package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.util.Base64;
import com.google.api.client.util.ExponentialBackOff;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.TokenVerifier;
import com.google.common.base.Preconditions;
import com.google.common.cache.CacheLoader;
import com.google.common.collect.ImmutableMap;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.List;

/* loaded from: classes2.dex */
public final class j0 extends CacheLoader {

    /* renamed from: a, reason: collision with root package name */
    public final HttpTransportFactory f22831a;

    public j0(HttpTransportFactory httpTransportFactory) {
        this.f22831a = httpTransportFactory;
    }

    public static PublicKey a(TokenVerifier$PublicKeyLoader$JsonWebKey tokenVerifier$PublicKeyLoader$JsonWebKey) {
        if ("ES256".equals(tokenVerifier$PublicKeyLoader$JsonWebKey.alg)) {
            Preconditions.checkArgument("EC".equals(tokenVerifier$PublicKeyLoader$JsonWebKey.kty));
            Preconditions.checkArgument("P-256".equals(tokenVerifier$PublicKeyLoader$JsonWebKey.crv));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, Base64.decodeBase64(tokenVerifier$PublicKeyLoader$JsonWebKey.f22765x)), new BigInteger(1, Base64.decodeBase64(tokenVerifier$PublicKeyLoader$JsonWebKey.f22766y)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }
        if (!"RS256".equals(tokenVerifier$PublicKeyLoader$JsonWebKey.alg)) {
            return null;
        }
        Preconditions.checkArgument("RSA".equals(tokenVerifier$PublicKeyLoader$JsonWebKey.kty));
        Preconditions.checkNotNull(tokenVerifier$PublicKeyLoader$JsonWebKey.f22763e);
        Preconditions.checkNotNull(tokenVerifier$PublicKeyLoader$JsonWebKey.f22764n);
        return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.decodeBase64(tokenVerifier$PublicKeyLoader$JsonWebKey.f22764n)), new BigInteger(1, Base64.decodeBase64(tokenVerifier$PublicKeyLoader$JsonWebKey.f22763e))));
    }

    @Override // com.google.common.cache.CacheLoader
    public final Object load(Object obj) {
        String str = (String) obj;
        HttpRequest parser = this.f22831a.create().createRequestFactory().buildGetRequest(new GenericUrl(str)).setParser(y.f22854f.createJsonObjectParser());
        parser.setNumberOfRetries(2);
        parser.setUnsuccessfulResponseHandler(new HttpBackOffUnsuccessfulResponseHandler(new ExponentialBackOff.Builder().setInitialIntervalMillis(1000).setRandomizationFactor(0.1d).setMultiplier(2.0d).build()).setBackOffRequired(HttpBackOffUnsuccessfulResponseHandler.BackOffRequired.ALWAYS));
        TokenVerifier$PublicKeyLoader$JsonWebKeySet tokenVerifier$PublicKeyLoader$JsonWebKeySet = (TokenVerifier$PublicKeyLoader$JsonWebKeySet) parser.execute().parseAs(TokenVerifier$PublicKeyLoader$JsonWebKeySet.class);
        ImmutableMap.Builder builder = new ImmutableMap.Builder();
        List<TokenVerifier$PublicKeyLoader$JsonWebKey> list = tokenVerifier$PublicKeyLoader$JsonWebKeySet.keys;
        if (list == null) {
            for (String str2 : tokenVerifier$PublicKeyLoader$JsonWebKeySet.keySet()) {
                builder.put(str2, CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(((String) tokenVerifier$PublicKeyLoader$JsonWebKeySet.get(str2)).getBytes("UTF-8"))).getPublicKey());
            }
        } else {
            for (TokenVerifier$PublicKeyLoader$JsonWebKey tokenVerifier$PublicKeyLoader$JsonWebKey : list) {
                try {
                    builder.put(tokenVerifier$PublicKeyLoader$JsonWebKey.kid, a(tokenVerifier$PublicKeyLoader$JsonWebKey));
                } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e10) {
                    e10.printStackTrace();
                }
            }
        }
        ImmutableMap build = builder.build();
        if (build.isEmpty()) {
            throw new TokenVerifier.VerificationException(android.support.v4.media.a.k("No valid public key returned by the keystore: ", str));
        }
        return build;
    }
}
