l0.getCurrentTimeMillis() / f68695g.longValue();
        if (currentTimeMillis > this.f68700d.longValue()) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("ID Token expired"));
        }
        if (Math.abs(currentTimeMillis - this.f68701e.longValue()) > f68696h.longValue()) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Issued at time is more than 10 minutes before or after the current time"));
        }
        if (GrantTypeValues.AUTHORIZATION_CODE.equals(tokenRequest.grantType)) {
            if (!TextUtils.equals(this.f68702f, tokenRequest.nonce)) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, new a("Nonce mismatch"));
            }
        }
    }
}
