package com.ca.mas.core.token;

import android.content.SharedPreferences;
import android.os.AsyncTask;
import android.util.Base64;
import android.util.Log;
import com.ca.mas.core.MASCallbackFuture;
import com.ca.mas.core.conf.ConfigurationManager;
import com.ca.mas.core.context.MssoContext;
import com.ca.mas.core.error.MAGErrorCode;
import com.ca.mas.core.http.MAGHttpClient;
import com.ca.mas.foundation.MAS;
import com.ca.mas.foundation.MASCallback;
import com.ca.mas.foundation.MASConfiguration;
import com.ca.mas.foundation.MASRequest;
import com.ca.mas.foundation.MASResponseBody;
import com.ca.mas.foundation.notify.Callback;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.SignedJWT;
import java.io.IOException;
import java.net.URL;
import java.text.ParseException;
import java.util.concurrent.ExecutionException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class JWTRS256Validator implements JWTValidator {
    private static final String JWKS_URI = "jwks_uri";
    public static final String JWT_KEY_SET_FILE = "jwks_store";
    private static final String KID = "kid";
    public static final String TAG = "JWTRS256Validator";
    private static final String WELL_KNOW_URI = "/.well-known/openid-configuration";
    private static String jwks;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class JwksLoadAsynTask extends AsyncTask<MASCallback<String>, Void, Void> {
        JwksLoadAsynTask() {
        }

        private static void writeJwtKeySetToPrefs(String str) {
            SharedPreferences.Editor edit = MAS.getContext().getSharedPreferences(JWTRS256Validator.JWT_KEY_SET_FILE, 0).edit();
            edit.putString(ConfigurationManager.getInstance().getConnectedGateway().getHost(), str);
            edit.apply();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public Void doInBackground(MASCallback<String>... mASCallbackArr) {
            MASCallback<String> mASCallback = mASCallbackArr[0];
            try {
                URL url = new URL(MASConfiguration.getCurrentConfiguration().getGatewayUrl() + JWTRS256Validator.WELL_KNOW_URI);
                MAGHttpClient mAGHttpClient = new MAGHttpClient();
                String unused = JWTRS256Validator.jwks = ((JSONObject) mAGHttpClient.execute(new MASRequest.MASRequestBuilder(new URL(((JSONObject) mAGHttpClient.execute(new MASRequest.MASRequestBuilder(url).responseBody(MASResponseBody.jsonBody()).setPublic().build()).getBody().getContent()).getString(JWTRS256Validator.JWKS_URI))).setPublic().build()).getBody().getContent()).toString();
                writeJwtKeySetToPrefs(JWTRS256Validator.jwks);
                if (MAS.DEBUG) {
                    Log.d(JWTRS256Validator.TAG, "JWT Key Set = " + JWTRS256Validator.jwks);
                }
                Callback.onSuccess(mASCallback, JWTRS256Validator.jwks);
                return null;
            } catch (IOException e10) {
                Callback.onError(mASCallback, e10);
                return null;
            } catch (JSONException e11) {
                Callback.onError(mASCallback, e11);
                return null;
            }
        }
    }

    public JWTRS256Validator() {
        if (jwks == null) {
            jwks = MAS.getContext().getSharedPreferences(JWT_KEY_SET_FILE, 0).getString(ConfigurationManager.getInstance().getConnectedGateway().getHost(), null);
        }
    }

    private JWK getJwk(String str) throws InterruptedException, ExecutionException, ParseException {
        MASCallbackFuture<String> mASCallbackFuture = new MASCallbackFuture<>();
        loadJWKS(mASCallbackFuture);
        return JWKSet.parse(mASCallbackFuture.get()).getKeyByKeyId(str);
    }

    public static String getJwks() {
        return jwks;
    }

    private String getKid(String str) throws JWTValidationException {
        try {
            return new JSONObject(str).getString(KID);
        } catch (JSONException e10) {
            Log.w(TAG, "JWT header is not JSON Object");
            throw new JWTValidationException(MAGErrorCode.TOKEN_INVALID_ID_TOKEN, e10.getMessage(), e10);
        }
    }

    private static void resetPrefs() {
        SharedPreferences.Editor edit = MAS.getContext().getSharedPreferences(JWT_KEY_SET_FILE, 0).edit();
        edit.clear();
        edit.apply();
    }

    public static void setJwks(String str) {
        jwks = str;
    }

    public void loadJWKS(MASCallbackFuture<String> mASCallbackFuture) {
        String str = jwks;
        if (str != null) {
            Callback.onSuccess(mASCallbackFuture, str);
        } else {
            new JwksLoadAsynTask().execute(mASCallbackFuture);
        }
    }

    @Override // com.ca.mas.core.token.JWTValidator
    public boolean validate(MssoContext mssoContext, IdToken idToken) throws JWTValidationException {
        try {
            String kid = getKid(new String(Base64.decode(new IdTokenDef(idToken).getHeader(), 8)));
            try {
                JWK jwk = getJwk(kid);
                if (jwk == null) {
                    jwks = null;
                    resetPrefs();
                    jwk = getJwk(kid);
                }
                if (jwk == null) {
                    throw new JWTValidationException(MAGErrorCode.TOKEN_INVALID_ID_TOKEN);
                }
                return SignedJWT.parse(idToken.getValue()).verify(new RSASSAVerifier((RSAKey) jwk));
            } catch (InterruptedException | ParseException | ExecutionException | JOSEException e10) {
                throw new JWTValidationException(MAGErrorCode.TOKEN_INVALID_ID_TOKEN, e10);
            }
        } catch (JWTValidationException e11) {
            throw new JWTValidationException(MAGErrorCode.TOKEN_INVALID_ID_TOKEN, e11);
        }
    }
}
