package jp.co.yahoo.yconnect.core.oidc;

import android.util.Base64;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import jp.co.yahoo.yconnect.core.api.ApiClientException;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: IdTokenVerification.java */
/* loaded from: classes3.dex */
public class b {
    private static final String a = "b";
    private static long b;

    private static boolean a(String str, String str2, String str3) throws IdTokenException, ApiClientException, PublicKeysException {
        if (!j(str3)) {
            throw new IdTokenException("Invalid Signature.", "ID Token signature is invalid.");
        }
        i(str, str2, str3);
        return true;
    }

    private static String b(String str) throws IdTokenException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
            messageDigest.update(str.getBytes());
            byte[] digest = messageDigest.digest();
            byte[] bArr = new byte[digest.length / 2];
            for (int i2 = 0; i2 < digest.length / 2; i2++) {
                bArr[i2] = digest[i2];
            }
            return Base64.encodeToString(bArr, 8);
        } catch (NoSuchAlgorithmException e) {
            throw new IdTokenException("Failed to verification.", e.getMessage());
        }
    }

    private static String[] c(String str) throws IdTokenException {
        String[] split = str.split("\\.", 0);
        if (split.length == 3) {
            return split;
        }
        throw new IdTokenException("Invalid ID Token.", "");
    }

    private static a d(String str) throws IdTokenException {
        return new a(str);
    }

    public static boolean e(String str, String str2, String str3, String str4, String str5, String str6) throws IdTokenException, ApiClientException, PublicKeysException {
        a(str2, str3, str);
        if (str4 != null) {
            h(str4, str);
        }
        if (str5 != null) {
            f(str5, str);
        }
        if (str6 == null) {
            return true;
        }
        g(str, Long.parseLong(str6));
        return true;
    }

    private static boolean f(String str, String str2) throws IdTokenException {
        if (b(str).startsWith(d(str2).a())) {
            return true;
        }
        q.a.b.a.b.b.b.b(a, "Not match Access Token.");
        throw new IdTokenException("Not match Access Token.", "The AccessToken did not match.");
    }

    private static boolean g(String str, long j2) throws IdTokenException {
        long c = d(str).c();
        if (b - c > j2) {
            q.a.b.a.b.b.b.b(a, "Over acceptable auth time.");
            throw new IdTokenException("Over acceptable auth time.", "This access has expired possible.");
        }
        q.a.b.a.b.b.b.a(a, "Current time - authTime = " + Long.toString(b - c) + " sec");
        q.a.b.a.b.b.b.a(a, "Issued time: " + Long.toString(c) + "(Current Time: " + Long.toString(b) + ")");
        return true;
    }

    private static boolean h(String str, String str2) throws IdTokenException {
        if (b(str).startsWith(d(str2).d())) {
            return true;
        }
        q.a.b.a.b.b.b.b(a, "Not match Authorization Code.");
        throw new IdTokenException("Not match Authorization Code.", "The Authorization Code did not match.");
    }

    private static boolean i(String str, String str2, String str3) throws IdTokenException {
        a d = d(str3);
        String g = d.g();
        String b2 = d.b();
        String h2 = d.h();
        if (!g.equals("https://auth.login.yahoo.co.jp/yconnect/v2")) {
            q.a.b.a.b.b.b.b(a, "Invalid issuer.");
            throw new IdTokenException("Invalid issuer.", "The issuer did not match.");
        }
        if (!b2.equals("")) {
            try {
                b2 = new JSONArray(b2).getString(0);
            } catch (JSONException e) {
                throw new IdTokenException("Invalid ID Token.", e.getMessage());
            }
        }
        if (!str.equals(b2)) {
            throw new IdTokenException("Invalid audience.", "The client id did not match.");
        }
        if (!str2.equals(h2)) {
            q.a.b.a.b.b.b.b(a, "Not match nonce.");
            throw new IdTokenException("Not match nonce.", "The nonce did not match.");
        }
        long e2 = d.e();
        long f = d.f();
        if (e2 < b) {
            q.a.b.a.b.b.b.b(a, "Expired ID Token.");
            throw new IdTokenException("Expired ID Token.", "Re-issue Id Token.");
        }
        q.a.b.a.b.b.b.a(a, "Expiraiton: " + Long.toString(e2) + "(Current Time: " + Long.toString(b) + ")");
        if (b - f > 600) {
            q.a.b.a.b.b.b.b(a, "Over acceptable range.");
            throw new IdTokenException("Over acceptable range.", "This access has expired possible.");
        }
        q.a.b.a.b.b.b.a(a, "Current time - iat = " + Long.toString(b - f) + " sec");
        q.a.b.a.b.b.b.a(a, "Issued time: " + Long.toString(f) + "(Current Time: " + Long.toString(b) + ")");
        return true;
    }

    private static boolean j(String str) throws IdTokenException, ApiClientException, PublicKeysException {
        String[] c = c(str);
        String str2 = c[0] + "." + c[1];
        byte[] decode = Base64.decode(c[2], 8);
        try {
            String optString = new JSONObject(new String(Base64.decode(c[0], 8))).optString("kid");
            q.a.b.a.b.b.b.a(a, "kid: " + optString);
            c cVar = new c();
            cVar.a();
            b = cVar.b();
            PublicKey c2 = cVar.c(optString);
            if (c2 == null) {
                q.a.b.a.b.b.b.d(a, "There is no public key for the kid.");
                return false;
            }
            try {
                Signature signature = Signature.getInstance("SHA256withRSA");
                signature.initVerify(c2);
                signature.update(str2.getBytes());
                return signature.verify(decode);
            } catch (Exception e) {
                q.a.b.a.b.b.b.d(a, e.getMessage());
                return false;
            }
        } catch (JSONException e2) {
            throw new IdTokenException("Invalid ID Token.", e2.getMessage());
        }
    }
}
