package ca.loblaw.pcid.login.internal;

import ca.loblaw.pcid.login.PcidErrorCode;
import ca.loblaw.pcid.login.extension.MapExtensionsKt;
import ca.loblaw.pcid.login.model.PcidAuthorization;
import com.auth0.android.jwt.JWT;
import com.auth0.android.jwt.b;
import com.salesforce.marketingcloud.storage.db.i;
import io.jsonwebtoken.Jwts;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.jvm.internal.n;
import okhttp3.HttpUrl;

/* compiled from: PcidAuthorizationValidator.kt */
@Metadata(bv = {}, d1 = {"\u0000\u001e\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0010$\n\u0002\b\u000b\u0018\u00002\u00020\u0001B\u0007¢\u0006\u0004\b\u0012\u0010\u0013JH\u0010\u000b\u001a\u00020\u00022\u0006\u0010\u0003\u001a\u00020\u00022\b\u0010\u0005\u001a\u0004\u0018\u00010\u00042\u0006\u0010\u0006\u001a\u00020\u00042\u0006\u0010\u0007\u001a\u00020\u00042\b\u0010\b\u001a\u0004\u0018\u00010\u00042\u0012\u0010\n\u001a\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u00010\tH\u0002JD\u0010\u0011\u001a\u00020\u00022\u0006\u0010\f\u001a\u00020\u00022\u0012\u0010\n\u001a\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u00010\t2\b\u0010\r\u001a\u0004\u0018\u00010\u00042\u0006\u0010\u000e\u001a\u00020\u00042\u0006\u0010\u000f\u001a\u00020\u00042\u0006\u0010\u0010\u001a\u00020\u0004¨\u0006\u0014"}, d2 = {"Lca/loblaw/pcid/login/internal/PcidAuthorizationValidator;", HttpUrl.FRAGMENT_ENCODE_SET, "Lca/loblaw/pcid/login/model/PcidAuthorization;", "pcidAuthorization", HttpUrl.FRAGMENT_ENCODE_SET, "jwt", "expectedIssuer", "expectedAudience", "expectedNonce", HttpUrl.FRAGMENT_ENCODE_SET, "jwkSet", "b", "authorization", "nonce", "idAudience", "accessAudience", "issuer", "a", "<init>", "()V", "pcid-login-kit_release"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes.dex */
public final class PcidAuthorizationValidator {
    private final PcidAuthorization b(PcidAuthorization pcidAuthorization, String jwt, String expectedIssuer, String expectedAudience, String expectedNonce, Map<String, ? extends Object> jwkSet) {
        Object obj;
        if (jwt == null) {
            throw new Exception(PcidErrorCode.MALFORMED_TOKEN_RESPONSE.name());
        }
        JWT jwt2 = new JWT(jwt);
        String str = jwt2.getHeader().get("kid");
        if (str == null) {
            throw new Exception(PcidErrorCode.MISSING_JWT_KEY_IDENTIFIER.name());
        }
        PcidJwtClaims pcidJwtClaims = new PcidJwtClaims(new JWT(jwt));
        Object obj2 = jwkSet.get(i.a.f27542n);
        if (obj2 == null) {
            throw new TypeCastException("null cannot be cast to non-null type kotlin.collections.ArrayList<kotlin.collections.Map<kotlin.String, kotlin.Any>> /* = java.util.ArrayList<kotlin.collections.Map<kotlin.String, kotlin.Any>> */");
        }
        Iterator it2 = ((ArrayList) obj2).iterator();
        while (true) {
            if (!it2.hasNext()) {
                obj = null;
                break;
            }
            obj = it2.next();
            if (n.b(((Map) obj).get("kid"), str)) {
                break;
            }
        }
        Map map = (Map) obj;
        if (map == null) {
            throw new Exception(PcidErrorCode.MALFORMED_JWK_SET.name());
        }
        Jwts.a().a(MapExtensionsKt.a(map)).build().a(jwt);
        pcidJwtClaims.a(expectedIssuer, expectedAudience, expectedNonce);
        b bVar = jwt2.getClaims().get("sub");
        String a10 = bVar != null ? bVar.a() : null;
        b bVar2 = jwt2.getClaims().get("pcid");
        String a11 = bVar2 != null ? bVar2.a() : null;
        b bVar3 = jwt2.getClaims().get("MFA");
        return PcidAuthorization.copy$default(pcidAuthorization, null, null, null, null, a10, a11, bVar3 != null ? bVar3.b() : null, 15, null);
    }

    public final PcidAuthorization a(PcidAuthorization authorization, Map<String, ? extends Object> jwkSet, String nonce, String idAudience, String accessAudience, String issuer) {
        n.g(authorization, "authorization");
        n.g(jwkSet, "jwkSet");
        n.g(idAudience, "idAudience");
        n.g(accessAudience, "accessAudience");
        n.g(issuer, "issuer");
        String idToken = authorization.getIdToken();
        if (!(idToken == null || idToken.length() == 0)) {
            b(authorization, authorization.getIdToken(), issuer, idAudience, nonce, jwkSet);
        }
        return b(authorization, authorization.getAccessToken(), issuer, accessAudience, nonce, jwkSet);
    }
}
