package com.google.api.client.auth.openidconnect;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.C5670;
import com.google.api.client.util.InterfaceC5671;
import com.google.api.client.util.InterfaceC5679;
import com.google.api.client.util.InterfaceC5700;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import p098.AbstractC8477;
import p098.C8453;
import p098.InterfaceC8489;
import p1091.AbstractC34543;
import p1091.AbstractC34591;
import p1196.C37477;
import p2055.AbstractC60504;
import p2055.C60477;
import p2055.C60495;
import p2100.C61410;
import p405.C17965;
import p405.InterfaceC17966;
import p498.C19368;
import p530.C20296;
import p647.C23725;
import p691.InterfaceC24265;
import p791.C25992;
import p791.C25996;

@InterfaceC5671
/* loaded from: classes6.dex */
public class IdTokenVerifier {

    /* renamed from: ԯ, reason: contains not printable characters */
    public static final String f22476 = "https://www.gstatic.com/iap/verify/public_key-jwk";

    /* renamed from: ՠ, reason: contains not printable characters */
    public static final String f22477 = "https://www.googleapis.com/oauth2/v3/certs";

    /* renamed from: ֏, reason: contains not printable characters */
    public static final String f22479 = "Unexpected signing algorithm %s: expected either RS256 or ES256";

    /* renamed from: ؠ, reason: contains not printable characters */
    public static final String f22481 = "OAUTH_CLIENT_SKIP_SIGNATURE";

    /* renamed from: ހ, reason: contains not printable characters */
    public static final long f22482 = 300;

    /* renamed from: Ϳ, reason: contains not printable characters */
    public final InterfaceC5679 f22483;

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final String f22484;

    /* renamed from: ԩ, reason: contains not printable characters */
    public final C17965 f22485;

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final InterfaceC8489<String, Map<String, PublicKey>> f22486;

    /* renamed from: ԫ, reason: contains not printable characters */
    public final long f22487;

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final Collection<String> f22488;

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> f22489;

    /* renamed from: Ԯ, reason: contains not printable characters */
    public static final Logger f22475 = Logger.getLogger(IdTokenVerifier.class.getName());

    /* renamed from: ֈ, reason: contains not printable characters */
    public static final Set<String> f22478 = AbstractC34591.m135181(JwtRequestHeader.ALG_VALUE_RS256, "ES256");

    /* renamed from: ׯ, reason: contains not printable characters */
    public static final AbstractC60504 f22480 = new C61410();

    /* loaded from: classes3.dex */
    public static class PublicKeyLoader extends AbstractC8477<String, Map<String, PublicKey>> {

        /* renamed from: Ƚ, reason: contains not printable characters */
        public final InterfaceC17966 f22490;

        /* loaded from: classes3.dex */
        public static class JsonWebKeySet extends C25992 {

            @InterfaceC5700
            public List<C5634> keys;
        }

        /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$PublicKeyLoader$Ϳ, reason: contains not printable characters */
        /* loaded from: classes12.dex */
        public static class C5634 {

            /* renamed from: Ϳ, reason: contains not printable characters */
            @InterfaceC5700
            public String f22491;

            /* renamed from: Ԩ, reason: contains not printable characters */
            @InterfaceC5700
            public String f22492;

            /* renamed from: ԩ, reason: contains not printable characters */
            @InterfaceC5700
            public String f22493;

            /* renamed from: Ԫ, reason: contains not printable characters */
            @InterfaceC5700
            public String f22494;

            /* renamed from: ԫ, reason: contains not printable characters */
            @InterfaceC5700
            public String f22495;

            /* renamed from: Ԭ, reason: contains not printable characters */
            @InterfaceC5700
            public String f22496;

            /* renamed from: ԭ, reason: contains not printable characters */
            @InterfaceC5700
            public String f22497;

            /* renamed from: Ԯ, reason: contains not printable characters */
            @InterfaceC5700
            public String f22498;

            /* renamed from: ԯ, reason: contains not printable characters */
            @InterfaceC5700
            public String f22499;
        }

        public PublicKeyLoader(InterfaceC17966 interfaceC17966) {
            this.f22490 = interfaceC17966;
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final PublicKey m28621(C5634 c5634) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            C19368.m94240("EC".equals(c5634.f22494));
            C19368.m94240("P-256".equals(c5634.f22492));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, C5670.m28886(c5634.f22496)), new BigInteger(1, C5670.m28886(c5634.f22497)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public final PublicKey m28622(C5634 c5634) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            if ("ES256".equals(c5634.f22491)) {
                return m28621(c5634);
            }
            if (JwtRequestHeader.ALG_VALUE_RS256.equals(c5634.f22491)) {
                return m28624(c5634);
            }
            return null;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public final PublicKey m28623(String str) throws CertificateException, UnsupportedEncodingException {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8"))).getPublicKey();
        }

        /* renamed from: ֈ, reason: contains not printable characters */
        public final PublicKey m28624(C5634 c5634) throws NoSuchAlgorithmException, InvalidKeySpecException {
            C19368.m94240("RSA".equals(c5634.f22494));
            c5634.f22498.getClass();
            c5634.f22499.getClass();
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, C5670.m28886(c5634.f22499)), new BigInteger(1, C5670.m28886(c5634.f22498))));
        }

        @Override // p098.AbstractC8477
        /* renamed from: ֏, reason: contains not printable characters and merged with bridge method [inline-methods] */
        public Map<String, PublicKey> mo28620(String str) throws Exception {
            try {
                C60495 m218900 = this.f22490.create().m218954().m218900(new C60477(str, false));
                C23725 c23725 = C23725.C23726.f82148;
                c23725.getClass();
                m218900.f186571 = new C25996(c23725);
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) m218900.m218841().m218926(JsonWebKeySet.class);
                AbstractC34543.C34545 c34545 = new AbstractC34543.C34545(4);
                List<C5634> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        c34545.mo134896(str2, m28623((String) jsonWebKeySet.get(str2)));
                    }
                } else {
                    for (C5634 c5634 : list) {
                        try {
                            c34545.mo134896(c5634.f22493, m28622(c5634));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            IdTokenVerifier.f22475.log(Level.WARNING, "Failed to put a key into the cache", e);
                        }
                    }
                }
                if (c34545.m135049(true).isEmpty()) {
                    throw new Exception(C37477.m144806("No valid public key returned by the keystore: ", str));
                }
                return c34545.m135049(true);
            } catch (IOException e2) {
                IdTokenVerifier.f22475.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e2);
                throw e2;
            }
        }
    }

    @InterfaceC5671
    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ϳ, reason: contains not printable characters */
    /* loaded from: classes4.dex */
    public static class C5635 {

        /* renamed from: Ԩ, reason: contains not printable characters */
        public String f22501;

        /* renamed from: ԩ, reason: contains not printable characters */
        public C17965 f22502;

        /* renamed from: ԫ, reason: contains not printable characters */
        public Collection<String> f22504;

        /* renamed from: Ԭ, reason: contains not printable characters */
        public Collection<String> f22505;

        /* renamed from: ԭ, reason: contains not printable characters */
        public InterfaceC17966 f22506;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public InterfaceC5679 f22500 = InterfaceC5679.f22607;

        /* renamed from: Ԫ, reason: contains not printable characters */
        public long f22503 = 300;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public IdTokenVerifier mo28626() {
            return new IdTokenVerifier(this);
        }

        /* renamed from: Ԩ, reason: contains not printable characters */
        public final long m28627() {
            return this.f22503;
        }

        /* renamed from: ԩ, reason: contains not printable characters */
        public final Collection<String> m28628() {
            return this.f22505;
        }

        /* renamed from: Ԫ, reason: contains not printable characters */
        public final InterfaceC5679 m28629() {
            return this.f22500;
        }

        /* renamed from: ԫ, reason: contains not printable characters */
        public final C17965 m28630() {
            return this.f22502;
        }

        /* renamed from: Ԭ, reason: contains not printable characters */
        public final String m28631() {
            Collection<String> collection = this.f22504;
            if (collection == null) {
                return null;
            }
            return collection.iterator().next();
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final Collection<String> m28632() {
            return this.f22504;
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public C5635 mo28633(long j) {
            C19368.m94240(j >= 0);
            this.f22503 = j;
            return this;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public C5635 mo28634(Collection<String> collection) {
            this.f22505 = collection;
            return this;
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public C5635 m28635(String str) {
            this.f22501 = str;
            return this;
        }

        /* renamed from: ֈ, reason: contains not printable characters */
        public C5635 mo28636(InterfaceC5679 interfaceC5679) {
            interfaceC5679.getClass();
            this.f22500 = interfaceC5679;
            return this;
        }

        /* renamed from: ֏, reason: contains not printable characters */
        public C5635 m28637(C17965 c17965) {
            this.f22502 = c17965;
            return this;
        }

        /* renamed from: ׯ, reason: contains not printable characters */
        public C5635 m28638(InterfaceC17966 interfaceC17966) {
            this.f22506 = interfaceC17966;
            return this;
        }

        /* renamed from: ؠ, reason: contains not printable characters */
        public C5635 mo28639(String str) {
            return str == null ? mo28640(null) : mo28640(Collections.singleton(str));
        }

        /* renamed from: ހ, reason: contains not printable characters */
        public C5635 mo28640(Collection<String> collection) {
            C19368.m94241(collection == null || !collection.isEmpty(), "Issuers must not be empty");
            this.f22504 = collection;
            return this;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԩ, reason: contains not printable characters */
    /* loaded from: classes.dex */
    public static class C5636 implements InterfaceC17966 {
        @Override // p405.InterfaceC17966
        public AbstractC60504 create() {
            return IdTokenVerifier.f22480;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$ԩ, reason: contains not printable characters */
    /* loaded from: classes6.dex */
    public static class C5637 extends Exception {
        public C5637(String str) {
            super(str);
        }

        public C5637(String str, Throwable th) {
            super(str, th);
        }
    }

    public IdTokenVerifier() {
        this(new C5635());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public IdTokenVerifier(C5635 c5635) {
        this.f22484 = c5635.f22501;
        this.f22483 = c5635.f22500;
        this.f22487 = c5635.f22503;
        Collection<String> collection = c5635.f22504;
        this.f22488 = collection == null ? null : Collections.unmodifiableCollection(collection);
        Collection<String> collection2 = c5635.f22505;
        this.f22489 = collection2 != null ? Collections.unmodifiableCollection(collection2) : null;
        InterfaceC17966 interfaceC17966 = c5635.f22506;
        InterfaceC17966 obj = interfaceC17966 == null ? new Object() : interfaceC17966;
        C8453<Object, Object> m40190 = C8453.m40190();
        m40190.m40197(1L, TimeUnit.HOURS);
        this.f22486 = m40190.m40192(new PublicKeyLoader(obj));
        C17965 c17965 = c5635.f22502;
        this.f22485 = c17965 == null ? new Object() : c17965;
    }

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final long m28611() {
        return this.f22487;
    }

    /* renamed from: ԩ, reason: contains not printable characters */
    public final Collection<String> m28612() {
        return this.f22489;
    }

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final String m28613(JsonWebSignature.Header header) throws C5637 {
        String str = this.f22484;
        if (str != null) {
            return str;
        }
        String algorithm = header.getAlgorithm();
        algorithm.getClass();
        if (algorithm.equals("ES256")) {
            return f22476;
        }
        if (algorithm.equals(JwtRequestHeader.ALG_VALUE_RS256)) {
            return f22477;
        }
        throw new Exception(String.format(f22479, header.getAlgorithm()));
    }

    /* renamed from: ԫ, reason: contains not printable characters */
    public final InterfaceC5679 m28614() {
        return this.f22483;
    }

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final String m28615() {
        Collection<String> collection = this.f22488;
        if (collection == null) {
            return null;
        }
        return collection.iterator().next();
    }

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> m28616() {
        return this.f22488;
    }

    /* renamed from: Ԯ, reason: contains not printable characters */
    public boolean m28617(IdToken idToken) {
        if (!m28618(idToken)) {
            return false;
        }
        try {
            m28619(idToken);
            return true;
        } catch (C5637 e) {
            f22475.log(Level.SEVERE, "id token signature verification failed. Please see docs for IdTokenVerifier for default settings and configuration options", (Throwable) e);
            return false;
        }
    }

    /* renamed from: ԯ, reason: contains not printable characters */
    public boolean m28618(IdToken idToken) {
        Collection<String> collection;
        Collection<String> collection2 = this.f22488;
        return (collection2 == null || idToken.m28608(collection2)) && ((collection = this.f22489) == null || idToken.m28604(collection)) && idToken.m28609(this.f22483.mo28905(), this.f22487);
    }

    @InterfaceC24265
    /* renamed from: ՠ, reason: contains not printable characters */
    public boolean m28619(IdToken idToken) throws C5637 {
        if (Boolean.parseBoolean(this.f22485.m89350(f22481))) {
            return true;
        }
        if (!f22478.contains(idToken.mo28848().getAlgorithm())) {
            throw new Exception(String.format(f22479, idToken.mo28848().getAlgorithm()));
        }
        try {
            PublicKey publicKey = this.f22486.get(m28613(idToken.mo28848())).get(idToken.mo28848().getKeyId());
            if (publicKey == null) {
                throw new Exception("Could not find public key for provided keyId: " + idToken.mo28848().getKeyId());
            }
            try {
                if (idToken.m28854(publicKey)) {
                    return true;
                }
                throw new Exception("Invalid signature");
            } catch (GeneralSecurityException e) {
                throw new Exception("Error validating token", e);
            }
        } catch (ExecutionException | C20296 e2) {
            throw new Exception("Error fetching public key from certificate location " + this.f22484, e2);
        }
    }
}
