package com.google.api.client.auth.openidconnect;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.C5685;
import com.google.api.client.util.InterfaceC5686;
import com.google.api.client.util.InterfaceC5694;
import com.google.api.client.util.InterfaceC5715;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import p1192.C38855;
import p1575.AbstractC50298;
import p1575.AbstractC50346;
import p2006.C58766;
import p2079.AbstractC59888;
import p2079.C59864;
import p2079.InterfaceC59900;
import p2101.C60580;
import p2106.C60688;
import p2128.AbstractC60893;
import p2128.C60866;
import p2128.C60884;
import p497.C18880;
import p529.InterfaceC19275;
import p660.C24790;
import p815.C27610;
import p815.InterfaceC27611;

@InterfaceC5686
/* loaded from: classes9.dex */
public class IdTokenVerifier {

    /* renamed from: ԯ, reason: contains not printable characters */
    public static final String f21830 = "https://www.gstatic.com/iap/verify/public_key-jwk";

    /* renamed from: ՠ, reason: contains not printable characters */
    public static final String f21831 = "https://www.googleapis.com/oauth2/v3/certs";

    /* renamed from: ֏, reason: contains not printable characters */
    public static final String f21833 = "Unexpected signing algorithm %s: expected either RS256 or ES256";

    /* renamed from: ؠ, reason: contains not printable characters */
    public static final String f21835 = "OAUTH_CLIENT_SKIP_SIGNATURE";

    /* renamed from: ހ, reason: contains not printable characters */
    public static final long f21836 = 300;

    /* renamed from: Ϳ, reason: contains not printable characters */
    public final InterfaceC5694 f21837;

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final String f21838;

    /* renamed from: ԩ, reason: contains not printable characters */
    public final C27610 f21839;

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final InterfaceC59900<String, Map<String, PublicKey>> f21840;

    /* renamed from: ԫ, reason: contains not printable characters */
    public final long f21841;

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final Collection<String> f21842;

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> f21843;

    /* renamed from: Ԯ, reason: contains not printable characters */
    public static final Logger f21829 = Logger.getLogger(IdTokenVerifier.class.getName());

    /* renamed from: ֈ, reason: contains not printable characters */
    public static final Set<String> f21832 = AbstractC50346.m184937(JwtRequestHeader.ALG_VALUE_RS256, "ES256");

    /* renamed from: ׯ, reason: contains not printable characters */
    public static final AbstractC60893 f21834 = new C60688();

    /* loaded from: classes9.dex */
    public static class PublicKeyLoader extends AbstractC59888<String, Map<String, PublicKey>> {

        /* renamed from: વ, reason: contains not printable characters */
        public final InterfaceC27611 f21844;

        /* loaded from: classes9.dex */
        public static class JsonWebKeySet extends C18880 {

            @InterfaceC5715
            public List<C5649> keys;
        }

        /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$PublicKeyLoader$Ϳ, reason: contains not printable characters */
        /* loaded from: classes9.dex */
        public static class C5649 {

            /* renamed from: Ϳ, reason: contains not printable characters */
            @InterfaceC5715
            public String f21845;

            /* renamed from: Ԩ, reason: contains not printable characters */
            @InterfaceC5715
            public String f21846;

            /* renamed from: ԩ, reason: contains not printable characters */
            @InterfaceC5715
            public String f21847;

            /* renamed from: Ԫ, reason: contains not printable characters */
            @InterfaceC5715
            public String f21848;

            /* renamed from: ԫ, reason: contains not printable characters */
            @InterfaceC5715
            public String f21849;

            /* renamed from: Ԭ, reason: contains not printable characters */
            @InterfaceC5715
            public String f21850;

            /* renamed from: ԭ, reason: contains not printable characters */
            @InterfaceC5715
            public String f21851;

            /* renamed from: Ԯ, reason: contains not printable characters */
            @InterfaceC5715
            public String f21852;

            /* renamed from: ԯ, reason: contains not printable characters */
            @InterfaceC5715
            public String f21853;
        }

        public PublicKeyLoader(InterfaceC27611 interfaceC27611) {
            this.f21844 = interfaceC27611;
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final PublicKey m26699(C5649 c5649) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            C24790.m114246("EC".equals(c5649.f21848));
            C24790.m114246("P-256".equals(c5649.f21846));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, C5685.m26964(c5649.f21850)), new BigInteger(1, C5685.m26964(c5649.f21851)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public final PublicKey m26700(C5649 c5649) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            if ("ES256".equals(c5649.f21845)) {
                return m26699(c5649);
            }
            if (JwtRequestHeader.ALG_VALUE_RS256.equals(c5649.f21845)) {
                return m26702(c5649);
            }
            return null;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public final PublicKey m26701(String str) throws CertificateException, UnsupportedEncodingException {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8"))).getPublicKey();
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public final PublicKey m26702(C5649 c5649) throws NoSuchAlgorithmException, InvalidKeySpecException {
            C24790.m114246("RSA".equals(c5649.f21848));
            c5649.f21852.getClass();
            c5649.f21853.getClass();
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, C5685.m26964(c5649.f21853)), new BigInteger(1, C5685.m26964(c5649.f21852))));
        }

        @Override // p2079.AbstractC59888
        /* renamed from: ֏, reason: contains not printable characters and merged with bridge method [inline-methods] */
        public Map<String, PublicKey> mo26698(String str) throws Exception {
            try {
                C60884 m218430 = this.f21844.create().m218484().m218430(new C60866(str, false));
                m218430.f189210 = C58766.C58767.f184195.m94305();
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) m218430.m218371().m218456(JsonWebKeySet.class);
                AbstractC50298.C50300 c50300 = new AbstractC50298.C50300(4);
                List<C5649> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        c50300.mo184659(str2, m26701((String) jsonWebKeySet.get(str2)));
                    }
                } else {
                    for (C5649 c5649 : list) {
                        try {
                            c50300.mo184659(c5649.f21847, m26700(c5649));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            IdTokenVerifier.f21829.log(Level.WARNING, "Failed to put a key into the cache", e);
                        }
                    }
                }
                if (c50300.mo184656().isEmpty()) {
                    throw new Exception(C38855.m151616("No valid public key returned by the keystore: ", str));
                }
                return c50300.mo184656();
            } catch (IOException e2) {
                IdTokenVerifier.f21829.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e2);
                throw e2;
            }
        }
    }

    @InterfaceC5686
    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ϳ, reason: contains not printable characters */
    /* loaded from: classes9.dex */
    public static class C5650 {

        /* renamed from: Ԩ, reason: contains not printable characters */
        public String f21855;

        /* renamed from: ԩ, reason: contains not printable characters */
        public C27610 f21856;

        /* renamed from: ԫ, reason: contains not printable characters */
        public Collection<String> f21858;

        /* renamed from: Ԭ, reason: contains not printable characters */
        public Collection<String> f21859;

        /* renamed from: ԭ, reason: contains not printable characters */
        public InterfaceC27611 f21860;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public InterfaceC5694 f21854 = InterfaceC5694.f21961;

        /* renamed from: Ԫ, reason: contains not printable characters */
        public long f21857 = 300;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public IdTokenVerifier mo26704() {
            return new IdTokenVerifier(this);
        }

        /* renamed from: Ԩ, reason: contains not printable characters */
        public final long m26705() {
            return this.f21857;
        }

        /* renamed from: ԩ, reason: contains not printable characters */
        public final Collection<String> m26706() {
            return this.f21859;
        }

        /* renamed from: Ԫ, reason: contains not printable characters */
        public final InterfaceC5694 m26707() {
            return this.f21854;
        }

        /* renamed from: ԫ, reason: contains not printable characters */
        public final C27610 m26708() {
            return this.f21856;
        }

        /* renamed from: Ԭ, reason: contains not printable characters */
        public final String m26709() {
            Collection<String> collection = this.f21858;
            if (collection == null) {
                return null;
            }
            return collection.iterator().next();
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final Collection<String> m26710() {
            return this.f21858;
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public C5650 mo26711(long j) {
            C24790.m114246(j >= 0);
            this.f21857 = j;
            return this;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public C5650 mo26712(Collection<String> collection) {
            this.f21859 = collection;
            return this;
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public C5650 m26713(String str) {
            this.f21855 = str;
            return this;
        }

        /* renamed from: ֈ, reason: contains not printable characters */
        public C5650 mo26714(InterfaceC5694 interfaceC5694) {
            interfaceC5694.getClass();
            this.f21854 = interfaceC5694;
            return this;
        }

        /* renamed from: ֏, reason: contains not printable characters */
        public C5650 m26715(C27610 c27610) {
            this.f21856 = c27610;
            return this;
        }

        /* renamed from: ׯ, reason: contains not printable characters */
        public C5650 m26716(InterfaceC27611 interfaceC27611) {
            this.f21860 = interfaceC27611;
            return this;
        }

        /* renamed from: ؠ, reason: contains not printable characters */
        public C5650 mo26717(String str) {
            return str == null ? mo26718(null) : mo26718(Collections.singleton(str));
        }

        /* renamed from: ހ, reason: contains not printable characters */
        public C5650 mo26718(Collection<String> collection) {
            C24790.m114247(collection == null || !collection.isEmpty(), "Issuers must not be empty");
            this.f21858 = collection;
            return this;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԩ, reason: contains not printable characters */
    /* loaded from: classes9.dex */
    public static class C5651 implements InterfaceC27611 {
        @Override // p815.InterfaceC27611
        public AbstractC60893 create() {
            return IdTokenVerifier.f21834;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԫ, reason: contains not printable characters */
    /* loaded from: classes9.dex */
    public static class C5652 extends Exception {
        public C5652(String str) {
            super(str);
        }

        public C5652(String str, Throwable th) {
            super(str, th);
        }
    }

    public IdTokenVerifier() {
        this(new C5650());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public IdTokenVerifier(C5650 c5650) {
        this.f21838 = c5650.f21855;
        this.f21837 = c5650.f21854;
        this.f21841 = c5650.f21857;
        Collection<String> collection = c5650.f21858;
        this.f21842 = collection == null ? null : Collections.unmodifiableCollection(collection);
        Collection<String> collection2 = c5650.f21859;
        this.f21843 = collection2 != null ? Collections.unmodifiableCollection(collection2) : null;
        InterfaceC27611 interfaceC27611 = c5650.f21860;
        this.f21840 = C59864.m216008().m216015(1L, TimeUnit.HOURS).m216010(new PublicKeyLoader(interfaceC27611 == null ? new Object() : interfaceC27611));
        C27610 c27610 = c5650.f21856;
        this.f21839 = c27610 == null ? new Object() : c27610;
    }

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final long m26689() {
        return this.f21841;
    }

    /* renamed from: ԩ, reason: contains not printable characters */
    public final Collection<String> m26690() {
        return this.f21843;
    }

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final String m26691(JsonWebSignature.Header header) throws C5652 {
        String str = this.f21838;
        if (str != null) {
            return str;
        }
        String algorithm = header.getAlgorithm();
        algorithm.getClass();
        if (algorithm.equals("ES256")) {
            return f21830;
        }
        if (algorithm.equals(JwtRequestHeader.ALG_VALUE_RS256)) {
            return f21831;
        }
        throw new Exception(String.format(f21833, header.getAlgorithm()));
    }

    /* renamed from: ԫ, reason: contains not printable characters */
    public final InterfaceC5694 m26692() {
        return this.f21837;
    }

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final String m26693() {
        Collection<String> collection = this.f21842;
        if (collection == null) {
            return null;
        }
        return collection.iterator().next();
    }

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> m26694() {
        return this.f21842;
    }

    /* renamed from: Ԯ, reason: contains not printable characters */
    public boolean m26695(IdToken idToken) {
        if (!m26696(idToken)) {
            return false;
        }
        try {
            return m26697(idToken);
        } catch (C5652 e) {
            f21829.log(Level.SEVERE, "id token signature verification failed. Please see docs for IdTokenVerifier for default settings and configuration options", (Throwable) e);
            return false;
        }
    }

    /* renamed from: ԯ, reason: contains not printable characters */
    public boolean m26696(IdToken idToken) {
        Collection<String> collection;
        Collection<String> collection2 = this.f21842;
        return (collection2 == null || idToken.m26686(collection2)) && ((collection = this.f21843) == null || idToken.m26682(collection)) && idToken.m26687(this.f21837.mo26983(), this.f21841);
    }

    @InterfaceC19275
    /* renamed from: ՠ, reason: contains not printable characters */
    public boolean m26697(IdToken idToken) throws C5652 {
        if (Boolean.parseBoolean(this.f21839.m122576(f21835))) {
            return true;
        }
        if (!f21832.contains(idToken.mo26926().getAlgorithm())) {
            throw new Exception(String.format(f21833, idToken.mo26926().getAlgorithm()));
        }
        try {
            PublicKey publicKey = this.f21840.get(m26691(idToken.mo26926())).get(idToken.mo26926().getKeyId());
            if (publicKey == null) {
                throw new Exception("Could not find public key for provided keyId: " + idToken.mo26926().getKeyId());
            }
            try {
                if (idToken.m26932(publicKey)) {
                    return true;
                }
                throw new Exception("Invalid signature");
            } catch (GeneralSecurityException e) {
                throw new Exception("Error validating token", e);
            }
        } catch (ExecutionException | C60580 e2) {
            throw new Exception("Error fetching public key from certificate location " + this.f21838, e2);
        }
    }
}
