package com.google.api.client.auth.openidconnect;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.C5638;
import com.google.api.client.util.InterfaceC5639;
import com.google.api.client.util.InterfaceC5647;
import com.google.api.client.util.InterfaceC5668;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import p098.AbstractC8445;
import p098.C8421;
import p098.InterfaceC8457;
import p1091.AbstractC34603;
import p1091.AbstractC34651;
import p1196.C37540;
import p2055.AbstractC60567;
import p2055.C60540;
import p2055.C60558;
import p2100.C61473;
import p405.C17936;
import p405.InterfaceC17937;
import p498.C19339;
import p530.C20267;
import p647.C23696;
import p691.InterfaceC24236;
import p791.C25963;
import p791.C25967;

@InterfaceC5639
/* loaded from: classes15.dex */
public class IdTokenVerifier {

    /* renamed from: ԯ, reason: contains not printable characters */
    public static final String f22428 = "https://www.gstatic.com/iap/verify/public_key-jwk";

    /* renamed from: ՠ, reason: contains not printable characters */
    public static final String f22429 = "https://www.googleapis.com/oauth2/v3/certs";

    /* renamed from: ֏, reason: contains not printable characters */
    public static final String f22431 = "Unexpected signing algorithm %s: expected either RS256 or ES256";

    /* renamed from: ؠ, reason: contains not printable characters */
    public static final String f22433 = "OAUTH_CLIENT_SKIP_SIGNATURE";

    /* renamed from: ހ, reason: contains not printable characters */
    public static final long f22434 = 300;

    /* renamed from: Ϳ, reason: contains not printable characters */
    public final InterfaceC5647 f22435;

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final String f22436;

    /* renamed from: ԩ, reason: contains not printable characters */
    public final C17936 f22437;

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final InterfaceC8457<String, Map<String, PublicKey>> f22438;

    /* renamed from: ԫ, reason: contains not printable characters */
    public final long f22439;

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final Collection<String> f22440;

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> f22441;

    /* renamed from: Ԯ, reason: contains not printable characters */
    public static final Logger f22427 = Logger.getLogger(IdTokenVerifier.class.getName());

    /* renamed from: ֈ, reason: contains not printable characters */
    public static final Set<String> f22430 = AbstractC34651.m135339(JwtRequestHeader.ALG_VALUE_RS256, "ES256");

    /* renamed from: ׯ, reason: contains not printable characters */
    public static final AbstractC60567 f22432 = new C61473();

    /* loaded from: classes2.dex */
    public static class PublicKeyLoader extends AbstractC8445<String, Map<String, PublicKey>> {

        /* renamed from: Ƚ, reason: contains not printable characters */
        public final InterfaceC17937 f22442;

        /* loaded from: classes.dex */
        public static class JsonWebKeySet extends C25963 {

            @InterfaceC5668
            public List<C5602> keys;
        }

        /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$PublicKeyLoader$Ϳ, reason: contains not printable characters */
        /* loaded from: classes14.dex */
        public static class C5602 {

            /* renamed from: Ϳ, reason: contains not printable characters */
            @InterfaceC5668
            public String f22443;

            /* renamed from: Ԩ, reason: contains not printable characters */
            @InterfaceC5668
            public String f22444;

            /* renamed from: ԩ, reason: contains not printable characters */
            @InterfaceC5668
            public String f22445;

            /* renamed from: Ԫ, reason: contains not printable characters */
            @InterfaceC5668
            public String f22446;

            /* renamed from: ԫ, reason: contains not printable characters */
            @InterfaceC5668
            public String f22447;

            /* renamed from: Ԭ, reason: contains not printable characters */
            @InterfaceC5668
            public String f22448;

            /* renamed from: ԭ, reason: contains not printable characters */
            @InterfaceC5668
            public String f22449;

            /* renamed from: Ԯ, reason: contains not printable characters */
            @InterfaceC5668
            public String f22450;

            /* renamed from: ԯ, reason: contains not printable characters */
            @InterfaceC5668
            public String f22451;
        }

        public PublicKeyLoader(InterfaceC17937 interfaceC17937) {
            this.f22442 = interfaceC17937;
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final PublicKey m28763(C5602 c5602) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            C19339.m94386("EC".equals(c5602.f22446));
            C19339.m94386("P-256".equals(c5602.f22444));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, C5638.m29028(c5602.f22448)), new BigInteger(1, C5638.m29028(c5602.f22449)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public final PublicKey m28764(C5602 c5602) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            if ("ES256".equals(c5602.f22443)) {
                return m28763(c5602);
            }
            if (JwtRequestHeader.ALG_VALUE_RS256.equals(c5602.f22443)) {
                return m28766(c5602);
            }
            return null;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public final PublicKey m28765(String str) throws CertificateException, UnsupportedEncodingException {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8"))).getPublicKey();
        }

        /* renamed from: ֈ, reason: contains not printable characters */
        public final PublicKey m28766(C5602 c5602) throws NoSuchAlgorithmException, InvalidKeySpecException {
            C19339.m94386("RSA".equals(c5602.f22446));
            c5602.f22450.getClass();
            c5602.f22451.getClass();
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, C5638.m29028(c5602.f22451)), new BigInteger(1, C5638.m29028(c5602.f22450))));
        }

        @Override // p098.AbstractC8445
        /* renamed from: ֏, reason: contains not printable characters and merged with bridge method [inline-methods] */
        public Map<String, PublicKey> mo28762(String str) throws Exception {
            try {
                C60558 m219062 = this.f22442.create().m219116().m219062(new C60540(str, false));
                C23696 c23696 = C23696.C23697.f82129;
                c23696.getClass();
                m219062.f186623 = new C25967(c23696);
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) m219062.m219003().m219088(JsonWebKeySet.class);
                AbstractC34603.C34605 c34605 = new AbstractC34603.C34605(4);
                List<C5602> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        c34605.mo135054(str2, m28765((String) jsonWebKeySet.get(str2)));
                    }
                } else {
                    for (C5602 c5602 : list) {
                        try {
                            c34605.mo135054(c5602.f22445, m28764(c5602));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            IdTokenVerifier.f22427.log(Level.WARNING, "Failed to put a key into the cache", e);
                        }
                    }
                }
                if (c34605.m135207(true).isEmpty()) {
                    throw new Exception(C37540.m144966("No valid public key returned by the keystore: ", str));
                }
                return c34605.m135207(true);
            } catch (IOException e2) {
                IdTokenVerifier.f22427.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e2);
                throw e2;
            }
        }
    }

    @InterfaceC5639
    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ϳ, reason: contains not printable characters */
    /* loaded from: classes14.dex */
    public static class C5603 {

        /* renamed from: Ԩ, reason: contains not printable characters */
        public String f22453;

        /* renamed from: ԩ, reason: contains not printable characters */
        public C17936 f22454;

        /* renamed from: ԫ, reason: contains not printable characters */
        public Collection<String> f22456;

        /* renamed from: Ԭ, reason: contains not printable characters */
        public Collection<String> f22457;

        /* renamed from: ԭ, reason: contains not printable characters */
        public InterfaceC17937 f22458;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public InterfaceC5647 f22452 = InterfaceC5647.f22559;

        /* renamed from: Ԫ, reason: contains not printable characters */
        public long f22455 = 300;

        /* renamed from: Ϳ, reason: contains not printable characters */
        public IdTokenVerifier mo28768() {
            return new IdTokenVerifier(this);
        }

        /* renamed from: Ԩ, reason: contains not printable characters */
        public final long m28769() {
            return this.f22455;
        }

        /* renamed from: ԩ, reason: contains not printable characters */
        public final Collection<String> m28770() {
            return this.f22457;
        }

        /* renamed from: Ԫ, reason: contains not printable characters */
        public final InterfaceC5647 m28771() {
            return this.f22452;
        }

        /* renamed from: ԫ, reason: contains not printable characters */
        public final C17936 m28772() {
            return this.f22454;
        }

        /* renamed from: Ԭ, reason: contains not printable characters */
        public final String m28773() {
            Collection<String> collection = this.f22456;
            if (collection == null) {
                return null;
            }
            return collection.iterator().next();
        }

        /* renamed from: ԭ, reason: contains not printable characters */
        public final Collection<String> m28774() {
            return this.f22456;
        }

        /* renamed from: Ԯ, reason: contains not printable characters */
        public C5603 mo28775(long j) {
            C19339.m94386(j >= 0);
            this.f22455 = j;
            return this;
        }

        /* renamed from: ԯ, reason: contains not printable characters */
        public C5603 mo28776(Collection<String> collection) {
            this.f22457 = collection;
            return this;
        }

        /* renamed from: ՠ, reason: contains not printable characters */
        public C5603 m28777(String str) {
            this.f22453 = str;
            return this;
        }

        /* renamed from: ֈ, reason: contains not printable characters */
        public C5603 mo28778(InterfaceC5647 interfaceC5647) {
            interfaceC5647.getClass();
            this.f22452 = interfaceC5647;
            return this;
        }

        /* renamed from: ֏, reason: contains not printable characters */
        public C5603 m28779(C17936 c17936) {
            this.f22454 = c17936;
            return this;
        }

        /* renamed from: ׯ, reason: contains not printable characters */
        public C5603 m28780(InterfaceC17937 interfaceC17937) {
            this.f22458 = interfaceC17937;
            return this;
        }

        /* renamed from: ؠ, reason: contains not printable characters */
        public C5603 mo28781(String str) {
            return str == null ? mo28782(null) : mo28782(Collections.singleton(str));
        }

        /* renamed from: ހ, reason: contains not printable characters */
        public C5603 mo28782(Collection<String> collection) {
            C19339.m94387(collection == null || !collection.isEmpty(), "Issuers must not be empty");
            this.f22456 = collection;
            return this;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$Ԩ, reason: contains not printable characters */
    /* loaded from: classes3.dex */
    public static class C5604 implements InterfaceC17937 {
        @Override // p405.InterfaceC17937
        public AbstractC60567 create() {
            return IdTokenVerifier.f22432;
        }
    }

    /* renamed from: com.google.api.client.auth.openidconnect.IdTokenVerifier$ԩ, reason: contains not printable characters */
    /* loaded from: classes15.dex */
    public static class C5605 extends Exception {
        public C5605(String str) {
            super(str);
        }

        public C5605(String str, Throwable th) {
            super(str, th);
        }
    }

    public IdTokenVerifier() {
        this(new C5603());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public IdTokenVerifier(C5603 c5603) {
        this.f22436 = c5603.f22453;
        this.f22435 = c5603.f22452;
        this.f22439 = c5603.f22455;
        Collection<String> collection = c5603.f22456;
        this.f22440 = collection == null ? null : Collections.unmodifiableCollection(collection);
        Collection<String> collection2 = c5603.f22457;
        this.f22441 = collection2 != null ? Collections.unmodifiableCollection(collection2) : null;
        InterfaceC17937 interfaceC17937 = c5603.f22458;
        InterfaceC17937 obj = interfaceC17937 == null ? new Object() : interfaceC17937;
        C8421<Object, Object> m40332 = C8421.m40332();
        m40332.m40339(1L, TimeUnit.HOURS);
        this.f22438 = m40332.m40334(new PublicKeyLoader(obj));
        C17936 c17936 = c5603.f22454;
        this.f22437 = c17936 == null ? new Object() : c17936;
    }

    /* renamed from: Ԩ, reason: contains not printable characters */
    public final long m28753() {
        return this.f22439;
    }

    /* renamed from: ԩ, reason: contains not printable characters */
    public final Collection<String> m28754() {
        return this.f22441;
    }

    /* renamed from: Ԫ, reason: contains not printable characters */
    public final String m28755(JsonWebSignature.Header header) throws C5605 {
        String str = this.f22436;
        if (str != null) {
            return str;
        }
        String algorithm = header.getAlgorithm();
        algorithm.getClass();
        if (algorithm.equals("ES256")) {
            return f22428;
        }
        if (algorithm.equals(JwtRequestHeader.ALG_VALUE_RS256)) {
            return f22429;
        }
        throw new Exception(String.format(f22431, header.getAlgorithm()));
    }

    /* renamed from: ԫ, reason: contains not printable characters */
    public final InterfaceC5647 m28756() {
        return this.f22435;
    }

    /* renamed from: Ԭ, reason: contains not printable characters */
    public final String m28757() {
        Collection<String> collection = this.f22440;
        if (collection == null) {
            return null;
        }
        return collection.iterator().next();
    }

    /* renamed from: ԭ, reason: contains not printable characters */
    public final Collection<String> m28758() {
        return this.f22440;
    }

    /* renamed from: Ԯ, reason: contains not printable characters */
    public boolean m28759(IdToken idToken) {
        if (!m28760(idToken)) {
            return false;
        }
        try {
            m28761(idToken);
            return true;
        } catch (C5605 e) {
            f22427.log(Level.SEVERE, "id token signature verification failed. Please see docs for IdTokenVerifier for default settings and configuration options", (Throwable) e);
            return false;
        }
    }

    /* renamed from: ԯ, reason: contains not printable characters */
    public boolean m28760(IdToken idToken) {
        Collection<String> collection;
        Collection<String> collection2 = this.f22440;
        return (collection2 == null || idToken.m28750(collection2)) && ((collection = this.f22441) == null || idToken.m28746(collection)) && idToken.m28751(this.f22435.mo29047(), this.f22439);
    }

    @InterfaceC24236
    /* renamed from: ՠ, reason: contains not printable characters */
    public boolean m28761(IdToken idToken) throws C5605 {
        if (Boolean.parseBoolean(this.f22437.m89496(f22433))) {
            return true;
        }
        if (!f22430.contains(idToken.mo28990().getAlgorithm())) {
            throw new Exception(String.format(f22431, idToken.mo28990().getAlgorithm()));
        }
        try {
            PublicKey publicKey = this.f22438.get(m28755(idToken.mo28990())).get(idToken.mo28990().getKeyId());
            if (publicKey == null) {
                throw new Exception("Could not find public key for provided keyId: " + idToken.mo28990().getKeyId());
            }
            try {
                if (idToken.m28996(publicKey)) {
                    return true;
                }
                throw new Exception("Invalid signature");
            } catch (GeneralSecurityException e) {
                throw new Exception("Error validating token", e);
            }
        } catch (ExecutionException | C20267 e2) {
            throw new Exception("Error fetching public key from certificate location " + this.f22436, e2);
        }
    }
}
