package com.google.api.client.auth.openidconnect;

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.http.i;
import com.google.api.client.http.k;
import com.google.api.client.http.m;
import com.google.api.client.http.n;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.e;
import com.google.api.client.util.j;
import com.google.api.client.util.p;
import com.google.api.client.util.u;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.f;
import com.google.common.util.concurrent.UncheckedExecutionException;
import com.mbridge.msdk.playercommon.exoplayer2.C;
import com.unity3d.ads.core.data.datasource.AndroidStaticDeviceInfoDataSource;
import freemarker.core.a7;
import io.g;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import lo.q;
import mo.i0;
import mo.m0;
import mo.s1;

/* loaded from: classes5.dex */
public class IdTokenVerifier {

    /* renamed from: f, reason: collision with root package name */
    public static final Logger f37647f = Logger.getLogger(IdTokenVerifier.class.getName());

    /* renamed from: g, reason: collision with root package name */
    public static final m0 f37648g = m0.q("RS256", "ES256");

    /* renamed from: h, reason: collision with root package name */
    public static final g f37649h = new g();

    /* renamed from: a, reason: collision with root package name */
    public final j f37650a;

    /* renamed from: b, reason: collision with root package name */
    public final zn.a f37651b;

    /* renamed from: c, reason: collision with root package name */
    public final f.n f37652c;

    /* renamed from: d, reason: collision with root package name */
    public final long f37653d;

    /* renamed from: e, reason: collision with root package name */
    public final Collection f37654e;

    /* loaded from: classes5.dex */
    public static class PublicKeyLoader extends CacheLoader {

        /* renamed from: a, reason: collision with root package name */
        public final zn.b f37655a;

        /* loaded from: classes5.dex */
        public static class JsonWebKey {

            @u
            public String alg;

            @u
            public String crv;

            /* renamed from: e, reason: collision with root package name */
            @u
            public String f37656e;

            @u
            public String kid;

            @u
            public String kty;

            /* renamed from: n, reason: collision with root package name */
            @u
            public String f37657n;

            @u
            public String use;

            /* renamed from: x, reason: collision with root package name */
            @u
            public String f37658x;

            /* renamed from: y, reason: collision with root package name */
            @u
            public String f37659y;
        }

        /* loaded from: classes5.dex */
        public static class JsonWebKeySet extends GenericJson {

            @u
            public List<JsonWebKey> keys;
        }

        public PublicKeyLoader(zn.b bVar) {
            this.f37655a = bVar;
        }

        public static PublicKey b(JsonWebKey jsonWebKey) {
            if ("ES256".equals(jsonWebKey.alg)) {
                q.b("EC".equals(jsonWebKey.kty));
                q.b("P-256".equals(jsonWebKey.crv));
                ECPoint eCPoint = new ECPoint(new BigInteger(1, e.a(jsonWebKey.f37658x)), new BigInteger(1, e.a(jsonWebKey.f37659y)));
                AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
                algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
                return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
            }
            if (!"RS256".equals(jsonWebKey.alg)) {
                return null;
            }
            q.b("RSA".equals(jsonWebKey.kty));
            jsonWebKey.f37656e.getClass();
            jsonWebKey.f37657n.getClass();
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, e.a(jsonWebKey.f37657n)), new BigInteger(1, e.a(jsonWebKey.f37656e))));
        }

        @Override // com.google.common.cache.CacheLoader
        public final s1 a(Object obj) {
            String str = (String) obj;
            ((b) this.f37655a).getClass();
            try {
                com.google.api.client.http.u a10 = IdTokenVerifier.f37649h.createRequestFactory().a("GET", new i(str), null);
                a10.f37742q = GsonFactory.getDefaultInstance().createJsonObjectParser();
                a10.f37729d = 2;
                p.a aVar = new p.a();
                aVar.f37833a = 1000;
                aVar.f37834b = 0.1d;
                aVar.f37835c = 2.0d;
                n nVar = new n(new p(aVar));
                k kVar = m.f37704a;
                kVar.getClass();
                nVar.f37707b = kVar;
                a10.f37739n = nVar;
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) a10.b().e(JsonWebKeySet.class);
                i0.a aVar2 = new i0.a();
                List<JsonWebKey> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        aVar2.b(str2, CertificateFactory.getInstance(AndroidStaticDeviceInfoDataSource.CERTIFICATE_TYPE_X509).generateCertificate(new ByteArrayInputStream(((String) jsonWebKeySet.get(str2)).getBytes(C.UTF8_NAME))).getPublicKey());
                    }
                } else {
                    for (JsonWebKey jsonWebKey : list) {
                        try {
                            aVar2.b(jsonWebKey.kid, b(jsonWebKey));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e11) {
                            IdTokenVerifier.f37647f.log(Level.WARNING, "Failed to put a key into the cache", e11);
                        }
                    }
                }
                s1 a11 = aVar2.a();
                if (a11.isEmpty()) {
                    throw new c(a0.a.B("No valid public key returned by the keystore: ", str));
                }
                return a11;
            } catch (IOException e12) {
                IdTokenVerifier.f37647f.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e12);
                throw e12;
            }
        }
    }

    /* loaded from: classes5.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public final j f37660a = com.google.api.client.util.k.f37796a;

        /* renamed from: b, reason: collision with root package name */
        public final long f37661b = 300;

        /* renamed from: c, reason: collision with root package name */
        public List f37662c;
    }

    /* loaded from: classes5.dex */
    public static class b implements zn.b {
    }

    /* loaded from: classes5.dex */
    public static class c extends Exception {
        public c(String str) {
            super(str);
        }

        public c(String str, Throwable th2) {
            super(str, th2);
        }
    }

    public IdTokenVerifier() {
        this(new a());
    }

    public IdTokenVerifier(a aVar) {
        aVar.getClass();
        this.f37650a = aVar.f37660a;
        this.f37653d = aVar.f37661b;
        List list = aVar.f37662c;
        this.f37654e = list == null ? null : Collections.unmodifiableCollection(list);
        b bVar = new b();
        com.google.common.cache.c c11 = com.google.common.cache.c.c();
        c11.b(1L, TimeUnit.HOURS);
        PublicKeyLoader publicKeyLoader = new PublicKeyLoader(bVar);
        c11.a();
        this.f37652c = new f.n(c11, publicKeyLoader);
        this.f37651b = new zn.a();
    }

    public static String a(JsonWebSignature.Header header) {
        String algorithm = header.getAlgorithm();
        algorithm.getClass();
        if (algorithm.equals("ES256")) {
            return "=";
        }
        if (algorithm.equals("RS256")) {
            return "https://www.googleapis.com/oauth2/v3/certs";
        }
        throw new c(a7.A("Unexpected signing algorithm ", header.getAlgorithm(), ": expected either RS256 or ES256"));
    }

    public final void b(GoogleIdToken googleIdToken) {
        this.f37651b.getClass();
        if (Boolean.parseBoolean(System.getenv("OAUTH_CLIENT_SKIP_SIGNATURE"))) {
            return;
        }
        if (!f37648g.contains(googleIdToken.getHeader().getAlgorithm())) {
            throw new c(a7.A("Unexpected signing algorithm ", googleIdToken.getHeader().getAlgorithm(), ": expected either RS256 or ES256"));
        }
        try {
            PublicKey publicKey = (PublicKey) ((Map) this.f37652c.a(a(googleIdToken.getHeader()))).get(googleIdToken.getHeader().getKeyId());
            if (publicKey == null) {
                throw new IOException("Could not find public key for provided keyId: " + googleIdToken.getHeader().getKeyId());
            }
            try {
                if (googleIdToken.verifySignature(publicKey)) {
                } else {
                    throw new c("Invalid signature");
                }
            } catch (GeneralSecurityException e11) {
                throw new c("Error validating token", e11);
            }
        } catch (UncheckedExecutionException | ExecutionException e12) {
            throw new IOException("Error fetching public key from certificate location null", e12);
        }
    }
}
