package net.soti.mobicontrol.idpsso.jwt;

import c7.p;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import kotlin.jvm.internal.a0;
import kotlin.jvm.internal.n;
import kotlin.jvm.internal.o;
import org.apache.commons.net.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import v6.l;

/* loaded from: classes2.dex */
public final class j {

    /* renamed from: c */
    private static final String f24660c = "rs256";

    /* renamed from: d */
    private static final String f24661d = "SHA256withRSA";

    /* renamed from: a */
    private final List<net.soti.mobicontrol.idpsso.jwt.b> f24663a;

    /* renamed from: b */
    public static final a f24659b = new a(null);

    /* renamed from: e */
    private static final Logger f24662e = LoggerFactory.getLogger((Class<?>) j.class);

    /* loaded from: classes2.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(kotlin.jvm.internal.h hVar) {
            this();
        }
    }

    /* loaded from: classes2.dex */
    public static final class b {

        /* renamed from: b */
        private final long f24665b;

        /* renamed from: d */
        private final boolean f24667d;

        /* renamed from: e */
        private Calendar f24668e;

        /* renamed from: a */
        private final List<net.soti.mobicontrol.idpsso.jwt.b> f24664a = new ArrayList();

        /* renamed from: c */
        private final Map<String, Long> f24666c = new HashMap();

        /* loaded from: classes2.dex */
        public static final class a extends o implements l<net.soti.mobicontrol.idpsso.jwt.f, Boolean> {

            /* renamed from: b */
            final /* synthetic */ net.soti.mobicontrol.idpsso.jwt.a f24670b;

            /* renamed from: c */
            final /* synthetic */ l<net.soti.mobicontrol.idpsso.jwt.f, Boolean> f24671c;

            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            /* JADX WARN: Multi-variable type inference failed */
            a(net.soti.mobicontrol.idpsso.jwt.a aVar, l<? super net.soti.mobicontrol.idpsso.jwt.f, Boolean> lVar) {
                super(1);
                this.f24670b = aVar;
                this.f24671c = lVar;
            }

            @Override // v6.l
            /* renamed from: a */
            public final Boolean invoke(net.soti.mobicontrol.idpsso.jwt.f jwt) {
                n.f(jwt, "jwt");
                if (b.this.p(this.f24670b, jwt)) {
                    throw new nd.h(this.f24670b.b());
                }
                return this.f24671c.invoke(jwt);
            }
        }

        /* renamed from: net.soti.mobicontrol.idpsso.jwt.j$b$b */
        /* loaded from: classes2.dex */
        public static final class C0388b extends o implements l<net.soti.mobicontrol.idpsso.jwt.f, Boolean> {

            /* renamed from: b */
            final /* synthetic */ long f24673b;

            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            C0388b(long j10) {
                super(1);
                this.f24673b = j10;
            }

            @Override // v6.l
            /* renamed from: a */
            public final Boolean invoke(net.soti.mobicontrol.idpsso.jwt.f fVar) {
                Long e10;
                return Boolean.valueOf(b.this.k((fVar == null || (e10 = fVar.e()) == null) ? 0L : e10.longValue(), this.f24673b, true));
            }
        }

        /* loaded from: classes2.dex */
        public static final class c extends o implements l<net.soti.mobicontrol.idpsso.jwt.f, Boolean> {

            /* renamed from: b */
            final /* synthetic */ long f24675b;

            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            c(long j10) {
                super(1);
                this.f24675b = j10;
            }

            @Override // v6.l
            /* renamed from: a */
            public final Boolean invoke(net.soti.mobicontrol.idpsso.jwt.f fVar) {
                Long k10;
                return Boolean.valueOf(b.this.k((fVar == null || (k10 = fVar.k()) == null) ? 0L : k10.longValue(), this.f24675b, false));
            }
        }

        /* loaded from: classes2.dex */
        public static final class d extends o implements l<net.soti.mobicontrol.idpsso.jwt.f, Boolean> {

            /* renamed from: b */
            final /* synthetic */ long f24677b;

            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            d(long j10) {
                super(1);
                this.f24677b = j10;
            }

            @Override // v6.l
            /* renamed from: a */
            public final Boolean invoke(net.soti.mobicontrol.idpsso.jwt.f fVar) {
                Long g10;
                return Boolean.valueOf(b.this.k((fVar == null || (g10 = fVar.g()) == null) ? 0L : g10.longValue(), this.f24677b, false));
            }
        }

        /* loaded from: classes2.dex */
        public static final class e implements net.soti.mobicontrol.idpsso.jwt.b {

            /* renamed from: a */
            final /* synthetic */ String f24678a;

            /* renamed from: b */
            final /* synthetic */ l<net.soti.mobicontrol.idpsso.jwt.f, Boolean> f24679b;

            /* JADX WARN: Multi-variable type inference failed */
            e(String str, l<? super net.soti.mobicontrol.idpsso.jwt.f, Boolean> lVar) {
                this.f24678a = str;
                this.f24679b = lVar;
            }

            @Override // net.soti.mobicontrol.idpsso.jwt.b
            public boolean a(net.soti.mobicontrol.idpsso.jwt.f jwt) {
                n.f(jwt, "jwt");
                return this.f24679b.invoke(jwt).booleanValue();
            }

            @Override // net.soti.mobicontrol.idpsso.jwt.b
            public String b() {
                return this.f24678a;
            }
        }

        /* loaded from: classes2.dex */
        public static final class f extends o implements l<net.soti.mobicontrol.idpsso.jwt.f, Boolean> {

            /* renamed from: a */
            final /* synthetic */ String f24680a;

            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            f(String str) {
                super(1);
                this.f24680a = str;
            }

            @Override // v6.l
            /* renamed from: a */
            public final Boolean invoke(net.soti.mobicontrol.idpsso.jwt.f jwt) {
                boolean n10;
                n.f(jwt, "jwt");
                String d10 = jwt.d();
                boolean z10 = false;
                if (d10 != null) {
                    n10 = p.n(d10, this.f24680a, true);
                    if (n10) {
                        z10 = true;
                    }
                }
                if (z10) {
                    return Boolean.TRUE;
                }
                throw new nd.b("The Claim 'aud' value doesn't contain the required idpAudience.");
            }
        }

        /* loaded from: classes2.dex */
        public static final class g extends o implements l<net.soti.mobicontrol.idpsso.jwt.f, Boolean> {

            /* renamed from: a */
            final /* synthetic */ String f24681a;

            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            g(String str) {
                super(1);
                this.f24681a = str;
            }

            @Override // v6.l
            /* renamed from: a */
            public final Boolean invoke(net.soti.mobicontrol.idpsso.jwt.f fVar) {
                boolean p10;
                p10 = p.p(this.f24681a, fVar != null ? fVar.h() : null, true);
                if (p10) {
                    return Boolean.TRUE;
                }
                throw new nd.b("The Claim 'iss' value doesn't match the required issuer.");
            }
        }

        private final void f(net.soti.mobicontrol.idpsso.jwt.a aVar, l<? super net.soti.mobicontrol.idpsso.jwt.f, Boolean> lVar) {
            this.f24664a.add(n(aVar.b(), new a(aVar, lVar)));
        }

        private final void g() {
            long o10 = o("exp");
            long o11 = o("nbf");
            long o12 = o("iat");
            this.f24664a.add(n("exp", new C0388b(o10)));
            this.f24664a.add(n("nbf", new c(o11)));
            if (this.f24667d) {
                return;
            }
            this.f24664a.add(n("iat", new d(o12)));
        }

        private final boolean h(Long l10, long j10, long j11) {
            return l10 == null || j11 - j10 < l10.longValue();
        }

        private final boolean i(Long l10, long j10, long j11) {
            return l10 == null || j11 + j10 >= l10.longValue();
        }

        private final void j(long j10) {
            if (!(j10 >= 0)) {
                throw new IllegalArgumentException("Leeway value can't be negative.".toString());
            }
        }

        public final boolean k(long j10, long j11, boolean z10) {
            if (j10 == 0) {
                return false;
            }
            long currentTimeMillis = System.currentTimeMillis() / 1000;
            if (z10) {
                if (!h(Long.valueOf(j10), j11, currentTimeMillis)) {
                    a0 a0Var = a0.f11044a;
                    String format = String.format("The Token has expired on %s.", Arrays.copyOf(new Object[]{Long.valueOf(j10)}, 1));
                    n.e(format, "format(format, *args)");
                    throw new nd.k(format);
                }
            } else if (!i(Long.valueOf(j10), j11, currentTimeMillis)) {
                a0 a0Var2 = a0.f11044a;
                String format2 = String.format("The Token can't be used before %s.", Arrays.copyOf(new Object[]{Long.valueOf(j10)}, 1));
                n.e(format2, "format(format, *args)");
                throw new nd.b(format2);
            }
            return true;
        }

        public static /* synthetic */ j m(b bVar, Calendar calendar, int i10, Object obj) {
            if ((i10 & 1) != 0) {
                calendar = Calendar.getInstance();
            }
            return bVar.l(calendar);
        }

        private final net.soti.mobicontrol.idpsso.jwt.b n(String str, l<? super net.soti.mobicontrol.idpsso.jwt.f, Boolean> lVar) {
            return new e(str, lVar);
        }

        private final long o(String str) {
            Long l10 = this.f24666c.get(str);
            return l10 != null ? l10.longValue() : this.f24665b;
        }

        public final boolean p(net.soti.mobicontrol.idpsso.jwt.a aVar, net.soti.mobicontrol.idpsso.jwt.f fVar) {
            return aVar.c(fVar) == null;
        }

        public final void a(long j10) throws IllegalArgumentException {
            j(j10);
            this.f24666c.put("exp", Long.valueOf(j10));
        }

        public final void b(long j10) throws IllegalArgumentException {
            j(j10);
            this.f24666c.put("iat", Long.valueOf(j10));
        }

        public final void c(long j10) throws IllegalArgumentException {
            j(j10);
            this.f24666c.put("nbf", Long.valueOf(j10));
        }

        public final j l(Calendar calendar) {
            this.f24668e = calendar;
            g();
            return new j(this.f24664a);
        }

        public final void q(String audience) {
            n.f(audience, "audience");
            f(net.soti.mobicontrol.idpsso.jwt.a.AUDIENCE, new f(audience));
        }

        public final void r(String issuer) throws nd.b {
            n.f(issuer, "issuer");
            f(net.soti.mobicontrol.idpsso.jwt.a.ISSUER, new g(issuer));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public j(List<? extends net.soti.mobicontrol.idpsso.jwt.b> expectedChecks) {
        n.f(expectedChecks, "expectedChecks");
        this.f24663a = expectedChecks;
    }

    private final boolean a(Signature signature, PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        try {
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException e10) {
            f24662e.error("Can not verify the Jwt {}", e10.getMessage());
            return false;
        } catch (nd.i e11) {
            f24662e.error("Can not verify the Jwt {}", e11.getMessage());
            return false;
        }
    }

    private final void c(f fVar) throws nd.a {
        String str;
        String c10 = fVar.c();
        if (c10 != null) {
            str = c10.toLowerCase(Locale.ROOT);
            n.e(str, "this as java.lang.String).toLowerCase(Locale.ROOT)");
        } else {
            str = null;
        }
        if (n.a(f24660c, str)) {
            return;
        }
        Logger logger = f24662e;
        String c11 = fVar.c();
        if (c11 == null) {
            c11 = "null";
        }
        logger.debug("{} is not valid algorithm", c11);
        throw new nd.a("The provided Algorithm doesn't match the one defined in the Jwt's Header.");
    }

    private final void d(f fVar, List<? extends net.soti.mobicontrol.idpsso.jwt.b> list) throws nd.k, nd.c {
        for (net.soti.mobicontrol.idpsso.jwt.b bVar : list) {
            if (!bVar.a(fVar)) {
                String str = "The Claim " + bVar.b() + " value doesn't match the required one.";
                f24662e.debug(str);
                throw new nd.b(str);
            }
        }
    }

    private final void e(net.soti.mobicontrol.idpsso.e eVar, f fVar) throws nd.d {
        if (eVar.i(fVar.i(), fVar.e())) {
            return;
        }
        f24662e.debug("JTI is not valid");
        throw new nd.d("JTI is not valid");
    }

    private final void f(f fVar, net.soti.mobicontrol.idpsso.a aVar, boolean z10) throws nd.i, NoSuchAlgorithmException {
        Logger logger = f24662e;
        logger.debug("Verify signature function call tryAgain-> {}", Boolean.valueOf(z10));
        PublicKey b10 = aVar.b(z10);
        if (b10 == null) {
            throw new nd.i("Signature ERROR");
        }
        Signature signature = Signature.getInstance(f24661d);
        n.e(signature, "signature");
        byte[] bytes = (fVar.f() + '.' + fVar.l()).getBytes(c7.d.f4696f);
        n.e(bytes, "this as java.lang.String).getBytes(charset)");
        boolean a10 = a(signature, b10, bytes, Base64.decodeBase64(fVar.n()));
        if (!a10 && !z10) {
            f(fVar, aVar, true);
        } else {
            if (a10) {
                return;
            }
            logger.debug("can not verify the signature");
            throw new nd.i("Signature mismatch");
        }
    }

    static /* synthetic */ void g(j jVar, f fVar, net.soti.mobicontrol.idpsso.a aVar, boolean z10, int i10, Object obj) throws nd.i, NoSuchAlgorithmException {
        if ((i10 & 4) != 0) {
            z10 = false;
        }
        jVar.f(fVar, aVar, z10);
    }

    public final f b(f jwt, net.soti.mobicontrol.idpsso.e idpSsoHelper, net.soti.mobicontrol.idpsso.a idpPublicKeyRetriever) throws nd.g {
        n.f(jwt, "jwt");
        n.f(idpSsoHelper, "idpSsoHelper");
        n.f(idpPublicKeyRetriever, "idpPublicKeyRetriever");
        e(idpSsoHelper, jwt);
        c(jwt);
        g(this, jwt, idpPublicKeyRetriever, false, 4, null);
        d(jwt, this.f24663a);
        return jwt;
    }
}
