package com.digischool.oss.authentication.auth.model.keycloak.token;

import android.util.Base64;
import com.digischool.oss.authentication.auth.model.ApiConfig;
import com.digischool.oss.authentication.auth.model.keycloak.KeycloakServer;
import com.google.api.client.auth.openidconnect.IdTokenVerifier;
import com.google.api.client.util.Clock;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;

/* compiled from: KeycloakTokenVerifier.java */
/* loaded from: classes.dex */
public class c extends IdTokenVerifier {
    private final PublicKey a;
    private boolean b;

    /* compiled from: KeycloakTokenVerifier.java */
    /* loaded from: classes.dex */
    public static class a extends IdTokenVerifier.Builder {
        PublicKey a;

        public a(ApiConfig apiConfig) {
            this.a = a(apiConfig.getKeycloakConfig().realmPublicKey);
        }

        private PublicKey a(String str) {
            try {
                return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(str, 0)));
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            } catch (InvalidKeySpecException e2) {
                throw new IllegalArgumentException(e2);
            }
        }

        @Override // com.google.api.client.auth.openidconnect.IdTokenVerifier.Builder
        public c build() {
            return new c(this);
        }

        @Override // com.google.api.client.auth.openidconnect.IdTokenVerifier.Builder
        public a setAcceptableTimeSkewSeconds(long j) {
            return (a) super.setAcceptableTimeSkewSeconds(j);
        }

        @Override // com.google.api.client.auth.openidconnect.IdTokenVerifier.Builder
        public a setAudience(Collection<String> collection) {
            return (a) super.setAudience(collection);
        }

        @Override // com.google.api.client.auth.openidconnect.IdTokenVerifier.Builder
        public /* bridge */ /* synthetic */ IdTokenVerifier.Builder setAudience(Collection collection) {
            return setAudience((Collection<String>) collection);
        }

        @Override // com.google.api.client.auth.openidconnect.IdTokenVerifier.Builder
        public a setClock(Clock clock) {
            return (a) super.setClock(clock);
        }

        @Override // com.google.api.client.auth.openidconnect.IdTokenVerifier.Builder
        public a setIssuer(String str) {
            return (a) super.setIssuer(str);
        }

        @Override // com.google.api.client.auth.openidconnect.IdTokenVerifier.Builder
        public a setIssuers(Collection<String> collection) {
            return (a) super.setIssuers(collection);
        }

        @Override // com.google.api.client.auth.openidconnect.IdTokenVerifier.Builder
        public /* bridge */ /* synthetic */ IdTokenVerifier.Builder setIssuers(Collection collection) {
            return setIssuers((Collection<String>) collection);
        }
    }

    public c(ApiConfig apiConfig) {
        this(new a(apiConfig).setIssuer(KeycloakServer.getIssuer(apiConfig.getKeycloakConfig())).setAudience((Collection<String>) Collections.singletonList(apiConfig.getAuthTokenType())).setAcceptableTimeSkewSeconds(apiConfig.getSkewTime()));
    }

    public c(a aVar) {
        super(aVar);
        this.b = true;
        this.a = aVar.a;
    }

    private boolean b(KeyCloakAccessToken keyCloakAccessToken) {
        String issuer = keyCloakAccessToken.getPayload().getIssuer();
        List<String> audienceAsList = keyCloakAccessToken.getPayload().getAudienceAsList();
        return ((issuer == null || keyCloakAccessToken.verifyIssuer(issuer)) && (audienceAsList == null || keyCloakAccessToken.verifyAudience(audienceAsList)) && this.b) ? keyCloakAccessToken.verifyTime(getClock().currentTimeMillis(), getAcceptableTimeSkewSeconds()) : keyCloakAccessToken.verifyIssuedAtTime(getClock().currentTimeMillis(), getAcceptableTimeSkewSeconds());
    }

    public void a(boolean z) {
        this.b = z;
    }

    public boolean a(KeyCloakAccessToken keyCloakAccessToken) throws GeneralSecurityException {
        if (b(keyCloakAccessToken)) {
            return keyCloakAccessToken.verifySignature(this.a);
        }
        return false;
    }
}
