package com.cocos.adsdk.auth.hw.utils;

import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.auth0.jwk.InvalidPublicKeyException;
import com.auth0.jwk.Jwk;
import com.cocos.adsdk.auth.hw.beans.HeaderEntity;
import com.cocos.adsdk.auth.hw.beans.IdTokenEntity;
import com.cocos.adsdk.auth.hw.beans.PayloadEntity;
import com.cocos.adsdk.auth.hw.beans.VerifyBean;
import com.cocos.adsdk.auth.hw.interfaces.IVerifyCallBack;
import com.google.firebase.crashlytics.internal.metadata.UserMetadata;
import com.google.firebase.perf.network.FirebasePerfOkHttpClient;
import com.google.gson.Gson;
import com.google.gson.JsonSyntaxException;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class IdTokenUtils {
    public static final String CERT_URL = "https://oauth-login.cloud.huawei.com/oauth2/v3/certs";
    public static final String ID_TOKEN_ISSUE = "https://accounts.huawei.com";
    private static final int MAX_PUBLIC_KEY_SIZE = 4;
    private static final String PUBLIC_KEY_ALGORITHM = "RSA";
    private static final String TAG = "IdTokenUtils";
    private Map<String, RSAPublicKey> keyId2PublicKey = new HashMap();
    private JSONArray mJsonArray;

    private void getJwks(final IVerifyCallBack iVerifyCallBack) {
        try {
            FirebasePerfOkHttpClient.enqueue(new OkHttpClient().newCall(new Request.Builder().url(CERT_URL).build()), new Callback() { // from class: com.cocos.adsdk.auth.hw.utils.IdTokenUtils.2
                @Override // okhttp3.Callback
                public void onFailure(Call call, IOException iOException) {
                    Log.i(IdTokenUtils.TAG, "Get ID Token failed.");
                    iVerifyCallBack.onFailed("getJwks onFailure Get ID Token failed." + iOException.getMessage());
                }

                @Override // okhttp3.Callback
                public void onResponse(Call call, Response response) {
                    if (!response.isSuccessful()) {
                        iVerifyCallBack.onFailed("getJwks onResponse failed." + response.message() + "code:" + response.code());
                        return;
                    }
                    try {
                        IdTokenUtils.this.mJsonArray = new JSONObject(response.body().string()).getJSONArray(UserMetadata.KEYDATA_FILENAME);
                        if (IdTokenUtils.this.mJsonArray == null) {
                            iVerifyCallBack.onFailed("getJwks JsonArray is null failed.");
                        } else {
                            iVerifyCallBack.onSuccess();
                        }
                    } catch (IOException | NullPointerException | JSONException e) {
                        Log.i(IdTokenUtils.TAG, "parse JsonArray failed." + e.getMessage());
                        iVerifyCallBack.onFailed("getJwks parse JsonArray failed.");
                    }
                }
            });
        } catch (Exception e) {
            e.printStackTrace();
            iVerifyCallBack.onFailed("getJwks Exception error e:" + e.getMessage());
        }
    }

    private RSAPublicKey getRsaPublicKeyByJwk(JSONObject jSONObject) throws InvalidPublicKeyException, JSONException {
        HashMap hashMap = new HashMap();
        hashMap.put("n", jSONObject.getString("n"));
        hashMap.put("e", jSONObject.getString("e"));
        return (RSAPublicKey) getPublicKey(new Jwk(jSONObject.getString("kid"), jSONObject.getString("kty"), jSONObject.getString("alg"), jSONObject.getString("use"), new ArrayList(), (String) null, (List) null, (String) null, hashMap));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public VerifyBean verifyRSAPublicKey(String str, String str2) {
        RSAPublicKey rSAPublicKey;
        Log.d(TAG, "verifyRSAPublicKey keyId:" + str);
        try {
            if (this.keyId2PublicKey.get(str) != null) {
                rSAPublicKey = this.keyId2PublicKey.get(str);
            } else {
                if (this.keyId2PublicKey.size() > 4) {
                    this.keyId2PublicKey.clear();
                }
                Log.d(TAG, "mJsonArray:" + this.mJsonArray.toString());
                for (int i = 0; i < this.mJsonArray.length(); i++) {
                    String string = this.mJsonArray.getJSONObject(i).getString("kid");
                    Log.d(TAG, "mJsonArray kid:" + string);
                    this.keyId2PublicKey.put(string, getRsaPublicKeyByJwk(this.mJsonArray.getJSONObject(i)));
                }
                Log.d(TAG, "keyId2PublicKey:" + this.keyId2PublicKey.toString());
                rSAPublicKey = this.keyId2PublicKey.get(str);
            }
            if (rSAPublicKey == null) {
                return new VerifyBean(false, "mRSAPublicKey is null");
            }
            Jwts.parser().setSigningKey(rSAPublicKey).parse(str2);
            return new VerifyBean(true);
        } catch (Exception e) {
            if (e instanceof ExpiredJwtException) {
                return new VerifyBean(false, "verify exp error:" + e.getMessage());
            }
            return new VerifyBean(false, "e:" + e.getClass().getSimpleName() + ", msg:" + e.getMessage());
        }
    }

    public IdTokenEntity decodeJsonStringFromIdtoken(String str) {
        IdTokenEntity idTokenEntity = null;
        try {
            if (TextUtils.isEmpty(str)) {
                Log.w(TAG, "idToken is Empty");
                return null;
            }
            String[] split = str.split("\\.");
            if (split.length < 3) {
                Log.e(TAG, "\nThe idToken is malformed");
                return null;
            }
            Log.i(TAG, "idToken header: " + split[0]);
            Log.i(TAG, "idToken payload: " + split[1]);
            byte[] decode = Base64.decode(split[0], 8);
            byte[] decode2 = Base64.decode(split[1], 8);
            if (decode != null && decode2 != null) {
                Gson gson = new Gson();
                String str2 = new String(decode, Charset.forName("utf-8"));
                Log.i(TAG, "headerJson: " + str2);
                String str3 = new String(decode2, Charset.forName("utf-8"));
                Log.i(TAG, "payloadJson: " + str3);
                HeaderEntity headerEntity = (HeaderEntity) gson.fromJson(str2, HeaderEntity.class);
                PayloadEntity payloadEntity = (PayloadEntity) gson.fromJson(str3, PayloadEntity.class);
                IdTokenEntity idTokenEntity2 = new IdTokenEntity();
                try {
                    idTokenEntity2.setHeaderJson(str2);
                    idTokenEntity2.setPayloadJson(str3);
                    idTokenEntity2.setHeaderEntity(headerEntity);
                    idTokenEntity2.setPayloadEntity(payloadEntity);
                    return idTokenEntity2;
                } catch (JsonSyntaxException e) {
                    e = e;
                    idTokenEntity = idTokenEntity2;
                    e.printStackTrace();
                    Log.e(TAG, "decodeJsonStringFromIdtoken JsonSyntaxException e:" + e.getMessage());
                    return idTokenEntity;
                }
            }
            Log.e(TAG, "The idToken decode failed");
            return null;
        } catch (JsonSyntaxException e2) {
            e = e2;
        }
    }

    public PublicKey getPublicKey(Jwk jwk) throws InvalidPublicKeyException {
        if (!PUBLIC_KEY_ALGORITHM.equalsIgnoreCase(jwk.getType())) {
            throw new InvalidPublicKeyException("The key is not of type RSA", (Throwable) null);
        }
        try {
            return KeyFactory.getInstance(PUBLIC_KEY_ALGORITHM).generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.decode((String) jwk.getAdditionalAttributes().get("n"), 8)), new BigInteger(1, Base64.decode((String) jwk.getAdditionalAttributes().get("e"), 8))));
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidPublicKeyException("Invalid algorithm to generate key", e);
        } catch (InvalidKeySpecException e2) {
            throw new InvalidPublicKeyException("Invalid public key", e2);
        }
    }

    public void validateIdToken(final String str, final String str2, final String str3, final IdTokenEntity idTokenEntity, final IVerifyCallBack iVerifyCallBack) {
        getJwks(new IVerifyCallBack() { // from class: com.cocos.adsdk.auth.hw.utils.IdTokenUtils.1
            @Override // com.cocos.adsdk.auth.hw.interfaces.IVerifyCallBack
            public void onFailed(String str4) {
                iVerifyCallBack.onFailed("getJwks error,errorMsg:" + str4);
            }

            @Override // com.cocos.adsdk.auth.hw.interfaces.IVerifyCallBack
            public void onSuccess() {
                VerifyBean verifyRSAPublicKey = IdTokenUtils.this.verifyRSAPublicKey(idTokenEntity.getHeaderEntity().getKid(), str2);
                if (!verifyRSAPublicKey.isSuccess()) {
                    iVerifyCallBack.onFailed("verifyRSAPublicKey error," + verifyRSAPublicKey.getMessage());
                    return;
                }
                String iss = idTokenEntity.getPayloadEntity().getIss();
                if (!(!TextUtils.isEmpty(iss) && iss.equals(IdTokenUtils.ID_TOKEN_ISSUE))) {
                    iVerifyCallBack.onFailed("verifyIss error");
                    return;
                }
                String aud = idTokenEntity.getPayloadEntity().getAud();
                if (!(!TextUtils.isEmpty(aud) && aud.equals(str3))) {
                    iVerifyCallBack.onFailed("verifyAud error");
                    return;
                }
                String sub = idTokenEntity.getPayloadEntity().getSub();
                if (!TextUtils.isEmpty(sub) && sub.equals(str)) {
                    iVerifyCallBack.onSuccess();
                } else {
                    iVerifyCallBack.onFailed("verifySub error");
                }
            }
        });
    }
}
