package com.navigraph.charts.authentication.validation;

import com.navigraph.charts.authentication.configuration.ClientConfiguration;
import com.navigraph.charts.authentication.configuration.OpenIdClient;
import com.navigraph.charts.authentication.configuration.model.AlgorithmType;
import com.navigraph.charts.authentication.configuration.model.SigningAlgorithm;
import com.navigraph.charts.authentication.exceptions.OpenIdConnectException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.util.DateUtils;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.threeten.bp.Instant;
import org.threeten.bp.temporal.ChronoUnit;
import se.blit.ngcharts.ngcharts.authentication.response.model.ClientInfo;

/* compiled from: JWSExtension.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000,\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\n\n\u0002\u0018\u0002\n\u0000\u001a\u0014\u0010\u0000\u001a\n \u0002*\u0004\u0018\u00010\u00010\u0001*\u00020\u0003H\u0000\u001a\f\u0010\u0004\u001a\u00020\u0005*\u00020\u0003H\u0000\u001a\f\u0010\u0006\u001a\u00020\u0007*\u00020\bH\u0000\u001a\f\u0010\t\u001a\u00020\n*\u00020\u0003H\u0000\u001a\f\u0010\u000b\u001a\u00020\u0003*\u00020\u0003H\u0000\u001a\f\u0010\f\u001a\u00020\u0003*\u00020\u0003H\u0000\u001a\f\u0010\r\u001a\u00020\u0003*\u00020\u0003H\u0000\u001a\f\u0010\u000e\u001a\u00020\u0003*\u00020\u0003H\u0000\u001a\f\u0010\u000f\u001a\u00020\u0003*\u00020\u0003H\u0000\u001a\u0018\u0010\u0010\u001a\u00020\u0003*\u00020\u00032\n\b\u0002\u0010\u0011\u001a\u0004\u0018\u00010\u0001H\u0000\u001a\f\u0010\u0012\u001a\u00020\u0003*\u00020\u0003H\u0000\u001a\f\u0010\u0013\u001a\u00020\u0003*\u00020\u0003H\u0000\u001a\f\u0010\u0014\u001a\u00020\u0003*\u00020\u0015H\u0000¨\u0006\u0016"}, d2 = {"authorizedParty", "", "kotlin.jvm.PlatformType", "Lcom/nimbusds/jwt/JWTClaimsSet;", "clientInfo", "Lse/blit/ngcharts/ngcharts/authentication/response/model/ClientInfo;", "signingAlgorithm", "Lcom/navigraph/charts/authentication/configuration/model/AlgorithmType;", "Lcom/nimbusds/jose/JWSHeader;", "userInfo", "Lse/blit/ngcharts/ngcharts/authentication/response/model/UserInfo;", "validateAudience", "validateAudienceHasAuthorizedParty", "validateAuthorizedParty", "validateIssuedAt", "validateIssuer", "validateNonce", "nonce", "validateTimeElapsedSinceLastAuthentication", "validateTokenExpiry", "verifySignature", "Lcom/nimbusds/jwt/SignedJWT;", "app_release"}, k = 2, mv = {1, 1, 15})
/* loaded from: classes.dex */
public final class JWSExtensionKt {
    public static final String authorizedParty(@NotNull JWTClaimsSet authorizedParty) {
        Intrinsics.checkParameterIsNotNull(authorizedParty, "$this$authorizedParty");
        return authorizedParty.getStringClaim("azp");
    }

    @NotNull
    public static final ClientInfo clientInfo(@NotNull JWTClaimsSet clientInfo) {
        Intrinsics.checkParameterIsNotNull(clientInfo, "$this$clientInfo");
        List<String> audience = clientInfo.getAudience();
        if (!(audience.size() > 1)) {
            audience = null;
        }
        if (audience == null) {
            List<String> audience2 = clientInfo.getAudience();
            Intrinsics.checkExpressionValueIsNotNull(audience2, "audience");
            Object first = CollectionsKt.first((List<? extends Object>) audience2);
            Intrinsics.checkExpressionValueIsNotNull(first, "audience.first()");
            return new ClientInfo((String) first, null, 2, null);
        }
        String authorizedParty = authorizedParty(clientInfo);
        Intrinsics.checkExpressionValueIsNotNull(authorizedParty, "authorizedParty()");
        List<String> audience3 = clientInfo.getAudience();
        Intrinsics.checkExpressionValueIsNotNull(audience3, "audience");
        ArrayList arrayList = new ArrayList();
        for (Object obj : audience3) {
            if (!Intrinsics.areEqual((String) obj, authorizedParty(clientInfo))) {
                arrayList.add(obj);
            }
        }
        return new ClientInfo(authorizedParty, arrayList);
    }

    @NotNull
    public static final AlgorithmType signingAlgorithm(@NotNull JWSHeader signingAlgorithm) {
        Object obj;
        AlgorithmType algorithmType;
        Intrinsics.checkParameterIsNotNull(signingAlgorithm, "$this$signingAlgorithm");
        Iterator<T> it = ClientConfiguration.INSTANCE.getProvider$app_release().getIdTokenSigningAlgorithms().iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            String name = ((SigningAlgorithm) obj).name();
            JWSAlgorithm algorithm = signingAlgorithm.getAlgorithm();
            Intrinsics.checkExpressionValueIsNotNull(algorithm, "algorithm");
            if (Intrinsics.areEqual(name, algorithm.getName())) {
                break;
            }
        }
        SigningAlgorithm signingAlgorithm2 = (SigningAlgorithm) obj;
        if (signingAlgorithm2 != null && (algorithmType = signingAlgorithm2.algorithmType()) != null) {
            return algorithmType;
        }
        throw new OpenIdConnectException("Malicious Token. IdP does not support Algorithm '" + signingAlgorithm.getAlgorithm() + '\'', null, 2, null);
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x0095  */
    /* JADX WARN: Removed duplicated region for block: B:17:0x00b7  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x00e2  */
    @org.jetbrains.annotations.NotNull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static final se.blit.ngcharts.ngcharts.authentication.response.model.UserInfo userInfo(@org.jetbrains.annotations.NotNull com.nimbusds.jwt.JWTClaimsSet r18) {
        /*
            r0 = r18
            java.lang.String r1 = "$this$userInfo"
            kotlin.jvm.internal.Intrinsics.checkParameterIsNotNull(r0, r1)
            se.blit.ngcharts.ngcharts.authentication.response.model.Profile r1 = new se.blit.ngcharts.ngcharts.authentication.response.model.Profile
            java.lang.String r3 = r18.getSubject()
            java.lang.String r2 = "subject"
            kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r3, r2)
            java.lang.String r2 = "name"
            java.lang.String r4 = r0.getStringClaim(r2)
            java.lang.String r2 = "given_name"
            java.lang.String r5 = r0.getStringClaim(r2)
            java.lang.String r2 = "family_name"
            java.lang.String r6 = r0.getStringClaim(r2)
            java.lang.String r2 = "middle_name"
            java.lang.String r7 = r0.getStringClaim(r2)
            java.lang.String r2 = "nickname"
            java.lang.String r8 = r0.getStringClaim(r2)
            java.lang.String r2 = "preferred_username"
            java.lang.String r9 = r0.getStringClaim(r2)
            java.lang.String r2 = "profile"
            java.lang.String r10 = r0.getStringClaim(r2)
            java.lang.String r2 = "picture"
            java.lang.String r11 = r0.getStringClaim(r2)
            java.lang.String r2 = "website"
            java.lang.String r12 = r0.getStringClaim(r2)
            java.lang.String r2 = "gender"
            java.lang.String r13 = r0.getStringClaim(r2)
            java.lang.String r2 = "birthdate"
            java.lang.String r14 = r0.getStringClaim(r2)
            java.lang.String r2 = "locale"
            java.lang.String r16 = r0.getStringClaim(r2)
            java.lang.String r2 = "zoneinfo"
            java.lang.String r15 = r0.getStringClaim(r2)
            java.lang.String r2 = "updated_at"
            java.lang.Long r17 = r0.getLongClaim(r2)
            r2 = r1
            r2.<init>(r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, r13, r14, r15, r16, r17)
            java.lang.String r2 = "email"
            java.lang.String r2 = r0.getStringClaim(r2)
            r3 = 0
            if (r2 == 0) goto L8c
            r4 = r2
            java.lang.CharSequence r4 = (java.lang.CharSequence) r4
            boolean r4 = kotlin.text.StringsKt.isBlank(r4)
            if (r4 != 0) goto L7d
            goto L7e
        L7d:
            r2 = r3
        L7e:
            if (r2 == 0) goto L8c
            se.blit.ngcharts.ngcharts.authentication.response.model.Email r4 = new se.blit.ngcharts.ngcharts.authentication.response.model.Email
            java.lang.String r5 = "email_verified"
            java.lang.Boolean r5 = r0.getBooleanClaim(r5)
            r4.<init>(r2, r5)
            goto L8d
        L8c:
            r4 = r3
        L8d:
            java.lang.String r2 = "phone_number"
            java.lang.String r2 = r0.getStringClaim(r2)
            if (r2 == 0) goto Lae
            r5 = r2
            java.lang.CharSequence r5 = (java.lang.CharSequence) r5
            boolean r5 = kotlin.text.StringsKt.isBlank(r5)
            if (r5 != 0) goto L9f
            goto La0
        L9f:
            r2 = r3
        La0:
            if (r2 == 0) goto Lae
            se.blit.ngcharts.ngcharts.authentication.response.model.PhoneNumber r5 = new se.blit.ngcharts.ngcharts.authentication.response.model.PhoneNumber
            java.lang.String r6 = "phone_number_verified"
            java.lang.Boolean r6 = r0.getBooleanClaim(r6)
            r5.<init>(r2, r6)
            goto Laf
        Lae:
            r5 = r3
        Laf:
            java.lang.String r2 = "address"
            net.minidev.json.JSONObject r0 = r0.getJSONObjectClaim(r2)
            if (r0 == 0) goto Le2
            se.blit.ngcharts.ngcharts.authentication.response.model.Address r2 = new se.blit.ngcharts.ngcharts.authentication.response.model.Address
            java.lang.String r3 = "formatted"
            java.lang.String r7 = r0.getAsString(r3)
            java.lang.String r3 = "street_address"
            java.lang.String r8 = r0.getAsString(r3)
            java.lang.String r3 = "locality"
            java.lang.String r9 = r0.getAsString(r3)
            java.lang.String r3 = "region"
            java.lang.String r10 = r0.getAsString(r3)
            java.lang.String r3 = "postal_code"
            java.lang.String r11 = r0.getAsString(r3)
            java.lang.String r3 = "country"
            java.lang.String r12 = r0.getAsString(r3)
            r6 = r2
            r6.<init>(r7, r8, r9, r10, r11, r12)
            goto Le3
        Le2:
            r2 = r3
        Le3:
            se.blit.ngcharts.ngcharts.authentication.response.model.UserInfo r0 = new se.blit.ngcharts.ngcharts.authentication.response.model.UserInfo
            r0.<init>(r1, r4, r5, r2)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.navigraph.charts.authentication.validation.JWSExtensionKt.userInfo(com.nimbusds.jwt.JWTClaimsSet):se.blit.ngcharts.ngcharts.authentication.response.model.UserInfo");
    }

    @NotNull
    public static final JWTClaimsSet validateAudience(@NotNull JWTClaimsSet validateAudience) {
        Intrinsics.checkParameterIsNotNull(validateAudience, "$this$validateAudience");
        return validateAudience;
    }

    @NotNull
    public static final JWTClaimsSet validateAudienceHasAuthorizedParty(@NotNull JWTClaimsSet validateAudienceHasAuthorizedParty) {
        Intrinsics.checkParameterIsNotNull(validateAudienceHasAuthorizedParty, "$this$validateAudienceHasAuthorizedParty");
        boolean z = true;
        if (validateAudienceHasAuthorizedParty.getAudience().size() > 1) {
            String stringClaim = validateAudienceHasAuthorizedParty.getStringClaim("azp");
            if (stringClaim != null && !StringsKt.isBlank(stringClaim)) {
                z = false;
            }
            if (z) {
                throw new OpenIdConnectException("Expected id_token with multiple audiences '" + validateAudienceHasAuthorizedParty.getAudience() + "' to have an 'azp' claim. But found none", null, 2, null);
            }
        }
        return validateAudienceHasAuthorizedParty;
    }

    @NotNull
    public static final JWTClaimsSet validateAuthorizedParty(@NotNull JWTClaimsSet validateAuthorizedParty) {
        Intrinsics.checkParameterIsNotNull(validateAuthorizedParty, "$this$validateAuthorizedParty");
        String stringClaim = validateAuthorizedParty.getStringClaim("azp");
        if (!(stringClaim == null || StringsKt.isBlank(stringClaim))) {
            String stringClaim2 = validateAuthorizedParty.getStringClaim("azp");
            if (!Intrinsics.areEqual(stringClaim2, ClientConfiguration.INSTANCE.getClient$app_release() != null ? r3.getId() : null)) {
                StringBuilder sb = new StringBuilder();
                sb.append("Expected azp '");
                sb.append(validateAuthorizedParty.getStringClaim("azp"));
                sb.append("' in id_token to match client id '");
                OpenIdClient client$app_release = ClientConfiguration.INSTANCE.getClient$app_release();
                sb.append(client$app_release != null ? client$app_release.getId() : null);
                sb.append('\'');
                throw new OpenIdConnectException(sb.toString(), null, 2, null);
            }
        }
        return validateAuthorizedParty;
    }

    @NotNull
    public static final JWTClaimsSet validateIssuedAt(@NotNull JWTClaimsSet validateIssuedAt) {
        Intrinsics.checkParameterIsNotNull(validateIssuedAt, "$this$validateIssuedAt");
        ChronoUnit chronoUnit = ChronoUnit.SECONDS;
        Instant now = Instant.now();
        Date issueTime = validateIssuedAt.getIssueTime();
        Intrinsics.checkExpressionValueIsNotNull(issueTime, "issueTime");
        if (chronoUnit.between(now, Instant.ofEpochMilli(issueTime.getTime())) <= ClientConfiguration.INSTANCE.getClockSkewSeconds$app_release()) {
            return validateIssuedAt;
        }
        throw new OpenIdConnectException("id_token is issued at '" + validateIssuedAt.getIssueTime() + "' is too far away from the current time '" + new Date() + '\'', null, 2, null);
    }

    @NotNull
    public static final JWTClaimsSet validateIssuer(@NotNull JWTClaimsSet validateIssuer) {
        Intrinsics.checkParameterIsNotNull(validateIssuer, "$this$validateIssuer");
        if (!(!Intrinsics.areEqual(validateIssuer.getIssuer(), ClientConfiguration.INSTANCE.getProvider$app_release().getIssuer().toString()))) {
            return validateIssuer;
        }
        throw new OpenIdConnectException("Expected issuer '" + validateIssuer.getIssuer() + "' in id_token to match well known config issuer '" + ClientConfiguration.INSTANCE.getProvider$app_release().getIssuer() + '\'', null, 2, null);
    }

    @NotNull
    public static final JWTClaimsSet validateNonce(@NotNull JWTClaimsSet validateNonce, @Nullable String str) {
        Intrinsics.checkParameterIsNotNull(validateNonce, "$this$validateNonce");
        if (!(!Intrinsics.areEqual(validateNonce.getStringClaim("nonce"), str))) {
            return validateNonce;
        }
        throw new OpenIdConnectException("Expected nonce '" + validateNonce.getStringClaim("nonce") + "' in id_token to match stored nonce '" + str + '\'', null, 2, null);
    }

    @NotNull
    public static /* synthetic */ JWTClaimsSet validateNonce$default(JWTClaimsSet jWTClaimsSet, String str, int i, Object obj) {
        if ((i & 1) != 0) {
            str = (String) null;
        }
        return validateNonce(jWTClaimsSet, str);
    }

    @NotNull
    public static final JWTClaimsSet validateTimeElapsedSinceLastAuthentication(@NotNull JWTClaimsSet validateTimeElapsedSinceLastAuthentication) {
        Intrinsics.checkParameterIsNotNull(validateTimeElapsedSinceLastAuthentication, "$this$validateTimeElapsedSinceLastAuthentication");
        Date dateClaim = validateTimeElapsedSinceLastAuthentication.getDateClaim("auth_time");
        if (dateClaim != null) {
            long between = ChronoUnit.SECONDS.between(Instant.ofEpochMilli(dateClaim.getTime()), Instant.now());
            if (between > ClientConfiguration.INSTANCE.getMaxAgeSinceUserAuthenticated$app_release()) {
                throw new OpenIdConnectException("User last authenticated was '" + (between / 60) + "' minutes before. Re-authenticate the user", null, 2, null);
            }
        }
        return validateTimeElapsedSinceLastAuthentication;
    }

    @NotNull
    public static final JWTClaimsSet validateTokenExpiry(@NotNull JWTClaimsSet validateTokenExpiry) {
        Intrinsics.checkParameterIsNotNull(validateTokenExpiry, "$this$validateTokenExpiry");
        if (!DateUtils.isAfter(new Date(), validateTokenExpiry.getExpirationTime(), ClientConfiguration.INSTANCE.getClockSkewSeconds$app_release())) {
            return validateTokenExpiry;
        }
        throw new OpenIdConnectException("id_token expired. Token expiration time is '" + validateTokenExpiry.getExpirationTime() + '\'', null, 2, null);
    }

    @NotNull
    public static final JWTClaimsSet verifySignature(@NotNull SignedJWT verifySignature) {
        Intrinsics.checkParameterIsNotNull(verifySignature, "$this$verifySignature");
        JWTClaimsSet jWTClaimsSet = verifySignature.getJWTClaimsSet();
        Intrinsics.checkExpressionValueIsNotNull(jWTClaimsSet, "this.jwtClaimsSet");
        return jWTClaimsSet;
    }
}
