package com.google.api.client.json.webtoken;

import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.c0;
import com.google.api.client.util.r;
import com.google.common.base.x;
import d3.a;
import defpackage.e;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import pc.c;
import uc.b;

/* loaded from: classes4.dex */
public class JsonWebSignature extends JsonWebToken {
    private final byte[] signatureBytes;
    private final byte[] signedContentBytes;

    /* loaded from: classes4.dex */
    public static class Header extends JsonWebToken.Header {

        @r("alg")
        private String algorithm;

        @r("crit")
        private List<String> critical;

        @r("jwk")
        private String jwk;

        @r("jku")
        private String jwkUrl;

        @r("kid")
        private String keyId;

        @r("x5c")
        private ArrayList<String> x509Certificates;

        @r("x5t")
        private String x509Thumbprint;

        @r("x5u")
        private String x509Url;

        @Override // com.google.api.client.json.webtoken.JsonWebToken.Header, pc.b, com.google.api.client.util.q, java.util.AbstractMap
        public Header clone() {
            return (Header) super.clone();
        }

        public final String getAlgorithm() {
            return this.algorithm;
        }

        public final List<String> getCritical() {
            List<String> list = this.critical;
            if (list == null || list.isEmpty()) {
                return null;
            }
            return new ArrayList(this.critical);
        }

        public final String getJwk() {
            return this.jwk;
        }

        public final String getJwkUrl() {
            return this.jwkUrl;
        }

        public final String getKeyId() {
            return this.keyId;
        }

        public final List<String> getX509Certificates() {
            return new ArrayList(this.x509Certificates);
        }

        public final String getX509Thumbprint() {
            return this.x509Thumbprint;
        }

        public final String getX509Url() {
            return this.x509Url;
        }

        @Override // com.google.api.client.json.webtoken.JsonWebToken.Header, pc.b, com.google.api.client.util.q
        public Header set(String str, Object obj) {
            return (Header) super.set(str, obj);
        }

        public Header setAlgorithm(String str) {
            this.algorithm = str;
            return this;
        }

        public Header setCritical(List<String> list) {
            this.critical = new ArrayList(list);
            return this;
        }

        public Header setJwk(String str) {
            this.jwk = str;
            return this;
        }

        public Header setJwkUrl(String str) {
            this.jwkUrl = str;
            return this;
        }

        public Header setKeyId(String str) {
            this.keyId = str;
            return this;
        }

        @Override // com.google.api.client.json.webtoken.JsonWebToken.Header
        public Header setType(String str) {
            super.setType(str);
            return this;
        }

        public Header setX509Certificates(List<String> list) {
            this.x509Certificates = new ArrayList<>(list);
            return this;
        }

        public Header setX509Thumbprint(String str) {
            this.x509Thumbprint = str;
            return this;
        }

        public Header setX509Url(String str) {
            this.x509Url = str;
            return this;
        }
    }

    /* loaded from: classes4.dex */
    public static final class Parser {
        private final c jsonFactory;
        private Class<? extends Header> headerClass = Header.class;
        private Class<? extends JsonWebToken.Payload> payloadClass = JsonWebToken.Payload.class;

        public Parser(c cVar) {
            cVar.getClass();
            this.jsonFactory = cVar;
        }

        public Class<? extends Header> getHeaderClass() {
            return this.headerClass;
        }

        public c getJsonFactory() {
            return this.jsonFactory;
        }

        public Class<? extends JsonWebToken.Payload> getPayloadClass() {
            return this.payloadClass;
        }

        public JsonWebSignature parse(String str) throws IOException {
            int indexOf = str.indexOf(46);
            x.d(indexOf != -1);
            byte[] I = a.I(str.substring(0, indexOf));
            int i = indexOf + 1;
            int indexOf2 = str.indexOf(46, i);
            x.d(indexOf2 != -1);
            int i10 = indexOf2 + 1;
            x.d(str.indexOf(46, i10) == -1);
            byte[] I2 = a.I(str.substring(i, indexOf2));
            byte[] I3 = a.I(str.substring(i10));
            String substring = str.substring(0, indexOf2);
            String str2 = c0.a;
            byte[] bytes = substring == null ? null : substring.getBytes(StandardCharsets.UTF_8);
            Header header = (Header) this.jsonFactory.fromInputStream(new ByteArrayInputStream(I), this.headerClass);
            x.d(header.getAlgorithm() != null);
            return new JsonWebSignature(header, (JsonWebToken.Payload) this.jsonFactory.fromInputStream(new ByteArrayInputStream(I2), this.payloadClass), I3, bytes);
        }

        public Parser setHeaderClass(Class<? extends Header> cls) {
            this.headerClass = cls;
            return this;
        }

        public Parser setPayloadClass(Class<? extends JsonWebToken.Payload> cls) {
            this.payloadClass = cls;
            return this;
        }
    }

    public JsonWebSignature(Header header, JsonWebToken.Payload payload, byte[] bArr, byte[] bArr2) {
        super(header, payload);
        bArr.getClass();
        this.signatureBytes = bArr;
        bArr2.getClass();
        this.signedContentBytes = bArr2;
    }

    private static X509TrustManager getDefaultX509TrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
        } catch (KeyStoreException | NoSuchAlgorithmException unused) {
        }
        return null;
    }

    public static JsonWebSignature parse(c cVar, String str) throws IOException {
        return parser(cVar).parse(str);
    }

    public static Parser parser(c cVar) {
        return new Parser(cVar);
    }

    public static String signUsingRsaSha256(PrivateKey privateKey, c cVar, Header header, JsonWebToken.Payload payload) throws GeneralSecurityException, IOException {
        String str = a.K(cVar.toByteArray(header)) + "." + a.K(cVar.toByteArray(payload));
        String str2 = c0.a;
        byte[] bytes = str == null ? null : str.getBytes(StandardCharsets.UTF_8);
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(bytes);
        byte[] sign = signature.sign();
        StringBuilder B = e.B(str, ".");
        B.append(a.K(sign));
        return B.toString();
    }

    @Override // com.google.api.client.json.webtoken.JsonWebToken
    public Header getHeader() {
        return (Header) super.getHeader();
    }

    public final byte[] getSignatureBytes() {
        byte[] bArr = this.signatureBytes;
        return Arrays.copyOf(bArr, bArr.length);
    }

    public final byte[] getSignedContentBytes() {
        byte[] bArr = this.signedContentBytes;
        return Arrays.copyOf(bArr, bArr.length);
    }

    public final X509Certificate verifySignature() throws GeneralSecurityException {
        X509TrustManager defaultX509TrustManager = getDefaultX509TrustManager();
        if (defaultX509TrustManager == null) {
            return null;
        }
        return verifySignature(defaultX509TrustManager);
    }

    public final X509Certificate verifySignature(X509TrustManager x509TrustManager) throws GeneralSecurityException {
        List<String> x509Certificates = getHeader().getX509Certificates();
        if (x509Certificates != null && !x509Certificates.isEmpty()) {
            String algorithm = getHeader().getAlgorithm();
            if ("RS256".equals(algorithm)) {
                return b.E(Signature.getInstance("SHA256withRSA"), x509TrustManager, x509Certificates, this.signatureBytes, this.signedContentBytes);
            }
            if ("ES256".equals(algorithm)) {
                return b.E(Signature.getInstance("SHA256withECDSA"), x509TrustManager, x509Certificates, DerEncoder.encode(this.signatureBytes), this.signedContentBytes);
            }
        }
        return null;
    }

    public final boolean verifySignature(PublicKey publicKey) throws GeneralSecurityException {
        String algorithm = getHeader().getAlgorithm();
        if ("RS256".equals(algorithm)) {
            Signature signature = Signature.getInstance("SHA256withRSA");
            byte[] bArr = this.signatureBytes;
            byte[] bArr2 = this.signedContentBytes;
            signature.initVerify(publicKey);
            signature.update(bArr2);
            try {
                return signature.verify(bArr);
            } catch (SignatureException unused) {
                return false;
            }
        }
        if (!"ES256".equals(algorithm)) {
            return false;
        }
        Signature signature2 = Signature.getInstance("SHA256withECDSA");
        byte[] encode = DerEncoder.encode(this.signatureBytes);
        byte[] bArr3 = this.signedContentBytes;
        signature2.initVerify(publicKey);
        signature2.update(bArr3);
        try {
            return signature2.verify(encode);
        } catch (SignatureException unused2) {
            return false;
        }
    }
}
