package com.google.api.client.auth.openidconnect;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.C5781;
import com.google.api.client.util.InterfaceC5782;
import com.google.api.client.util.InterfaceC5790;
import com.google.api.client.util.InterfaceC5811;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import p1091.C36414;
import p1198.C37991;
import p1614.InterfaceC46837;
import p1931.C54882;
import p1948.C55067;
import p1948.C55071;
import p1966.C55792;
import p2155.C63665;
import p2155.InterfaceC63666;
import p311.AbstractC15042;
import p311.AbstractC15090;
import p336.AbstractC15794;
import p336.C15770;
import p336.InterfaceC15806;
import p498.AbstractC18999;
import p498.C18972;
import p498.C18990;
import p871.C29530;

@InterfaceC5782
/* loaded from: classes11.dex */
public class IdTokenVerifier {

    /* renamed from: ԯ, reason: contains not printable characters */
    public static final String f22622 = "https://www.gstatic.com/iap/verify/public_key-jwk";

    /* renamed from: ՠ, reason: contains not printable characters */
    public static final String f22623 = "https://www.googleapis.com/oauth2/v3/certs";

    /* renamed from: ֏, reason: contains not printable characters */
    public static final String f22625 = "Unexpected signing algorithm %s: expected either RS256 or ES256";

    /* renamed from: ؠ, reason: contains not printable characters */
    public static final String f22627 = "OAUTH_CLIENT_SKIP_SIGNATURE";

    /* renamed from: ހ, reason: contains not printable characters */
    public static final long f22628 = 300;

    /* renamed from: Ϳ, reason: contains not printable characters */
    public final InterfaceC5790 f22629;

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final String f22630;

    /* renamed from: ԩ, reason: contains not printable characters */
    public final C63665 f22631;

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final InterfaceC15806<String, Map<String, PublicKey>> f22632;

    /* renamed from: ԫ, reason: contains not printable characters */
    public final long f22633;

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final Collection<String> f22634;

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> f22635;

    /* renamed from: Ԯ, reason: contains not printable characters */
    public static final Logger f22621 = Logger.getLogger(IdTokenVerifier.class.getName());

    /* renamed from: ֈ, reason: contains not printable characters */
    public static final Set<String> f22624 = AbstractC15090.m61834(JwtRequestHeader.ALG_VALUE_RS256, "ES256");

    /* renamed from: ׯ, reason: contains not printable characters */
    public static final AbstractC18999 f22626 = new C36414();

    /* loaded from: classes6.dex */
    public static class PublicKeyLoader extends AbstractC15794<String, Map<String, PublicKey>> {

        /* renamed from: Ƚ, reason: contains not printable characters */
        public final InterfaceC63666 f22636;

        /* loaded from: classes4.dex */
        public static class JsonWebKeySet extends C55067 {

            @InterfaceC5811
            public List<C5745> keys;
        }

        /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$PublicKeyLoader$Ϳ, reason: contains not printable characters */
        /* loaded from: classes4.dex */
        public static class C5745 {

            /* renamed from: Ϳ, reason: contains not printable characters */
            @InterfaceC5811
            public String f22637;

            /* renamed from: Ԩ, reason: contains not printable characters */
            @InterfaceC5811
            public String f22638;

            /* renamed from: ԩ, reason: contains not printable characters */
            @InterfaceC5811
            public String f22639;

            /* renamed from: Ԫ, reason: contains not printable characters */
            @InterfaceC5811
            public String f22640;

            /* renamed from: ԫ, reason: contains not printable characters */
            @InterfaceC5811
            public String f22641;

            /* renamed from: Ԭ, reason: contains not printable characters */
            @InterfaceC5811
            public String f22642;

            /* renamed from: ԭ, reason: contains not printable characters */
            @InterfaceC5811
            public String f22643;

            /* renamed from: Ԯ, reason: contains not printable characters */
            @InterfaceC5811
            public String f22644;

            /* renamed from: ԯ, reason: contains not printable characters */
            @InterfaceC5811
            public String f22645;
        }

        public PublicKeyLoader(InterfaceC63666 interfaceC63666) {
            this.f22636 = interfaceC63666;
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final PublicKey m31524(C5745 c5745) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            C55792.m184687("EC".equals(c5745.f22640));
            C55792.m184687("P-256".equals(c5745.f22638));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, C5781.m31789(c5745.f22642)), new BigInteger(1, C5781.m31789(c5745.f22643)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public final PublicKey m31525(C5745 c5745) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            if ("ES256".equals(c5745.f22637)) {
                return m31524(c5745);
            }
            if (JwtRequestHeader.ALG_VALUE_RS256.equals(c5745.f22637)) {
                return m31527(c5745);
            }
            return null;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public final PublicKey m31526(String str) throws CertificateException, UnsupportedEncodingException {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8"))).getPublicKey();
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public final PublicKey m31527(C5745 c5745) throws NoSuchAlgorithmException, InvalidKeySpecException {
            C55792.m184687("RSA".equals(c5745.f22640));
            c5745.f22644.getClass();
            c5745.f22645.getClass();
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, C5781.m31789(c5745.f22645)), new BigInteger(1, C5781.m31789(c5745.f22644))));
        }

        @Override // p336.AbstractC15794
        /* renamed from: ֈ, reason: contains not printable characters and merged with bridge method [inline-methods] */
        public Map<String, PublicKey> mo31523(String str) throws Exception {
            try {
                C18990 m73460 = this.f22636.create().m73514().m73460(new C18972(str, false));
                C54882 c54882 = C54882.C54883.f175169;
                c54882.getClass();
                m73460.f71895 = new C55071(c54882);
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) m73460.m73401().m73486(JsonWebKeySet.class);
                AbstractC15042.C15044 c15044 = new AbstractC15042.C15044(4);
                List<C5745> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        c15044.mo61549(str2, m31526((String) jsonWebKeySet.get(str2)));
                    }
                } else {
                    for (C5745 c5745 : list) {
                        try {
                            c15044.mo61549(c5745.f22639, m31525(c5745));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            IdTokenVerifier.f22621.log(Level.WARNING, "Failed to put a key into the cache", e);
                        }
                    }
                }
                if (c15044.m61702(true).isEmpty()) {
                    throw new Exception(C37991.m132405("No valid public key returned by the keystore: ", str));
                }
                return c15044.m61702(true);
            } catch (IOException e2) {
                IdTokenVerifier.f22621.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e2);
                throw e2;
            }
        }
    }

    @InterfaceC5782
    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ϳ, reason: contains not printable characters */
    /* loaded from: classes7.dex */
    public static class C5746 {

        /* renamed from: Ԩ, reason: contains not printable characters */
        public String f22647;

        /* renamed from: ԩ, reason: contains not printable characters */
        public C63665 f22648;

        /* renamed from: ԫ, reason: contains not printable characters */
        public Collection<String> f22650;

        /* renamed from: Ԭ, reason: contains not printable characters */
        public Collection<String> f22651;

        /* renamed from: ԭ, reason: contains not printable characters */
        public InterfaceC63666 f22652;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public InterfaceC5790 f22646 = InterfaceC5790.f22753;

        /* renamed from: Ԫ, reason: contains not printable characters */
        public long f22649 = 300;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public IdTokenVerifier mo31529() {
            return new IdTokenVerifier(this);
        }

        /* renamed from: Ԩ, reason: contains not printable characters */
        public final long m31530() {
            return this.f22649;
        }

        /* renamed from: ԩ, reason: contains not printable characters */
        public final Collection<String> m31531() {
            return this.f22651;
        }

        /* renamed from: Ԫ, reason: contains not printable characters */
        public final InterfaceC5790 m31532() {
            return this.f22646;
        }

        /* renamed from: ԫ, reason: contains not printable characters */
        public final C63665 m31533() {
            return this.f22648;
        }

        /* renamed from: Ԭ, reason: contains not printable characters */
        public final String m31534() {
            Collection<String> collection = this.f22650;
            if (collection == null) {
                return null;
            }
            return collection.iterator().next();
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final Collection<String> m31535() {
            return this.f22650;
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public C5746 mo31536(long j) {
            C55792.m184687(j >= 0);
            this.f22649 = j;
            return this;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public C5746 mo31537(Collection<String> collection) {
            this.f22651 = collection;
            return this;
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public C5746 m31538(String str) {
            this.f22647 = str;
            return this;
        }

        /* renamed from: ֈ, reason: contains not printable characters */
        public C5746 mo31539(InterfaceC5790 interfaceC5790) {
            interfaceC5790.getClass();
            this.f22646 = interfaceC5790;
            return this;
        }

        /* renamed from: ֏, reason: contains not printable characters */
        public C5746 m31540(C63665 c63665) {
            this.f22648 = c63665;
            return this;
        }

        /* renamed from: ׯ, reason: contains not printable characters */
        public C5746 m31541(InterfaceC63666 interfaceC63666) {
            this.f22652 = interfaceC63666;
            return this;
        }

        /* renamed from: ؠ, reason: contains not printable characters */
        public C5746 mo31542(String str) {
            return str == null ? mo31543(null) : mo31543(Collections.singleton(str));
        }

        /* renamed from: ހ, reason: contains not printable characters */
        public C5746 mo31543(Collection<String> collection) {
            C55792.m184688(collection == null || !collection.isEmpty(), "Issuers must not be empty");
            this.f22650 = collection;
            return this;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԩ, reason: contains not printable characters */
    /* loaded from: classes11.dex */
    public static class C5747 implements InterfaceC63666 {
        @Override // p2155.InterfaceC63666
        public AbstractC18999 create() {
            return IdTokenVerifier.f22626;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$ԩ, reason: contains not printable characters */
    /* loaded from: classes12.dex */
    public static class C5748 extends Exception {
        public C5748(String str) {
            super(str);
        }

        public C5748(String str, Throwable th) {
            super(str, th);
        }
    }

    public IdTokenVerifier() {
        this(new C5746());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public IdTokenVerifier(C5746 c5746) {
        this.f22630 = c5746.f22647;
        this.f22629 = c5746.f22646;
        this.f22633 = c5746.f22649;
        Collection<String> collection = c5746.f22650;
        this.f22634 = collection == null ? null : Collections.unmodifiableCollection(collection);
        Collection<String> collection2 = c5746.f22651;
        this.f22635 = collection2 != null ? Collections.unmodifiableCollection(collection2) : null;
        InterfaceC63666 interfaceC63666 = c5746.f22652;
        InterfaceC63666 obj = interfaceC63666 == null ? new Object() : interfaceC63666;
        C15770<Object, Object> m63875 = C15770.m63875();
        m63875.m63882(1L, TimeUnit.HOURS);
        this.f22632 = m63875.m63877(new PublicKeyLoader(obj));
        C63665 c63665 = c5746.f22648;
        this.f22631 = c63665 == null ? new Object() : c63665;
    }

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final long m31514() {
        return this.f22633;
    }

    /* renamed from: ԩ, reason: contains not printable characters */
    public final Collection<String> m31515() {
        return this.f22635;
    }

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final String m31516(JsonWebSignature.Header header) throws C5748 {
        String str = this.f22630;
        if (str != null) {
            return str;
        }
        String algorithm = header.getAlgorithm();
        algorithm.getClass();
        if (algorithm.equals("ES256")) {
            return f22622;
        }
        if (algorithm.equals(JwtRequestHeader.ALG_VALUE_RS256)) {
            return f22623;
        }
        throw new Exception(String.format(f22625, header.getAlgorithm()));
    }

    /* renamed from: ԫ, reason: contains not printable characters */
    public final InterfaceC5790 m31517() {
        return this.f22629;
    }

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final String m31518() {
        Collection<String> collection = this.f22634;
        if (collection == null) {
            return null;
        }
        return collection.iterator().next();
    }

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> m31519() {
        return this.f22634;
    }

    /* renamed from: Ԯ, reason: contains not printable characters */
    public boolean m31520(IdToken idToken) {
        if (!m31521(idToken)) {
            return false;
        }
        try {
            m31522(idToken);
            return true;
        } catch (C5748 e) {
            f22621.log(Level.SEVERE, "id token signature verification failed. Please see docs for IdTokenVerifier for default settings and configuration options", (Throwable) e);
            return false;
        }
    }

    /* renamed from: ԯ, reason: contains not printable characters */
    public boolean m31521(IdToken idToken) {
        Collection<String> collection = this.f22634;
        if (collection != null && !idToken.m31511(collection)) {
            return false;
        }
        Collection<String> collection2 = this.f22635;
        return (collection2 == null || idToken.m31507(collection2)) && idToken.m31512(this.f22629.mo31808(), this.f22633);
    }

    @InterfaceC46837
    /* renamed from: ՠ, reason: contains not printable characters */
    public boolean m31522(IdToken idToken) throws C5748 {
        if (Boolean.parseBoolean(this.f22631.m227342(f22627))) {
            return true;
        }
        if (!f22624.contains(idToken.mo31751().getAlgorithm())) {
            throw new Exception(String.format(f22625, idToken.mo31751().getAlgorithm()));
        }
        try {
            PublicKey publicKey = this.f22632.get(m31516(idToken.mo31751())).get(idToken.mo31751().getKeyId());
            if (publicKey == null) {
                throw new Exception("Could not find public key for provided keyId: " + idToken.mo31751().getKeyId());
            }
            try {
                if (idToken.m31757(publicKey)) {
                    return true;
                }
                throw new Exception("Invalid signature");
            } catch (GeneralSecurityException e) {
                throw new Exception("Error validating token", e);
            }
        } catch (ExecutionException | C29530 e2) {
            throw new Exception("Error fetching public key from certificate location " + this.f22630, e2);
        }
    }
}
