package com.google.apphosting.client.datastoreservice.app.mobile;

import com.google.appengine.repackaged.com.google.api.client.extensions.appengine.http.UrlFetchTransport;
import com.google.appengine.repackaged.com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.appengine.repackaged.com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.appengine.repackaged.com.google.api.client.googleapis.auth.oauth2.GooglePublicKeysManager;
import com.google.appengine.repackaged.com.google.api.client.json.jackson.JacksonFactory;
import com.google.appengine.repackaged.com.google.common.annotations.VisibleForTesting;
import com.google.apphosting.api.ApiProxy;
import java.io.IOException;
import java.security.GeneralSecurityException;
import org.apache.hadoop.hbase.security.visibility.VisibilityConstants;

/* loaded from: input_file:com/google/apphosting/client/datastoreservice/app/mobile/IdTokenAuthenticator.class */
public class IdTokenAuthenticator {
    private static final String PUBLIC_CERT_URL = "https://www.googleapis.com/service_accounts/v1/metadata/x509/api-signer@system.gserviceaccount.com";
    private static final String ISSUER = "https://www.googleapis.com";
    static final String REQUEST_USER_CREDENTIAL_KEY = "com.google.apphosting.client.datastoreservice.app.mobile.request_user_credential";
    private GoogleIdTokenVerifier apiaryTokenVerifier;
    private GoogleIdTokenVerifier googleTokenVerifier;

    /* loaded from: input_file:com/google/apphosting/client/datastoreservice/app/mobile/IdTokenAuthenticator$UserCredential.class */
    static class UserCredential {
        private String projectId;
        private String fullUserId;

        UserCredential(String str, String str2) {
            this.projectId = str;
            this.fullUserId = str2;
        }

        public String getProjectId() {
            return this.projectId;
        }

        public String getFullUserId() {
            return this.fullUserId;
        }
    }

    public IdTokenAuthenticator() {
        UrlFetchTransport urlFetchTransport = new UrlFetchTransport();
        JacksonFactory jacksonFactory = new JacksonFactory();
        this.apiaryTokenVerifier = new GoogleIdTokenVerifier.Builder(new GooglePublicKeysManager.Builder(urlFetchTransport, jacksonFactory).setPublicCertsEncodedUrl(PUBLIC_CERT_URL).build()).setIssuer(ISSUER).build();
        this.googleTokenVerifier = new GoogleIdTokenVerifier.Builder(urlFetchTransport, jacksonFactory).build();
    }

    public void authenticate(String str, String str2) throws GeneralSecurityException, IOException {
        if (str == null || str2 == null) {
            throw new GeneralSecurityException("NULL ID TOKEN PROVIDED");
        }
        GoogleIdToken verify = this.googleTokenVerifier.verify(str2);
        String issuer = verify.getPayload().getIssuer();
        String subject = verify.getPayload().getSubject();
        if (issuer == null || subject == null) {
            throw new GeneralSecurityException("EITHER USER ID OR ISSUER IN ID TOKEN IS NULL");
        }
        String sb = new StringBuilder(1 + String.valueOf(issuer).length() + String.valueOf(subject).length()).append(issuer).append(VisibilityConstants.OR_OPERATOR).append(subject).toString();
        ApiProxy.Environment currentEnvironment = ApiProxy.getCurrentEnvironment();
        if (currentEnvironment == null) {
            return;
        }
        String str3 = (String) this.apiaryTokenVerifier.verify(str).getPayload().getAudience();
        if (str3 == null) {
            throw new GeneralSecurityException("NULL PROJECT ID");
        }
        currentEnvironment.getAttributes().put(REQUEST_USER_CREDENTIAL_KEY, new UserCredential(str3, sb));
    }

    @VisibleForTesting
    public IdTokenAuthenticator(GoogleIdTokenVerifier googleIdTokenVerifier, GoogleIdTokenVerifier googleIdTokenVerifier2) {
        this.apiaryTokenVerifier = googleIdTokenVerifier;
        this.googleTokenVerifier = googleIdTokenVerifier2;
    }

    public String getProjectId() {
        UserCredential userCredential;
        ApiProxy.Environment currentEnvironment = ApiProxy.getCurrentEnvironment();
        if (currentEnvironment == null || (userCredential = (UserCredential) currentEnvironment.getAttributes().get(REQUEST_USER_CREDENTIAL_KEY)) == null) {
            return null;
        }
        return userCredential.getProjectId();
    }

    public String getFullUserId() {
        UserCredential userCredential;
        ApiProxy.Environment currentEnvironment = ApiProxy.getCurrentEnvironment();
        if (currentEnvironment == null || (userCredential = (UserCredential) currentEnvironment.getAttributes().get(REQUEST_USER_CREDENTIAL_KEY)) == null) {
            return null;
        }
        return userCredential.getFullUserId();
    }
}
