package com.google.api.client.auth.openidconnect;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.Base64;
import com.google.api.client.util.Clock;
import com.google.api.client.util.ExponentialBackOff;
import com.google.api.client.util.Key;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import l.AbstractC0175a;

/* loaded from: classes3.dex */
public class IdTokenVerifier {
    public static final Logger f = Logger.getLogger(IdTokenVerifier.class.getName());
    public static final NetHttpTransport g;
    public final Clock a;
    public final LoadingCache b;

    /* renamed from: c, reason: collision with root package name */
    public final long f9138c;
    public final Collection d;

    /* renamed from: e, reason: collision with root package name */
    public final Collection f9139e;

    /* loaded from: classes3.dex */
    public static class Builder {
        public final Clock a = Clock.a;
        public final long b = 300;

        /* renamed from: c, reason: collision with root package name */
        public Collection f9140c;
        public List d;

        public Builder a(Collection collection) {
            Preconditions.e(collection == null || !collection.isEmpty(), "Issuers must not be empty");
            this.f9140c = collection;
            return this;
        }
    }

    /* loaded from: classes3.dex */
    public static class DefaultHttpTransportFactory implements HttpTransportFactory {
    }

    /* loaded from: classes3.dex */
    public static class PublicKeyLoader extends CacheLoader<String, Map<String, PublicKey>> {
        public final HttpTransportFactory a;

        /* loaded from: classes3.dex */
        public static class JsonWebKey {

            @Key
            public String alg;

            @Key
            public String crv;

            /* renamed from: e, reason: collision with root package name */
            @Key
            public String f9141e;

            @Key
            public String kid;

            @Key
            public String kty;

            @Key
            public String n;

            @Key
            public String use;

            @Key
            public String x;

            /* renamed from: y, reason: collision with root package name */
            @Key
            public String f9142y;
        }

        /* loaded from: classes3.dex */
        public static class JsonWebKeySet extends GenericJson {

            @Key
            public List<JsonWebKey> keys;
        }

        public PublicKeyLoader(HttpTransportFactory httpTransportFactory) {
            this.a = httpTransportFactory;
        }

        public static PublicKey c(JsonWebKey jsonWebKey) {
            if ("ES256".equals(jsonWebKey.alg)) {
                Preconditions.d("EC".equals(jsonWebKey.kty));
                Preconditions.d("P-256".equals(jsonWebKey.crv));
                ECPoint eCPoint = new ECPoint(new BigInteger(1, Base64.a(jsonWebKey.x)), new BigInteger(1, Base64.a(jsonWebKey.f9142y)));
                AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
                algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
                return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
            }
            if (!"RS256".equals(jsonWebKey.alg)) {
                return null;
            }
            Preconditions.d("RSA".equals(jsonWebKey.kty));
            jsonWebKey.f9141e.getClass();
            jsonWebKey.n.getClass();
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.a(jsonWebKey.n)), new BigInteger(1, Base64.a(jsonWebKey.f9141e))));
        }

        @Override // com.google.common.cache.CacheLoader
        public final Object a(Object obj) {
            String str = (String) obj;
            ((DefaultHttpTransportFactory) this.a).getClass();
            try {
                HttpRequest a = IdTokenVerifier.g.b().a("GET", new GenericUrl(str), null);
                GsonFactory f = GsonFactory.f();
                f.getClass();
                a.q = new JsonObjectParser(f);
                a.d = 2;
                ExponentialBackOff.Builder builder = new ExponentialBackOff.Builder();
                builder.a = 1000;
                builder.b = 0.1d;
                builder.f9228c = 2.0d;
                HttpBackOffUnsuccessfulResponseHandler httpBackOffUnsuccessfulResponseHandler = new HttpBackOffUnsuccessfulResponseHandler(new ExponentialBackOff(builder));
                HttpBackOffUnsuccessfulResponseHandler.BackOffRequired backOffRequired = HttpBackOffUnsuccessfulResponseHandler.BackOffRequired.a;
                backOffRequired.getClass();
                httpBackOffUnsuccessfulResponseHandler.d = backOffRequired;
                a.n = httpBackOffUnsuccessfulResponseHandler;
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) a.b().e(JsonWebKeySet.class);
                ImmutableMap.Builder builder2 = new ImmutableMap.Builder();
                List<JsonWebKey> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        builder2.d(str2, CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(((String) jsonWebKeySet.get(str2)).getBytes("UTF-8"))).getPublicKey());
                    }
                } else {
                    for (JsonWebKey jsonWebKey : list) {
                        try {
                            builder2.d(jsonWebKey.kid, c(jsonWebKey));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e2) {
                            IdTokenVerifier.f.log(Level.WARNING, "Failed to put a key into the cache", e2);
                        }
                    }
                }
                ImmutableMap b = builder2.b(true);
                if (b.isEmpty()) {
                    throw new Exception(AbstractC0175a.j("No valid public key returned by the keystore: ", str));
                }
                return b;
            } catch (IOException e3) {
                IdTokenVerifier.f.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e3);
                throw e3;
            }
        }
    }

    /* loaded from: classes3.dex */
    public static class VerificationException extends Exception {
    }

    static {
        ImmutableSet.m(2, "RS256", "ES256");
        g = new NetHttpTransport();
    }

    public IdTokenVerifier() {
        this(new Builder());
    }

    public IdTokenVerifier(Builder builder) {
        this.a = builder.a;
        this.f9138c = builder.b;
        Collection collection = builder.f9140c;
        this.d = collection == null ? null : Collections.unmodifiableCollection(collection);
        List list = builder.d;
        this.f9139e = list != null ? Collections.unmodifiableCollection(list) : null;
        DefaultHttpTransportFactory defaultHttpTransportFactory = new DefaultHttpTransportFactory();
        CacheBuilder b = CacheBuilder.b();
        TimeUnit timeUnit = TimeUnit.HOURS;
        long j = b.b;
        if (j != -1) {
            throw new IllegalStateException(Strings.c("expireAfterWrite was already set to %s ns", Long.valueOf(j)));
        }
        b.b = timeUnit.toNanos(1L);
        this.b = b.a(new PublicKeyLoader(defaultHttpTransportFactory));
        new Environment();
    }
}
