package com.google.auth.oauth2;

import c5.a;
import c5.b;
import com.facebook.internal.security.OidcSecurityUtil;
import com.google.api.client.util.h0;
import com.google.auth.ServiceAccountSigner;
import com.google.common.base.x;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Executor;

/* compiled from: ServiceAccountJwtAccessCredentials.java */
/* loaded from: classes3.dex */
public class l extends com.google.auth.a implements ServiceAccountSigner {

    /* renamed from: g, reason: collision with root package name */
    static final String f45071g = "Bearer ";
    private static final long serialVersionUID = -7274955171379494197L;

    /* renamed from: a, reason: collision with root package name */
    private final String f45072a;

    /* renamed from: b, reason: collision with root package name */
    private final String f45073b;

    /* renamed from: c, reason: collision with root package name */
    private final PrivateKey f45074c;

    /* renamed from: d, reason: collision with root package name */
    private final String f45075d;

    /* renamed from: e, reason: collision with root package name */
    private final URI f45076e;

    /* renamed from: f, reason: collision with root package name */
    @p5.d
    transient com.google.api.client.util.l f45077f;

    /* compiled from: ServiceAccountJwtAccessCredentials.java */
    /* loaded from: classes3.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        private String f45078a;

        /* renamed from: b, reason: collision with root package name */
        private String f45079b;

        /* renamed from: c, reason: collision with root package name */
        private PrivateKey f45080c;

        /* renamed from: d, reason: collision with root package name */
        private String f45081d;

        /* renamed from: e, reason: collision with root package name */
        private URI f45082e;

        protected a() {
        }

        protected a(l lVar) {
            this.f45078a = lVar.f45072a;
            this.f45079b = lVar.f45073b;
            this.f45080c = lVar.f45074c;
            this.f45081d = lVar.f45075d;
            this.f45082e = lVar.f45076e;
        }

        public l build() {
            return new l(this.f45078a, this.f45079b, this.f45080c, this.f45081d, this.f45082e);
        }

        public String getClientEmail() {
            return this.f45079b;
        }

        public String getClientId() {
            return this.f45078a;
        }

        public URI getDefaultAudience() {
            return this.f45082e;
        }

        public PrivateKey getPrivateKey() {
            return this.f45080c;
        }

        public String getPrivateKeyId() {
            return this.f45081d;
        }

        public a setClientEmail(String str) {
            this.f45079b = str;
            return this;
        }

        public a setClientId(String str) {
            this.f45078a = str;
            return this;
        }

        public a setDefaultAudience(URI uri) {
            this.f45082e = uri;
            return this;
        }

        public a setPrivateKey(PrivateKey privateKey) {
            this.f45080c = privateKey;
            return this;
        }

        public a setPrivateKeyId(String str) {
            this.f45081d = str;
            return this;
        }
    }

    @Deprecated
    public l(String str, String str2, PrivateKey privateKey, String str3) {
        this(str, str2, privateKey, str3, null);
    }

    @Deprecated
    public l(String str, String str2, PrivateKey privateKey, String str3, URI uri) {
        this.f45077f = com.google.api.client.util.l.SYSTEM;
        this.f45072a = str;
        this.f45073b = (String) h0.checkNotNull(str2);
        this.f45074c = (PrivateKey) h0.checkNotNull(privateKey);
        this.f45075d = str3;
        this.f45076e = uri;
    }

    public static l fromPkcs8(String str, String str2, String str3, String str4) throws IOException {
        return fromPkcs8(str, str2, str3, str4, null);
    }

    public static l fromPkcs8(String str, String str2, String str3, String str4, URI uri) throws IOException {
        return new l(str, str2, k.t(str3), str4, uri);
    }

    public static l fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, null);
    }

    public static l fromStream(InputStream inputStream, URI uri) throws IOException {
        h0.checkNotNull(inputStream);
        com.google.api.client.json.b bVar = (com.google.api.client.json.b) new com.google.api.client.json.f(j.f45044g).parseAndClose(inputStream, j.f45045h, com.google.api.client.json.b.class);
        String str = (String) bVar.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if ("service_account".equals(str)) {
            return h(bVar, uri);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, "service_account"));
    }

    static l g(Map<String, Object> map) throws IOException {
        return h(map, null);
    }

    static l h(Map<String, Object> map, URI uri) throws IOException {
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return fromPkcs8(str, str2, str3, str4, uri);
    }

    private String i(URI uri) throws IOException {
        a.C0638a c0638a = new a.C0638a();
        c0638a.setAlgorithm("RS256");
        c0638a.setType("JWT");
        c0638a.setKeyId(this.f45075d);
        b.C0639b c0639b = new b.C0639b();
        long currentTimeMillis = this.f45077f.currentTimeMillis();
        c0639b.setIssuer(this.f45073b);
        c0639b.setSubject(this.f45073b);
        c0639b.setAudience(uri.toString());
        long j10 = currentTimeMillis / 1000;
        c0639b.setIssuedAtTimeSeconds(Long.valueOf(j10));
        c0639b.setExpirationTimeSeconds(Long.valueOf(j10 + 3600));
        try {
            return c5.a.signUsingRsaSha256(this.f45074c, j.f45044g, c0638a, c0639b);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account JWT access header with private key.", e10);
        }
    }

    public static a newBuilder() {
        return new a();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.f45077f = com.google.api.client.util.l.SYSTEM;
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof l)) {
            return false;
        }
        l lVar = (l) obj;
        return Objects.equals(this.f45072a, lVar.f45072a) && Objects.equals(this.f45073b, lVar.f45073b) && Objects.equals(this.f45074c, lVar.f45074c) && Objects.equals(this.f45075d, lVar.f45075d) && Objects.equals(this.f45076e, lVar.f45076e);
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        return getClientEmail();
    }

    @Override // com.google.auth.a
    public String getAuthenticationType() {
        return "JWTAccess";
    }

    public final String getClientEmail() {
        return this.f45073b;
    }

    public final String getClientId() {
        return this.f45072a;
    }

    public final PrivateKey getPrivateKey() {
        return this.f45074c;
    }

    public final String getPrivateKeyId() {
        return this.f45075d;
    }

    @Override // com.google.auth.a
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        if (uri == null && (uri = this.f45076e) == null) {
            throw new IOException("JwtAccess requires Audience uri to be passed in or the defaultAudience to be specified");
        }
        return Collections.singletonMap("Authorization", Collections.singletonList(f45071g + i(uri)));
    }

    @Override // com.google.auth.a
    public void getRequestMetadata(URI uri, Executor executor, com.google.auth.b bVar) {
        a(uri, bVar);
    }

    @Override // com.google.auth.a
    public boolean hasRequestMetadata() {
        return true;
    }

    @Override // com.google.auth.a
    public boolean hasRequestMetadataOnly() {
        return true;
    }

    public int hashCode() {
        return Objects.hash(this.f45072a, this.f45073b, this.f45074c, this.f45075d, this.f45076e);
    }

    @Override // com.google.auth.a
    public void refresh() {
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance(OidcSecurityUtil.SIGNATURE_ALGORITHM_SHA256);
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e10) {
            throw new ServiceAccountSigner.SigningException("Failed to sign the provided bytes", e10);
        }
    }

    public a toBuilder() {
        return new a(this);
    }

    public String toString() {
        return x.toStringHelper(this).add("clientId", this.f45072a).add("clientEmail", this.f45073b).add("privateKeyId", this.f45075d).add("defaultAudience", this.f45076e).toString();
    }
}
