package com.duckduckgo.subscriptions.impl.auth2;

import androidx.autofill.HintConstants;
import androidx.exifinterface.media.ExifInterface;
import com.duckduckgo.common.utils.CurrentTimeProvider;
import com.duckduckgo.di.scopes.AppScope;
import com.duckduckgo.subscriptions.impl.model.Entitlement;
import com.squareup.anvil.annotations.ContributesBinding;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Clock;
import io.jsonwebtoken.Header;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.Locator;
import io.jsonwebtoken.security.Jwk;
import io.jsonwebtoken.security.JwkSet;
import io.jsonwebtoken.security.Jwks;
import java.security.Key;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import javax.inject.Inject;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: AuthJwtValidatorImpl.kt */
@ContributesBinding(scope = AppScope.class)
@Metadata(d1 = {"\u00008\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0007\u0018\u00002\u00020\u0001B\u000f\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J(\u0010\u0011\u001a\u00020\u00072\u0006\u0010\u0012\u001a\u00020\u00062\u0006\u0010\u0013\u001a\u00020\u00062\u0006\u0010\u0014\u001a\u00020\u00062\u0006\u0010\u0015\u001a\u00020\u0006H\u0002J\u0018\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0012\u001a\u00020\u00062\u0006\u0010\u0013\u001a\u00020\u0006H\u0016J\u0018\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u0012\u001a\u00020\u00062\u0006\u0010\u0013\u001a\u00020\u0006H\u0016J\"\u0010\u001a\u001a\u0002H\u001b\"\u0006\b\u0000\u0010\u001b\u0018\u0001*\u00020\u00072\u0006\u0010\u001c\u001a\u00020\u0006H\u0082\b¢\u0006\u0002\u0010\u001dR\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u0018\u0010\u0005\u001a\u00020\u0006*\u00020\u00078BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\b\u0010\tR\u0018\u0010\n\u001a\u00020\u0006*\u00020\u00078BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\u000b\u0010\tR\u001e\u0010\f\u001a\b\u0012\u0004\u0012\u00020\u000e0\r*\u00020\u00078BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\u000f\u0010\u0010¨\u0006\u001e"}, d2 = {"Lcom/duckduckgo/subscriptions/impl/auth2/AuthJwtValidatorImpl;", "Lcom/duckduckgo/subscriptions/impl/auth2/AuthJwtValidator;", "timeProvider", "Lcom/duckduckgo/common/utils/CurrentTimeProvider;", "(Lcom/duckduckgo/common/utils/CurrentTimeProvider;)V", "accountExternalId", "", "Lio/jsonwebtoken/Claims;", "getAccountExternalId", "(Lio/jsonwebtoken/Claims;)Ljava/lang/String;", "email", "getEmail", "entitlements", "", "Lcom/duckduckgo/subscriptions/impl/model/Entitlement;", "getEntitlements", "(Lio/jsonwebtoken/Claims;)Ljava/util/List;", "parseSignedClaims", "jwt", "jwkSet", "requiredAudience", "requiredScope", "validateAccessToken", "Lcom/duckduckgo/subscriptions/impl/auth2/AccessTokenClaims;", "validateRefreshToken", "Lcom/duckduckgo/subscriptions/impl/auth2/RefreshTokenClaims;", "getTypedValue", ExifInterface.GPS_DIRECTION_TRUE, "claimName", "(Lio/jsonwebtoken/Claims;Ljava/lang/String;)Ljava/lang/Object;", "subscriptions-impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes2.dex */
public final class AuthJwtValidatorImpl implements AuthJwtValidator {
    private final CurrentTimeProvider timeProvider;

    @Inject
    public AuthJwtValidatorImpl(CurrentTimeProvider timeProvider) {
        Intrinsics.checkNotNullParameter(timeProvider, "timeProvider");
        this.timeProvider = timeProvider;
    }

    private final String getAccountExternalId(Claims claims) {
        return (String) claims.get(Claims.SUBJECT, String.class);
    }

    private final String getEmail(Claims claims) {
        return (String) claims.get("email", String.class);
    }

    private final List<Entitlement> getEntitlements(Claims claims) {
        Iterable<Map> iterable = (Iterable) claims.get("entitlements", List.class);
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(iterable, 10));
        for (Map map : iterable) {
            Object obj = map.get(HintConstants.AUTOFILL_HINT_NAME);
            Intrinsics.checkNotNull(obj, "null cannot be cast to non-null type kotlin.String");
            Object obj2 = map.get("product");
            Intrinsics.checkNotNull(obj2, "null cannot be cast to non-null type kotlin.String");
            arrayList.add(new Entitlement((String) obj, (String) obj2));
        }
        return arrayList;
    }

    private final /* synthetic */ <T> T getTypedValue(Claims claims, String str) {
        Intrinsics.reifiedOperationMarker(4, ExifInterface.GPS_DIRECTION_TRUE);
        return (T) claims.get(str, Object.class);
    }

    private final Claims parseSignedClaims(String jwt, String jwkSet, String requiredAudience, String requiredScope) {
        final Set<Jwk<?>> keys = ((JwkSet) Jwks.setParser().build().parse(jwkSet)).getKeys();
        Claims payload = Jwts.parser().keyLocator(new Locator() { // from class: com.duckduckgo.subscriptions.impl.auth2.AuthJwtValidatorImpl$$ExternalSyntheticLambda0
            @Override // io.jsonwebtoken.Locator
            public final Object locate(Header header) {
                Key parseSignedClaims$lambda$1;
                parseSignedClaims$lambda$1 = AuthJwtValidatorImpl.parseSignedClaims$lambda$1(keys, header);
                return parseSignedClaims$lambda$1;
            }
        }).clock(new Clock() { // from class: com.duckduckgo.subscriptions.impl.auth2.AuthJwtValidatorImpl$$ExternalSyntheticLambda1
            @Override // io.jsonwebtoken.Clock
            public final Date now() {
                Date parseSignedClaims$lambda$2;
                parseSignedClaims$lambda$2 = AuthJwtValidatorImpl.parseSignedClaims$lambda$2(AuthJwtValidatorImpl.this);
                return parseSignedClaims$lambda$2;
            }
        }).requireIssuer("https://quack.duckduckgo.com").requireAudience(requiredAudience).require("scope", requiredScope).build().parseSignedClaims(jwt).getPayload();
        Intrinsics.checkNotNullExpressionValue(payload, "getPayload(...)");
        return payload;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final Key parseSignedClaims$lambda$1(Set set, Header header) {
        Intrinsics.checkNotNull(header, "null cannot be cast to non-null type io.jsonwebtoken.JwsHeader");
        String keyId = ((JwsHeader) header).getKeyId();
        Intrinsics.checkNotNull(set);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Jwk jwk = (Jwk) it.next();
            if (Intrinsics.areEqual(jwk.getId(), keyId)) {
                return jwk.toKey();
            }
        }
        throw new NoSuchElementException("Collection contains no element matching the predicate.");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final Date parseSignedClaims$lambda$2(AuthJwtValidatorImpl this$0) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        return new Date(this$0.timeProvider.currentTimeMillis());
    }

    @Override // com.duckduckgo.subscriptions.impl.auth2.AuthJwtValidator
    public AccessTokenClaims validateAccessToken(String jwt, String jwkSet) {
        Intrinsics.checkNotNullParameter(jwt, "jwt");
        Intrinsics.checkNotNullParameter(jwkSet, "jwkSet");
        try {
            Claims parseSignedClaims = parseSignedClaims(jwt, jwkSet, "PrivacyPro", AuthClientImpl.AUTH_V2_SCOPE);
            Instant instant = parseSignedClaims.getExpiration().toInstant();
            Intrinsics.checkNotNullExpressionValue(instant, "toInstant(...)");
            return new AccessTokenClaims(instant, getAccountExternalId(parseSignedClaims), getEmail(parseSignedClaims), getEntitlements(parseSignedClaims));
        } catch (Exception unused) {
            throw new IllegalArgumentException("Access token validation failed");
        }
    }

    @Override // com.duckduckgo.subscriptions.impl.auth2.AuthJwtValidator
    public RefreshTokenClaims validateRefreshToken(String jwt, String jwkSet) {
        Intrinsics.checkNotNullParameter(jwt, "jwt");
        Intrinsics.checkNotNullParameter(jwkSet, "jwkSet");
        try {
            Claims parseSignedClaims = parseSignedClaims(jwt, jwkSet, "Auth", "refresh");
            Instant instant = parseSignedClaims.getExpiration().toInstant();
            Intrinsics.checkNotNullExpressionValue(instant, "toInstant(...)");
            return new RefreshTokenClaims(instant, getAccountExternalId(parseSignedClaims));
        } catch (Exception unused) {
            throw new IllegalArgumentException("Refresh token validation failed");
        }
    }
}
