package org.ctoolkit.services.endpoints;

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.googleapis.auth.oauth2.GooglePublicKeysManager;
import com.google.api.server.spi.Client;
import com.google.api.server.spi.auth.GoogleAuth;
import com.google.api.server.spi.auth.common.User;
import com.google.api.server.spi.config.Authenticator;
import com.google.common.annotations.VisibleForTesting;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import org.ctoolkit.services.endpoints.VerifiedUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:org/ctoolkit/services/endpoints/FirebaseJwtAuthenticator.class */
public class FirebaseJwtAuthenticator implements Authenticator {
    private static final Logger logger = LoggerFactory.getLogger(FirebaseJwtAuthenticator.class);
    private static final String PUBLIC_CERTS_URL = "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com";
    private static final GoogleIdTokenVerifier verifier;

    public User authenticate(HttpServletRequest httpServletRequest) {
        String authToken = GoogleAuth.getAuthToken(httpServletRequest);
        if (!GoogleAuth.isJwt(authToken)) {
            logger.warn("Not a JWT token.");
            return null;
        }
        try {
            GoogleIdToken verify = getVerifier().verify(authToken);
            if (verify == null) {
                return null;
            }
            String subject = verify.getPayload().getSubject();
            String email = verify.getPayload().getEmail();
            String str = (String) verify.getPayload().getAudience();
            if (email == null) {
                return null;
            }
            VerifiedUser.Builder builder = new VerifiedUser.Builder();
            builder.email(email).userId(subject).audience(str).token(authToken);
            VerifiedUser verifiedUser = new VerifiedUser(builder);
            httpServletRequest.setAttribute(VerifiedUser.class.getName(), verifiedUser);
            logger.info("Firebase authenticated user: " + verifiedUser);
            return verifiedUser;
        } catch (Exception e) {
            logger.warn(e.getMessage());
            return null;
        }
    }

    @VisibleForTesting
    GoogleIdTokenVerifier getVerifier() {
        return verifier;
    }

    static {
        GooglePublicKeysManager.Builder builder = new GooglePublicKeysManager.Builder(Client.getInstance().getHttpTransport(), Client.getInstance().getJsonFactory());
        builder.setPublicCertsEncodedUrl(PUBLIC_CERTS_URL);
        GoogleIdTokenVerifier.Builder builder2 = new GoogleIdTokenVerifier.Builder(builder.build());
        builder2.setIssuer((String) null);
        verifier = builder2.build();
    }
}
