package s5;

import com.google.api.client.auth.openidconnect.HttpTransportFactory;
import com.google.api.client.auth.openidconnect.IdTokenVerifier;
import com.google.api.client.auth.openidconnect.IdTokenVerifier$PublicKeyLoader$JsonWebKey;
import com.google.api.client.auth.openidconnect.IdTokenVerifier$PublicKeyLoader$JsonWebKeySet;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.Base64;
import com.google.common.base.Preconditions;
import com.google.common.cache.CacheLoader;
import com.google.common.collect.ImmutableMap;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.List;
import java.util.logging.Level;

/* loaded from: classes.dex */
public final class a extends CacheLoader {

    /* renamed from: a, reason: collision with root package name */
    public final HttpTransportFactory f33994a;

    public a(HttpTransportFactory httpTransportFactory) {
        this.f33994a = httpTransportFactory;
    }

    public static PublicKey a(IdTokenVerifier$PublicKeyLoader$JsonWebKey idTokenVerifier$PublicKeyLoader$JsonWebKey) {
        if ("ES256".equals(idTokenVerifier$PublicKeyLoader$JsonWebKey.alg)) {
            Preconditions.checkArgument("EC".equals(idTokenVerifier$PublicKeyLoader$JsonWebKey.kty));
            Preconditions.checkArgument("P-256".equals(idTokenVerifier$PublicKeyLoader$JsonWebKey.crv));
            ECPoint eCPoint = new ECPoint(new BigInteger(1, Base64.decodeBase64(idTokenVerifier$PublicKeyLoader$JsonWebKey.f21930x)), new BigInteger(1, Base64.decodeBase64(idTokenVerifier$PublicKeyLoader$JsonWebKey.f21931y)));
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        }
        if (!"RS256".equals(idTokenVerifier$PublicKeyLoader$JsonWebKey.alg)) {
            return null;
        }
        Preconditions.checkArgument("RSA".equals(idTokenVerifier$PublicKeyLoader$JsonWebKey.kty));
        Preconditions.checkNotNull(idTokenVerifier$PublicKeyLoader$JsonWebKey.f21928e);
        Preconditions.checkNotNull(idTokenVerifier$PublicKeyLoader$JsonWebKey.f21929n);
        return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.decodeBase64(idTokenVerifier$PublicKeyLoader$JsonWebKey.f21929n)), new BigInteger(1, Base64.decodeBase64(idTokenVerifier$PublicKeyLoader$JsonWebKey.f21928e))));
    }

    @Override // com.google.common.cache.CacheLoader
    public final Object load(Object obj) {
        String str = (String) obj;
        try {
            IdTokenVerifier$PublicKeyLoader$JsonWebKeySet idTokenVerifier$PublicKeyLoader$JsonWebKeySet = (IdTokenVerifier$PublicKeyLoader$JsonWebKeySet) this.f33994a.create().createRequestFactory().buildGetRequest(new GenericUrl(str)).setParser(GsonFactory.getDefaultInstance().createJsonObjectParser()).execute().parseAs(IdTokenVerifier$PublicKeyLoader$JsonWebKeySet.class);
            ImmutableMap.Builder builder = new ImmutableMap.Builder();
            List<IdTokenVerifier$PublicKeyLoader$JsonWebKey> list = idTokenVerifier$PublicKeyLoader$JsonWebKeySet.keys;
            if (list == null) {
                for (String str2 : idTokenVerifier$PublicKeyLoader$JsonWebKeySet.keySet()) {
                    builder.put(str2, CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(((String) idTokenVerifier$PublicKeyLoader$JsonWebKeySet.get(str2)).getBytes("UTF-8"))).getPublicKey());
                }
            } else {
                for (IdTokenVerifier$PublicKeyLoader$JsonWebKey idTokenVerifier$PublicKeyLoader$JsonWebKey : list) {
                    try {
                        builder.put(idTokenVerifier$PublicKeyLoader$JsonWebKey.kid, a(idTokenVerifier$PublicKeyLoader$JsonWebKey));
                    } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e5) {
                        IdTokenVerifier.h.log(Level.WARNING, "Failed to put a key into the cache", e5);
                    }
                }
            }
            if (builder.build().isEmpty()) {
                throw new b(android.support.v4.media.b.b("No valid public key returned by the keystore: ", str));
            }
            return builder.build();
        } catch (IOException e10) {
            IdTokenVerifier.h.log(Level.WARNING, "Failed to get a certificate from certificate location " + str, (Throwable) e10);
            throw e10;
        }
    }
}
