package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.lovu.app.fw2;
import com.lovu.app.g33;
import com.lovu.app.hy2;
import com.lovu.app.ij2;
import com.lovu.app.it2;
import com.lovu.app.jy2;
import com.lovu.app.mx2;
import com.lovu.app.ny2;
import com.lovu.app.os2;
import com.lovu.app.p33;
import com.lovu.app.qh3;
import com.lovu.app.si2;
import com.lovu.app.zi2;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;

@fw2
/* loaded from: classes2.dex */
public class TokenVerifier {
    public static final Set<String> hg = p33.wb("RS256", "ES256");
    public static final String it = "https://www.gstatic.com/iap/verify/public_key-jwk";
    public static final String mn = "https://www.googleapis.com/oauth2/v3/certs";
    public final String dg;
    public final String gc;
    public final String he;
    public final ny2<String, Map<String, PublicKey>> qv;
    public final PublicKey vg;
    public final zi2 zm;

    /* loaded from: classes2.dex */
    public static class PublicKeyLoader extends jy2<String, Map<String, PublicKey>> {
        public final os2 he;

        /* loaded from: classes2.dex */
        public static class JsonWebKeySet extends GenericJson {

            @ij2
            public List<he> keys;
        }

        /* loaded from: classes2.dex */
        public static class he {

            @ij2
            public String dg;

            @ij2
            public String gc;

            @ij2
            public String he;

            @ij2
            public String hg;

            @ij2
            public String it;

            @ij2
            public String mn;

            @ij2
            public String qv;

            @ij2
            public String vg;

            @ij2
            public String zm;
        }

        public PublicKeyLoader(os2 os2Var) {
            this.he = os2Var;
        }

        private PublicKey hg(he heVar) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            if ("ES256".equals(heVar.he)) {
                return mn(heVar);
            }
            if ("RS256".equals(heVar.he)) {
                return sd(heVar);
            }
            return null;
        }

        private PublicKey mn(he heVar) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
            mx2.vg("EC".equals(heVar.vg));
            mx2.vg("P-256".equals(heVar.dg));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, si2.he(heVar.qv)), new BigInteger(1, si2.he(heVar.it)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        private PublicKey nj(String str) throws CertificateException, UnsupportedEncodingException {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8"))).getPublicKey();
        }

        private PublicKey sd(he heVar) throws NoSuchAlgorithmException, InvalidKeySpecException {
            mx2.vg("RSA".equals(heVar.vg));
            mx2.fi(heVar.mn);
            mx2.fi(heVar.hg);
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, si2.he(heVar.hg)), new BigInteger(1, si2.he(heVar.mn))));
        }

        @Override // com.lovu.app.jy2
        /* renamed from: bz, reason: merged with bridge method [inline-methods] */
        public Map<String, PublicKey> vg(String str) throws Exception {
            try {
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) this.he.create().gc().dg(new GenericUrl(str)).zk(it2.it.gc()).dg().kc(JsonWebKeySet.class);
                g33.dg dgVar = new g33.dg();
                List<he> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        dgVar.vg(str2, nj((String) jsonWebKeySet.get(str2)));
                    }
                } else {
                    for (he heVar : list) {
                        try {
                            dgVar.vg(heVar.gc, hg(heVar));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            e.printStackTrace();
                        }
                    }
                }
                return dgVar.he();
            } catch (IOException unused) {
                return g33.ur();
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class dg {
        public String dg;
        public String gc;
        public String he;
        public os2 qv;
        public PublicKey vg;
        public zi2 zm;

        public dg bz(String str) {
            this.gc = str;
            return this;
        }

        public dg gq(PublicKey publicKey) {
            this.vg = publicKey;
            return this;
        }

        public dg hg(String str) {
            this.dg = str;
            return this;
        }

        public TokenVerifier it() {
            return new TokenVerifier(this);
        }

        public dg mn(String str) {
            this.he = str;
            return this;
        }

        public dg nj(zi2 zi2Var) {
            this.zm = zi2Var;
            return this;
        }

        public dg sd(os2 os2Var) {
            this.qv = os2Var;
            return this;
        }
    }

    /* loaded from: classes2.dex */
    public static class gc extends Exception {
        public gc(String str) {
            super(str);
        }

        public gc(String str, Throwable th) {
            super(str, th);
        }
    }

    public TokenVerifier(dg dgVar) {
        this.he = dgVar.he;
        this.dg = dgVar.dg;
        this.gc = dgVar.gc;
        this.vg = dgVar.vg;
        this.zm = dgVar.zm;
        this.qv = hy2.uf().it(1L, TimeUnit.HOURS).dg(new PublicKeyLoader(dgVar.qv));
    }

    public static dg dg() {
        return new dg().nj(zi2.he).sd(it2.qv);
    }

    private String he(JsonWebSignature jsonWebSignature) throws gc {
        String str = this.dg;
        if (str != null) {
            return str;
        }
        String algorithm = jsonWebSignature.he().getAlgorithm();
        char c = 65535;
        int hashCode = algorithm.hashCode();
        if (hashCode != 66245349) {
            if (hashCode == 78251122 && algorithm.equals("RS256")) {
                c = 0;
            }
        } else if (algorithm.equals("ES256")) {
            c = 1;
        }
        if (c == 0) {
            return mn;
        }
        if (c == 1) {
            return it;
        }
        throw new gc("Unknown algorithm");
    }

    public JsonWebSignature gc(String str) throws gc {
        try {
            JsonWebSignature it2 = JsonWebSignature.it(it2.it, str);
            String str2 = this.he;
            if (str2 != null && !str2.equals(it2.dg().getAudience())) {
                throw new gc("Expected audience does not match");
            }
            String str3 = this.gc;
            if (str3 != null && !str3.equals(it2.dg().getIssuer())) {
                throw new gc("Expected issuer does not match");
            }
            Long expirationTimeSeconds = it2.dg().getExpirationTimeSeconds();
            if (expirationTimeSeconds != null && expirationTimeSeconds.longValue() <= this.zm.currentTimeMillis() / 1000) {
                throw new gc("Token is expired");
            }
            if (!hg.contains(it2.he().getAlgorithm())) {
                throw new gc("Unexpected signing algorithm: expected either RS256 or ES256");
            }
            PublicKey publicKey = this.vg;
            if (publicKey == null) {
                try {
                    publicKey = this.qv.get(he(it2)).get(it2.he().getKeyId());
                } catch (qh3 | ExecutionException e) {
                    throw new gc("Error fetching PublicKey from certificate location", e);
                }
            }
            if (publicKey == null) {
                throw new gc("Could not find PublicKey for provided keyId: " + it2.he().getKeyId());
            }
            try {
                if (it2.bz(publicKey)) {
                    return it2;
                }
                throw new gc("Invalid signature");
            } catch (GeneralSecurityException e2) {
                throw new gc("Error validating token", e2);
            }
        } catch (IOException e3) {
            throw new gc("Error parsing JsonWebSignature token", e3);
        }
    }
}
