package com.okta.oidc;

import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import b8.e;
import b8.f;
import b8.x;
import b8.y;
import com.okta.oidc.net.request.ProviderConfiguration;
import com.okta.oidc.net.request.TokenRequest;
import com.okta.oidc.util.AuthorizationException;
import i8.b;
import i8.c;
import java.lang.reflect.ParameterizedType;
import java.util.Collections;
import java.util.List;
import yg.AbstractC0608;
import yg.C0569;
import yg.C0581;
import yg.C0594;
import yg.C0653;
import yg.C0661;
import yg.C0676;
import yg.C0687;
import yg.C0689;

/* loaded from: classes2.dex */
public class OktaIdToken {
    public static final int NUMBER_OF_SECTIONS = 3;
    public static final int SECONDS_IN_ONE_MINUTE = 60;
    public Claims mClaims;
    public Header mHeader;
    public String mSignature;
    public static final Long MILLIS_PER_SECOND = 1000L;
    public static final Long TEN_MINUTES_IN_SECONDS = 600L;

    /* loaded from: classes2.dex */
    public static class Address {
        public String country;
        public String locality;
        public String postal_code;
        public String region;
        public String street_address;
    }

    /* loaded from: classes2.dex */
    public static final class ArrayTypeAdapter extends x<List<Object>> {
        public static final y CREATE = new y() { // from class: com.okta.oidc.OktaIdToken.ArrayTypeAdapter.1
            @Override // b8.y
            public <T> x<T> create(e eVar, com.google.gson.reflect.a<T> aVar) {
                if (aVar.getRawType() != List.class) {
                    return null;
                }
                return new ArrayTypeAdapter(eVar.n(this, aVar), eVar.l(com.google.gson.reflect.a.get(((ParameterizedType) aVar.getType()).getActualTypeArguments()[0])));
            }
        };
        public final x<List<Object>> mDelegate;
        public final x<Object> mElement;

        public ArrayTypeAdapter(x<List<Object>> xVar, x<Object> xVar2) {
            this.mDelegate = xVar;
            this.mElement = xVar2;
        }

        @Override // b8.x
        public List<Object> read(i8.a aVar) {
            return aVar.O0() != b.f18153a ? Collections.singletonList(this.mElement.read(aVar)) : this.mDelegate.read(aVar);
        }

        @Override // b8.x
        public void write(c cVar, List<Object> list) {
            if (list.size() == 1) {
                this.mElement.write(cVar, list.get(0));
            } else {
                this.mDelegate.write(cVar, list);
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class Claims {
        public Address address;
        public List<String> amr;
        public String at_hash;
        public List<String> aud;
        public int auth_time;
        public String email;
        public String email_verified;
        public int exp;
        public String family_name;
        public String given_name;
        public List<String> groups;
        public int iat;
        public String idp;
        public String iss;
        public String jti;
        public String locale;
        public String middle_name;
        public String name;
        public String nickname;
        public String nonce;
        public String phone_number;
        public String preferred_username;
        public String profile;
        public String sub;
        public int updated_at;
        public String ver;
        public String zoneinfo;
    }

    /* loaded from: classes2.dex */
    public interface Clock {
        long getCurrentTimeMillis();
    }

    /* loaded from: classes2.dex */
    public static final class DefaultValidator implements Validator {
        public final Clock clock;

        public DefaultValidator(Clock clock) {
            this.clock = clock;
        }

        @Override // com.okta.oidc.OktaIdToken.Validator
        public void validate(OktaIdToken oktaIdToken) {
            long currentTimeMillis = this.clock.getCurrentTimeMillis() / OktaIdToken.MILLIS_PER_SECOND.longValue();
            Claims claims = oktaIdToken.mClaims;
            if (currentTimeMillis > claims.exp) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ID_TOKEN_EXPIRED);
            }
            if (Math.abs(currentTimeMillis - claims.iat) > OktaIdToken.TEN_MINUTES_IN_SECONDS.longValue()) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.createWrongTokenIssuedTime(OktaIdToken.TEN_MINUTES_IN_SECONDS.intValue() / 60));
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class Header {
        public String alg;
        public String kid;
    }

    /* loaded from: classes2.dex */
    public interface Validator {
        void validate(OktaIdToken oktaIdToken);
    }

    public OktaIdToken(Header header, Claims claims, String str) {
        this.mHeader = header;
        this.mClaims = claims;
        this.mSignature = str;
    }

    public static OktaIdToken parseIdToken(String str) {
        String[] split = str.split(C0653.m350("Is", (short) (C0594.m246() ^ 16364), (short) (C0594.m246() ^ 31188)));
        if (split.length < 3) {
            throw new IllegalArgumentException(C0661.m373("Pl]yvq{.|y\u0005\u0006|\u0003|6\u007f}z~\u0001\u000fI>\u0003\r\u0003\f\u0011\u0018E\u0016\u001aH\u001d\u0014\u0013\u001b\u000f#%#\u0017R'\u001a\u0019+!((", (short) (C0687.m408() ^ (-31568)), (short) (C0687.m408() ^ (-699))));
        }
        f fVar = new f();
        fVar.f5506e.add(ArrayTypeAdapter.CREATE);
        e b10 = fVar.b();
        return new OktaIdToken((Header) b10.j(new String(Base64.decode(split[0], 8)), Header.class), (Claims) b10.j(new String(Base64.decode(split[1], 8)), Claims.class), new String(Base64.decode(split[2], 8)));
    }

    public Claims getClaims() {
        return this.mClaims;
    }

    public Header getHeader() {
        return this.mHeader;
    }

    public String getSignature() {
        return this.mSignature;
    }

    public void validate(TokenRequest tokenRequest, Validator validator) {
        OIDCConfig config = tokenRequest.getConfig();
        ProviderConfiguration providerConfiguration = tokenRequest.getProviderConfiguration();
        if (!C0581.m215("wwUWW", (short) (C0689.m414() ^ 27469), (short) (C0689.m414() ^ 30555)).equals(this.mHeader.alg)) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.createNotSupportedAlgorithmException(this.mHeader.alg));
        }
        String str = providerConfiguration.issuer;
        if (str != null) {
            if (!this.mClaims.iss.equals(str)) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_MISMATCH);
            }
            Uri parse = Uri.parse(this.mClaims.iss);
            String scheme = parse.getScheme();
            short m402 = (short) (C0676.m402() ^ (-23984));
            int[] iArr = new int["lyzw{".length()];
            C0569 c0569 = new C0569("lyzw{");
            int i10 = 0;
            while (c0569.m195()) {
                int m194 = c0569.m194();
                AbstractC0608 m253 = AbstractC0608.m253(m194);
                iArr[i10] = m253.mo254(m253.mo256(m194) - (m402 + i10));
                i10++;
            }
            if (!scheme.equals(new String(iArr, 0, i10))) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_NOT_HTTPS_URL);
            }
            if (TextUtils.isEmpty(parse.getHost())) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_HOST_EMPTY);
            }
            if (parse.getFragment() != null || parse.getQueryParameterNames().size() > 0) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_URL_CONTAIN_OTHER_COMPONENTS);
            }
        }
        if (!this.mClaims.aud.contains(config.getClientId())) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.AUDIENCE_MISMATCH);
        }
        validator.validate(this);
        String grantType = tokenRequest.getGrantType();
        short m246 = (short) (C0594.m246() ^ 9751);
        int[] iArr2 = new int["6KK@HLDV.B8??16C)+".length()];
        C0569 c05692 = new C0569("6KK@HLDV.B8??16C)+");
        int i11 = 0;
        while (c05692.m195()) {
            int m1942 = c05692.m194();
            AbstractC0608 m2532 = AbstractC0608.m253(m1942);
            iArr2[i11] = m2532.mo254(m2532.mo256(m1942) - (m246 ^ i11));
            i11++;
        }
        if (new String(iArr2, 0, i11).equals(grantType)) {
            if (!TextUtils.equals(this.mClaims.nonce, tokenRequest.getNonce())) {
                throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.NONCE_MISMATCH);
            }
        }
        if (tokenRequest.getMaxAge() != null && this.mClaims.auth_time <= 0) {
            throw AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.AUTH_TIME_MISSING);
        }
    }
}
