package net.soti.mobicontrol.idpsso.jwt;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import kotlin.jvm.internal.e0;
import net.soti.mobicontrol.idpsso.jwt.j;
import org.apache.commons.net.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public final class j {

    /* renamed from: b */
    public static final a f25431b = new a(null);

    /* renamed from: c */
    private static final String f25432c = "rs256";

    /* renamed from: d */
    private static final String f25433d = "SHA256withRSA";

    /* renamed from: e */
    private static final Logger f25434e;

    /* renamed from: a */
    private final List<net.soti.mobicontrol.idpsso.jwt.b> f25435a;

    /* loaded from: classes2.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(kotlin.jvm.internal.h hVar) {
            this();
        }
    }

    /* loaded from: classes2.dex */
    public static final class b {

        /* renamed from: b */
        private final long f25437b;

        /* renamed from: d */
        private final boolean f25439d;

        /* renamed from: e */
        private Calendar f25440e;

        /* renamed from: a */
        private final List<net.soti.mobicontrol.idpsso.jwt.b> f25436a = new ArrayList();

        /* renamed from: c */
        private final Map<String, Long> f25438c = new HashMap();

        /* loaded from: classes2.dex */
        public static final class a implements net.soti.mobicontrol.idpsso.jwt.b {

            /* renamed from: a */
            final /* synthetic */ String f25441a;

            /* renamed from: b */
            final /* synthetic */ p7.l<f, Boolean> f25442b;

            /* JADX WARN: Multi-variable type inference failed */
            a(String str, p7.l<? super f, Boolean> lVar) {
                this.f25441a = str;
                this.f25442b = lVar;
            }

            @Override // net.soti.mobicontrol.idpsso.jwt.b
            public boolean a(f jwt) {
                kotlin.jvm.internal.n.g(jwt, "jwt");
                return this.f25442b.invoke(jwt).booleanValue();
            }

            @Override // net.soti.mobicontrol.idpsso.jwt.b
            public String b() {
                return this.f25441a;
            }
        }

        public static final boolean B(String issuer, f fVar) {
            boolean q10;
            kotlin.jvm.internal.n.g(issuer, "$issuer");
            q10 = x7.p.q(issuer, fVar != null ? fVar.h() : null, true);
            if (q10) {
                return true;
            }
            throw new ad.b("The Claim 'iss' value doesn't match the required issuer.");
        }

        private final void j(final net.soti.mobicontrol.idpsso.jwt.a aVar, final p7.l<? super f, Boolean> lVar) {
            this.f25436a.add(v(aVar.b(), new p7.l() { // from class: net.soti.mobicontrol.idpsso.jwt.o
                @Override // p7.l
                public final Object invoke(Object obj) {
                    boolean k10;
                    k10 = j.b.k(j.b.this, aVar, lVar, (f) obj);
                    return Boolean.valueOf(k10);
                }
            }));
        }

        public static final boolean k(b this$0, net.soti.mobicontrol.idpsso.jwt.a claim, p7.l predicate, f jwt) {
            kotlin.jvm.internal.n.g(this$0, "this$0");
            kotlin.jvm.internal.n.g(claim, "$claim");
            kotlin.jvm.internal.n.g(predicate, "$predicate");
            kotlin.jvm.internal.n.g(jwt, "jwt");
            if (this$0.x(claim, jwt)) {
                throw new ad.h(claim.b());
            }
            return ((Boolean) predicate.invoke(jwt)).booleanValue();
        }

        private final void l() {
            final long w10 = w("exp");
            final long w11 = w("nbf");
            final long w12 = w("iat");
            this.f25436a.add(v("exp", new p7.l() { // from class: net.soti.mobicontrol.idpsso.jwt.l
                @Override // p7.l
                public final Object invoke(Object obj) {
                    boolean m10;
                    m10 = j.b.m(j.b.this, w10, (f) obj);
                    return Boolean.valueOf(m10);
                }
            }));
            this.f25436a.add(v("nbf", new p7.l() { // from class: net.soti.mobicontrol.idpsso.jwt.m
                @Override // p7.l
                public final Object invoke(Object obj) {
                    boolean n10;
                    n10 = j.b.n(j.b.this, w11, (f) obj);
                    return Boolean.valueOf(n10);
                }
            }));
            if (this.f25439d) {
                return;
            }
            this.f25436a.add(v("iat", new p7.l() { // from class: net.soti.mobicontrol.idpsso.jwt.n
                @Override // p7.l
                public final Object invoke(Object obj) {
                    boolean o10;
                    o10 = j.b.o(j.b.this, w12, (f) obj);
                    return Boolean.valueOf(o10);
                }
            }));
        }

        public static final boolean m(b this$0, long j10, f fVar) {
            Long e10;
            kotlin.jvm.internal.n.g(this$0, "this$0");
            return this$0.s((fVar == null || (e10 = fVar.e()) == null) ? 0L : e10.longValue(), j10, true);
        }

        public static final boolean n(b this$0, long j10, f fVar) {
            Long k10;
            kotlin.jvm.internal.n.g(this$0, "this$0");
            return this$0.s((fVar == null || (k10 = fVar.k()) == null) ? 0L : k10.longValue(), j10, false);
        }

        public static final boolean o(b this$0, long j10, f fVar) {
            Long g10;
            kotlin.jvm.internal.n.g(this$0, "this$0");
            return this$0.s((fVar == null || (g10 = fVar.g()) == null) ? 0L : g10.longValue(), j10, false);
        }

        private final boolean p(Long l10, long j10, long j11) {
            return l10 == null || j11 - j10 < l10.longValue();
        }

        private final boolean q(Long l10, long j10, long j11) {
            return l10 == null || j11 + j10 >= l10.longValue();
        }

        private final void r(long j10) {
            if (j10 < 0) {
                throw new IllegalArgumentException("Leeway value can't be negative.".toString());
            }
        }

        private final boolean s(long j10, long j11, boolean z10) {
            if (j10 == 0) {
                return false;
            }
            long currentTimeMillis = System.currentTimeMillis() / 1000;
            if (z10) {
                if (!p(Long.valueOf(j10), j11, currentTimeMillis)) {
                    e0 e0Var = e0.f11765a;
                    String format = String.format("The Token has expired on %s.", Arrays.copyOf(new Object[]{Long.valueOf(j10)}, 1));
                    kotlin.jvm.internal.n.f(format, "format(...)");
                    throw new ad.k(format);
                }
            } else if (!q(Long.valueOf(j10), j11, currentTimeMillis)) {
                e0 e0Var2 = e0.f11765a;
                String format2 = String.format("The Token can't be used before %s.", Arrays.copyOf(new Object[]{Long.valueOf(j10)}, 1));
                kotlin.jvm.internal.n.f(format2, "format(...)");
                throw new ad.b(format2);
            }
            return true;
        }

        public static /* synthetic */ j u(b bVar, Calendar calendar, int i10, Object obj) {
            if ((i10 & 1) != 0) {
                calendar = Calendar.getInstance();
            }
            return bVar.t(calendar);
        }

        private final net.soti.mobicontrol.idpsso.jwt.b v(String str, p7.l<? super f, Boolean> lVar) {
            return new a(str, lVar);
        }

        private final long w(String str) {
            Long l10 = this.f25438c.get(str);
            return l10 != null ? l10.longValue() : this.f25437b;
        }

        private final boolean x(net.soti.mobicontrol.idpsso.jwt.a aVar, f fVar) {
            return aVar.c(fVar) == null;
        }

        public static final boolean z(String audience, f jwt) {
            boolean o10;
            kotlin.jvm.internal.n.g(audience, "$audience");
            kotlin.jvm.internal.n.g(jwt, "jwt");
            String d10 = jwt.d();
            if (d10 != null) {
                o10 = x7.p.o(d10, audience, true);
                if (o10) {
                    return true;
                }
            }
            throw new ad.b("The Claim 'aud' value doesn't contain the required idpAudience.");
        }

        public final void A(final String issuer) throws ad.b {
            kotlin.jvm.internal.n.g(issuer, "issuer");
            j(net.soti.mobicontrol.idpsso.jwt.a.f25389a, new p7.l() { // from class: net.soti.mobicontrol.idpsso.jwt.k
                @Override // p7.l
                public final Object invoke(Object obj) {
                    boolean B;
                    B = j.b.B(issuer, (f) obj);
                    return Boolean.valueOf(B);
                }
            });
        }

        public final void g(long j10) throws IllegalArgumentException {
            r(j10);
            this.f25438c.put("exp", Long.valueOf(j10));
        }

        public final void h(long j10) throws IllegalArgumentException {
            r(j10);
            this.f25438c.put("iat", Long.valueOf(j10));
        }

        public final void i(long j10) throws IllegalArgumentException {
            r(j10);
            this.f25438c.put("nbf", Long.valueOf(j10));
        }

        public final j t(Calendar calendar) {
            this.f25440e = calendar;
            l();
            return new j(this.f25436a);
        }

        public final void y(final String audience) {
            kotlin.jvm.internal.n.g(audience, "audience");
            j(net.soti.mobicontrol.idpsso.jwt.a.f25390b, new p7.l() { // from class: net.soti.mobicontrol.idpsso.jwt.p
                @Override // p7.l
                public final Object invoke(Object obj) {
                    boolean z10;
                    z10 = j.b.z(audience, (f) obj);
                    return Boolean.valueOf(z10);
                }
            });
        }
    }

    static {
        Logger logger = LoggerFactory.getLogger((Class<?>) j.class);
        kotlin.jvm.internal.n.f(logger, "getLogger(...)");
        f25434e = logger;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public j(List<? extends net.soti.mobicontrol.idpsso.jwt.b> expectedChecks) {
        kotlin.jvm.internal.n.g(expectedChecks, "expectedChecks");
        this.f25435a = expectedChecks;
    }

    private final boolean a(Signature signature, PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        try {
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (ad.i e10) {
            f25434e.error("Can not verify the Jwt {}", e10.getMessage());
            return false;
        } catch (InvalidKeyException e11) {
            f25434e.error("Can not verify the Jwt {}", e11.getMessage());
            return false;
        }
    }

    private final void c(f fVar) throws ad.a {
        String str;
        String c10 = fVar.c();
        if (c10 != null) {
            str = c10.toLowerCase(Locale.ROOT);
            kotlin.jvm.internal.n.f(str, "toLowerCase(...)");
        } else {
            str = null;
        }
        if (kotlin.jvm.internal.n.b(f25432c, str)) {
            return;
        }
        Logger logger = f25434e;
        String c11 = fVar.c();
        if (c11 == null) {
            c11 = "null";
        }
        logger.debug("{} is not valid algorithm", c11);
        throw new ad.a("The provided Algorithm doesn't match the one defined in the Jwt's Header.");
    }

    private final void d(f fVar, List<? extends net.soti.mobicontrol.idpsso.jwt.b> list) throws ad.k, ad.c {
        for (net.soti.mobicontrol.idpsso.jwt.b bVar : list) {
            if (!bVar.a(fVar)) {
                String str = "The Claim " + bVar.b() + " value doesn't match the required one.";
                f25434e.debug(str);
                throw new ad.b(str);
            }
        }
    }

    private final void e(net.soti.mobicontrol.idpsso.e eVar, f fVar) throws ad.d {
        if (eVar.i(fVar.i(), fVar.e())) {
            return;
        }
        f25434e.debug("JTI is not valid");
        throw new ad.d("JTI is not valid");
    }

    private final void f(f fVar, net.soti.mobicontrol.idpsso.a aVar, boolean z10) throws ad.i, NoSuchAlgorithmException {
        Logger logger = f25434e;
        logger.debug("Verify signature function call tryAgain-> {}", Boolean.valueOf(z10));
        PublicKey b10 = aVar.b(z10);
        if (b10 == null) {
            throw new ad.i("Signature ERROR");
        }
        Signature signature = Signature.getInstance(f25433d);
        kotlin.jvm.internal.n.d(signature);
        byte[] bytes = (fVar.f() + '.' + fVar.l()).getBytes(x7.d.f37218f);
        kotlin.jvm.internal.n.f(bytes, "getBytes(...)");
        boolean a10 = a(signature, b10, bytes, Base64.decodeBase64(fVar.n()));
        if (!a10 && !z10) {
            f(fVar, aVar, true);
        } else {
            if (a10) {
                return;
            }
            logger.debug("can not verify the signature");
            throw new ad.i("Signature mismatch");
        }
    }

    static /* synthetic */ void g(j jVar, f fVar, net.soti.mobicontrol.idpsso.a aVar, boolean z10, int i10, Object obj) throws ad.i, NoSuchAlgorithmException {
        if ((i10 & 4) != 0) {
            z10 = false;
        }
        jVar.f(fVar, aVar, z10);
    }

    public final f b(f jwt, net.soti.mobicontrol.idpsso.e idpSsoHelper, net.soti.mobicontrol.idpsso.a idpPublicKeyRetriever) throws ad.g {
        kotlin.jvm.internal.n.g(jwt, "jwt");
        kotlin.jvm.internal.n.g(idpSsoHelper, "idpSsoHelper");
        kotlin.jvm.internal.n.g(idpPublicKeyRetriever, "idpPublicKeyRetriever");
        e(idpSsoHelper, jwt);
        c(jwt);
        g(this, jwt, idpPublicKeyRetriever, false, 4, null);
        d(jwt, this.f25435a);
        return jwt;
    }
}
