package com.google.auth.oauth2;

import com.google.api.client.http.HttpResponseException;
import com.google.api.client.util.GenericData;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.auth.oauth2.JwtClaims;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Executor;
import o.C0532Jv;
import o.C1461e30;
import o.C1491eL;
import o.C1596fL;
import o.C3390wg;
import o.CE;
import o.DE;
import o.InterfaceC1371dA0;
import o.InterfaceC2007jG;
import o.InterfaceC2762qd0;
import o.InterfaceC3467xL;
import o.OK;
import o.Px0;
import o.QB;
import o.QF;
import o.TB;
import o.UK;
import o.W70;
import o.XK;

/* loaded from: classes2.dex */
public class ServiceAccountCredentials extends GoogleCredentials implements ServiceAccountSigner, IdTokenProvider, InterfaceC3467xL {
    public static final long c0 = 7807543542681217978L;
    public static final String d0 = "urn:ietf:params:oauth:grant-type:jwt-bearer";
    public static final String e0 = "Error parsing token refresh response. ";
    public static final int f0 = 43200;
    public static final int g0 = 3600;
    public static final int h0 = 1000;
    public static final double i0 = 0.1d;
    public static final double j0 = 2.0d;
    public static final int k0 = 3;
    public final String N;
    public final String O;
    public final PrivateKey P;
    public final String Q;
    public final String R;
    public final String S;
    public final String T;
    public final URI U;
    public final Collection<String> V;
    public final Collection<String> W;
    public final int X;
    public final boolean Y;
    public final boolean Z;
    public transient InterfaceC2007jG a0;
    public transient JwtCredentials b0;

    /* loaded from: classes2.dex */
    public static class a extends GoogleCredentials.a {
        public String e;
        public String f;
        public PrivateKey g;
        public String h;
        public String i;
        public String j;
        public URI k;
        public Collection<String> l;
        public Collection<String> m;
        public InterfaceC2007jG n;

        /* renamed from: o, reason: collision with root package name */
        public int f94o;
        public boolean p;
        public boolean q;

        public a() {
            this.f94o = 3600;
            this.p = false;
            this.q = true;
        }

        public a(ServiceAccountCredentials serviceAccountCredentials) {
            super(serviceAccountCredentials);
            this.f94o = 3600;
            this.p = false;
            this.q = true;
            this.e = serviceAccountCredentials.N;
            this.f = serviceAccountCredentials.O;
            this.g = serviceAccountCredentials.P;
            this.h = serviceAccountCredentials.Q;
            this.l = serviceAccountCredentials.V;
            this.m = serviceAccountCredentials.W;
            this.n = serviceAccountCredentials.a0;
            this.k = serviceAccountCredentials.U;
            this.i = serviceAccountCredentials.R;
            this.j = serviceAccountCredentials.S;
            this.f94o = serviceAccountCredentials.X;
            this.p = serviceAccountCredentials.Y;
            this.q = serviceAccountCredentials.Z;
        }

        public String getClientEmail() {
            return this.f;
        }

        public String getClientId() {
            return this.e;
        }

        public Collection<String> getDefaultScopes() {
            return this.m;
        }

        public InterfaceC2007jG getHttpTransportFactory() {
            return this.n;
        }

        public PrivateKey getPrivateKey() {
            return this.g;
        }

        public String getPrivateKeyId() {
            return this.h;
        }

        public String getProjectId() {
            return this.j;
        }

        public Collection<String> getScopes() {
            return this.l;
        }

        public String getServiceAccountUser() {
            return this.i;
        }

        public URI getTokenServerUri() {
            return this.k;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: p, reason: merged with bridge method [inline-methods] */
        public ServiceAccountCredentials b() {
            return new ServiceAccountCredentials(this);
        }

        public int q() {
            return this.f94o;
        }

        public boolean r() {
            return this.p;
        }

        public boolean s() {
            return this.q;
        }

        public a setClientEmail(String str) {
            this.f = str;
            return this;
        }

        public a setClientId(String str) {
            this.e = str;
            return this;
        }

        public a setDefaultRetriesEnabled(boolean z) {
            this.q = z;
            return this;
        }

        public a setHttpTransportFactory(InterfaceC2007jG interfaceC2007jG) {
            this.n = interfaceC2007jG;
            return this;
        }

        public a setLifetime(int i) {
            if (i == 0) {
                i = 3600;
            }
            this.f94o = i;
            return this;
        }

        public a setPrivateKey(PrivateKey privateKey) {
            this.g = privateKey;
            return this;
        }

        public a setPrivateKeyId(String str) {
            this.h = str;
            return this;
        }

        public a setPrivateKeyString(String str) throws IOException {
            this.g = C1461e30.c(str);
            return this;
        }

        public a setProjectId(String str) {
            this.j = str;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        public a setQuotaProjectId(String str) {
            super.setQuotaProjectId(str);
            return this;
        }

        public a setScopes(Collection<String> collection) {
            this.l = collection;
            this.m = ImmutableSet.B();
            return this;
        }

        public a setScopes(Collection<String> collection, Collection<String> collection2) {
            this.l = collection;
            this.m = collection2;
            return this;
        }

        public a setServiceAccountUser(String str) {
            this.i = str;
            return this;
        }

        public a setTokenServerUri(URI uri) {
            this.k = uri;
            return this;
        }

        public a setUseJwtAccessWithScope(boolean z) {
            this.p = z;
            return this;
        }
    }

    public ServiceAccountCredentials(a aVar) {
        super(aVar);
        this.b0 = null;
        this.N = aVar.e;
        this.O = (String) W70.d(aVar.f);
        this.P = (PrivateKey) W70.d(aVar.g);
        this.Q = aVar.h;
        this.V = aVar.l == null ? ImmutableSet.B() : ImmutableSet.u(aVar.l);
        this.W = aVar.m == null ? ImmutableSet.B() : ImmutableSet.u(aVar.m);
        InterfaceC2007jG interfaceC2007jG = (InterfaceC2007jG) com.google.common.base.a.a(aVar.n, OAuth2Credentials.getFromServiceLoader(InterfaceC2007jG.class, C1461e30.i));
        this.a0 = interfaceC2007jG;
        this.T = interfaceC2007jG.getClass().getName();
        this.U = aVar.k == null ? C1461e30.e : aVar.k;
        this.R = aVar.i;
        this.S = aVar.j;
        if (aVar.f94o > 43200) {
            throw new IllegalStateException("lifetime must be less than or equal to 43200");
        }
        this.X = aVar.f94o;
        this.Y = aVar.p;
        this.Z = aVar.q;
    }

    public static ServiceAccountCredentials g0(Map<String, Object> map, InterfaceC2007jG interfaceC2007jG) throws IOException {
        URI uri;
        String str = (String) map.get(C3390wg.e);
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        String str7 = (String) map.get("quota_project_id");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return h0(str3, t0().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setHttpTransportFactory(interfaceC2007jG).setTokenServerUri(uri).setProjectId(str5).setQuotaProjectId(str7));
    }

    private String getIssuer() {
        return this.O;
    }

    @InterfaceC1371dA0
    public static URI getUriForSelfSignedJWT(URI uri) {
        if (uri != null && uri.getScheme() != null && uri.getHost() != null) {
            try {
                return new URI(uri.getScheme(), uri.getHost(), "/", null);
            } catch (URISyntaxException unused) {
            }
        }
        return uri;
    }

    public static ServiceAccountCredentials h0(String str, a aVar) throws IOException {
        aVar.setPrivateKey(C1461e30.c(str));
        return new ServiceAccountCredentials(aVar);
    }

    public static ServiceAccountCredentials i0(String str, String str2, String str3, String str4, Collection<String> collection) throws IOException {
        return h0(str3, t0().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection));
    }

    public static ServiceAccountCredentials j0(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2) throws IOException {
        return h0(str3, t0().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection, collection2));
    }

    public static ServiceAccountCredentials k0(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2, InterfaceC2007jG interfaceC2007jG, URI uri) throws IOException {
        return h0(str3, t0().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection, collection2).setHttpTransportFactory(interfaceC2007jG).setTokenServerUri(uri));
    }

    public static ServiceAccountCredentials l0(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2, InterfaceC2007jG interfaceC2007jG, URI uri, String str5) throws IOException {
        return h0(str3, t0().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection, collection2).setHttpTransportFactory(interfaceC2007jG).setTokenServerUri(uri).setServiceAccountUser(str5));
    }

    public static ServiceAccountCredentials m0(String str, String str2, String str3, String str4, Collection<String> collection, InterfaceC2007jG interfaceC2007jG, URI uri) throws IOException {
        return h0(str3, t0().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection).setHttpTransportFactory(interfaceC2007jG).setTokenServerUri(uri));
    }

    public static ServiceAccountCredentials n0(String str, String str2, String str3, String str4, Collection<String> collection, InterfaceC2007jG interfaceC2007jG, URI uri, String str5) throws IOException {
        return h0(str3, t0().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection).setHttpTransportFactory(interfaceC2007jG).setTokenServerUri(uri).setServiceAccountUser(str5));
    }

    public static ServiceAccountCredentials o0(InputStream inputStream) throws IOException {
        return p0(inputStream, C1461e30.i);
    }

    public static ServiceAccountCredentials p0(InputStream inputStream, InterfaceC2007jG interfaceC2007jG) throws IOException {
        W70.d(inputStream);
        W70.d(interfaceC2007jG);
        QB qb = (QB) new XK(C1461e30.j).c(inputStream, StandardCharsets.UTF_8, QB.class);
        String str = (String) qb.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if (GoogleCredentials.K.equals(str)) {
            return g0(qb, interfaceC2007jG);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, GoogleCredentials.K));
    }

    private void s(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.a0 = (InterfaceC2007jG) OAuth2Credentials.r(this.T);
    }

    public static /* synthetic */ boolean s0(QF qf) {
        return C1461e30.f223o.contains(Integer.valueOf(qf.d()));
    }

    public static a t0() {
        return new a();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials B(String str) {
        return w().setServiceAccountUser(str).b();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials C(Collection<String> collection) {
        return D(collection, null);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials D(Collection<String> collection, Collection<String> collection2) {
        return w().setScopes(collection, collection2).b();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public boolean F() {
        return this.V.isEmpty() && this.W.isEmpty();
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] a(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance(C1461e30.a);
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new ServiceAccountSigner.SigningException("Failed to sign the provided bytes", e);
        }
    }

    public String a0(UK uk, long j) throws IOException {
        C1491eL.a aVar = new C1491eL.a();
        aVar.setAlgorithm("RS256");
        aVar.setType("JWT");
        aVar.setKeyId(this.Q);
        C1596fL.b bVar = new C1596fL.b();
        bVar.setIssuer(getIssuer());
        long j2 = j / 1000;
        bVar.setIssuedAtTimeSeconds(Long.valueOf(j2));
        bVar.setExpirationTimeSeconds(Long.valueOf(j2 + this.X));
        bVar.setSubject(this.R);
        if (this.V.isEmpty()) {
            bVar.put(C1461e30.n, OK.b(' ').a(this.W));
        } else {
            bVar.put(C1461e30.n, OK.b(' ').a(this.V));
        }
        bVar.setAudience(C1461e30.e.toString());
        try {
            return C1491eL.e(this.P, uk, aVar, bVar);
        } catch (GeneralSecurityException e) {
            throw new IOException("Error signing service account access token request with private key.", e);
        }
    }

    @Override // o.InterfaceC3467xL
    public JwtCredentials b(JwtClaims jwtClaims) {
        return JwtCredentials.i().setPrivateKey(this.P).setPrivateKeyId(this.Q).setJwtClaims(JwtClaims.c().setIssuer(getIssuer()).setSubject(this.O).a().b(jwtClaims)).setClock(this.B).a();
    }

    @InterfaceC1371dA0
    public String b0(UK uk, long j, String str, String str2) throws IOException {
        C1491eL.a aVar = new C1491eL.a();
        aVar.setAlgorithm("RS256");
        aVar.setType("JWT");
        aVar.setKeyId(this.Q);
        C1596fL.b bVar = new C1596fL.b();
        bVar.setIssuer(getIssuer());
        long j2 = j / 1000;
        bVar.setIssuedAtTimeSeconds(Long.valueOf(j2));
        bVar.setExpirationTimeSeconds(Long.valueOf(j2 + this.X));
        bVar.setSubject(this.R);
        if (str == null) {
            bVar.setAudience(C1461e30.e.toString());
        } else {
            bVar.setAudience(str);
        }
        try {
            bVar.set("target_audience", (Object) str2);
            return C1491eL.e(this.P, uk, aVar, bVar);
        } catch (GeneralSecurityException e) {
            throw new IOException("Error signing service account access token request with private key.", e);
        }
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken c(String str, List<IdTokenProvider.Option> list) throws IOException {
        UK uk = C1461e30.j;
        String b0 = b0(uk, this.B.currentTimeMillis(), this.U.toString(), str);
        GenericData genericData = new GenericData();
        genericData.set("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        genericData.set("assertion", b0);
        com.google.api.client.http.a e = this.a0.a().c().e(new TB(this.U), new Px0(genericData));
        e.setParser(new XK(uk));
        try {
            return IdToken.c(C1461e30.i((GenericData) e.b().i(GenericData.class), "id_token", "Error parsing token refresh response. "));
        } catch (IOException e2) {
            throw new IOException(String.format("Error getting id token for service account: %s, iss: %s", e2.getMessage(), getIssuer()), e2);
        }
    }

    @InterfaceC1371dA0
    public JwtCredentials c0(URI uri) {
        JwtClaims.a subject = JwtClaims.c().setIssuer(this.O).setSubject(this.O);
        if (uri == null) {
            subject.setAdditionalClaims(Collections.singletonMap(C1461e30.n, !this.V.isEmpty() ? OK.b(' ').a(this.V) : OK.b(' ').a(this.W)));
        } else {
            subject.setAudience(getUriForSelfSignedJWT(uri).toString());
        }
        return JwtCredentials.i().setPrivateKey(this.P).setPrivateKeyId(this.Q).setJwtClaims(subject.a()).setClock(this.B).a();
    }

    public ServiceAccountCredentials d0(int i) {
        return w().setLifetime(i).b();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public void e(URI uri, Executor executor, InterfaceC2762qd0 interfaceC2762qd0) {
        if (this.Y) {
            d(uri, interfaceC2762qd0);
        } else {
            super.e(uri, executor, interfaceC2762qd0);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    /* renamed from: e0, reason: merged with bridge method [inline-methods] */
    public ServiceAccountCredentials G(boolean z) {
        return w().setDefaultRetriesEnabled(z).b();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.N, serviceAccountCredentials.N) && Objects.equals(this.O, serviceAccountCredentials.O) && Objects.equals(this.P, serviceAccountCredentials.P) && Objects.equals(this.Q, serviceAccountCredentials.Q) && Objects.equals(this.T, serviceAccountCredentials.T) && Objects.equals(this.U, serviceAccountCredentials.U) && Objects.equals(this.V, serviceAccountCredentials.V) && Objects.equals(this.W, serviceAccountCredentials.W) && Objects.equals(this.G, serviceAccountCredentials.G) && Integer.valueOf(this.X).equals(Integer.valueOf(serviceAccountCredentials.X)) && Boolean.valueOf(this.Y).equals(Boolean.valueOf(serviceAccountCredentials.Y)) && Boolean.valueOf(this.Z).equals(Boolean.valueOf(serviceAccountCredentials.Z));
    }

    public ServiceAccountCredentials f0(boolean z) {
        return w().setUseJwtAccessWithScope(z).b();
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        return getClientEmail();
    }

    public final String getClientEmail() {
        return this.O;
    }

    public final String getClientId() {
        return this.N;
    }

    public final Collection<String> getDefaultScopes() {
        return this.W;
    }

    public final PrivateKey getPrivateKey() {
        return this.P;
    }

    public final String getPrivateKeyId() {
        return this.Q;
    }

    public final String getProjectId() {
        return this.S;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        String str;
        JwtCredentials c02;
        if (F() && uri == null) {
            throw new IOException("Scopes and uri are not configured for service account. Specify the scopes by calling createScoped or passing scopes to constructor or providing uri to getRequestMetadata.");
        }
        if ((!F() && !this.Y) || ((str = this.R) != null && str.length() > 0)) {
            return super.getRequestMetadata(uri);
        }
        if (F() || !this.Y) {
            c02 = c0(uri);
        } else {
            if (this.b0 == null) {
                this.b0 = c0(null);
            }
            c02 = this.b0;
        }
        return GoogleCredentials.y(this.G, c02.getRequestMetadata(null));
    }

    public final Collection<String> getScopes() {
        return this.V;
    }

    @InterfaceC1371dA0
    public JwtCredentials getSelfSignedJwtCredentialsWithScope() {
        return this.b0;
    }

    public final String getServiceAccountUser() {
        return this.R;
    }

    public final URI getTokenServerUri() {
        return this.U;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.N, this.O, this.P, this.Q, this.T, this.U, this.V, this.W, this.G, Integer.valueOf(this.X), Boolean.valueOf(this.Y), Boolean.valueOf(this.Z));
    }

    @InterfaceC1371dA0
    public int q0() {
        return this.X;
    }

    public boolean r0() {
        return this.Y;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken t() throws IOException {
        UK uk = C1461e30.j;
        String a0 = a0(uk, this.B.currentTimeMillis());
        GenericData genericData = new GenericData();
        genericData.set("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        genericData.set("assertion", a0);
        com.google.api.client.http.a e = this.a0.a().c().e(new TB(this.U), new Px0(genericData));
        if (this.Z) {
            e.setNumberOfRetries(3);
        } else {
            e.setNumberOfRetries(0);
        }
        e.setParser(new XK(uk));
        C0532Jv a2 = new C0532Jv.a().setInitialIntervalMillis(1000).setRandomizationFactor(0.1d).setMultiplier(2.0d).a();
        e.setUnsuccessfulResponseHandler(new DE(a2).setBackOffRequired(new DE.a() { // from class: o.Ni0
            @Override // o.DE.a
            public final boolean a(QF qf) {
                boolean s0;
                s0 = ServiceAccountCredentials.s0(qf);
                return s0;
            }
        }));
        e.setIOExceptionHandler(new CE(a2));
        try {
            return new AccessToken(C1461e30.i((GenericData) e.b().i(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.B.currentTimeMillis() + (C1461e30.d(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
        } catch (HttpResponseException e2) {
            throw GoogleAuthException.f(e2, String.format("Error getting access token for service account: %s, iss: %s", e2.getMessage(), getIssuer()));
        } catch (IOException e3) {
            throw GoogleAuthException.d(e3, String.format("Error getting access token for service account: %s, iss: %s", e3.getMessage(), getIssuer()));
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return com.google.common.base.a.c(this).f("clientId", this.N).f("clientEmail", this.O).f("privateKeyId", this.Q).f("transportFactoryClassName", this.T).f("tokenServerUri", this.U).f("scopes", this.V).f("defaultScopes", this.W).f("serviceAccountUser", this.R).f("quotaProjectId", this.G).d("lifetime", this.X).g("useJwtAccessWithScope", this.Y).g("defaultRetriesEnabled", this.Z).toString();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    /* renamed from: u0, reason: merged with bridge method [inline-methods] */
    public a w() {
        return new a(this);
    }
}
