package com.adtsw.jchannels.auth;

import com.adtsw.jchannels.model.auth.SessionInfo;
import com.adtsw.jchannels.model.auth.TokenInfo;
import com.adtsw.jchannels.model.exception.InvalidTokenException;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.apache.v2.ApacheHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;

/* loaded from: input_file:com/adtsw/jchannels/auth/GAuthTokenManager.class */
public class GAuthTokenManager implements ITokenManager {
    private final JsonFactory gsonFactory;
    private final HttpTransport transport;
    private final GoogleIdTokenVerifier verifier;
    private final long tokenValiditySeconds;
    public static final long DEFAULT_TIME_SKEW_SECONDS = 300;

    public GAuthTokenManager(String str, long j) {
        this.gsonFactory = new GsonFactory();
        this.transport = new ApacheHttpTransport();
        this.verifier = new GoogleIdTokenVerifier.Builder(this.transport, this.gsonFactory).setAudience(Collections.singletonList(str)).build();
        this.tokenValiditySeconds = j;
    }

    public GAuthTokenManager(String str) {
        this(str, -1L);
    }

    @Override // com.adtsw.jchannels.auth.ITokenManager
    public TokenInfo generate(SessionInfo sessionInfo) {
        throw new UnsupportedOperationException();
    }

    @Override // com.adtsw.jchannels.auth.ITokenManager
    public SessionInfo validate(String str) throws InvalidTokenException {
        try {
            GoogleIdToken parse = GoogleIdToken.parse(this.gsonFactory, str);
            if (!verify(parse)) {
                throw new InvalidTokenException("signature verification failed");
            }
            GoogleIdToken.Payload payload = parse.getPayload();
            payload.getSubject();
            String email = payload.getEmail();
            long currentTimeMillis = System.currentTimeMillis();
            boolean booleanValue = payload.getEmailVerified().booleanValue();
            boolean verifyIssuedAtTime = verifyIssuedAtTime(payload, currentTimeMillis, 300L);
            boolean verifyExpirationTime = verifyExpirationTime(payload, currentTimeMillis, 300L);
            boolean verifyIssuedAtTimeRange = verifyIssuedAtTimeRange(payload, currentTimeMillis, this.tokenValiditySeconds);
            if (booleanValue && verifyIssuedAtTime && (verifyExpirationTime || verifyIssuedAtTimeRange)) {
                return new SessionInfo(email, new ArrayList());
            }
            throw new InvalidTokenException("token expired");
        } catch (Exception e) {
            throw new InvalidTokenException(e.getMessage());
        }
    }

    public boolean verify(GoogleIdToken googleIdToken) throws GeneralSecurityException, IOException {
        Iterator it = this.verifier.getPublicKeysManager().getPublicKeys().iterator();
        while (it.hasNext()) {
            if (googleIdToken.verifySignature((PublicKey) it.next())) {
                return true;
            }
        }
        return false;
    }

    public final boolean verifyIssuedAtTime(GoogleIdToken.Payload payload, long j, long j2) {
        return j >= (payload.getIssuedAtTimeSeconds().longValue() - j2) * 1000;
    }

    public final boolean verifyExpirationTime(GoogleIdToken.Payload payload, long j, long j2) {
        return j <= (payload.getExpirationTimeSeconds().longValue() + j2) * 1000;
    }

    public final boolean verifyIssuedAtTimeRange(GoogleIdToken.Payload payload, long j, long j2) {
        return j <= (payload.getIssuedAtTimeSeconds().longValue() + j2) * 1000;
    }
}
