package com.facebook.internal.security; import android.util.Base64; import com.facebook.FacebookSdk; import com.google.firebase.perf.network.FirebasePerfUrlConnection; import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; import java.io.Reader; import java.net.HttpURLConnection; import java.net.URL; import java.net.URLConnection; import java.security.KeyFactory; import java.security.PublicKey; import java.security.Signature; import java.security.spec.X509EncodedKeySpec; import java.util.concurrent.TimeUnit; import java.util.concurrent.locks.Condition; import java.util.concurrent.locks.ReentrantLock; import kotlin.Unit; import kotlin.io.TextStreamsKt; import kotlin.jvm.internal.Intrinsics; import kotlin.jvm.internal.Ref; import kotlin.text.Charsets; import kotlin.text.StringsKt__StringsJVMKt; import org.json.JSONObject; /* loaded from: classes2.dex */ public final class OidcSecurityUtil { public static final OidcSecurityUtil INSTANCE = new OidcSecurityUtil(); private static final String OPENID_KEYS_PATH = "/.well-known/oauth/openid/keys/"; public static final String SIGNATURE_ALGORITHM_SHA256 = "SHA256withRSA"; public static final long TIMEOUT_IN_MILLISECONDS = 5000; public final String getOPENID_KEYS_PATH() { return OPENID_KEYS_PATH; } private OidcSecurityUtil() { } /* JADX WARN: Multi-variable type inference failed */ public static final String getRawKeyFromEndPoint(final String kid) { Intrinsics.checkNotNullParameter(kid, "kid"); final URL url = new URL("https", Intrinsics.stringPlus("www.", FacebookSdk.getFacebookDomain()), OPENID_KEYS_PATH); final ReentrantLock reentrantLock = new ReentrantLock(); final Condition newCondition = reentrantLock.newCondition(); final Ref.ObjectRef objectRef = new Ref.ObjectRef(); FacebookSdk.getExecutor().execute(new Runnable() { // from class: com.facebook.internal.security.OidcSecurityUtil$$ExternalSyntheticLambda0 @Override // java.lang.Runnable public final void run() { OidcSecurityUtil.m609getRawKeyFromEndPoint$lambda1(url, objectRef, kid, reentrantLock, newCondition); } }); reentrantLock.lock(); try { newCondition.await(5000L, TimeUnit.MILLISECONDS); reentrantLock.unlock(); return (String) objectRef.element; } catch (Throwable th) { reentrantLock.unlock(); throw th; } } /* JADX INFO: Access modifiers changed from: private */ /* JADX WARN: Type inference failed for: r5v2, types: [T, java.lang.String] */ /* renamed from: getRawKeyFromEndPoint$lambda-1, reason: not valid java name */ public static final void m609getRawKeyFromEndPoint$lambda1(URL openIdKeyUrl, Ref.ObjectRef result, String kid, ReentrantLock lock, Condition condition) { Intrinsics.checkNotNullParameter(openIdKeyUrl, "$openIdKeyUrl"); Intrinsics.checkNotNullParameter(result, "$result"); Intrinsics.checkNotNullParameter(kid, "$kid"); Intrinsics.checkNotNullParameter(lock, "$lock"); URLConnection uRLConnection = (URLConnection) FirebasePerfUrlConnection.instrument(openIdKeyUrl.openConnection()); if (uRLConnection == null) { throw new NullPointerException("null cannot be cast to non-null type java.net.HttpURLConnection"); } HttpURLConnection httpURLConnection = (HttpURLConnection) uRLConnection; try { try { InputStream inputStream = httpURLConnection.getInputStream(); Intrinsics.checkNotNullExpressionValue(inputStream, "connection.inputStream"); Reader inputStreamReader = new InputStreamReader(inputStream, Charsets.UTF_8); String readText = TextStreamsKt.readText(inputStreamReader instanceof BufferedReader ? (BufferedReader) inputStreamReader : new BufferedReader(inputStreamReader, 8192)); httpURLConnection.getInputStream().close(); result.element = new JSONObject(readText).optString(kid); httpURLConnection.disconnect(); lock.lock(); } catch (Exception e) { INSTANCE.getClass(); e.getMessage(); httpURLConnection.disconnect(); lock.lock(); try { condition.signal(); Unit unit = Unit.INSTANCE; } finally { } } try { condition.signal(); Unit unit2 = Unit.INSTANCE; } finally { } } catch (Throwable th) { httpURLConnection.disconnect(); lock.lock(); try { condition.signal(); Unit unit3 = Unit.INSTANCE; throw th; } finally { } } } public static final PublicKey getPublicKeyFromString(String key) { String replace$default; String replace$default2; String replace$default3; Intrinsics.checkNotNullParameter(key, "key"); replace$default = StringsKt__StringsJVMKt.replace$default(key, "\n", "", false, 4, (Object) null); replace$default2 = StringsKt__StringsJVMKt.replace$default(replace$default, "-----BEGIN PUBLIC KEY-----", "", false, 4, (Object) null); replace$default3 = StringsKt__StringsJVMKt.replace$default(replace$default2, "-----END PUBLIC KEY-----", "", false, 4, (Object) null); byte[] decode = Base64.decode(replace$default3, 0); Intrinsics.checkNotNullExpressionValue(decode, "decode(pubKeyString, Base64.DEFAULT)"); PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decode)); Intrinsics.checkNotNullExpressionValue(generatePublic, "kf.generatePublic(x509publicKey)"); return generatePublic; } public static final boolean verify(PublicKey publicKey, String data, String signature) { Intrinsics.checkNotNullParameter(publicKey, "publicKey"); Intrinsics.checkNotNullParameter(data, "data"); Intrinsics.checkNotNullParameter(signature, "signature"); try { Signature signature2 = Signature.getInstance(SIGNATURE_ALGORITHM_SHA256); signature2.initVerify(publicKey); byte[] bytes = data.getBytes(Charsets.UTF_8); Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)"); signature2.update(bytes); byte[] decode = Base64.decode(signature, 8); Intrinsics.checkNotNullExpressionValue(decode, "decode(signature, Base64.URL_SAFE)"); return signature2.verify(decode); } catch (Exception unused) { return false; } } }