package jp.co.yahoo.yconnect.core.oidc.idtoken;

import android.util.Base64;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import jp.co.yahoo.yconnect.YConnectEndpoint;
import jp.co.yahoo.yconnect.core.api.ApiClientException;
import jp.co.yahoo.yconnect.core.oidc.PublicKeysClient;
import jp.co.yahoo.yconnect.core.oidc.PublicKeysException;
import jp.co.yahoo.yconnect.core.util.YConnectLogger;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class IdTokenVerification {

    /* renamed from: ˎ, reason: contains not printable characters */
    private static final String f4352 = IdTokenVerification.class.getSimpleName();

    /* renamed from: ॱ, reason: contains not printable characters */
    private static long f4353 = 0;

    public static boolean verify(String str, String str2, String str3, String str4, String str5, String str6) {
        boolean z;
        boolean z2;
        boolean z3;
        try {
            if (m3068(str)) {
                IdTokenObject idTokenObject = new IdTokenObject(str);
                String iss = idTokenObject.getIss();
                String aud = idTokenObject.getAud();
                String nonce = idTokenObject.getNonce();
                if (!iss.equals(YConnectEndpoint.YCONNECT_V2_URL)) {
                    YConnectLogger.error(f4352, "Invalid issuer");
                    z = false;
                } else if (!str2.equals(aud)) {
                    YConnectLogger.error(f4352, "Invalid audience.");
                    z = false;
                } else if (str3.equals(nonce)) {
                    long exp = idTokenObject.getExp();
                    long iat = idTokenObject.getIat();
                    if (exp < f4353) {
                        YConnectLogger.error(f4352, "Expired ID Token.");
                        z = false;
                    } else {
                        YConnectLogger.debug(f4352, "Expiration: " + Long.toString(exp) + "(Current Time: " + Long.toString(f4353) + ")");
                        if (f4353 - iat > 600) {
                            YConnectLogger.error(f4352, "Over acceptable range.");
                            z = false;
                        } else {
                            YConnectLogger.debug(f4352, "Current time - iat = " + Long.toString(f4353 - iat) + " sec");
                            YConnectLogger.debug(f4352, "Issued time: " + Long.toString(iat) + "(Current Time: " + Long.toString(f4353) + ")");
                            z = true;
                        }
                    }
                } else {
                    YConnectLogger.error(f4352, "Not match nonce.");
                    z = false;
                }
            } else {
                YConnectLogger.error(f4352, "Invalid Signature.");
                z = false;
            }
            if (!z) {
                return false;
            }
            IdTokenObject idTokenObject2 = new IdTokenObject(str);
            if (str4 != null) {
                if (m3067(str4).startsWith(idTokenObject2.getCHash())) {
                    z3 = true;
                } else {
                    YConnectLogger.error(f4352, "Not match Authorization Code.");
                    z3 = false;
                }
                if (!z3) {
                    return false;
                }
            }
            if (str5 != null) {
                if (m3067(str5).startsWith(idTokenObject2.getAtHash())) {
                    z2 = true;
                } else {
                    YConnectLogger.error(f4352, "Not match Access Token.");
                    z2 = false;
                }
                if (!z2) {
                    return false;
                }
            }
            if (str6 == null) {
                return true;
            }
            long parseLong = Long.parseLong(str6);
            long authTime = idTokenObject2.getAuthTime();
            if (f4353 - authTime > parseLong) {
                YConnectLogger.error(f4352, "Over acceptable auth time.");
                return false;
            }
            YConnectLogger.debug(f4352, "Current time - authTime = " + Long.toString(f4353 - authTime) + " sec");
            YConnectLogger.debug(f4352, "Issued time: " + Long.toString(authTime) + "(Current Time: " + Long.toString(f4353) + ")");
            return true;
        } catch (IdTokenException e) {
            YConnectLogger.error(f4352, "Invalid ID Token.");
            YConnectLogger.error(f4352, "error=" + e.getError() + " error_description=" + e.getErrorDescription());
            return false;
        }
    }

    /* renamed from: ˋ, reason: contains not printable characters */
    private static String m3067(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
            messageDigest.update(str.getBytes());
            byte[] digest = messageDigest.digest();
            byte[] bArr = new byte[digest.length / 2];
            System.arraycopy(digest, 0, bArr, 0, digest.length / 2);
            return Base64.encodeToString(bArr, 8);
        } catch (NoSuchAlgorithmException e) {
            throw new IdTokenException("Failed to verification.", e.getMessage());
        }
    }

    /* renamed from: ˎ, reason: contains not printable characters */
    private static boolean m3068(String str) {
        String[] split = str.split("\\.", 0);
        if (split.length != 3) {
            throw new IdTokenException("Invalid ID Token.", "");
        }
        String str2 = split[0] + "." + split[1];
        byte[] decode = Base64.decode(split[2], 8);
        try {
            String optString = new JSONObject(new String(Base64.decode(split[0], 8))).optString("kid");
            try {
                PublicKeysClient publicKeysClient = new PublicKeysClient();
                publicKeysClient.fetch();
                f4353 = publicKeysClient.getCurrentTime();
                PublicKey publicKey = publicKeysClient.getPublicKey(optString);
                if (publicKey == null) {
                    YConnectLogger.error(f4352, "There is no public key for the kid.");
                    return false;
                }
                try {
                    Signature signature = Signature.getInstance("SHA256withRSA");
                    signature.initVerify(publicKey);
                    signature.update(str2.getBytes());
                    return signature.verify(decode);
                } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
                    YConnectLogger.error(f4352, e.getMessage());
                    return false;
                }
            } catch (IOException | ApiClientException | PublicKeysException e2) {
                YConnectLogger.error(f4352, e2.getMessage());
                return false;
            }
        } catch (JSONException unused) {
            YConnectLogger.error(f4352, "Invalid ID Token.");
            return false;
        }
    }
}
