package com.google.api.client.auth.openidconnect;

import androidx.lifecycle.ViewModelProvider$Factory;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.Base64;
import com.google.api.client.util.Beta;
import com.google.api.client.util.Clock;
import com.google.api.client.util.Key;
import com.google.common.base.Preconditions;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;

@Beta
/* loaded from: classes2.dex */
public class IdTokenVerifier {
    public static final NetHttpTransport HTTP_TRANSPORT;
    public static final Logger LOGGER = Logger.getLogger(IdTokenVerifier.class.getName());
    public final Clock clock = new Builder().clock;
    public final LoadingCache publicKeyCache;

    @Beta
    /* loaded from: classes2.dex */
    public static class Builder {
        public final Clock clock = Clock.SYSTEM;
    }

    /* loaded from: classes2.dex */
    public static class DefaultHttpTransportFactory implements HttpTransportFactory {
        @Override // com.google.api.client.auth.openidconnect.HttpTransportFactory
        public final NetHttpTransport create() {
            return IdTokenVerifier.HTTP_TRANSPORT;
        }
    }

    /* loaded from: classes2.dex */
    public static class PublicKeyLoader extends CacheLoader<String, Map<String, PublicKey>> {
        public final HttpTransportFactory httpTransportFactory;

        /* loaded from: classes2.dex */
        public static class JsonWebKey {
        }

        /* loaded from: classes2.dex */
        public static class JsonWebKeySet extends GenericJson {

            @Key
            public List<JsonWebKey> keys;
        }

        public PublicKeyLoader(HttpTransportFactory httpTransportFactory) {
            this.httpTransportFactory = httpTransportFactory;
        }

        public static PublicKey buildPublicKey(JsonWebKey jsonWebKey) {
            if (!"ES256".equals(null)) {
                if (!"RS256".equals(null)) {
                    return null;
                }
                Preconditions.checkArgument("RSA".equals(null));
                throw null;
            }
            Preconditions.checkArgument("EC".equals(null));
            Preconditions.checkArgument("P-256".equals(null));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, Base64.decodeBase64(null)), new BigInteger(1, Base64.decodeBase64(null)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        @Override // com.google.common.cache.CacheLoader
        public final Object load(Object obj) {
            String str = (String) obj;
            try {
                HttpRequest buildGetRequest = this.httpTransportFactory.create().createRequestFactory().buildGetRequest(new GenericUrl(str));
                GsonFactory defaultInstance = GsonFactory.getDefaultInstance();
                defaultInstance.getClass();
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) buildGetRequest.setParser(new JsonObjectParser(new JsonObjectParser.Builder(defaultInstance))).execute().parseAs(JsonWebKeySet.class);
                ImmutableMap.Builder builder = new ImmutableMap.Builder();
                List<JsonWebKey> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        builder.put(str2, CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(((String) jsonWebKeySet.get(str2)).getBytes("UTF-8"))).getPublicKey());
                    }
                } else {
                    for (JsonWebKey jsonWebKey : list) {
                        try {
                            jsonWebKey.getClass();
                            builder.put(null, buildPublicKey(jsonWebKey));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            IdTokenVerifier.LOGGER.log(Level.WARNING, "Failed to put a key into the cache", e);
                        }
                    }
                }
                if (builder.build(true).isEmpty()) {
                    throw new Exception(ViewModelProvider$Factory.CC.m$1("No valid public key returned by the keystore: ", str));
                }
                return builder.build(true);
            } catch (IOException e2) {
                IdTokenVerifier.LOGGER.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e2);
                throw e2;
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class VerificationException extends Exception {
    }

    static {
        ImmutableSet.construct(2, 2, "RS256", "ES256");
        HTTP_TRANSPORT = new NetHttpTransport();
    }

    public IdTokenVerifier() {
        DefaultHttpTransportFactory defaultHttpTransportFactory = new DefaultHttpTransportFactory();
        CacheBuilder newBuilder = CacheBuilder.newBuilder();
        newBuilder.expireAfterWrite(1L, TimeUnit.HOURS);
        this.publicKeyCache = newBuilder.build(new PublicKeyLoader(defaultHttpTransportFactory));
        new Environment();
    }
}
