package com.google.api.client.auth.openidconnect;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.C5766;
import com.google.api.client.util.InterfaceC5767;
import com.google.api.client.util.InterfaceC5775;
import com.google.api.client.util.InterfaceC5796;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import p100.C8886;
import p1199.C36250;
import p121.C9149;
import p1474.C43534;
import p1474.InterfaceC43535;
import p1587.AbstractC46223;
import p1587.C46199;
import p1587.InterfaceC46235;
import p1944.AbstractC52793;
import p1944.AbstractC52841;
import p2031.C59145;
import p370.AbstractC15826;
import p370.C15799;
import p370.C15817;
import p662.InterfaceC22176;
import p690.C22796;
import p970.C28118;

@InterfaceC5767
/* loaded from: classes9.dex */
public class IdTokenVerifier {

    /* renamed from: ԯ, reason: contains not printable characters */
    public static final String f22045 = "https://www.gstatic.com/iap/verify/public_key-jwk";

    /* renamed from: ՠ, reason: contains not printable characters */
    public static final String f22046 = "https://www.googleapis.com/oauth2/v3/certs";

    /* renamed from: ֏, reason: contains not printable characters */
    public static final String f22048 = "Unexpected signing algorithm %s: expected either RS256 or ES256";

    /* renamed from: ؠ, reason: contains not printable characters */
    public static final String f22050 = "OAUTH_CLIENT_SKIP_SIGNATURE";

    /* renamed from: ހ, reason: contains not printable characters */
    public static final long f22051 = 300;

    /* renamed from: Ϳ, reason: contains not printable characters */
    public final InterfaceC5775 f22052;

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final String f22053;

    /* renamed from: ԩ, reason: contains not printable characters */
    public final C43534 f22054;

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final InterfaceC46235<String, Map<String, PublicKey>> f22055;

    /* renamed from: ԫ, reason: contains not printable characters */
    public final long f22056;

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final Collection<String> f22057;

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> f22058;

    /* renamed from: Ԯ, reason: contains not printable characters */
    public static final Logger f22044 = Logger.getLogger(IdTokenVerifier.class.getName());

    /* renamed from: ֈ, reason: contains not printable characters */
    public static final Set<String> f22047 = AbstractC52841.m193763(JwtRequestHeader.ALG_VALUE_RS256, "ES256");

    /* renamed from: ׯ, reason: contains not printable characters */
    public static final AbstractC15826 f22049 = new C22796();

    /* loaded from: classes9.dex */
    public static class PublicKeyLoader extends AbstractC46223<String, Map<String, PublicKey>> {

        /* renamed from: વ, reason: contains not printable characters */
        public final InterfaceC43535 f22059;

        /* loaded from: classes9.dex */
        public static class JsonWebKeySet extends C59145 {

            @InterfaceC5796
            public List<C5730> keys;
        }

        /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$PublicKeyLoader$Ϳ, reason: contains not printable characters */
        /* loaded from: classes9.dex */
        public static class C5730 {

            /* renamed from: Ϳ, reason: contains not printable characters */
            @InterfaceC5796
            public String f22060;

            /* renamed from: Ԩ, reason: contains not printable characters */
            @InterfaceC5796
            public String f22061;

            /* renamed from: ԩ, reason: contains not printable characters */
            @InterfaceC5796
            public String f22062;

            /* renamed from: Ԫ, reason: contains not printable characters */
            @InterfaceC5796
            public String f22063;

            /* renamed from: ԫ, reason: contains not printable characters */
            @InterfaceC5796
            public String f22064;

            /* renamed from: Ԭ, reason: contains not printable characters */
            @InterfaceC5796
            public String f22065;

            /* renamed from: ԭ, reason: contains not printable characters */
            @InterfaceC5796
            public String f22066;

            /* renamed from: Ԯ, reason: contains not printable characters */
            @InterfaceC5796
            public String f22067;

            /* renamed from: ԯ, reason: contains not printable characters */
            @InterfaceC5796
            public String f22068;
        }

        public PublicKeyLoader(InterfaceC43535 interfaceC43535) {
            this.f22059 = interfaceC43535;
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final PublicKey m26980(C5730 c5730) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            C9149.m39787("EC".equals(c5730.f22063));
            C9149.m39787("P-256".equals(c5730.f22061));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, C5766.m27245(c5730.f22065)), new BigInteger(1, C5766.m27245(c5730.f22066)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public final PublicKey m26981(C5730 c5730) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            if ("ES256".equals(c5730.f22060)) {
                return m26980(c5730);
            }
            if (JwtRequestHeader.ALG_VALUE_RS256.equals(c5730.f22060)) {
                return m26983(c5730);
            }
            return null;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public final PublicKey m26982(String str) throws CertificateException, UnsupportedEncodingException {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8"))).getPublicKey();
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public final PublicKey m26983(C5730 c5730) throws NoSuchAlgorithmException, InvalidKeySpecException {
            C9149.m39787("RSA".equals(c5730.f22063));
            c5730.f22067.getClass();
            c5730.f22068.getClass();
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, C5766.m27245(c5730.f22068)), new BigInteger(1, C5766.m27245(c5730.f22067))));
        }

        @Override // p1587.AbstractC46223
        /* renamed from: ֏, reason: contains not printable characters and merged with bridge method [inline-methods] */
        public Map<String, PublicKey> mo26979(String str) throws Exception {
            try {
                C15817 m81516 = this.f22059.create().m81571().m81516(new C15799(str, false));
                m81516.f62563 = C8886.C8887.f42182.m214350();
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) m81516.m81457().m81542(JsonWebKeySet.class);
                AbstractC52793.C52795 c52795 = new AbstractC52793.C52795(4);
                List<C5730> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        c52795.mo193485(str2, m26982((String) jsonWebKeySet.get(str2)));
                    }
                } else {
                    for (C5730 c5730 : list) {
                        try {
                            c52795.mo193485(c5730.f22062, m26981(c5730));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            IdTokenVerifier.f22044.log(Level.WARNING, "Failed to put a key into the cache", e);
                        }
                    }
                }
                if (c52795.mo193482().isEmpty()) {
                    throw new Exception(C36250.m143357("No valid public key returned by the keystore: ", str));
                }
                return c52795.mo193482();
            } catch (IOException e2) {
                IdTokenVerifier.f22044.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e2);
                throw e2;
            }
        }
    }

    @InterfaceC5767
    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ϳ, reason: contains not printable characters */
    /* loaded from: classes9.dex */
    public static class C5731 {

        /* renamed from: Ԩ, reason: contains not printable characters */
        public String f22070;

        /* renamed from: ԩ, reason: contains not printable characters */
        public C43534 f22071;

        /* renamed from: ԫ, reason: contains not printable characters */
        public Collection<String> f22073;

        /* renamed from: Ԭ, reason: contains not printable characters */
        public Collection<String> f22074;

        /* renamed from: ԭ, reason: contains not printable characters */
        public InterfaceC43535 f22075;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public InterfaceC5775 f22069 = InterfaceC5775.f22176;

        /* renamed from: Ԫ, reason: contains not printable characters */
        public long f22072 = 300;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public IdTokenVerifier mo26985() {
            return new IdTokenVerifier(this);
        }

        /* renamed from: Ԩ, reason: contains not printable characters */
        public final long m26986() {
            return this.f22072;
        }

        /* renamed from: ԩ, reason: contains not printable characters */
        public final Collection<String> m26987() {
            return this.f22074;
        }

        /* renamed from: Ԫ, reason: contains not printable characters */
        public final InterfaceC5775 m26988() {
            return this.f22069;
        }

        /* renamed from: ԫ, reason: contains not printable characters */
        public final C43534 m26989() {
            return this.f22071;
        }

        /* renamed from: Ԭ, reason: contains not printable characters */
        public final String m26990() {
            Collection<String> collection = this.f22073;
            if (collection == null) {
                return null;
            }
            return collection.iterator().next();
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final Collection<String> m26991() {
            return this.f22073;
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public C5731 mo26992(long j) {
            C9149.m39787(j >= 0);
            this.f22072 = j;
            return this;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public C5731 mo26993(Collection<String> collection) {
            this.f22074 = collection;
            return this;
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public C5731 m26994(String str) {
            this.f22070 = str;
            return this;
        }

        /* renamed from: ֈ, reason: contains not printable characters */
        public C5731 mo26995(InterfaceC5775 interfaceC5775) {
            interfaceC5775.getClass();
            this.f22069 = interfaceC5775;
            return this;
        }

        /* renamed from: ֏, reason: contains not printable characters */
        public C5731 m26996(C43534 c43534) {
            this.f22071 = c43534;
            return this;
        }

        /* renamed from: ׯ, reason: contains not printable characters */
        public C5731 m26997(InterfaceC43535 interfaceC43535) {
            this.f22075 = interfaceC43535;
            return this;
        }

        /* renamed from: ؠ, reason: contains not printable characters */
        public C5731 mo26998(String str) {
            return str == null ? mo26999(null) : mo26999(Collections.singleton(str));
        }

        /* renamed from: ހ, reason: contains not printable characters */
        public C5731 mo26999(Collection<String> collection) {
            C9149.m39788(collection == null || !collection.isEmpty(), "Issuers must not be empty");
            this.f22073 = collection;
            return this;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԩ, reason: contains not printable characters */
    /* loaded from: classes9.dex */
    public static class C5732 implements InterfaceC43535 {
        @Override // p1474.InterfaceC43535
        public AbstractC15826 create() {
            return IdTokenVerifier.f22049;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԫ, reason: contains not printable characters */
    /* loaded from: classes9.dex */
    public static class C5733 extends Exception {
        public C5733(String str) {
            super(str);
        }

        public C5733(String str, Throwable th) {
            super(str, th);
        }
    }

    public IdTokenVerifier() {
        this(new C5731());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public IdTokenVerifier(C5731 c5731) {
        this.f22053 = c5731.f22070;
        this.f22052 = c5731.f22069;
        this.f22056 = c5731.f22072;
        Collection<String> collection = c5731.f22073;
        this.f22057 = collection == null ? null : Collections.unmodifiableCollection(collection);
        Collection<String> collection2 = c5731.f22074;
        this.f22058 = collection2 != null ? Collections.unmodifiableCollection(collection2) : null;
        InterfaceC43535 interfaceC43535 = c5731.f22075;
        this.f22055 = C46199.m173107().m173114(1L, TimeUnit.HOURS).m173109(new PublicKeyLoader(interfaceC43535 == null ? new Object() : interfaceC43535));
        C43534 c43534 = c5731.f22071;
        this.f22054 = c43534 == null ? new Object() : c43534;
    }

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final long m26970() {
        return this.f22056;
    }

    /* renamed from: ԩ, reason: contains not printable characters */
    public final Collection<String> m26971() {
        return this.f22058;
    }

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final String m26972(JsonWebSignature.Header header) throws C5733 {
        String str = this.f22053;
        if (str != null) {
            return str;
        }
        String algorithm = header.getAlgorithm();
        algorithm.getClass();
        if (algorithm.equals("ES256")) {
            return f22045;
        }
        if (algorithm.equals(JwtRequestHeader.ALG_VALUE_RS256)) {
            return f22046;
        }
        throw new Exception(String.format(f22048, header.getAlgorithm()));
    }

    /* renamed from: ԫ, reason: contains not printable characters */
    public final InterfaceC5775 m26973() {
        return this.f22052;
    }

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final String m26974() {
        Collection<String> collection = this.f22057;
        if (collection == null) {
            return null;
        }
        return collection.iterator().next();
    }

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> m26975() {
        return this.f22057;
    }

    /* renamed from: Ԯ, reason: contains not printable characters */
    public boolean m26976(IdToken idToken) {
        if (!m26977(idToken)) {
            return false;
        }
        try {
            return m26978(idToken);
        } catch (C5733 e) {
            f22044.log(Level.SEVERE, "id token signature verification failed. Please see docs for IdTokenVerifier for default settings and configuration options", (Throwable) e);
            return false;
        }
    }

    /* renamed from: ԯ, reason: contains not printable characters */
    public boolean m26977(IdToken idToken) {
        Collection<String> collection;
        Collection<String> collection2 = this.f22057;
        return (collection2 == null || idToken.m26967(collection2)) && ((collection = this.f22058) == null || idToken.m26963(collection)) && idToken.m26968(this.f22052.mo27264(), this.f22056);
    }

    @InterfaceC22176
    /* renamed from: ՠ, reason: contains not printable characters */
    public boolean m26978(IdToken idToken) throws C5733 {
        if (Boolean.parseBoolean(this.f22054.m165525(f22050))) {
            return true;
        }
        if (!f22047.contains(idToken.mo27207().getAlgorithm())) {
            throw new Exception(String.format(f22048, idToken.mo27207().getAlgorithm()));
        }
        try {
            PublicKey publicKey = this.f22055.get(m26972(idToken.mo27207())).get(idToken.mo27207().getKeyId());
            if (publicKey == null) {
                throw new Exception("Could not find public key for provided keyId: " + idToken.mo27207().getKeyId());
            }
            try {
                if (idToken.m27213(publicKey)) {
                    return true;
                }
                throw new Exception("Invalid signature");
            } catch (GeneralSecurityException e) {
                throw new Exception("Error validating token", e);
            }
        } catch (ExecutionException | C28118 e2) {
            throw new Exception("Error fetching public key from certificate location " + this.f22053, e2);
        }
    }
}
