package vg;

import com.google.api.client.auth.openidconnect.IdToken;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.n;
import com.google.common.cache.g0;
import com.google.common.util.concurrent.UncheckedExecutionException;
import dh.i;
import hh.c2;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Logger;

/* loaded from: classes3.dex */
public class g {

    /* renamed from: f, reason: collision with root package name */
    public static final Logger f77575f = Logger.getLogger(g.class.getName());

    /* renamed from: g, reason: collision with root package name */
    public static final c2 f77576g = c2.o(2, "RS256", "ES256");

    /* renamed from: h, reason: collision with root package name */
    public static final i f77577h = new i();

    /* renamed from: a, reason: collision with root package name */
    public final n f77578a;

    /* renamed from: b, reason: collision with root package name */
    public final a f77579b;

    /* renamed from: c, reason: collision with root package name */
    public final g0 f77580c;

    /* renamed from: d, reason: collision with root package name */
    public final long f77581d;

    /* renamed from: e, reason: collision with root package name */
    public final Collection f77582e;

    public g() {
        this(new c());
    }

    public g(c cVar) {
        cVar.getClass();
        this.f77578a = cVar.f77571a;
        this.f77581d = cVar.f77572b;
        Collection collection = cVar.f77573c;
        this.f77582e = collection == null ? null : Collections.unmodifiableCollection(collection);
        d dVar = new d();
        com.google.common.cache.f c10 = com.google.common.cache.f.c();
        c10.b(1L, TimeUnit.HOURS);
        e eVar = new e(dVar);
        c10.a();
        this.f77580c = new g0(c10, eVar);
        this.f77579b = new a();
    }

    public static String a(JsonWebSignature.Header header) {
        String algorithm = header.getAlgorithm();
        algorithm.getClass();
        if (algorithm.equals("ES256")) {
            return "https://www.gstatic.com/iap/verify/public_key-jwk";
        }
        if (algorithm.equals("RS256")) {
            return "https://www.googleapis.com/oauth2/v3/certs";
        }
        throw new f(String.format("Unexpected signing algorithm %s: expected either RS256 or ES256", header.getAlgorithm()));
    }

    public final void b(IdToken idToken) {
        this.f77579b.getClass();
        if (Boolean.parseBoolean(System.getenv("OAUTH_CLIENT_SKIP_SIGNATURE"))) {
            return;
        }
        if (!f77576g.contains(idToken.getHeader().getAlgorithm())) {
            throw new f(String.format("Unexpected signing algorithm %s: expected either RS256 or ES256", idToken.getHeader().getAlgorithm()));
        }
        try {
            PublicKey publicKey = (PublicKey) ((Map) this.f77580c.a(a(idToken.getHeader()))).get(idToken.getHeader().getKeyId());
            if (publicKey == null) {
                throw new IOException("Could not find public key for provided keyId: " + idToken.getHeader().getKeyId());
            }
            try {
                if (idToken.verifySignature(publicKey)) {
                } else {
                    throw new f("Invalid signature");
                }
            } catch (GeneralSecurityException e7) {
                throw new f("Error validating token", e7);
            }
        } catch (UncheckedExecutionException | ExecutionException e10) {
            throw new IOException("Error fetching public key from certificate location null", e10);
        }
    }
}
