package com.amazon.identity.auth.device.workflow;

import android.net.Uri;
import com.amazon.identity.auth.device.AuthError;
import com.amazon.identity.auth.device.utils.JWTDecoder;
import java.util.List;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class g {

    /* renamed from: d, reason: collision with root package name */
    private static final String f4044d = "type";
    private static final String e = "iss";
    private static final String f = "clientId";

    /* renamed from: g, reason: collision with root package name */
    private static final String f4045g = "scopes";

    /* renamed from: h, reason: collision with root package name */
    private static final String f4046h = "workflowEndpoints";
    private static final String i = "WorkflowToken";
    private static final String j = "Amazon";
    private final String a;

    /* renamed from: b, reason: collision with root package name */
    private final String[] f4047b;

    /* renamed from: c, reason: collision with root package name */
    private final List<String> f4048c;

    public g(String str) throws AuthError {
        JSONObject a = new JWTDecoder().a(str);
        if (a == null) {
            throw new AuthError("Workflow Token is invalid", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        if (!a.optString("type").equals(i)) {
            throw new AuthError("Workflow Token has invalid type", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        if (!a.optString(e).equals(j)) {
            throw new AuthError("Workflow Token has invalid issuer", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        String optString = a.optString("clientId");
        this.a = optString;
        if (optString == null) {
            throw new AuthError("Workflow Token missing clientId", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        String[] a2 = com.amazon.identity.auth.device.utils.b.a(a, f4045g);
        this.f4047b = a2;
        if (a2 == null) {
            throw new AuthError("Workflow Token missing scopes", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        List<String> b2 = com.amazon.identity.auth.device.utils.b.b(a, f4046h);
        this.f4048c = b2;
        if (b2 == null) {
            throw new AuthError("Workflow Token missing endpoints", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
    }

    private Uri d(String str) {
        return Uri.parse(str).buildUpon().query("").fragment("").build();
    }

    public void a(String str) throws AuthError {
        if (!this.f4048c.contains(d(str).toString())) {
            throw new AuthError(String.format("Workflow URL %s is not allowed", str), AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
    }

    public String b() {
        return this.a;
    }

    public String[] c() {
        return this.f4047b;
    }
}
