package com.google.api.client.auth.openidconnect;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.C5451;
import com.google.api.client.util.InterfaceC5452;
import com.google.api.client.util.InterfaceC5460;
import com.google.api.client.util.InterfaceC5481;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import p099.C9587;
import p1089.AbstractC37869;
import p1089.C37845;
import p1089.InterfaceC37881;
import p1201.C40221;
import p1588.C47895;
import p1927.C55354;
import p2016.C57984;
import p2105.InterfaceC60078;
import p336.AbstractC16666;
import p336.AbstractC16714;
import p647.C27874;
import p647.InterfaceC27875;
import p689.AbstractC28398;
import p689.C28371;
import p689.C28389;
import p788.C30609;

@InterfaceC5452
/* loaded from: classes9.dex */
public class IdTokenVerifier {

    /* renamed from: ԯ, reason: contains not printable characters */
    public static final String f21105 = "https://www.gstatic.com/iap/verify/public_key-jwk";

    /* renamed from: ՠ, reason: contains not printable characters */
    public static final String f21106 = "https://www.googleapis.com/oauth2/v3/certs";

    /* renamed from: ֏, reason: contains not printable characters */
    public static final String f21108 = "Unexpected signing algorithm %s: expected either RS256 or ES256";

    /* renamed from: ؠ, reason: contains not printable characters */
    public static final String f21110 = "OAUTH_CLIENT_SKIP_SIGNATURE";

    /* renamed from: ހ, reason: contains not printable characters */
    public static final long f21111 = 300;

    /* renamed from: Ϳ, reason: contains not printable characters */
    public final InterfaceC5460 f21112;

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final String f21113;

    /* renamed from: ԩ, reason: contains not printable characters */
    public final C27874 f21114;

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final InterfaceC37881<String, Map<String, PublicKey>> f21115;

    /* renamed from: ԫ, reason: contains not printable characters */
    public final long f21116;

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final Collection<String> f21117;

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> f21118;

    /* renamed from: Ԯ, reason: contains not printable characters */
    public static final Logger f21104 = Logger.getLogger(IdTokenVerifier.class.getName());

    /* renamed from: ֈ, reason: contains not printable characters */
    public static final Set<String> f21107 = AbstractC16714.m61014(JwtRequestHeader.ALG_VALUE_RS256, "ES256");

    /* renamed from: ׯ, reason: contains not printable characters */
    public static final AbstractC28398 f21109 = new C9587();

    /* loaded from: classes9.dex */
    public static class PublicKeyLoader extends AbstractC37869<String, Map<String, PublicKey>> {

        /* renamed from: Ҭ, reason: contains not printable characters */
        public final InterfaceC27875 f21119;

        /* loaded from: classes9.dex */
        public static class JsonWebKeySet extends C30609 {

            @InterfaceC5481
            public List<C5415> keys;
        }

        /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$PublicKeyLoader$Ϳ, reason: contains not printable characters */
        /* loaded from: classes9.dex */
        public static class C5415 {

            /* renamed from: Ϳ, reason: contains not printable characters */
            @InterfaceC5481
            public String f21120;

            /* renamed from: Ԩ, reason: contains not printable characters */
            @InterfaceC5481
            public String f21121;

            /* renamed from: ԩ, reason: contains not printable characters */
            @InterfaceC5481
            public String f21122;

            /* renamed from: Ԫ, reason: contains not printable characters */
            @InterfaceC5481
            public String f21123;

            /* renamed from: ԫ, reason: contains not printable characters */
            @InterfaceC5481
            public String f21124;

            /* renamed from: Ԭ, reason: contains not printable characters */
            @InterfaceC5481
            public String f21125;

            /* renamed from: ԭ, reason: contains not printable characters */
            @InterfaceC5481
            public String f21126;

            /* renamed from: Ԯ, reason: contains not printable characters */
            @InterfaceC5481
            public String f21127;

            /* renamed from: ԯ, reason: contains not printable characters */
            @InterfaceC5481
            public String f21128;
        }

        public PublicKeyLoader(InterfaceC27875 interfaceC27875) {
            this.f21119 = interfaceC27875;
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final PublicKey m26441(C5415 c5415) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            C47895.m181157("EC".equals(c5415.f21123));
            C47895.m181157("P-256".equals(c5415.f21121));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, C5451.m26706(c5415.f21125)), new BigInteger(1, C5451.m26706(c5415.f21126)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public final PublicKey m26442(C5415 c5415) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            if ("ES256".equals(c5415.f21120)) {
                return m26441(c5415);
            }
            if (JwtRequestHeader.ALG_VALUE_RS256.equals(c5415.f21120)) {
                return m26444(c5415);
            }
            return null;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public final PublicKey m26443(String str) throws CertificateException, UnsupportedEncodingException {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8"))).getPublicKey();
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public final PublicKey m26444(C5415 c5415) throws NoSuchAlgorithmException, InvalidKeySpecException {
            C47895.m181157("RSA".equals(c5415.f21123));
            c5415.f21127.getClass();
            c5415.f21128.getClass();
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, C5451.m26706(c5415.f21128)), new BigInteger(1, C5451.m26706(c5415.f21127))));
        }

        @Override // p1089.AbstractC37869
        /* renamed from: ֏, reason: contains not printable characters and merged with bridge method [inline-methods] */
        public Map<String, PublicKey> mo26440(String str) throws Exception {
            try {
                C28389 m118240 = this.f21119.create().m118294().m118240(new C28371(str, false));
                m118240.f96544 = C55354.C55355.f174131.m125197();
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) m118240.m118181().m118266(JsonWebKeySet.class);
                AbstractC16666.C16668 c16668 = new AbstractC16666.C16668(4);
                List<C5415> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        c16668.mo60736(str2, m26443((String) jsonWebKeySet.get(str2)));
                    }
                } else {
                    for (C5415 c5415 : list) {
                        try {
                            c16668.mo60736(c5415.f21122, m26442(c5415));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            IdTokenVerifier.f21104.log(Level.WARNING, "Failed to put a key into the cache", e);
                        }
                    }
                }
                if (c16668.mo60733().isEmpty()) {
                    throw new Exception(C40221.m153983("No valid public key returned by the keystore: ", str));
                }
                return c16668.mo60733();
            } catch (IOException e2) {
                IdTokenVerifier.f21104.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e2);
                throw e2;
            }
        }
    }

    @InterfaceC5452
    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ϳ, reason: contains not printable characters */
    /* loaded from: classes9.dex */
    public static class C5416 {

        /* renamed from: Ԩ, reason: contains not printable characters */
        public String f21130;

        /* renamed from: ԩ, reason: contains not printable characters */
        public C27874 f21131;

        /* renamed from: ԫ, reason: contains not printable characters */
        public Collection<String> f21133;

        /* renamed from: Ԭ, reason: contains not printable characters */
        public Collection<String> f21134;

        /* renamed from: ԭ, reason: contains not printable characters */
        public InterfaceC27875 f21135;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public InterfaceC5460 f21129 = InterfaceC5460.f21236;

        /* renamed from: Ԫ, reason: contains not printable characters */
        public long f21132 = 300;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public IdTokenVerifier mo26446() {
            return new IdTokenVerifier(this);
        }

        /* renamed from: Ԩ, reason: contains not printable characters */
        public final long m26447() {
            return this.f21132;
        }

        /* renamed from: ԩ, reason: contains not printable characters */
        public final Collection<String> m26448() {
            return this.f21134;
        }

        /* renamed from: Ԫ, reason: contains not printable characters */
        public final InterfaceC5460 m26449() {
            return this.f21129;
        }

        /* renamed from: ԫ, reason: contains not printable characters */
        public final C27874 m26450() {
            return this.f21131;
        }

        /* renamed from: Ԭ, reason: contains not printable characters */
        public final String m26451() {
            Collection<String> collection = this.f21133;
            if (collection == null) {
                return null;
            }
            return collection.iterator().next();
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final Collection<String> m26452() {
            return this.f21133;
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public C5416 mo26453(long j) {
            C47895.m181157(j >= 0);
            this.f21132 = j;
            return this;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public C5416 mo26454(Collection<String> collection) {
            this.f21134 = collection;
            return this;
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public C5416 m26455(String str) {
            this.f21130 = str;
            return this;
        }

        /* renamed from: ֈ, reason: contains not printable characters */
        public C5416 mo26456(InterfaceC5460 interfaceC5460) {
            interfaceC5460.getClass();
            this.f21129 = interfaceC5460;
            return this;
        }

        /* renamed from: ֏, reason: contains not printable characters */
        public C5416 m26457(C27874 c27874) {
            this.f21131 = c27874;
            return this;
        }

        /* renamed from: ׯ, reason: contains not printable characters */
        public C5416 m26458(InterfaceC27875 interfaceC27875) {
            this.f21135 = interfaceC27875;
            return this;
        }

        /* renamed from: ؠ, reason: contains not printable characters */
        public C5416 mo26459(String str) {
            return str == null ? mo26460(null) : mo26460(Collections.singleton(str));
        }

        /* renamed from: ހ, reason: contains not printable characters */
        public C5416 mo26460(Collection<String> collection) {
            C47895.m181158(collection == null || !collection.isEmpty(), "Issuers must not be empty");
            this.f21133 = collection;
            return this;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԩ, reason: contains not printable characters */
    /* loaded from: classes9.dex */
    public static class C5417 implements InterfaceC27875 {
        @Override // p647.InterfaceC27875
        public AbstractC28398 create() {
            return IdTokenVerifier.f21109;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԫ, reason: contains not printable characters */
    /* loaded from: classes9.dex */
    public static class C5418 extends Exception {
        public C5418(String str) {
            super(str);
        }

        public C5418(String str, Throwable th) {
            super(str, th);
        }
    }

    public IdTokenVerifier() {
        this(new C5416());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public IdTokenVerifier(C5416 c5416) {
        this.f21113 = c5416.f21130;
        this.f21112 = c5416.f21129;
        this.f21116 = c5416.f21132;
        Collection<String> collection = c5416.f21133;
        this.f21117 = collection == null ? null : Collections.unmodifiableCollection(collection);
        Collection<String> collection2 = c5416.f21134;
        this.f21118 = collection2 != null ? Collections.unmodifiableCollection(collection2) : null;
        InterfaceC27875 interfaceC27875 = c5416.f21135;
        this.f21115 = C37845.m147386().m147393(1L, TimeUnit.HOURS).m147388(new PublicKeyLoader(interfaceC27875 == null ? new Object() : interfaceC27875));
        C27874 c27874 = c5416.f21131;
        this.f21114 = c27874 == null ? new Object() : c27874;
    }

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final long m26431() {
        return this.f21116;
    }

    /* renamed from: ԩ, reason: contains not printable characters */
    public final Collection<String> m26432() {
        return this.f21118;
    }

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final String m26433(JsonWebSignature.Header header) throws C5418 {
        String str = this.f21113;
        if (str != null) {
            return str;
        }
        String algorithm = header.getAlgorithm();
        algorithm.getClass();
        if (algorithm.equals("ES256")) {
            return f21105;
        }
        if (algorithm.equals(JwtRequestHeader.ALG_VALUE_RS256)) {
            return f21106;
        }
        throw new Exception(String.format(f21108, header.getAlgorithm()));
    }

    /* renamed from: ԫ, reason: contains not printable characters */
    public final InterfaceC5460 m26434() {
        return this.f21112;
    }

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final String m26435() {
        Collection<String> collection = this.f21117;
        if (collection == null) {
            return null;
        }
        return collection.iterator().next();
    }

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> m26436() {
        return this.f21117;
    }

    /* renamed from: Ԯ, reason: contains not printable characters */
    public boolean m26437(IdToken idToken) {
        if (!m26438(idToken)) {
            return false;
        }
        try {
            return m26439(idToken);
        } catch (C5418 e) {
            f21104.log(Level.SEVERE, "id token signature verification failed. Please see docs for IdTokenVerifier for default settings and configuration options", (Throwable) e);
            return false;
        }
    }

    /* renamed from: ԯ, reason: contains not printable characters */
    public boolean m26438(IdToken idToken) {
        Collection<String> collection;
        Collection<String> collection2 = this.f21117;
        return (collection2 == null || idToken.m26428(collection2)) && ((collection = this.f21118) == null || idToken.m26424(collection)) && idToken.m26429(this.f21112.mo26725(), this.f21116);
    }

    @InterfaceC60078
    /* renamed from: ՠ, reason: contains not printable characters */
    public boolean m26439(IdToken idToken) throws C5418 {
        if (Boolean.parseBoolean(this.f21114.m116586(f21110))) {
            return true;
        }
        if (!f21107.contains(idToken.mo26668().getAlgorithm())) {
            throw new Exception(String.format(f21108, idToken.mo26668().getAlgorithm()));
        }
        try {
            PublicKey publicKey = this.f21115.get(m26433(idToken.mo26668())).get(idToken.mo26668().getKeyId());
            if (publicKey == null) {
                throw new Exception("Could not find public key for provided keyId: " + idToken.mo26668().getKeyId());
            }
            try {
                if (idToken.m26674(publicKey)) {
                    return true;
                }
                throw new Exception("Invalid signature");
            } catch (GeneralSecurityException e) {
                throw new Exception("Error validating token", e);
            }
        } catch (ExecutionException | C57984 e2) {
            throw new Exception("Error fetching public key from certificate location " + this.f21113, e2);
        }
    }
}
