package com.google.api.client.auth.openidconnect;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.C5806;
import com.google.api.client.util.InterfaceC5807;
import com.google.api.client.util.InterfaceC5815;
import com.google.api.client.util.InterfaceC5836;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import p120.AbstractC9920;
import p120.AbstractC9968;
import p1202.C41882;
import p1239.C42811;
import p1239.InterfaceC42812;
import p1679.InterfaceC52211;
import p170.C13691;
import p453.C21179;
import p496.C24326;
import p661.AbstractC28177;
import p661.C28153;
import p661.InterfaceC28189;
import p691.C28880;
import p691.C28884;
import p738.AbstractC29908;
import p738.C29881;
import p738.C29899;
import p793.C30911;

@InterfaceC5807
/* loaded from: classes7.dex */
public class IdTokenVerifier {

    /* renamed from: ԯ, reason: contains not printable characters */
    public static final String f22672 = "https://www.gstatic.com/iap/verify/public_key-jwk";

    /* renamed from: ՠ, reason: contains not printable characters */
    public static final String f22673 = "https://www.googleapis.com/oauth2/v3/certs";

    /* renamed from: ֏, reason: contains not printable characters */
    public static final String f22675 = "Unexpected signing algorithm %s: expected either RS256 or ES256";

    /* renamed from: ؠ, reason: contains not printable characters */
    public static final String f22677 = "OAUTH_CLIENT_SKIP_SIGNATURE";

    /* renamed from: ހ, reason: contains not printable characters */
    public static final long f22678 = 300;

    /* renamed from: Ϳ, reason: contains not printable characters */
    public final InterfaceC5815 f22679;

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final String f22680;

    /* renamed from: ԩ, reason: contains not printable characters */
    public final C42811 f22681;

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final InterfaceC28189<String, Map<String, PublicKey>> f22682;

    /* renamed from: ԫ, reason: contains not printable characters */
    public final long f22683;

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final Collection<String> f22684;

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> f22685;

    /* renamed from: Ԯ, reason: contains not printable characters */
    public static final Logger f22671 = Logger.getLogger(IdTokenVerifier.class.getName());

    /* renamed from: ֈ, reason: contains not printable characters */
    public static final Set<String> f22674 = AbstractC9968.m46163(JwtRequestHeader.ALG_VALUE_RS256, "ES256");

    /* renamed from: ׯ, reason: contains not printable characters */
    public static final AbstractC29908 f22676 = new C21179();

    /* loaded from: classes7.dex */
    public static class PublicKeyLoader extends AbstractC28177<String, Map<String, PublicKey>> {

        /* renamed from: Ƚ, reason: contains not printable characters */
        public final InterfaceC42812 f22686;

        /* loaded from: classes7.dex */
        public static class JsonWebKeySet extends C28880 {

            @InterfaceC5836
            public List<C5770> keys;
        }

        /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$PublicKeyLoader$Ϳ, reason: contains not printable characters */
        /* loaded from: classes7.dex */
        public static class C5770 {

            /* renamed from: Ϳ, reason: contains not printable characters */
            @InterfaceC5836
            public String f22687;

            /* renamed from: Ԩ, reason: contains not printable characters */
            @InterfaceC5836
            public String f22688;

            /* renamed from: ԩ, reason: contains not printable characters */
            @InterfaceC5836
            public String f22689;

            /* renamed from: Ԫ, reason: contains not printable characters */
            @InterfaceC5836
            public String f22690;

            /* renamed from: ԫ, reason: contains not printable characters */
            @InterfaceC5836
            public String f22691;

            /* renamed from: Ԭ, reason: contains not printable characters */
            @InterfaceC5836
            public String f22692;

            /* renamed from: ԭ, reason: contains not printable characters */
            @InterfaceC5836
            public String f22693;

            /* renamed from: Ԯ, reason: contains not printable characters */
            @InterfaceC5836
            public String f22694;

            /* renamed from: ԯ, reason: contains not printable characters */
            @InterfaceC5836
            public String f22695;
        }

        public PublicKeyLoader(InterfaceC42812 interfaceC42812) {
            this.f22686 = interfaceC42812;
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final PublicKey m31520(C5770 c5770) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            C30911.m128965("EC".equals(c5770.f22690));
            C30911.m128965("P-256".equals(c5770.f22688));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, C5806.m31785(c5770.f22692)), new BigInteger(1, C5806.m31785(c5770.f22693)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public final PublicKey m31521(C5770 c5770) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            if ("ES256".equals(c5770.f22687)) {
                return m31520(c5770);
            }
            if (JwtRequestHeader.ALG_VALUE_RS256.equals(c5770.f22687)) {
                return m31523(c5770);
            }
            return null;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public final PublicKey m31522(String str) throws CertificateException, UnsupportedEncodingException {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8"))).getPublicKey();
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public final PublicKey m31523(C5770 c5770) throws NoSuchAlgorithmException, InvalidKeySpecException {
            C30911.m128965("RSA".equals(c5770.f22690));
            c5770.f22694.getClass();
            c5770.f22695.getClass();
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, C5806.m31785(c5770.f22695)), new BigInteger(1, C5806.m31785(c5770.f22694))));
        }

        @Override // p661.AbstractC28177
        /* renamed from: ֈ, reason: contains not printable characters and merged with bridge method [inline-methods] */
        public Map<String, PublicKey> mo31519(String str) throws Exception {
            try {
                C29899 m125853 = this.f22686.create().m125907().m125853(new C29881(str, false));
                C24326 c24326 = C24326.C24327.f80051;
                c24326.getClass();
                m125853.f95552 = new C28884(c24326);
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) m125853.m125794().m125879(JsonWebKeySet.class);
                AbstractC9920.C9922 c9922 = new AbstractC9920.C9922(4);
                List<C5770> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        c9922.mo45878(str2, m31522((String) jsonWebKeySet.get(str2)));
                    }
                } else {
                    for (C5770 c5770 : list) {
                        try {
                            c9922.mo45878(c5770.f22689, m31521(c5770));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            IdTokenVerifier.f22671.log(Level.WARNING, "Failed to put a key into the cache", e);
                        }
                    }
                }
                if (c9922.m46031(true).isEmpty()) {
                    throw new Exception(C41882.m160769("No valid public key returned by the keystore: ", str));
                }
                return c9922.m46031(true);
            } catch (IOException e2) {
                IdTokenVerifier.f22671.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e2);
                throw e2;
            }
        }
    }

    @InterfaceC5807
    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ϳ, reason: contains not printable characters */
    /* loaded from: classes7.dex */
    public static class C5771 {

        /* renamed from: Ԩ, reason: contains not printable characters */
        public String f22697;

        /* renamed from: ԩ, reason: contains not printable characters */
        public C42811 f22698;

        /* renamed from: ԫ, reason: contains not printable characters */
        public Collection<String> f22700;

        /* renamed from: Ԭ, reason: contains not printable characters */
        public Collection<String> f22701;

        /* renamed from: ԭ, reason: contains not printable characters */
        public InterfaceC42812 f22702;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public InterfaceC5815 f22696 = InterfaceC5815.f22803;

        /* renamed from: Ԫ, reason: contains not printable characters */
        public long f22699 = 300;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public IdTokenVerifier mo31525() {
            return new IdTokenVerifier(this);
        }

        /* renamed from: Ԩ, reason: contains not printable characters */
        public final long m31526() {
            return this.f22699;
        }

        /* renamed from: ԩ, reason: contains not printable characters */
        public final Collection<String> m31527() {
            return this.f22701;
        }

        /* renamed from: Ԫ, reason: contains not printable characters */
        public final InterfaceC5815 m31528() {
            return this.f22696;
        }

        /* renamed from: ԫ, reason: contains not printable characters */
        public final C42811 m31529() {
            return this.f22698;
        }

        /* renamed from: Ԭ, reason: contains not printable characters */
        public final String m31530() {
            Collection<String> collection = this.f22700;
            if (collection == null) {
                return null;
            }
            return collection.iterator().next();
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final Collection<String> m31531() {
            return this.f22700;
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public C5771 mo31532(long j) {
            C30911.m128965(j >= 0);
            this.f22699 = j;
            return this;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public C5771 mo31533(Collection<String> collection) {
            this.f22701 = collection;
            return this;
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public C5771 m31534(String str) {
            this.f22697 = str;
            return this;
        }

        /* renamed from: ֈ, reason: contains not printable characters */
        public C5771 mo31535(InterfaceC5815 interfaceC5815) {
            interfaceC5815.getClass();
            this.f22696 = interfaceC5815;
            return this;
        }

        /* renamed from: ֏, reason: contains not printable characters */
        public C5771 m31536(C42811 c42811) {
            this.f22698 = c42811;
            return this;
        }

        /* renamed from: ׯ, reason: contains not printable characters */
        public C5771 m31537(InterfaceC42812 interfaceC42812) {
            this.f22702 = interfaceC42812;
            return this;
        }

        /* renamed from: ؠ, reason: contains not printable characters */
        public C5771 mo31538(String str) {
            return str == null ? mo31539(null) : mo31539(Collections.singleton(str));
        }

        /* renamed from: ހ, reason: contains not printable characters */
        public C5771 mo31539(Collection<String> collection) {
            C30911.m128966(collection == null || !collection.isEmpty(), "Issuers must not be empty");
            this.f22700 = collection;
            return this;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԩ, reason: contains not printable characters */
    /* loaded from: classes7.dex */
    public static class C5772 implements InterfaceC42812 {
        @Override // p1239.InterfaceC42812
        public AbstractC29908 create() {
            return IdTokenVerifier.f22676;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$ԩ, reason: contains not printable characters */
    /* loaded from: classes7.dex */
    public static class C5773 extends Exception {
        public C5773(String str) {
            super(str);
        }

        public C5773(String str, Throwable th) {
            super(str, th);
        }
    }

    public IdTokenVerifier() {
        this(new C5771());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public IdTokenVerifier(C5771 c5771) {
        this.f22680 = c5771.f22697;
        this.f22679 = c5771.f22696;
        this.f22683 = c5771.f22699;
        Collection<String> collection = c5771.f22700;
        this.f22684 = collection == null ? null : Collections.unmodifiableCollection(collection);
        Collection<String> collection2 = c5771.f22701;
        this.f22685 = collection2 != null ? Collections.unmodifiableCollection(collection2) : null;
        InterfaceC42812 interfaceC42812 = c5771.f22702;
        InterfaceC42812 obj = interfaceC42812 == null ? new Object() : interfaceC42812;
        C28153<Object, Object> m121579 = C28153.m121579();
        m121579.m121586(1L, TimeUnit.HOURS);
        this.f22682 = m121579.m121581(new PublicKeyLoader(obj));
        C42811 c42811 = c5771.f22698;
        this.f22681 = c42811 == null ? new Object() : c42811;
    }

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final long m31510() {
        return this.f22683;
    }

    /* renamed from: ԩ, reason: contains not printable characters */
    public final Collection<String> m31511() {
        return this.f22685;
    }

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final String m31512(JsonWebSignature.Header header) throws C5773 {
        String str = this.f22680;
        if (str != null) {
            return str;
        }
        String algorithm = header.getAlgorithm();
        algorithm.getClass();
        if (algorithm.equals("ES256")) {
            return f22672;
        }
        if (algorithm.equals(JwtRequestHeader.ALG_VALUE_RS256)) {
            return f22673;
        }
        throw new Exception(String.format(f22675, header.getAlgorithm()));
    }

    /* renamed from: ԫ, reason: contains not printable characters */
    public final InterfaceC5815 m31513() {
        return this.f22679;
    }

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final String m31514() {
        Collection<String> collection = this.f22684;
        if (collection == null) {
            return null;
        }
        return collection.iterator().next();
    }

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> m31515() {
        return this.f22684;
    }

    /* renamed from: Ԯ, reason: contains not printable characters */
    public boolean m31516(IdToken idToken) {
        if (!m31517(idToken)) {
            return false;
        }
        try {
            m31518(idToken);
            return true;
        } catch (C5773 e) {
            f22671.log(Level.SEVERE, "id token signature verification failed. Please see docs for IdTokenVerifier for default settings and configuration options", (Throwable) e);
            return false;
        }
    }

    /* renamed from: ԯ, reason: contains not printable characters */
    public boolean m31517(IdToken idToken) {
        Collection<String> collection = this.f22684;
        if (collection != null && !idToken.m31507(collection)) {
            return false;
        }
        Collection<String> collection2 = this.f22685;
        return (collection2 == null || idToken.m31503(collection2)) && idToken.m31508(this.f22679.mo31804(), this.f22683);
    }

    @InterfaceC52211
    /* renamed from: ՠ, reason: contains not printable characters */
    public boolean m31518(IdToken idToken) throws C5773 {
        if (Boolean.parseBoolean(this.f22681.m166931(f22677))) {
            return true;
        }
        if (!f22674.contains(idToken.mo31747().getAlgorithm())) {
            throw new Exception(String.format(f22675, idToken.mo31747().getAlgorithm()));
        }
        try {
            PublicKey publicKey = this.f22682.get(m31512(idToken.mo31747())).get(idToken.mo31747().getKeyId());
            if (publicKey == null) {
                throw new Exception("Could not find public key for provided keyId: " + idToken.mo31747().getKeyId());
            }
            try {
                if (idToken.m31753(publicKey)) {
                    return true;
                }
                throw new Exception("Invalid signature");
            } catch (GeneralSecurityException e) {
                throw new Exception("Error validating token", e);
            }
        } catch (ExecutionException | C13691 e2) {
            throw new Exception("Error fetching public key from certificate location " + this.f22680, e2);
        }
    }
}
