package com.amazon.identity.auth.device.workflow;

import android.net.Uri;
import com.amazon.identity.auth.device.AuthError;
import com.amazon.identity.auth.device.utils.JWTDecoder;
import java.util.List;
import org.json.JSONObject;

/* compiled from: WorkflowToken.java */
/* loaded from: classes.dex */
public class h {

    /* renamed from: a, reason: collision with root package name */
    private static final String f508a = "type";

    /* renamed from: b, reason: collision with root package name */
    private static final String f509b = "iss";

    /* renamed from: c, reason: collision with root package name */
    private static final String f510c = "clientId";

    /* renamed from: d, reason: collision with root package name */
    private static final String f511d = "scopes";

    /* renamed from: e, reason: collision with root package name */
    private static final String f512e = "workflowEndpoints";

    /* renamed from: f, reason: collision with root package name */
    private static final String f513f = "WorkflowToken";
    private static final String g = "Amazon";
    private final String h;
    private final String[] i;
    private final List<String> j;

    public h(String str) throws AuthError {
        JSONObject decode = new JWTDecoder().decode(str);
        if (decode == null) {
            throw new AuthError("Workflow Token is invalid", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        if (!decode.optString("type").equals(f513f)) {
            throw new AuthError("Workflow Token has invalid type", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        if (!decode.optString("iss").equals(g)) {
            throw new AuthError("Workflow Token has invalid issuer", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        String optString = decode.optString("clientId");
        this.h = optString;
        if (optString == null) {
            throw new AuthError("Workflow Token missing clientId", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        String[] stringArray = com.amazon.identity.auth.device.utils.b.getStringArray(decode, "scopes");
        this.i = stringArray;
        if (stringArray == null) {
            throw new AuthError("Workflow Token missing scopes", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
        List<String> stringList = com.amazon.identity.auth.device.utils.b.getStringList(decode, f512e);
        this.j = stringList;
        if (stringList == null) {
            throw new AuthError("Workflow Token missing endpoints", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
    }

    private Uri a(String str) {
        return Uri.parse(str).buildUpon().query("").fragment("").build();
    }

    public void assertWorkflowUrlIsAllowed(String str) throws AuthError {
        if (!this.j.contains(a(str).toString())) {
            throw new AuthError(String.format("Workflow URL %s is not allowed", str), AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
        }
    }

    public String getClientId() {
        return this.h;
    }

    public String[] getScopes() {
        return this.i;
    }
}
