package com.google.auth.oauth2;

import com.alibaba.sdk.android.oss.common.auth.HmacSHA1Signature;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.Base64;
import com.google.api.client.util.Clock;
import com.google.api.client.util.Key;
import com.google.auth.http.HttpTransportFactory;
import com.google.common.annotations.Beta;
import com.google.common.base.Preconditions;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.cache.LocalCache;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.RegularImmutableMap;
import com.google.common.util.concurrent.UncheckedExecutionException;
import d.d.c.a.a;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;

@Beta
/* loaded from: classes.dex */
public class TokenVerifier {
    public static final String FEDERATED_SIGNON_CERT_URL = "https://www.googleapis.com/oauth2/v3/certs";
    public static final String IAP_CERT_URL = "https://www.gstatic.com/iap/verify/public_key-jwk";
    public static final Set<String> SUPPORTED_ALGORITHMS = ImmutableSet.C("RS256", "ES256");
    public final String audience;
    public final String certificatesLocation;
    public final Clock clock;
    public final String issuer;
    public final PublicKey publicKey;
    public final LoadingCache<String, Map<String, PublicKey>> publicKeyCache;

    /* loaded from: classes.dex */
    public static class Builder {
        public String audience;
        public String certificatesLocation;
        public Clock clock;
        public HttpTransportFactory httpTransportFactory;
        public String issuer;
        public PublicKey publicKey;

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public TokenVerifier build() {
            return new TokenVerifier(this);
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Builder setAudience(String str) {
            this.audience = str;
            return this;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Builder setCertificatesLocation(String str) {
            this.certificatesLocation = str;
            return this;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Builder setClock(Clock clock) {
            this.clock = clock;
            return this;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Builder setHttpTransportFactory(HttpTransportFactory httpTransportFactory) {
            this.httpTransportFactory = httpTransportFactory;
            return this;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Builder setIssuer(String str) {
            this.issuer = str;
            return this;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Builder setPublicKey(PublicKey publicKey) {
            this.publicKey = publicKey;
            return this;
        }
    }

    /* loaded from: classes.dex */
    public static class PublicKeyLoader extends CacheLoader<String, Map<String, PublicKey>> {
        public final HttpTransportFactory httpTransportFactory;

        /* loaded from: classes.dex */
        public static class JsonWebKey {

            @Key
            public String alg;

            @Key
            public String crv;

            @Key
            public String e;

            @Key
            public String kid;

            @Key
            public String kty;

            @Key
            public String n;

            @Key
            public String use;

            @Key
            public String x;

            @Key
            public String y;
        }

        /* loaded from: classes.dex */
        public static class JsonWebKeySet extends GenericJson {

            @Key
            public List<JsonWebKey> keys;
        }

        public PublicKeyLoader(HttpTransportFactory httpTransportFactory) {
            this.httpTransportFactory = httpTransportFactory;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        private PublicKey buildEs256PublicKey(JsonWebKey jsonWebKey) {
            Preconditions.d("EC".equals(jsonWebKey.kty));
            Preconditions.d("P-256".equals(jsonWebKey.crv));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, Base64.a(jsonWebKey.x)), new BigInteger(1, Base64.a(jsonWebKey.y)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        private PublicKey buildPublicKey(JsonWebKey jsonWebKey) {
            if ("ES256".equals(jsonWebKey.alg)) {
                return buildEs256PublicKey(jsonWebKey);
            }
            if ("RS256".equals(jsonWebKey.alg)) {
                return buildRs256PublicKey(jsonWebKey);
            }
            return null;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        private PublicKey buildPublicKey(String str) {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes(HmacSHA1Signature.DEFAULT_ENCODING))).getPublicKey();
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        private PublicKey buildRs256PublicKey(JsonWebKey jsonWebKey) {
            Preconditions.d("RSA".equals(jsonWebKey.kty));
            Preconditions.n(jsonWebKey.e);
            Preconditions.n(jsonWebKey.n);
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.a(jsonWebKey.n)), new BigInteger(1, Base64.a(jsonWebKey.e))));
        }

        /* JADX WARN: Unreachable blocks removed: 6, instructions: 6 */
        @Override // com.google.common.cache.CacheLoader
        public Map<String, PublicKey> load(String str) {
            try {
                HttpRequest a = this.httpTransportFactory.create().b().a("GET", new GenericUrl(str), null);
                JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
                if (jsonFactory == null) {
                    throw null;
                }
                a.q = new JsonObjectParser(jsonFactory);
                JsonWebKeySet jsonWebKeySet = (JsonWebKeySet) a.b().e(JsonWebKeySet.class);
                ImmutableMap.Builder builder = new ImmutableMap.Builder();
                List<JsonWebKey> list = jsonWebKeySet.keys;
                if (list == null) {
                    for (String str2 : jsonWebKeySet.keySet()) {
                        builder.c(str2, buildPublicKey((String) jsonWebKeySet.get(str2)));
                    }
                } else {
                    for (JsonWebKey jsonWebKey : list) {
                        try {
                            builder.c(jsonWebKey.kid, buildPublicKey(jsonWebKey));
                        } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
                            e.printStackTrace();
                        }
                    }
                }
                return builder.a();
            } catch (IOException unused) {
                return RegularImmutableMap.m;
            }
        }
    }

    /* loaded from: classes.dex */
    public static class VerificationException extends Exception {
        public VerificationException(String str) {
            super(str);
        }

        public VerificationException(String str, Throwable th) {
            super(str, th);
        }
    }

    public TokenVerifier(Builder builder) {
        this.audience = builder.audience;
        this.certificatesLocation = builder.certificatesLocation;
        this.issuer = builder.issuer;
        this.publicKey = builder.publicKey;
        this.clock = builder.clock;
        CacheBuilder cacheBuilder = new CacheBuilder();
        cacheBuilder.c(1L, TimeUnit.HOURS);
        PublicKeyLoader publicKeyLoader = new PublicKeyLoader(builder.httpTransportFactory);
        cacheBuilder.b();
        this.publicKeyCache = new LocalCache.LocalLoadingCache(cacheBuilder, publicKeyLoader);
    }

    /* JADX WARN: Removed duplicated region for block: B:13:0x003f  */
    /* JADX WARN: Removed duplicated region for block: B:19:0x004f  */
    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String getCertificateLocation(com.google.api.client.json.webtoken.JsonWebSignature r6) {
        /*
            r5 = this;
            java.lang.String r4 = "ModGuard - Protect Your Piracy v1.2 by ill420smoker"
            java.lang.String r0 = r5.certificatesLocation
            if (r0 == 0) goto L8
            r4 = 0
            return r0
        L8:
            r4 = 1
            com.google.api.client.json.webtoken.JsonWebToken$Header r6 = r6.a
            com.google.api.client.json.webtoken.JsonWebSignature$Header r6 = (com.google.api.client.json.webtoken.JsonWebSignature.Header) r6
            java.lang.String r6 = r6.g
            r0 = -1
            int r1 = r6.hashCode()
            r2 = 66245349(0x3f2d2e5, float:1.4271901E-36)
            r3 = 1
            if (r1 == r2) goto L30
            r4 = 2
            r2 = 78251122(0x4aa0472, float:3.997089E-36)
            if (r1 == r2) goto L23
            r4 = 3
            goto L3c
            r4 = 0
        L23:
            r4 = 1
            java.lang.String r1 = "RS256"
            boolean r6 = r6.equals(r1)
            if (r6 == 0) goto L3b
            r4 = 2
            r0 = 0
            goto L3c
            r4 = 3
        L30:
            r4 = 0
            java.lang.String r1 = "ES256"
            boolean r6 = r6.equals(r1)
            if (r6 == 0) goto L3b
            r4 = 1
            r0 = 1
        L3b:
            r4 = 2
        L3c:
            r4 = 3
            if (r0 == 0) goto L4f
            r4 = 0
            if (r0 != r3) goto L46
            r4 = 1
            java.lang.String r6 = "https://www.gstatic.com/iap/verify/public_key-jwk"
            return r6
        L46:
            r4 = 2
            com.google.auth.oauth2.TokenVerifier$VerificationException r6 = new com.google.auth.oauth2.TokenVerifier$VerificationException
            java.lang.String r0 = "Unknown algorithm"
            r6.<init>(r0)
            throw r6
        L4f:
            r4 = 3
            java.lang.String r6 = "https://www.googleapis.com/oauth2/v3/certs"
            return r6
            r0 = 0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.google.auth.oauth2.TokenVerifier.getCertificateLocation(com.google.api.client.json.webtoken.JsonWebSignature):java.lang.String");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static Builder newBuilder() {
        return new Builder().setClock(Clock.a).setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY);
    }

    /* JADX WARN: Unreachable blocks removed: 6, instructions: 6 */
    public JsonWebSignature verify(String str) {
        try {
            JsonWebSignature a = JsonWebSignature.a(OAuth2Utils.JSON_FACTORY, str);
            String str2 = this.audience;
            if (str2 != null && !str2.equals(a.b.i)) {
                throw new VerificationException("Expected audience does not match");
            }
            String str3 = this.issuer;
            if (str3 != null && !str3.equals(a.b.h)) {
                throw new VerificationException("Expected issuer does not match");
            }
            Long l = a.b.g;
            if (l != null && l.longValue() <= this.clock.a() / 1000) {
                throw new VerificationException("Token is expired");
            }
            if (!SUPPORTED_ALGORITHMS.contains(((JsonWebSignature.Header) a.a).g)) {
                throw new VerificationException("Unexpected signing algorithm: expected either RS256 or ES256");
            }
            PublicKey publicKey = this.publicKey;
            if (publicKey == null) {
                try {
                    publicKey = this.publicKeyCache.get(getCertificateLocation(a)).get(((JsonWebSignature.Header) a.a).h);
                } catch (UncheckedExecutionException | ExecutionException e) {
                    throw new VerificationException("Error fetching PublicKey from certificate location", e);
                }
            }
            if (publicKey == null) {
                StringBuilder f = a.f("Could not find PublicKey for provided keyId: ");
                f.append(((JsonWebSignature.Header) a.a).h);
                throw new VerificationException(f.toString());
            }
            try {
                if (a.c(publicKey)) {
                    return a;
                }
                throw new VerificationException("Invalid signature");
            } catch (GeneralSecurityException e2) {
                throw new VerificationException("Error validating token", e2);
            }
        } catch (IOException e4) {
            throw new VerificationException("Error parsing JsonWebSignature token", e4);
        }
    }
}
