package org.curioswitch.curiostack.gcloud.core.auth;

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Iterator;
import java.util.concurrent.CompletableFuture;
import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
/* loaded from: input_file:org/curioswitch/curiostack/gcloud/core/auth/GoogleIdTokenVerifier.class */
public class GoogleIdTokenVerifier {
    private static final Duration ALLOWED_TIME_SKEW = Duration.ofMinutes(5);
    private final GooglePublicKeysManager publicKeysManager;
    private final Clock clock;

    @Inject
    public GoogleIdTokenVerifier(GooglePublicKeysManager googlePublicKeysManager, Clock clock) {
        this.publicKeysManager = googlePublicKeysManager;
        this.clock = clock;
    }

    public CompletableFuture<Boolean> verify(GoogleIdToken googleIdToken) {
        Instant instant = this.clock.instant();
        if (!instant.isAfter(Instant.ofEpochSecond(googleIdToken.getPayload().getExpirationTimeSeconds().longValue()).plus((TemporalAmount) ALLOWED_TIME_SKEW)) && !instant.isBefore(Instant.ofEpochMilli(googleIdToken.getPayload().getIssuedAtTimeSeconds().longValue()).minus((TemporalAmount) ALLOWED_TIME_SKEW))) {
            return this.publicKeysManager.getKeys().thenApply(list -> {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    try {
                        if (googleIdToken.verifySignature((PublicKey) it.next())) {
                            return true;
                        }
                    } catch (GeneralSecurityException e) {
                        throw new IllegalArgumentException("Could not verify signature.", e);
                    }
                }
                return false;
            });
        }
        return CompletableFuture.completedFuture(false);
    }
}
