package com.l7tech.msso.token;

import android.util.Base64;
import android.util.Log;
import com.l7tech.msso.policy.exceptions.JwtValidationException;
import com.l7tech.msso.service.MssoIntents;
import java.util.Date;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class JWTValidation {
    private static final String TAG = JWTValidation.class.getName();

    /* loaded from: classes.dex */
    public enum Algorithm {
        HS256(1),
        RSA(2);

        private int value;

        Algorithm(int i) {
            this.value = i;
        }
    }

    private static String getAlgorithm(String str) throws JwtValidationException {
        try {
            return new JSONObject(str).getString("alg");
        } catch (JSONException e) {
            Log.w(TAG, "JWT header is not JSON Object");
            throw new JwtValidationException(MssoIntents.RESULT_CODE_ERR_JWT_INVALID, e.getMessage(), e);
        }
    }

    private static byte[][] split(byte[] bArr) {
        String[] split = new String(bArr).split("[.]");
        if (split.length < 2 || split.length > 3) {
            return (byte[][]) null;
        }
        byte[][] bArr2 = new byte[split.length];
        bArr2[0] = new byte[split[0].getBytes().length];
        bArr2[1] = new byte[split[1].getBytes().length];
        System.arraycopy(split[0].getBytes(), 0, bArr2[0], 0, split[0].getBytes().length);
        System.arraycopy(split[1].getBytes(), 0, bArr2[1], 0, split[1].getBytes().length);
        if (bArr2.length != 3) {
            return bArr2;
        }
        bArr2[2] = new byte[split[2].getBytes().length];
        System.arraycopy(split[2].getBytes(), 0, bArr2[2], 0, split[2].getBytes().length);
        return bArr2;
    }

    public static boolean validateIdToken(IdToken idToken, String str, String str2, String str3) throws JwtValidationException {
        boolean z = false;
        try {
            byte[][] split = split(idToken.getValue().getBytes());
            byte[] bArr = split[0];
            byte[] bArr2 = split[1];
            byte[] bArr3 = split.length == 3 ? split[2] : null;
            boolean validateJwtPayload = validateJwtPayload(bArr2, str, str2);
            String algorithm = getAlgorithm(new String(Base64.decode(bArr, 8)));
            if (algorithm != null && algorithm.equals(Algorithm.HS256.toString())) {
                try {
                    z = JWTHmac.validateHMacSignature(bArr, bArr2, str3.getBytes(), bArr3);
                } catch (JwtValidationException e) {
                    throw new JwtValidationException(e.getErrorCode(), e.getMessage(), e);
                } catch (Exception e2) {
                    Log.w(TAG, "JWT Token is not valid!");
                    throw new JwtValidationException(MssoIntents.RESULT_CODE_ERR_JWT_INVALID, e2.getMessage(), e2);
                }
            }
            return z & validateJwtPayload;
        } catch (JwtValidationException e3) {
            throw new JwtValidationException(e3.getErrorCode(), e3.getMessage(), e3);
        } catch (Exception e4) {
            throw new JwtValidationException(MssoIntents.RESULT_CODE_ERR_JWT_INVALID, e4.getMessage(), e4);
        }
    }

    private static boolean validateJwtPayload(byte[] bArr, String str, String str2) throws JwtValidationException {
        try {
            JSONObject jSONObject = new JSONObject(new String(Base64.decode(bArr, 8)));
            String string = jSONObject.getString("exp");
            String string2 = jSONObject.getString("aud");
            String string3 = jSONObject.getString("azp");
            if (!string2.equals(str2)) {
                Log.w(TAG, "JWT aud is invalid");
                throw new JwtValidationException(MssoIntents.RESULT_CODE_ERR_JWT_AUD_INVALID, "Failed to validate JWT Token: \"aud\" doesn't match client_id!");
            }
            if (!string3.equals(str)) {
                Log.w(TAG, "JWT azp is invalid");
                throw new JwtValidationException(MssoIntents.RESULT_CODE_ERR_JWT_AZP_INVALID, "Failed to validate JWT Token: \"azp\" doesn't match device identifier!");
            }
            if (Long.valueOf(string).longValue() >= new Date().getTime() / 1000) {
                return true;
            }
            Log.w(TAG, "JWT expired");
            throw new JwtValidationException(MssoIntents.RESULT_CODE_ERR_JWT_EXPIRED, "Failed to validate JWT Token: token expired!");
        } catch (JSONException e) {
            Log.w(TAG, "JWT payload is not valid JSON object");
            throw new JwtValidationException(MssoIntents.RESULT_CODE_ERR_JWT_INVALID, e.getMessage(), e);
        }
    }
}
