package com.google.auth.oauth2;

import com.google.api.client.http.HttpResponseException;
import com.google.api.client.util.GenericData;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.common.collect.ImmutableSet;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import o.C1402da;
import o.C1461e30;
import o.InterfaceC1371dA0;
import o.InterfaceC2007jG;
import o.NK;
import o.QF;
import o.RG;
import o.TB;
import o.XK;

/* loaded from: classes2.dex */
public class ComputeEngineCredentials extends GoogleCredentials implements ServiceAccountSigner, IdTokenProvider {
    public static final Duration R = Duration.ofMinutes(3);
    public static final Duration S = Duration.ofMinutes(4);
    public static final Logger T = Logger.getLogger(ComputeEngineCredentials.class.getName());
    public static final String U = "http://metadata.google.internal";
    public static final String V = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:signBlob";
    public static final int W = 3;
    public static final int X = 500;
    public static final String Y = "Metadata-Flavor";
    public static final String Z = "Google";
    public static final String a0 = "windows";
    public static final String b0 = "linux";
    public static final String c0 = "Error parsing token refresh response. ";
    public static final String d0 = "Error parsing service account response. ";
    public static final long e0 = -4113476462526554235L;
    public final String N;
    public final Collection<String> O;
    public transient InterfaceC2007jG P;
    public transient String Q;

    /* loaded from: classes2.dex */
    public static class b extends GoogleCredentials.a {
        public InterfaceC2007jG e;
        public Collection<String> f;

        public b() {
        }

        public b(ComputeEngineCredentials computeEngineCredentials) {
            this.e = computeEngineCredentials.P;
            this.f = computeEngineCredentials.O;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: c, reason: merged with bridge method [inline-methods] */
        public ComputeEngineCredentials b() {
            return new ComputeEngineCredentials(this.e, this.f, null);
        }

        public InterfaceC2007jG getHttpTransportFactory() {
            return this.e;
        }

        public Collection<String> getScopes() {
            return this.f;
        }

        public b setHttpTransportFactory(InterfaceC2007jG interfaceC2007jG) {
            this.e = interfaceC2007jG;
            return this;
        }

        public b setScopes(Collection<String> collection) {
            this.f = collection;
            return this;
        }
    }

    public ComputeEngineCredentials(InterfaceC2007jG interfaceC2007jG, Collection<String> collection, Collection<String> collection2) {
        super(null, S, R);
        InterfaceC2007jG interfaceC2007jG2 = (InterfaceC2007jG) com.google.common.base.a.a(interfaceC2007jG, OAuth2Credentials.getFromServiceLoader(InterfaceC2007jG.class, C1461e30.i));
        this.P = interfaceC2007jG2;
        this.N = interfaceC2007jG2.getClass().getName();
        collection = (collection == null || collection.isEmpty()) ? collection2 : collection;
        if (collection == null) {
            this.O = ImmutableSet.B();
            return;
        }
        ArrayList arrayList = new ArrayList(collection);
        arrayList.removeAll(Arrays.asList("", null));
        this.O = ImmutableSet.u(arrayList);
    }

    @InterfaceC1371dA0
    public static boolean O(BufferedReader bufferedReader) throws IOException {
        return bufferedReader.readLine().trim().startsWith(Z);
    }

    @InterfaceC1371dA0
    public static boolean P(c cVar) {
        String osName = cVar.getOsName();
        try {
            if (osName.startsWith(b0)) {
                return O(new BufferedReader(new InputStreamReader(cVar.d(new File("/sys/class/dmi/id/product_name")))));
            }
            osName.startsWith(a0);
            return false;
        } catch (IOException e) {
            T.log(Level.FINE, "Encountered an unexpected exception when checking SMBIOS value", (Throwable) e);
            return false;
        }
    }

    public static ComputeEngineCredentials Q() {
        return new ComputeEngineCredentials(null, null, null);
    }

    public static synchronized boolean S(InterfaceC2007jG interfaceC2007jG, c cVar) {
        synchronized (ComputeEngineCredentials.class) {
            try {
                if (Boolean.parseBoolean(cVar.getEnv(c.p))) {
                    return false;
                }
                boolean U2 = U(interfaceC2007jG, cVar);
                if (!U2) {
                    U2 = P(cVar);
                }
                if (!U2) {
                    T.log(Level.FINE, "Failed to detect whether running on Google Compute Engine.");
                }
                return U2;
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    public static b T() {
        return new b();
    }

    public static boolean U(InterfaceC2007jG interfaceC2007jG, c cVar) {
        TB tb = new TB(getMetadataServerUrl(cVar));
        for (int i = 1; i <= 3; i++) {
            try {
                com.google.api.client.http.a b2 = interfaceC2007jG.a().c().b(tb);
                b2.setConnectTimeout(500);
                b2.getHeaders().set(Y, Z);
                QF b3 = b2.b();
                try {
                    return C1461e30.a(b3.getHeaders(), Y, Z);
                } finally {
                    b3.a();
                }
            } catch (SocketTimeoutException unused) {
                continue;
            } catch (IOException e) {
                T.log(Level.FINE, "Encountered an unexpected exception when checking if running on Google Compute Engine using Metadata Service ping.", (Throwable) e);
            }
        }
        return false;
    }

    private String getDefaultServiceAccount() throws IOException {
        QF metadataResponse = getMetadataResponse(getServiceAccountsUrl());
        int d = metadataResponse.d();
        if (d == 404) {
            throw new IOException(String.format("Error code %s trying to get service accounts from Compute Engine metadata. This may be because the virtual machine instance does not have permission scopes specified.", Integer.valueOf(d)));
        }
        if (d != 200) {
            throw new IOException(String.format("Unexpected Error code %s trying to get service accounts from Compute Engine metadata: %s", Integer.valueOf(d), metadataResponse.k()));
        }
        if (metadataResponse.getContent() != null) {
            return C1461e30.i(C1461e30.f((GenericData) metadataResponse.i(GenericData.class), "default", d0), "email", d0);
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    public static String getIdentityDocumentUrl() {
        return getMetadataServerUrl(c.d) + "/computeMetadata/v1/instance/service-accounts/default/identity";
    }

    private QF getMetadataResponse(String str) throws IOException {
        com.google.api.client.http.a b2 = this.P.a().c().b(new TB(str));
        b2.setParser(new XK(C1461e30.j));
        b2.getHeaders().set(Y, (Object) Z);
        b2.setThrowExceptionOnExecuteError(false);
        try {
            QF b3 = b2.b();
            if (b3.d() != 503) {
                return b3;
            }
            throw GoogleAuthException.e(new HttpResponseException(b3));
        } catch (UnknownHostException e) {
            throw new IOException("ComputeEngineCredentials cannot find the metadata server. This is likely because code is not running on Google Compute Engine.", e);
        }
    }

    public static String getMetadataServerUrl() {
        return getMetadataServerUrl(c.d);
    }

    public static String getMetadataServerUrl(c cVar) {
        String env = cVar.getEnv(c.q);
        if (env == null) {
            return U;
        }
        return "http://" + env;
    }

    public static String getServiceAccountsUrl() {
        return getMetadataServerUrl(c.d) + "/computeMetadata/v1/instance/service-accounts/?recursive=true";
    }

    public static String getTokenServerEncodedUrl() {
        return getTokenServerEncodedUrl(c.d);
    }

    public static String getTokenServerEncodedUrl(c cVar) {
        return getMetadataServerUrl(cVar) + "/computeMetadata/v1/instance/service-accounts/default/token";
    }

    private void s(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.P = (InterfaceC2007jG) OAuth2Credentials.r(this.N);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials C(Collection<String> collection) {
        return new ComputeEngineCredentials(this.P, collection, null);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials D(Collection<String> collection, Collection<String> collection2) {
        return new ComputeEngineCredentials(this.P, collection, collection2);
    }

    public String R() {
        TB tb = new TB(getTokenServerEncodedUrl());
        if (!this.O.isEmpty()) {
            tb.set("scopes", (Object) NK.o(C1402da.e).k(this.O));
        }
        return tb.toString();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    /* renamed from: V, reason: merged with bridge method [inline-methods] */
    public b w() {
        return new b(this);
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] a(byte[] bArr) {
        try {
            return RG.a(getAccount(), this, this.P.a(), bArr, Collections.emptyMap());
        } catch (ServiceAccountSigner.SigningException e) {
            throw e;
        } catch (RuntimeException e2) {
            throw new ServiceAccountSigner.SigningException("Signing failed", e2);
        }
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken c(String str, List<IdTokenProvider.Option> list) throws IOException {
        TB tb = new TB(getIdentityDocumentUrl());
        if (list != null) {
            if (list.contains(IdTokenProvider.Option.FORMAT_FULL)) {
                tb.set("format", (Object) "full");
            }
            if (list.contains(IdTokenProvider.Option.LICENSES_TRUE)) {
                tb.set("format", (Object) "full");
                tb.set("license", (Object) "TRUE");
            }
        }
        tb.set("audience", (Object) str);
        QF metadataResponse = getMetadataResponse(tb.toString());
        if (metadataResponse.getContent() != null) {
            return IdToken.c(metadataResponse.k());
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ComputeEngineCredentials)) {
            return false;
        }
        ComputeEngineCredentials computeEngineCredentials = (ComputeEngineCredentials) obj;
        return Objects.equals(this.N, computeEngineCredentials.N) && Objects.equals(this.O, computeEngineCredentials.O);
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        if (this.Q == null) {
            try {
                this.Q = getDefaultServiceAccount();
            } catch (IOException e) {
                throw new RuntimeException("Failed to get service account", e);
            }
        }
        return this.Q;
    }

    public final Collection<String> getScopes() {
        return this.O;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.N);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken t() throws IOException {
        QF metadataResponse = getMetadataResponse(R());
        int d = metadataResponse.d();
        if (d == 404) {
            throw new IOException(String.format("Error code %s trying to get security access token from Compute Engine metadata for the default service account. This may be because the virtual machine instance does not have permission scopes specified. It is possible to skip checking for Compute Engine metadata by specifying the environment  variable NO_GCE_CHECK=true.", Integer.valueOf(d)));
        }
        if (d != 200) {
            throw new IOException(String.format("Unexpected Error code %s trying to get security access token from Compute Engine metadata for the default service account: %s", Integer.valueOf(d), metadataResponse.k()));
        }
        if (metadataResponse.getContent() == null) {
            throw new IOException("Empty content from metadata token server request.");
        }
        return new AccessToken(C1461e30.i((GenericData) metadataResponse.i(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.B.currentTimeMillis() + (C1461e30.d(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return com.google.common.base.a.c(this).f("transportFactoryClassName", this.N).toString();
    }
}
