package com.google.api.client.auth.openidconnect;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.C5531;
import com.google.api.client.util.InterfaceC5532;
import com.google.api.client.util.InterfaceC5540;
import com.google.api.client.util.InterfaceC5561;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import p1194.C37726;
import p1570.C47107;
import p1683.AbstractC50078;
import p1683.AbstractC50126;
import p1898.C55568;
import p2129.AbstractC60770;
import p2129.C60743;
import p2129.C60761;
import p2144.C60935;
import p312.C13351;
import p584.InterfaceC23027;
import p609.C23514;
import p609.InterfaceC23515;
import p631.AbstractC23812;
import p631.C23788;
import p631.InterfaceC23824;
import p737.C25651;

@InterfaceC5532
/* loaded from: classes9.dex */
public class IdTokenVerifier {

    /* renamed from: ԯ, reason: contains not printable characters */
    public static final String f21135 = "https://www.gstatic.com/iap/verify/public_key-jwk";

    /* renamed from: ՠ, reason: contains not printable characters */
    public static final String f21136 = "https://www.googleapis.com/oauth2/v3/certs";

    /* renamed from: ֏, reason: contains not printable characters */
    public static final String f21138 = "Unexpected signing algorithm %s: expected either RS256 or ES256";

    /* renamed from: ؠ, reason: contains not printable characters */
    public static final String f21140 = "OAUTH_CLIENT_SKIP_SIGNATURE";

    /* renamed from: ހ, reason: contains not printable characters */
    public static final long f21141 = 300;

    /* renamed from: Ϳ, reason: contains not printable characters */
    public final InterfaceC5540 f21142;

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final String f21143;

    /* renamed from: ԩ, reason: contains not printable characters */
    public final C23514 f21144;

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final InterfaceC23824<String, Map<String, PublicKey>> f21145;

    /* renamed from: ԫ, reason: contains not printable characters */
    public final long f21146;

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final Collection<String> f21147;

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> f21148;

    /* renamed from: Ԯ, reason: contains not printable characters */
    public static final Logger f21134 = Logger.getLogger(IdTokenVerifier.class.getName());

    /* renamed from: ֈ, reason: contains not printable characters */
    public static final Set<String> f21137 = AbstractC50126.m186309(JwtRequestHeader.ALG_VALUE_RS256, "ES256");

    /* renamed from: ׯ, reason: contains not printable characters */
    public static final AbstractC60770 f21139 = new C55568();

    /* loaded from: classes9.dex */
    public static class PublicKeyLoader extends AbstractC23812<String, Map<String, PublicKey>> {

        /* renamed from: Ҭ, reason: contains not printable characters */
        public final InterfaceC23515 f21149;

        /* loaded from: classes9.dex */
        public static class JsonWebKeySet extends C25651 {

            @InterfaceC5561
            public List<C5495> keys;
        }

        /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$PublicKeyLoader$Ϳ, reason: contains not printable characters */
        /* loaded from: classes9.dex */
        public static class C5495 {

            /* renamed from: Ϳ, reason: contains not printable characters */
            @InterfaceC5561
            public String f21150;

            /* renamed from: Ԩ, reason: contains not printable characters */
            @InterfaceC5561
            public String f21151;

            /* renamed from: ԩ, reason: contains not printable characters */
            @InterfaceC5561
            public String f21152;

            /* renamed from: Ԫ, reason: contains not printable characters */
            @InterfaceC5561
            public String f21153;

            /* renamed from: ԫ, reason: contains not printable characters */
            @InterfaceC5561
            public String f21154;

            /* renamed from: Ԭ, reason: contains not printable characters */
            @InterfaceC5561
            public String f21155;

            /* renamed from: ԭ, reason: contains not printable characters */
            @InterfaceC5561
            public String f21156;

            /* renamed from: Ԯ, reason: contains not printable characters */
            @InterfaceC5561
            public String f21157;

            /* renamed from: ԯ, reason: contains not printable characters */
            @InterfaceC5561
            public String f21158;
        }

        public PublicKeyLoader(InterfaceC23515 interfaceC23515) {
            this.f21149 = interfaceC23515;
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final PublicKey m26730(C5495 c5495) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            C47107.m178483("EC".equals(c5495.f21153));
            C47107.m178483("P-256".equals(c5495.f21151));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, C5531.m26995(c5495.f21155)), new BigInteger(1, C5531.m26995(c5495.f21156)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public final PublicKey m26731(C5495 c5495) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            if ("ES256".equals(c5495.f21150)) {
                return m26730(c5495);
            }
            if (JwtRequestHeader.ALG_VALUE_RS256.equals(c5495.f21150)) {
                return m26733(c5495);
            }
            return null;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public final PublicKey m26732(String str) throws CertificateException, UnsupportedEncodingException {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8"))).getPublicKey();
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public final PublicKey m26733(C5495 c5495) throws NoSuchAlgorithmException, InvalidKeySpecException {
            C47107.m178483("RSA".equals(c5495.f21153));
            c5495.f21157.getClass();
            c5495.f21158.getClass();
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, C5531.m26995(c5495.f21158)), new BigInteger(1, C5531.m26995(c5495.f21157))));
        }

        @Override // p631.AbstractC23812
        /* renamed from: ֏, reason: contains not printable characters and merged with bridge method [inline-methods] */
        public Map<String, PublicKey> mo26729(String str) throws Exception {
            try {
                C60761 m218733 = this.f21149.create().m218787().m218733(new C60743(str, false));
                m218733.f189172 = C60935.C60936.f189691.m119011();
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) m218733.m218674().m218759(JsonWebKeySet.class);
                AbstractC50078.C50080 c50080 = new AbstractC50078.C50080(4);
                List<C5495> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        c50080.mo186031(str2, m26732((String) jsonWebKeySet.get(str2)));
                    }
                } else {
                    for (C5495 c5495 : list) {
                        try {
                            c50080.mo186031(c5495.f21152, m26731(c5495));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            IdTokenVerifier.f21134.log(Level.WARNING, "Failed to put a key into the cache", e);
                        }
                    }
                }
                if (c50080.mo186028().isEmpty()) {
                    throw new Exception(C37726.m152626("No valid public key returned by the keystore: ", str));
                }
                return c50080.mo186028();
            } catch (IOException e2) {
                IdTokenVerifier.f21134.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e2);
                throw e2;
            }
        }
    }

    @InterfaceC5532
    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ϳ, reason: contains not printable characters */
    /* loaded from: classes9.dex */
    public static class C5496 {

        /* renamed from: Ԩ, reason: contains not printable characters */
        public String f21160;

        /* renamed from: ԩ, reason: contains not printable characters */
        public C23514 f21161;

        /* renamed from: ԫ, reason: contains not printable characters */
        public Collection<String> f21163;

        /* renamed from: Ԭ, reason: contains not printable characters */
        public Collection<String> f21164;

        /* renamed from: ԭ, reason: contains not printable characters */
        public InterfaceC23515 f21165;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public InterfaceC5540 f21159 = InterfaceC5540.f21266;

        /* renamed from: Ԫ, reason: contains not printable characters */
        public long f21162 = 300;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public IdTokenVerifier mo26735() {
            return new IdTokenVerifier(this);
        }

        /* renamed from: Ԩ, reason: contains not printable characters */
        public final long m26736() {
            return this.f21162;
        }

        /* renamed from: ԩ, reason: contains not printable characters */
        public final Collection<String> m26737() {
            return this.f21164;
        }

        /* renamed from: Ԫ, reason: contains not printable characters */
        public final InterfaceC5540 m26738() {
            return this.f21159;
        }

        /* renamed from: ԫ, reason: contains not printable characters */
        public final C23514 m26739() {
            return this.f21161;
        }

        /* renamed from: Ԭ, reason: contains not printable characters */
        public final String m26740() {
            Collection<String> collection = this.f21163;
            if (collection == null) {
                return null;
            }
            return collection.iterator().next();
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final Collection<String> m26741() {
            return this.f21163;
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public C5496 mo26742(long j) {
            C47107.m178483(j >= 0);
            this.f21162 = j;
            return this;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public C5496 mo26743(Collection<String> collection) {
            this.f21164 = collection;
            return this;
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public C5496 m26744(String str) {
            this.f21160 = str;
            return this;
        }

        /* renamed from: ֈ, reason: contains not printable characters */
        public C5496 mo26745(InterfaceC5540 interfaceC5540) {
            interfaceC5540.getClass();
            this.f21159 = interfaceC5540;
            return this;
        }

        /* renamed from: ֏, reason: contains not printable characters */
        public C5496 m26746(C23514 c23514) {
            this.f21161 = c23514;
            return this;
        }

        /* renamed from: ׯ, reason: contains not printable characters */
        public C5496 m26747(InterfaceC23515 interfaceC23515) {
            this.f21165 = interfaceC23515;
            return this;
        }

        /* renamed from: ؠ, reason: contains not printable characters */
        public C5496 mo26748(String str) {
            return str == null ? mo26749(null) : mo26749(Collections.singleton(str));
        }

        /* renamed from: ހ, reason: contains not printable characters */
        public C5496 mo26749(Collection<String> collection) {
            C47107.m178484(collection == null || !collection.isEmpty(), "Issuers must not be empty");
            this.f21163 = collection;
            return this;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԩ, reason: contains not printable characters */
    /* loaded from: classes9.dex */
    public static class C5497 implements InterfaceC23515 {
        @Override // p609.InterfaceC23515
        public AbstractC60770 create() {
            return IdTokenVerifier.f21139;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԫ, reason: contains not printable characters */
    /* loaded from: classes9.dex */
    public static class C5498 extends Exception {
        public C5498(String str) {
            super(str);
        }

        public C5498(String str, Throwable th) {
            super(str, th);
        }
    }

    public IdTokenVerifier() {
        this(new C5496());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public IdTokenVerifier(C5496 c5496) {
        this.f21143 = c5496.f21160;
        this.f21142 = c5496.f21159;
        this.f21146 = c5496.f21162;
        Collection<String> collection = c5496.f21163;
        this.f21147 = collection == null ? null : Collections.unmodifiableCollection(collection);
        Collection<String> collection2 = c5496.f21164;
        this.f21148 = collection2 != null ? Collections.unmodifiableCollection(collection2) : null;
        InterfaceC23515 interfaceC23515 = c5496.f21165;
        this.f21145 = C23788.m113234().m113241(1L, TimeUnit.HOURS).m113236(new PublicKeyLoader(interfaceC23515 == null ? new Object() : interfaceC23515));
        C23514 c23514 = c5496.f21161;
        this.f21144 = c23514 == null ? new Object() : c23514;
    }

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final long m26720() {
        return this.f21146;
    }

    /* renamed from: ԩ, reason: contains not printable characters */
    public final Collection<String> m26721() {
        return this.f21148;
    }

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final String m26722(JsonWebSignature.Header header) throws C5498 {
        String str = this.f21143;
        if (str != null) {
            return str;
        }
        String algorithm = header.getAlgorithm();
        algorithm.getClass();
        if (algorithm.equals("ES256")) {
            return f21135;
        }
        if (algorithm.equals(JwtRequestHeader.ALG_VALUE_RS256)) {
            return f21136;
        }
        throw new Exception(String.format(f21138, header.getAlgorithm()));
    }

    /* renamed from: ԫ, reason: contains not printable characters */
    public final InterfaceC5540 m26723() {
        return this.f21142;
    }

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final String m26724() {
        Collection<String> collection = this.f21147;
        if (collection == null) {
            return null;
        }
        return collection.iterator().next();
    }

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> m26725() {
        return this.f21147;
    }

    /* renamed from: Ԯ, reason: contains not printable characters */
    public boolean m26726(IdToken idToken) {
        if (!m26727(idToken)) {
            return false;
        }
        try {
            return m26728(idToken);
        } catch (C5498 e) {
            f21134.log(Level.SEVERE, "id token signature verification failed. Please see docs for IdTokenVerifier for default settings and configuration options", (Throwable) e);
            return false;
        }
    }

    /* renamed from: ԯ, reason: contains not printable characters */
    public boolean m26727(IdToken idToken) {
        Collection<String> collection;
        Collection<String> collection2 = this.f21147;
        return (collection2 == null || idToken.m26717(collection2)) && ((collection = this.f21148) == null || idToken.m26713(collection)) && idToken.m26718(this.f21142.mo27014(), this.f21146);
    }

    @InterfaceC23027
    /* renamed from: ՠ, reason: contains not printable characters */
    public boolean m26728(IdToken idToken) throws C5498 {
        if (Boolean.parseBoolean(this.f21144.m112629(f21140))) {
            return true;
        }
        if (!f21137.contains(idToken.mo26957().getAlgorithm())) {
            throw new Exception(String.format(f21138, idToken.mo26957().getAlgorithm()));
        }
        try {
            PublicKey publicKey = this.f21145.get(m26722(idToken.mo26957())).get(idToken.mo26957().getKeyId());
            if (publicKey == null) {
                throw new Exception("Could not find public key for provided keyId: " + idToken.mo26957().getKeyId());
            }
            try {
                if (idToken.m26963(publicKey)) {
                    return true;
                }
                throw new Exception("Invalid signature");
            } catch (GeneralSecurityException e) {
                throw new Exception("Error validating token", e);
            }
        } catch (ExecutionException | C13351 e2) {
            throw new Exception("Error fetching public key from certificate location " + this.f21143, e2);
        }
    }
}
