package com.shopify.auth.token.validation;

import android.os.Build;
import android.util.Base64;
import android.util.Log;
import com.shopify.auth.MerchantLoginBugsnag;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.IncorrectClaimException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtParserBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.security.SignatureException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import kotlin.NoWhenBranchMatchedException;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: IdTokenValidator.kt */
/* loaded from: classes2.dex */
public final class IdTokenValidator {
    public final MerchantLoginBugsnag bugsnag;

    /* compiled from: IdTokenValidator.kt */
    /* loaded from: classes2.dex */
    public static final class Companion {
        public Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: IdTokenValidator.kt */
    /* loaded from: classes2.dex */
    public enum IdTokenValidatorResult {
        TokenExpiredError,
        GeneralError,
        NetworkError,
        SuccessfulValidation
    }

    static {
        new Companion(null);
    }

    public IdTokenValidator(MerchantLoginBugsnag merchantLoginBugsnag) {
        this.bugsnag = merchantLoginBugsnag;
    }

    public final MerchantLoginBugsnag getBugsnag() {
        MerchantLoginBugsnag merchantLoginBugsnag = this.bugsnag;
        if (merchantLoginBugsnag != null) {
            return merchantLoginBugsnag;
        }
        throw new IllegalStateException("Bugsnag must be initialized in MerchantLogin for identity support");
    }

    public final BigInteger getModulus(String str) {
        byte[] decode = Base64.decode(str, 8);
        Intrinsics.checkNotNullExpressionValue(decode, "Base64.decode(rawKey, Base64.URL_SAFE)");
        return new BigInteger(1, decode);
    }

    public final RSAPublicKey getRSAPublicKey(KeyFactory keyFactory, String str, String str2) {
        return (RSAPublicKey) keyFactory.generatePublic(new RSAPublicKeySpec(getModulus(str2), new BigInteger(Base64.decode(str, 8))));
    }

    public final void logException(Exception exc) {
        Log.e("IdTokenValidator", "Error parsing JWT token", exc);
        getBugsnag().notify(new Exception("Unknown error validating token", exc));
    }

    public final IdTokenValidatorResult validate(String e, String n, String alg, String idToken, String issuer, String audience) {
        Intrinsics.checkNotNullParameter(e, "e");
        Intrinsics.checkNotNullParameter(n, "n");
        Intrinsics.checkNotNullParameter(alg, "alg");
        Intrinsics.checkNotNullParameter(idToken, "idToken");
        Intrinsics.checkNotNullParameter(issuer, "issuer");
        Intrinsics.checkNotNullParameter(audience, "audience");
        if (Build.VERSION.SDK_INT < 23) {
            return IdTokenValidatorResult.SuccessfulValidation;
        }
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        try {
            JwtParserBuilder parserBuilder = Jwts.parserBuilder();
            Intrinsics.checkNotNullExpressionValue(keyFactory, "keyFactory");
            Jws<Claims> parseClaimsJws = parserBuilder.setSigningKey(getRSAPublicKey(keyFactory, e, n)).requireAudience(audience).requireIssuer(issuer).setAllowedClockSkewSeconds(600L).build().parseClaimsJws(idToken);
            boolean z = parseClaimsJws != null && Intrinsics.areEqual(parseClaimsJws.getHeader().getAlgorithm(), alg);
            if (z) {
                return IdTokenValidatorResult.SuccessfulValidation;
            }
            if (z) {
                throw new NoWhenBranchMatchedException();
            }
            return IdTokenValidatorResult.GeneralError;
        } catch (Exception e2) {
            if (e2 instanceof ExpiredJwtException) {
                Log.e("IdTokenValidator", "Error parsing JWT token", e2);
                return IdTokenValidatorResult.TokenExpiredError;
            }
            if ((e2 instanceof UnsupportedJwtException) || (e2 instanceof MalformedJwtException) || (e2 instanceof SignatureException) || (e2 instanceof IllegalArgumentException) || (e2 instanceof NoSuchAlgorithmException) || (e2 instanceof InvalidKeySpecException) || (e2 instanceof IncorrectClaimException)) {
                logException(e2);
                return IdTokenValidatorResult.GeneralError;
            }
            logException(e2);
            return IdTokenValidatorResult.GeneralError;
        }
    }
}
