package com.amazon.identity.auth.device.utils;

import android.util.Base64;
import com.amazon.identity.auth.map.device.utils.MAPLog;
import d.b.b.a.a;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: src */
/* loaded from: classes.dex */
public class JWTDecoder {
    public static final /* synthetic */ boolean $assertionsDisabled = false;
    public static final String CHAR_SET = "UTF-8";
    public static final String FAILED_TO_DECODE = "Failed to decode: ";
    public static final String JWT_SPLITTER = "[.]";
    public static final String LOG_TAG = "com.amazon.identity.auth.device.utils.JWTDecoder";

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: src */
    /* loaded from: classes.dex */
    public enum JWT_SECTION {
        HEADER,
        PAYLOAD,
        SIGNATURE
    }

    private byte[] decodeBase64ToBytes(String str) {
        return Base64.decode(str.trim().getBytes("UTF-8"), 0);
    }

    private String decodeBase64ToString(String str) {
        return new String(decodeBase64ToBytes(str), "UTF-8");
    }

    private String[] getTokenParts(String str) {
        String[] split = str.split(JWT_SPLITTER);
        if (split.length == 3) {
            return split;
        }
        throw new IllegalArgumentException("Invalid JWT format");
    }

    private void verifySignature(String[] strArr) {
        if (!verifySignatureWithRsaSha256(decodeBase64ToBytes(strArr[JWT_SECTION.SIGNATURE.ordinal()]), (strArr[JWT_SECTION.HEADER.ordinal()].trim() + "." + strArr[JWT_SECTION.PAYLOAD.ordinal()].trim()).getBytes("UTF-8"), SignatureUtil.getAmazonPublicCertificate())) {
            throw new SecurityException("Decoding fails: signature mismatch!");
        }
        MAPLog.i(LOG_TAG, "Signature match!");
    }

    private boolean verifySignatureWithRsaSha256(byte[] bArr, byte[] bArr2, Certificate certificate) {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(certificate);
        signature.update(bArr2);
        return signature.verify(bArr);
    }

    public JSONObject decode(String str) {
        if (str == null) {
            return null;
        }
        try {
            String[] tokenParts = getTokenParts(str.trim());
            verifySignature(tokenParts);
            return new JSONObject(decodeBase64ToString(tokenParts[JWT_SECTION.PAYLOAD.ordinal()]));
        } catch (UnsupportedEncodingException e2) {
            String str2 = LOG_TAG;
            StringBuilder a2 = a.a("Failed to decode: ");
            a2.append(e2.getMessage());
            MAPLog.w(str2, a2.toString());
            return null;
        } catch (IOException e3) {
            String str3 = LOG_TAG;
            StringBuilder a3 = a.a("Failed to decode: ");
            a3.append(e3.getMessage());
            MAPLog.w(str3, a3.toString());
            return null;
        } catch (IllegalArgumentException e4) {
            String str4 = LOG_TAG;
            StringBuilder a4 = a.a("Failed to decode: ");
            a4.append(e4.getMessage());
            MAPLog.w(str4, a4.toString());
            return null;
        } catch (SecurityException e5) {
            String str5 = LOG_TAG;
            StringBuilder a5 = a.a("Failed to decode: ");
            a5.append(e5.getMessage());
            MAPLog.w(str5, a5.toString());
            return null;
        } catch (InvalidKeyException e6) {
            String str6 = LOG_TAG;
            StringBuilder a6 = a.a("Failed to decode: ");
            a6.append(e6.getMessage());
            MAPLog.w(str6, a6.toString());
            return null;
        } catch (NoSuchAlgorithmException e7) {
            String str7 = LOG_TAG;
            StringBuilder a7 = a.a("Failed to decode: ");
            a7.append(e7.getMessage());
            MAPLog.w(str7, a7.toString());
            return null;
        } catch (NoSuchProviderException e8) {
            String str8 = LOG_TAG;
            StringBuilder a8 = a.a("Failed to decode: ");
            a8.append(e8.getMessage());
            MAPLog.w(str8, a8.toString());
            return null;
        } catch (SignatureException e9) {
            String str9 = LOG_TAG;
            StringBuilder a9 = a.a("Failed to decode: ");
            a9.append(e9.getMessage());
            MAPLog.w(str9, a9.toString());
            return null;
        } catch (CertificateException e10) {
            String str10 = LOG_TAG;
            StringBuilder a10 = a.a("Failed to decode: ");
            a10.append(e10.getMessage());
            MAPLog.w(str10, a10.toString());
            return null;
        } catch (JSONException e11) {
            String str11 = LOG_TAG;
            StringBuilder a11 = a.a("Failed to decode: ");
            a11.append(e11.getMessage());
            MAPLog.w(str11, a11.toString());
            return null;
        }
    }
}
