package com.goodbaby.accountsdk.authenticator;

import com.goodbaby.accountsdk.exception.LoginFailedException;
import com.goodbaby.accountsdk.model.OpenIdToken;
import com.goodbaby.accountsdk.oauth.OpenIdPayloadParser;
import com.goodbaby.accountsdk.rest.endpoints.AuthRestService;
import com.goodbaby.accountsdk.settings.IServerConfig;
import com.goodbaby.accountsdk.tracker.OpenIdLoginTrackerHelper;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.mixpanel.android.mpmetrics.MPDbAdapter;
import io.fabric.sdk.android.services.network.HttpRequest;
import java.io.IOException;
import javax.inject.Inject;
import javax.inject.Singleton;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.VerificationJwkSelector;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.lang.JoseException;
import org.json.JSONException;
import retrofit2.Response;
import timber.log.Timber;

/* compiled from: OpenIdAuthenticator.kt */
@Singleton
@Metadata(bv = {1, 0, 3}, d1 = {"\u00000\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\b\u0001\u0018\u00002\u00020\u0001B'\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t¢\u0006\u0002\u0010\nJ\u0010\u0010\u000b\u001a\u00020\f2\b\u0010\r\u001a\u0004\u0018\u00010\u000eR\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u000f"}, d2 = {"Lcom/goodbaby/accountsdk/authenticator/OpenIdAuthenticator;", "", "serveConfig", "Lcom/goodbaby/accountsdk/settings/IServerConfig;", "openIdLoginTrackerHelper", "Lcom/goodbaby/accountsdk/tracker/OpenIdLoginTrackerHelper;", "openIdPayloadParser", "Lcom/goodbaby/accountsdk/oauth/OpenIdPayloadParser;", "authRestServiceApi", "Lcom/goodbaby/accountsdk/rest/endpoints/AuthRestService$Api;", "(Lcom/goodbaby/accountsdk/settings/IServerConfig;Lcom/goodbaby/accountsdk/tracker/OpenIdLoginTrackerHelper;Lcom/goodbaby/accountsdk/oauth/OpenIdPayloadParser;Lcom/goodbaby/accountsdk/rest/endpoints/AuthRestService$Api;)V", "authenticate", "", MPDbAdapter.KEY_TOKEN, "Lcom/goodbaby/accountsdk/model/OpenIdToken;", "library_release"}, k = 1, mv = {1, 1, 15})
/* loaded from: classes.dex */
public final class OpenIdAuthenticator {
    private final AuthRestService.Api authRestServiceApi;
    private final OpenIdLoginTrackerHelper openIdLoginTrackerHelper;
    private final OpenIdPayloadParser openIdPayloadParser;
    private final IServerConfig serveConfig;

    @Inject
    public OpenIdAuthenticator(@NotNull IServerConfig serveConfig, @NotNull OpenIdLoginTrackerHelper openIdLoginTrackerHelper, @NotNull OpenIdPayloadParser openIdPayloadParser, @NotNull AuthRestService.Api authRestServiceApi) {
        Intrinsics.checkParameterIsNotNull(serveConfig, "serveConfig");
        Intrinsics.checkParameterIsNotNull(openIdLoginTrackerHelper, "openIdLoginTrackerHelper");
        Intrinsics.checkParameterIsNotNull(openIdPayloadParser, "openIdPayloadParser");
        Intrinsics.checkParameterIsNotNull(authRestServiceApi, "authRestServiceApi");
        this.serveConfig = serveConfig;
        this.openIdLoginTrackerHelper = openIdLoginTrackerHelper;
        this.openIdPayloadParser = openIdPayloadParser;
        this.authRestServiceApi = authRestServiceApi;
    }

    public final void authenticate(@Nullable OpenIdToken token) throws LoginFailedException {
        String serverUrl = this.serveConfig.getServerUrl();
        String clientId = this.serveConfig.getClientId();
        if (token == null) {
            throw new LoginFailedException("token is null");
        }
        try {
            Response<JsonObject> execute = this.authRestServiceApi.getCerts().execute();
            JsonObject body = execute.body();
            if (body != null) {
                String jsonElement = this.openIdPayloadParser.removeX5CKeys(body).toString();
                Intrinsics.checkExpressionValueIsNotNull(jsonElement, "jsonObject.toString()");
                JsonWebSignature jsonWebSignature = new JsonWebSignature();
                jsonWebSignature.setAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, AlgorithmIdentifiers.RSA_USING_SHA256));
                jsonWebSignature.setCompactSerialization(token.getIdToken());
                JsonWebKey select = new VerificationJwkSelector().select(jsonWebSignature, new JsonWebKeySet(jsonElement).getJsonWebKeys());
                if (select == null) {
                    if (Timber.treeCount() > 0) {
                        Timber.d("No valid JWK key was found", new Object[0]);
                    }
                    throw new LoginFailedException("No valid JWK key was found");
                }
                jsonWebSignature.setKey(select.getKey());
                if (!jsonWebSignature.verifySignature()) {
                    if (Timber.treeCount() > 0) {
                        Timber.e("JWK signature is not valid", new Object[0]);
                    }
                    throw new LoginFailedException("JWK signature is not valid");
                }
                JsonElement parse = new JsonParser().parse(jsonWebSignature.getPayload());
                Intrinsics.checkExpressionValueIsNotNull(parse, "JsonParser().parse(jws.payload)");
                JsonObject payload = parse.getAsJsonObject();
                OpenIdPayloadParser openIdPayloadParser = this.openIdPayloadParser;
                Intrinsics.checkExpressionValueIsNotNull(payload, "payload");
                openIdPayloadParser.checkAuthenticateClaims(clientId, serverUrl, payload, execute.headers().get(HttpRequest.HEADER_DATE));
                this.openIdLoginTrackerHelper.track(payload);
            }
        } catch (IOException e) {
            throw new LoginFailedException("LoginManagerException", e);
        } catch (JoseException e2) {
            throw new LoginFailedException("LoginManagerException", e2);
        } catch (JSONException e3) {
            throw new LoginFailedException("LoginManagerException", e3);
        }
    }
}
