package com.google.api.server.spi;

import com.google.appengine.repackaged.com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.appengine.repackaged.com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.appengine.repackaged.com.google.api.client.googleapis.auth.oauth2.GooglePublicKeysManager;
import com.google.appengine.repackaged.com.google.api.client.http.HttpTransport;
import com.google.appengine.repackaged.com.google.api.client.json.JsonFactory;
import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/google/api/server/spi/EndpointsToken.class */
public class EndpointsToken {
    private static final String PUBLIC_CERT_URL = "https://www.googleapis.com/service_accounts/v1/metadata/x509/cloud-endpoints-signer@system.gserviceaccount.com";
    private static final String ISSUER = "https://www.cloudendpointsapis.com";
    private static final String PEER_AUTHORIZATION_HEADER = "Peer-Authorization";
    private final GoogleIdTokenVerifier verifier;

    EndpointsToken(HttpTransport httpTransport, JsonFactory jsonFactory) {
        this.verifier = new GoogleIdTokenVerifier.Builder(new GooglePublicKeysManager.Builder(httpTransport, jsonFactory).setPublicCertsEncodedUrl(PUBLIC_CERT_URL).build()).setIssuer(ISSUER).build();
    }

    private String getEndpointsToken(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(PEER_AUTHORIZATION_HEADER);
    }

    public GoogleIdToken verify(HttpServletRequest httpServletRequest) {
        try {
            String endpointsToken = getEndpointsToken(httpServletRequest);
            if (endpointsToken == null) {
                return null;
            }
            return this.verifier.verify(endpointsToken);
        } catch (IOException | IllegalArgumentException | GeneralSecurityException e) {
            return null;
        }
    }
}
