package com.google.api.client.googleapis.auth.oauth2;

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonParser;
import com.google.api.client.json.JsonToken;
import com.google.api.client.util.Clock;
import com.google.api.client.util.StringUtils;
import com.google.common.base.Preconditions;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: classes.dex */
public class GoogleIdTokenVerifier {

    /* renamed from: a, reason: collision with root package name */
    private static final Pattern f552a = Pattern.compile("\\s*max-age\\s*=\\s*(\\d+)\\s*");
    private final JsonFactory b;
    private List<PublicKey> c;
    private long d;
    private Set<String> e;
    private final HttpTransport f;
    private final Lock g;
    private final Clock h;

    /* loaded from: classes.dex */
    public static class Builder {

        /* renamed from: a, reason: collision with root package name */
        private final HttpTransport f553a;
        private final JsonFactory b;
        private Set<String> c = new HashSet();

        public Builder(HttpTransport httpTransport, JsonFactory jsonFactory) {
            this.f553a = httpTransport;
            this.b = jsonFactory;
        }

        public Builder a(Iterable<String> iterable) {
            this.c.clear();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext()) {
                this.c.add(it.next());
            }
            return this;
        }

        public Builder a(String... strArr) {
            this.c.clear();
            Collections.addAll(this.c, strArr);
            return this;
        }

        public GoogleIdTokenVerifier a() {
            return new GoogleIdTokenVerifier(this.c, this.f553a, this.b);
        }

        public final HttpTransport b() {
            return this.f553a;
        }

        public final JsonFactory c() {
            return this.b;
        }

        public final Set<String> d() {
            return this.c;
        }
    }

    public GoogleIdTokenVerifier(HttpTransport httpTransport, JsonFactory jsonFactory) {
        this(null, httpTransport, jsonFactory);
    }

    protected GoogleIdTokenVerifier(Set<String> set, HttpTransport httpTransport, JsonFactory jsonFactory) {
        this(set, httpTransport, jsonFactory, Clock.f678a);
    }

    protected GoogleIdTokenVerifier(Set<String> set, HttpTransport httpTransport, JsonFactory jsonFactory, Clock clock) {
        this.g = new ReentrantLock();
        this.e = set == null ? Collections.emptySet() : Collections.unmodifiableSet(set);
        this.f = (HttpTransport) Preconditions.a(httpTransport);
        this.b = (JsonFactory) Preconditions.a(jsonFactory);
        this.h = (Clock) Preconditions.a(clock);
    }

    public GoogleIdToken a(String str) throws GeneralSecurityException, IOException {
        GoogleIdToken b = GoogleIdToken.b(this.b, str);
        if (a(b)) {
            return b;
        }
        return null;
    }

    public final JsonFactory a() {
        return this.b;
    }

    public boolean a(GoogleIdToken googleIdToken) throws GeneralSecurityException, IOException {
        return a(this.e, googleIdToken);
    }

    public boolean a(GoogleIdToken googleIdToken, String str) throws GeneralSecurityException, IOException {
        return a(str == null ? Collections.emptySet() : Collections.singleton(str), googleIdToken);
    }

    public boolean a(Set<String> set, GoogleIdToken googleIdToken) throws GeneralSecurityException, IOException {
        GoogleIdToken.Payload e = googleIdToken.e();
        if (!e.a(300L) || !"accounts.google.com".equals(e.d()) || (!set.isEmpty() && (!set.contains(e.e()) || !set.contains(e.j())))) {
            return false;
        }
        if (googleIdToken.d().a().equals("RS256")) {
            this.g.lock();
            try {
                if (this.c == null || this.h.a() + 300000 > this.d) {
                    e();
                }
                Signature signature = Signature.getInstance("SHA256withRSA");
                Iterator<PublicKey> it = this.c.iterator();
                while (it.hasNext()) {
                    signature.initVerify(it.next());
                    signature.update(googleIdToken.c());
                    if (signature.verify(googleIdToken.b())) {
                        return true;
                    }
                }
            } finally {
                this.g.unlock();
            }
        }
        return false;
    }

    public final Set<String> b() {
        return this.e;
    }

    public final List<PublicKey> c() {
        return this.c;
    }

    public final long d() {
        return this.d;
    }

    public GoogleIdTokenVerifier e() throws GeneralSecurityException, IOException {
        this.g.lock();
        try {
            this.c = new ArrayList();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
            HttpResponse x = this.f.a().b(new GenericUrl("https://www.googleapis.com/oauth2/v1/certs")).x();
            String[] split = x.f().n().split(",");
            int length = split.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Matcher matcher = f552a.matcher(split[i]);
                if (matcher.matches()) {
                    this.d = this.h.a() + (Long.valueOf(matcher.group(1)).longValue() * 1000);
                    break;
                }
                i++;
            }
            JsonParser a2 = this.b.a(x.l());
            JsonToken c = a2.c();
            if (c == null) {
                c = a2.p();
            }
            Preconditions.a(c == JsonToken.START_OBJECT);
            while (a2.p() != JsonToken.END_OBJECT) {
                try {
                    a2.p();
                    this.c.add(((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(StringUtils.a(a2.o())))).getPublicKey());
                } finally {
                    a2.a();
                }
            }
            this.c = Collections.unmodifiableList(this.c);
            return this;
        } finally {
            this.g.unlock();
        }
    }
}
