package com.google.api.client.auth.openidconnect;

import com.google.api.client.http.f;
import com.google.api.client.http.i;
import com.google.api.client.json.GenericJson;
import com.google.common.base.y;
import com.google.common.cache.CacheLoader;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import com.microsoft.identity.common.java.platform.AbstractDevicePopManager;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import tt.b83;
import tt.di4;
import tt.lp6;
import tt.m30;
import tt.qb5;
import tt.za4;

/* loaded from: classes3.dex */
public class IdTokenVerifier {
    private static final Logger a = Logger.getLogger(IdTokenVerifier.class.getName());
    private static final Set b = ImmutableSet.of(JwtRequestHeader.ALG_VALUE_RS256, "ES256");
    static final i c = new lp6();

    /* loaded from: classes3.dex */
    static class PublicKeyLoader extends CacheLoader<String, Map<String, PublicKey>> {
        private final di4 a;

        /* loaded from: classes3.dex */
        public static class JsonWebKeySet extends GenericJson {

            @qb5
            public List<a> keys;
        }

        /* loaded from: classes3.dex */
        public static class a {

            @qb5
            public String alg;

            @qb5
            public String crv;

            @qb5
            public String e;

            @qb5
            public String kid;

            @qb5
            public String kty;

            @qb5
            public String n;

            @qb5
            public String use;

            @qb5
            public String x;

            @qb5
            public String y;
        }

        private PublicKey a(a aVar) {
            y.d("EC".equals(aVar.kty));
            y.d("P-256".equals(aVar.crv));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, m30.a(aVar.x)), new BigInteger(1, m30.a(aVar.y)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        private PublicKey b(a aVar) {
            if ("ES256".equals(aVar.alg)) {
                return a(aVar);
            }
            if (JwtRequestHeader.ALG_VALUE_RS256.equals(aVar.alg)) {
                return d(aVar);
            }
            return null;
        }

        private PublicKey c(String str) {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8"))).getPublicKey();
        }

        private PublicKey d(a aVar) {
            y.d(AbstractDevicePopManager.KeyPairGeneratorAlgorithms.RSA.equals(aVar.kty));
            y.u(aVar.e);
            y.u(aVar.n);
            return KeyFactory.getInstance(AbstractDevicePopManager.KeyPairGeneratorAlgorithms.RSA).generatePublic(new RSAPublicKeySpec(new BigInteger(1, m30.a(aVar.n)), new BigInteger(1, m30.a(aVar.e))));
        }

        @Override // com.google.common.cache.CacheLoader
        /* renamed from: e, reason: merged with bridge method [inline-methods] */
        public Map load(String str) {
            try {
                f z = this.a.create().c().a(new com.google.api.client.http.b(str)).z(com.google.api.client.json.gson.a.n().b());
                z.y(2);
                z.F(new za4(new b83.a().b(1000).d(0.1d).c(2.0d).a()).a(za4.a.a));
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) z.b().m(JsonWebKeySet.class);
                ImmutableMap.b bVar = new ImmutableMap.b();
                List<a> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        bVar.h(str2, c((String) jsonWebKeySet.get(str2)));
                    }
                } else {
                    for (a aVar : list) {
                        try {
                            bVar.h(aVar.kid, b(aVar));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            IdTokenVerifier.a.log(Level.WARNING, "Failed to put a key into the cache", e);
                        }
                    }
                }
                ImmutableMap a2 = bVar.a();
                if (!a2.isEmpty()) {
                    return a2;
                }
                throw new VerificationException("No valid public key returned by the keystore: " + str);
            } catch (IOException e2) {
                IdTokenVerifier.a.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e2);
                throw e2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class VerificationException extends Exception {
        public VerificationException(String str) {
            super(str);
        }

        public VerificationException(String str, Throwable th) {
            super(str, th);
        }
    }

    /* loaded from: classes3.dex */
    public static class a {
    }

    /* loaded from: classes3.dex */
    static class b implements di4 {
        @Override // tt.di4
        public i create() {
            return IdTokenVerifier.c;
        }
    }
}
