package net.openid.appauth;

import Kk.k;
import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.openid.appauth.AuthorizationException;
import nl.C4070a;
import nl.C4071b;
import org.json.JSONException;

/* loaded from: classes3.dex */
public final class c {

    /* renamed from: h, reason: collision with root package name */
    public static final Set<String> f58647h = Kk.a.a("iss", "sub", "aud", "exp", "iat", "nonce", "azp");

    /* renamed from: a, reason: collision with root package name */
    public final String f58648a;

    /* renamed from: b, reason: collision with root package name */
    public final List<String> f58649b;

    /* renamed from: c, reason: collision with root package name */
    public final Long f58650c;

    /* renamed from: d, reason: collision with root package name */
    public final Long f58651d;

    /* renamed from: e, reason: collision with root package name */
    public final String f58652e;

    /* renamed from: f, reason: collision with root package name */
    public final String f58653f;

    /* renamed from: g, reason: collision with root package name */
    public final Map<String, Object> f58654g;

    /* loaded from: classes3.dex */
    public static class a extends Exception {
    }

    public c(String str, ArrayList arrayList, Long l10, Long l11, String str2, String str3, HashMap hashMap) {
        this.f58648a = str;
        this.f58649b = arrayList;
        this.f58650c = l10;
        this.f58651d = l11;
        this.f58652e = str2;
        this.f58653f = str3;
    }

    public static c a(String str) throws JSONException, a {
        ArrayList arrayList;
        String[] split = str.split("\\.");
        if (split.length <= 1) {
            throw new Exception("ID token must have both header and claims section");
        }
        new C4071b(new String(Base64.decode(split[0], 8)));
        C4071b c4071b = new C4071b(new String(Base64.decode(split[1], 8)));
        String b10 = d.b("iss", c4071b);
        d.b("sub", c4071b);
        try {
        } catch (JSONException unused) {
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(d.b("aud", c4071b));
            arrayList = arrayList2;
        }
        if (!c4071b.has("aud")) {
            throw new JSONException("field \"aud\" not found in json object");
        }
        C4070a jSONArray = c4071b.getJSONArray("aud");
        ArrayList arrayList3 = new ArrayList();
        if (jSONArray != null) {
            for (int i10 = 0; i10 < jSONArray.length(); i10++) {
                Object obj = jSONArray.get(i10);
                obj.getClass();
                arrayList3.add(obj.toString());
            }
        }
        arrayList = arrayList3;
        Long valueOf = Long.valueOf(c4071b.getLong("exp"));
        Long valueOf2 = Long.valueOf(c4071b.getLong("iat"));
        String c10 = d.c("nonce", c4071b);
        String c11 = d.c("azp", c4071b);
        Iterator<String> it = f58647h.iterator();
        while (it.hasNext()) {
            c4071b.remove(it.next());
        }
        return new c(b10, arrayList, valueOf, valueOf2, c10, c11, d.m(c4071b));
    }

    public final void b(k kVar, Kk.d dVar, boolean z10) throws AuthorizationException {
        AuthorizationServiceDiscovery authorizationServiceDiscovery = kVar.f7696a.f58646e;
        if (authorizationServiceDiscovery != null) {
            String str = (String) authorizationServiceDiscovery.a(AuthorizationServiceDiscovery.f58622b);
            String str2 = this.f58648a;
            if (!str2.equals(str)) {
                throw AuthorizationException.f(AuthorizationException.b.f58613f, new Exception("Issuer mismatch"));
            }
            Uri parse = Uri.parse(str2);
            if (!z10 && !parse.getScheme().equals("https")) {
                throw AuthorizationException.f(AuthorizationException.b.f58613f, new Exception("Issuer must be an https URL"));
            }
            if (TextUtils.isEmpty(parse.getHost())) {
                throw AuthorizationException.f(AuthorizationException.b.f58613f, new Exception("Issuer host can not be empty"));
            }
            if (parse.getFragment() != null || parse.getQueryParameterNames().size() > 0) {
                throw AuthorizationException.f(AuthorizationException.b.f58613f, new Exception("Issuer URL should not containt query parameters or fragment components"));
            }
        }
        List<String> list = this.f58649b;
        String str3 = kVar.f7698c;
        if (!list.contains(str3) && !str3.equals(this.f58653f)) {
            throw AuthorizationException.f(AuthorizationException.b.f58613f, new Exception("Audience mismatch"));
        }
        dVar.getClass();
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (currentTimeMillis > this.f58650c.longValue()) {
            throw AuthorizationException.f(AuthorizationException.b.f58613f, new Exception("ID Token expired"));
        }
        if (Math.abs(currentTimeMillis - this.f58651d.longValue()) > 600) {
            throw AuthorizationException.f(AuthorizationException.b.f58613f, new Exception("Issued at time is more than 10 minutes before or after the current time"));
        }
        if ("authorization_code".equals(kVar.f7699d)) {
            if (!TextUtils.equals(this.f58652e, kVar.f7697b)) {
                throw AuthorizationException.f(AuthorizationException.b.f58613f, new Exception("Nonce mismatch"));
            }
        }
    }
}
