package com.schibsted.account.webflows.token;

import aa.q0;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jwt.proc.a;
import com.nimbusds.jwt.proc.c;
import com.schibsted.account.webflows.jose.AsyncJwks;
import com.schibsted.account.webflows.token.IdTokenValidationError;
import com.schibsted.account.webflows.util.Either;
import java.util.List;
import java.util.Set;
import kotlin.jvm.internal.t;
import la.l;
import s9.c;

/* loaded from: classes.dex */
public final class IdTokenValidator {
    public static final IdTokenValidator INSTANCE = new IdTokenValidator();

    private IdTokenValidator() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Either<IdTokenValidationError, IdTokenClaims> validate(String str, JWKSet jWKSet, IdTokenValidationContext idTokenValidationContext) {
        Set g10;
        c cVar = new c();
        cVar.setJWSKeySelector(new JWSVerificationKeySelector(JWSAlgorithm.RS256, new ImmutableJWKSet(jWKSet)));
        c.b bVar = new c.b();
        if (idTokenValidationContext.getNonce() != null) {
            bVar.d("nonce", idTokenValidationContext.getNonce());
        }
        String clientId = idTokenValidationContext.getClientId();
        s9.c c10 = bVar.c();
        t.f(c10, "expectedClaims.build()");
        g10 = q0.g("sub", "exp");
        cVar.j(new IdTokenClaimsVerifier(clientId, c10, g10));
        try {
            s9.c d10 = cVar.d(str, idTokenValidationContext);
            t.f(d10, "jwtProcessor.process(idToken, validationContext)");
            String f10 = d10.f();
            t.f(f10, "claims.issuer");
            String k10 = d10.k();
            t.f(k10, "claims.subject");
            String i10 = d10.i("legacy_user_id");
            t.f(i10, "claims.getStringClaim(\"legacy_user_id\")");
            List a10 = d10.a();
            t.f(a10, "claims.audience");
            return new Either.Right(new IdTokenClaims(f10, k10, i10, a10, d10.e().getTime() / 1000, d10.i("nonce"), d10.j("amr")));
        } catch (a e10) {
            String message = e10.getMessage();
            if (message == null) {
                message = "Failed to verify ID Token";
            }
            return new Either.Left(new IdTokenValidationError.FailedValidation(message));
        }
    }

    public final void validate(String idToken, AsyncJwks jwks, IdTokenValidationContext validationContext, l callback) {
        t.g(idToken, "idToken");
        t.g(jwks, "jwks");
        t.g(validationContext, "validationContext");
        t.g(callback, "callback");
        jwks.fetch(new IdTokenValidator$validate$1(callback, idToken, validationContext));
    }
}
