package com.google.api.client.auth.openidconnect;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.C5796;
import com.google.api.client.util.InterfaceC5797;
import com.google.api.client.util.InterfaceC5805;
import com.google.api.client.util.InterfaceC5826;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import p120.AbstractC9902;
import p120.AbstractC9950;
import p1203.C41839;
import p1240.C42768;
import p1240.InterfaceC42769;
import p1680.InterfaceC52131;
import p170.C13673;
import p453.C21155;
import p496.C24302;
import p662.AbstractC28111;
import p662.C28087;
import p662.InterfaceC28123;
import p692.C28834;
import p692.C28838;
import p739.AbstractC29862;
import p739.C29835;
import p739.C29853;
import p794.C30865;

@InterfaceC5797
/* loaded from: classes3.dex */
public class IdTokenVerifier {

    /* renamed from: ԯ, reason: contains not printable characters */
    public static final String f22656 = "https://www.gstatic.com/iap/verify/public_key-jwk";

    /* renamed from: ՠ, reason: contains not printable characters */
    public static final String f22657 = "https://www.googleapis.com/oauth2/v3/certs";

    /* renamed from: ֏, reason: contains not printable characters */
    public static final String f22659 = "Unexpected signing algorithm %s: expected either RS256 or ES256";

    /* renamed from: ؠ, reason: contains not printable characters */
    public static final String f22661 = "OAUTH_CLIENT_SKIP_SIGNATURE";

    /* renamed from: ހ, reason: contains not printable characters */
    public static final long f22662 = 300;

    /* renamed from: Ϳ, reason: contains not printable characters */
    public final InterfaceC5805 f22663;

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final String f22664;

    /* renamed from: ԩ, reason: contains not printable characters */
    public final C42768 f22665;

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final InterfaceC28123<String, Map<String, PublicKey>> f22666;

    /* renamed from: ԫ, reason: contains not printable characters */
    public final long f22667;

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final Collection<String> f22668;

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> f22669;

    /* renamed from: Ԯ, reason: contains not printable characters */
    public static final Logger f22655 = Logger.getLogger(IdTokenVerifier.class.getName());

    /* renamed from: ֈ, reason: contains not printable characters */
    public static final Set<String> f22658 = AbstractC9950.m46107(JwtRequestHeader.ALG_VALUE_RS256, "ES256");

    /* renamed from: ׯ, reason: contains not printable characters */
    public static final AbstractC29862 f22660 = new C21155();

    /* loaded from: classes7.dex */
    public static class PublicKeyLoader extends AbstractC28111<String, Map<String, PublicKey>> {

        /* renamed from: Ƚ, reason: contains not printable characters */
        public final InterfaceC42769 f22670;

        /* loaded from: classes.dex */
        public static class JsonWebKeySet extends C28834 {

            @InterfaceC5826
            public List<C5760> keys;
        }

        /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$PublicKeyLoader$Ϳ, reason: contains not printable characters */
        /* loaded from: classes.dex */
        public static class C5760 {

            /* renamed from: Ϳ, reason: contains not printable characters */
            @InterfaceC5826
            public String f22671;

            /* renamed from: Ԩ, reason: contains not printable characters */
            @InterfaceC5826
            public String f22672;

            /* renamed from: ԩ, reason: contains not printable characters */
            @InterfaceC5826
            public String f22673;

            /* renamed from: Ԫ, reason: contains not printable characters */
            @InterfaceC5826
            public String f22674;

            /* renamed from: ԫ, reason: contains not printable characters */
            @InterfaceC5826
            public String f22675;

            /* renamed from: Ԭ, reason: contains not printable characters */
            @InterfaceC5826
            public String f22676;

            /* renamed from: ԭ, reason: contains not printable characters */
            @InterfaceC5826
            public String f22677;

            /* renamed from: Ԯ, reason: contains not printable characters */
            @InterfaceC5826
            public String f22678;

            /* renamed from: ԯ, reason: contains not printable characters */
            @InterfaceC5826
            public String f22679;
        }

        public PublicKeyLoader(InterfaceC42769 interfaceC42769) {
            this.f22670 = interfaceC42769;
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final PublicKey m31487(C5760 c5760) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            C30865.m128781("EC".equals(c5760.f22674));
            C30865.m128781("P-256".equals(c5760.f22672));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, C5796.m31752(c5760.f22676)), new BigInteger(1, C5796.m31752(c5760.f22677)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public final PublicKey m31488(C5760 c5760) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            if ("ES256".equals(c5760.f22671)) {
                return m31487(c5760);
            }
            if (JwtRequestHeader.ALG_VALUE_RS256.equals(c5760.f22671)) {
                return m31490(c5760);
            }
            return null;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public final PublicKey m31489(String str) throws CertificateException, UnsupportedEncodingException {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8"))).getPublicKey();
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public final PublicKey m31490(C5760 c5760) throws NoSuchAlgorithmException, InvalidKeySpecException {
            C30865.m128781("RSA".equals(c5760.f22674));
            c5760.f22678.getClass();
            c5760.f22679.getClass();
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, C5796.m31752(c5760.f22679)), new BigInteger(1, C5796.m31752(c5760.f22678))));
        }

        @Override // p662.AbstractC28111
        /* renamed from: ֈ, reason: contains not printable characters and merged with bridge method [inline-methods] */
        public Map<String, PublicKey> mo31486(String str) throws Exception {
            try {
                C29853 m125669 = this.f22670.create().m125723().m125669(new C29835(str, false));
                C24302 c24302 = C24302.C24303.f80010;
                c24302.getClass();
                m125669.f95451 = new C28838(c24302);
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) m125669.m125610().m125695(JsonWebKeySet.class);
                AbstractC9902.C9904 c9904 = new AbstractC9902.C9904(4);
                List<C5760> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        c9904.mo45822(str2, m31489((String) jsonWebKeySet.get(str2)));
                    }
                } else {
                    for (C5760 c5760 : list) {
                        try {
                            c9904.mo45822(c5760.f22673, m31488(c5760));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            IdTokenVerifier.f22655.log(Level.WARNING, "Failed to put a key into the cache", e);
                        }
                    }
                }
                if (c9904.m45975(true).isEmpty()) {
                    throw new Exception(C41839.m160653("No valid public key returned by the keystore: ", str));
                }
                return c9904.m45975(true);
            } catch (IOException e2) {
                IdTokenVerifier.f22655.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e2);
                throw e2;
            }
        }
    }

    @InterfaceC5797
    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ϳ, reason: contains not printable characters */
    /* loaded from: classes.dex */
    public static class C5761 {

        /* renamed from: Ԩ, reason: contains not printable characters */
        public String f22681;

        /* renamed from: ԩ, reason: contains not printable characters */
        public C42768 f22682;

        /* renamed from: ԫ, reason: contains not printable characters */
        public Collection<String> f22684;

        /* renamed from: Ԭ, reason: contains not printable characters */
        public Collection<String> f22685;

        /* renamed from: ԭ, reason: contains not printable characters */
        public InterfaceC42769 f22686;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public InterfaceC5805 f22680 = InterfaceC5805.f22787;

        /* renamed from: Ԫ, reason: contains not printable characters */
        public long f22683 = 300;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public IdTokenVerifier mo31492() {
            return new IdTokenVerifier(this);
        }

        /* renamed from: Ԩ, reason: contains not printable characters */
        public final long m31493() {
            return this.f22683;
        }

        /* renamed from: ԩ, reason: contains not printable characters */
        public final Collection<String> m31494() {
            return this.f22685;
        }

        /* renamed from: Ԫ, reason: contains not printable characters */
        public final InterfaceC5805 m31495() {
            return this.f22680;
        }

        /* renamed from: ԫ, reason: contains not printable characters */
        public final C42768 m31496() {
            return this.f22682;
        }

        /* renamed from: Ԭ, reason: contains not printable characters */
        public final String m31497() {
            Collection<String> collection = this.f22684;
            if (collection == null) {
                return null;
            }
            return collection.iterator().next();
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final Collection<String> m31498() {
            return this.f22684;
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public C5761 mo31499(long j) {
            C30865.m128781(j >= 0);
            this.f22683 = j;
            return this;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public C5761 mo31500(Collection<String> collection) {
            this.f22685 = collection;
            return this;
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public C5761 m31501(String str) {
            this.f22681 = str;
            return this;
        }

        /* renamed from: ֈ, reason: contains not printable characters */
        public C5761 mo31502(InterfaceC5805 interfaceC5805) {
            interfaceC5805.getClass();
            this.f22680 = interfaceC5805;
            return this;
        }

        /* renamed from: ֏, reason: contains not printable characters */
        public C5761 m31503(C42768 c42768) {
            this.f22682 = c42768;
            return this;
        }

        /* renamed from: ׯ, reason: contains not printable characters */
        public C5761 m31504(InterfaceC42769 interfaceC42769) {
            this.f22686 = interfaceC42769;
            return this;
        }

        /* renamed from: ؠ, reason: contains not printable characters */
        public C5761 mo31505(String str) {
            return str == null ? mo31506(null) : mo31506(Collections.singleton(str));
        }

        /* renamed from: ހ, reason: contains not printable characters */
        public C5761 mo31506(Collection<String> collection) {
            C30865.m128782(collection == null || !collection.isEmpty(), "Issuers must not be empty");
            this.f22684 = collection;
            return this;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԩ, reason: contains not printable characters */
    /* loaded from: classes3.dex */
    public static class C5762 implements InterfaceC42769 {
        @Override // p1240.InterfaceC42769
        public AbstractC29862 create() {
            return IdTokenVerifier.f22660;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$ԩ, reason: contains not printable characters */
    /* loaded from: classes12.dex */
    public static class C5763 extends Exception {
        public C5763(String str) {
            super(str);
        }

        public C5763(String str, Throwable th) {
            super(str, th);
        }
    }

    public IdTokenVerifier() {
        this(new C5761());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public IdTokenVerifier(C5761 c5761) {
        this.f22664 = c5761.f22681;
        this.f22663 = c5761.f22680;
        this.f22667 = c5761.f22683;
        Collection<String> collection = c5761.f22684;
        this.f22668 = collection == null ? null : Collections.unmodifiableCollection(collection);
        Collection<String> collection2 = c5761.f22685;
        this.f22669 = collection2 != null ? Collections.unmodifiableCollection(collection2) : null;
        InterfaceC42769 interfaceC42769 = c5761.f22686;
        InterfaceC42769 obj = interfaceC42769 == null ? new Object() : interfaceC42769;
        C28087<Object, Object> m121360 = C28087.m121360();
        m121360.m121367(1L, TimeUnit.HOURS);
        this.f22666 = m121360.m121362(new PublicKeyLoader(obj));
        C42768 c42768 = c5761.f22682;
        this.f22665 = c42768 == null ? new Object() : c42768;
    }

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final long m31477() {
        return this.f22667;
    }

    /* renamed from: ԩ, reason: contains not printable characters */
    public final Collection<String> m31478() {
        return this.f22669;
    }

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final String m31479(JsonWebSignature.Header header) throws C5763 {
        String str = this.f22664;
        if (str != null) {
            return str;
        }
        String algorithm = header.getAlgorithm();
        algorithm.getClass();
        if (algorithm.equals("ES256")) {
            return f22656;
        }
        if (algorithm.equals(JwtRequestHeader.ALG_VALUE_RS256)) {
            return f22657;
        }
        throw new Exception(String.format(f22659, header.getAlgorithm()));
    }

    /* renamed from: ԫ, reason: contains not printable characters */
    public final InterfaceC5805 m31480() {
        return this.f22663;
    }

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final String m31481() {
        Collection<String> collection = this.f22668;
        if (collection == null) {
            return null;
        }
        return collection.iterator().next();
    }

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> m31482() {
        return this.f22668;
    }

    /* renamed from: Ԯ, reason: contains not printable characters */
    public boolean m31483(IdToken idToken) {
        if (!m31484(idToken)) {
            return false;
        }
        try {
            m31485(idToken);
            return true;
        } catch (C5763 e) {
            f22655.log(Level.SEVERE, "id token signature verification failed. Please see docs for IdTokenVerifier for default settings and configuration options", (Throwable) e);
            return false;
        }
    }

    /* renamed from: ԯ, reason: contains not printable characters */
    public boolean m31484(IdToken idToken) {
        Collection<String> collection = this.f22668;
        if (collection != null && !idToken.m31474(collection)) {
            return false;
        }
        Collection<String> collection2 = this.f22669;
        return (collection2 == null || idToken.m31470(collection2)) && idToken.m31475(this.f22663.mo31771(), this.f22667);
    }

    @InterfaceC52131
    /* renamed from: ՠ, reason: contains not printable characters */
    public boolean m31485(IdToken idToken) throws C5763 {
        if (Boolean.parseBoolean(this.f22665.m166815(f22661))) {
            return true;
        }
        if (!f22658.contains(idToken.mo31714().getAlgorithm())) {
            throw new Exception(String.format(f22659, idToken.mo31714().getAlgorithm()));
        }
        try {
            PublicKey publicKey = this.f22666.get(m31479(idToken.mo31714())).get(idToken.mo31714().getKeyId());
            if (publicKey == null) {
                throw new Exception("Could not find public key for provided keyId: " + idToken.mo31714().getKeyId());
            }
            try {
                if (idToken.m31720(publicKey)) {
                    return true;
                }
                throw new Exception("Invalid signature");
            } catch (GeneralSecurityException e) {
                throw new Exception("Error validating token", e);
            }
        } catch (ExecutionException | C13673 e2) {
            throw new Exception("Error fetching public key from certificate location " + this.f22664, e2);
        }
    }
}
