package com.google.auth.oauth2;

import c5.a;
import c5.b;
import com.facebook.internal.security.OidcSecurityUtil;
import com.google.api.client.http.l;
import com.google.api.client.http.x;
import com.google.api.client.util.g0;
import com.google.api.client.util.h0;
import com.google.api.client.util.i0;
import com.google.api.client.util.q;
import com.google.api.client.util.s;
import com.google.api.client.util.u;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.oauth2.g;
import com.google.common.collect.n3;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.StringReader;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.sql.Date;
import java.util.Collection;
import java.util.Map;
import java.util.Objects;

/* compiled from: ServiceAccountCredentials.java */
/* loaded from: classes3.dex */
public class k extends g implements ServiceAccountSigner {
    private static final long serialVersionUID = 7807543542681217978L;

    /* renamed from: t, reason: collision with root package name */
    private static final String f45049t = "urn:ietf:params:oauth:grant-type:jwt-bearer";

    /* renamed from: u, reason: collision with root package name */
    private static final String f45050u = "Error parsing token refresh response. ";

    /* renamed from: j, reason: collision with root package name */
    private final String f45051j;

    /* renamed from: k, reason: collision with root package name */
    private final String f45052k;

    /* renamed from: l, reason: collision with root package name */
    private final PrivateKey f45053l;

    /* renamed from: m, reason: collision with root package name */
    private final String f45054m;

    /* renamed from: n, reason: collision with root package name */
    private final String f45055n;

    /* renamed from: o, reason: collision with root package name */
    private final String f45056o;

    /* renamed from: p, reason: collision with root package name */
    private final String f45057p;

    /* renamed from: q, reason: collision with root package name */
    private final URI f45058q;

    /* renamed from: r, reason: collision with root package name */
    private final Collection<String> f45059r;

    /* renamed from: s, reason: collision with root package name */
    private transient com.google.auth.http.c f45060s;

    /* compiled from: ServiceAccountCredentials.java */
    /* loaded from: classes3.dex */
    class a implements l.a {
        a() {
        }

        @Override // com.google.api.client.http.l.a
        public boolean isRequired(x xVar) {
            int statusCode = xVar.getStatusCode();
            return statusCode / 100 == 5 || statusCode == 403;
        }
    }

    /* compiled from: ServiceAccountCredentials.java */
    /* loaded from: classes3.dex */
    public static class b extends g.a {

        /* renamed from: b, reason: collision with root package name */
        private String f45062b;

        /* renamed from: c, reason: collision with root package name */
        private String f45063c;

        /* renamed from: d, reason: collision with root package name */
        private PrivateKey f45064d;

        /* renamed from: e, reason: collision with root package name */
        private String f45065e;

        /* renamed from: f, reason: collision with root package name */
        private String f45066f;

        /* renamed from: g, reason: collision with root package name */
        private String f45067g;

        /* renamed from: h, reason: collision with root package name */
        private URI f45068h;

        /* renamed from: i, reason: collision with root package name */
        private Collection<String> f45069i;

        /* renamed from: j, reason: collision with root package name */
        private com.google.auth.http.c f45070j;

        protected b() {
        }

        protected b(k kVar) {
            this.f45062b = kVar.f45051j;
            this.f45063c = kVar.f45052k;
            this.f45064d = kVar.f45053l;
            this.f45065e = kVar.f45054m;
            this.f45069i = kVar.f45059r;
            this.f45070j = kVar.f45060s;
            this.f45068h = kVar.f45058q;
            this.f45066f = kVar.f45055n;
            this.f45067g = kVar.f45056o;
        }

        @Override // com.google.auth.oauth2.g.a, com.google.auth.oauth2.i.a
        public k build() {
            return new k(this.f45062b, this.f45063c, this.f45064d, this.f45065e, this.f45069i, this.f45070j, this.f45068h, this.f45066f, this.f45067g);
        }

        public String getClientEmail() {
            return this.f45063c;
        }

        public String getClientId() {
            return this.f45062b;
        }

        public com.google.auth.http.c getHttpTransportFactory() {
            return this.f45070j;
        }

        public PrivateKey getPrivateKey() {
            return this.f45064d;
        }

        public String getPrivateKeyId() {
            return this.f45065e;
        }

        public String getProjectId() {
            return this.f45067g;
        }

        public Collection<String> getScopes() {
            return this.f45069i;
        }

        public String getServiceAccountUser() {
            return this.f45066f;
        }

        public URI getTokenServerUri() {
            return this.f45068h;
        }

        public b setClientEmail(String str) {
            this.f45063c = str;
            return this;
        }

        public b setClientId(String str) {
            this.f45062b = str;
            return this;
        }

        public b setHttpTransportFactory(com.google.auth.http.c cVar) {
            this.f45070j = cVar;
            return this;
        }

        public b setPrivateKey(PrivateKey privateKey) {
            this.f45064d = privateKey;
            return this;
        }

        public b setPrivateKeyId(String str) {
            this.f45065e = str;
            return this;
        }

        public b setProjectId(String str) {
            this.f45067g = str;
            return this;
        }

        public b setScopes(Collection<String> collection) {
            this.f45069i = collection;
            return this;
        }

        public b setServiceAccountUser(String str) {
            this.f45066f = str;
            return this;
        }

        public b setTokenServerUri(URI uri) {
            this.f45068h = uri;
            return this;
        }
    }

    @Deprecated
    public k(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection) {
        this(str, str2, privateKey, str3, collection, null, null, null, null);
    }

    @Deprecated
    public k(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, com.google.auth.http.c cVar, URI uri) {
        this(str, str2, privateKey, str3, collection, cVar, uri, null, null);
    }

    k(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, com.google.auth.http.c cVar, URI uri, String str4, String str5) {
        this.f45051j = str;
        this.f45052k = (String) h0.checkNotNull(str2);
        this.f45053l = (PrivateKey) h0.checkNotNull(privateKey);
        this.f45054m = str3;
        this.f45059r = collection == null ? n3.of() : n3.copyOf((Collection) collection);
        com.google.auth.http.c cVar2 = (com.google.auth.http.c) com.google.common.base.x.firstNonNull(cVar, i.c(com.google.auth.http.c.class, j.f45043f));
        this.f45060s = cVar2;
        this.f45057p = cVar2.getClass().getName();
        this.f45058q = uri == null ? j.f45039b : uri;
        this.f45055n = str4;
        this.f45056o = str5;
    }

    public static k fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection) throws IOException {
        return fromPkcs8(str, str2, str3, str4, collection, null, null, null);
    }

    public static k fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, com.google.auth.http.c cVar, URI uri) throws IOException {
        return fromPkcs8(str, str2, str3, str4, collection, cVar, uri, null);
    }

    public static k fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, com.google.auth.http.c cVar, URI uri, String str5) throws IOException {
        return s(str, str2, str3, str4, collection, cVar, uri, str5, null);
    }

    public static k fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, j.f45043f);
    }

    public static k fromStream(InputStream inputStream, com.google.auth.http.c cVar) throws IOException {
        h0.checkNotNull(inputStream);
        h0.checkNotNull(cVar);
        com.google.api.client.json.b bVar = (com.google.api.client.json.b) new com.google.api.client.json.f(j.f45044g).parseAndClose(inputStream, j.f45045h, com.google.api.client.json.b.class);
        String str = (String) bVar.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if ("service_account".equals(str)) {
            return r(bVar, cVar);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, "service_account"));
    }

    public static b newBuilder() {
        return new b();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static k r(Map<String, Object> map, com.google.auth.http.c cVar) throws IOException {
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return s(str, str2, str3, str4, null, cVar, null, null, str5);
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.f45060s = (com.google.auth.http.c) i.e(this.f45057p);
    }

    static k s(String str, String str2, String str3, String str4, Collection<String> collection, com.google.auth.http.c cVar, URI uri, String str5, String str6) throws IOException {
        return new k(str, str2, t(str3), str4, collection, cVar, uri, str5, str6);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey t(String str) throws IOException {
        g0.a readFirstSectionAndClose = g0.readFirstSectionAndClose(new StringReader(str), "PRIVATE KEY");
        if (readFirstSectionAndClose == null) {
            throw new IOException("Invalid PKCS#8 data.");
        }
        try {
            return i0.getRsaKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(readFirstSectionAndClose.getBase64DecodedBytes()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e10) {
            throw new IOException("Unexpected exception reading PKCS#8 data", e10);
        }
    }

    @Override // com.google.auth.oauth2.g
    public g createDelegated(String str) {
        return new k(this.f45051j, this.f45052k, this.f45053l, this.f45054m, this.f45059r, this.f45060s, this.f45058q, str, this.f45056o);
    }

    @Override // com.google.auth.oauth2.g
    public g createScoped(Collection<String> collection) {
        return new k(this.f45051j, this.f45052k, this.f45053l, this.f45054m, collection, this.f45060s, this.f45058q, this.f45055n, this.f45056o);
    }

    @Override // com.google.auth.oauth2.g
    public boolean createScopedRequired() {
        return this.f45059r.isEmpty();
    }

    @Override // com.google.auth.oauth2.i
    public boolean equals(Object obj) {
        if (!(obj instanceof k)) {
            return false;
        }
        k kVar = (k) obj;
        return Objects.equals(this.f45051j, kVar.f45051j) && Objects.equals(this.f45052k, kVar.f45052k) && Objects.equals(this.f45053l, kVar.f45053l) && Objects.equals(this.f45054m, kVar.f45054m) && Objects.equals(this.f45057p, kVar.f45057p) && Objects.equals(this.f45058q, kVar.f45058q) && Objects.equals(this.f45059r, kVar.f45059r);
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        return getClientEmail();
    }

    public final String getClientEmail() {
        return this.f45052k;
    }

    public final String getClientId() {
        return this.f45051j;
    }

    public final PrivateKey getPrivateKey() {
        return this.f45053l;
    }

    public final String getPrivateKeyId() {
        return this.f45054m;
    }

    public final String getProjectId() {
        return this.f45056o;
    }

    public final Collection<String> getScopes() {
        return this.f45059r;
    }

    public final String getServiceAccountUser() {
        return this.f45055n;
    }

    @Override // com.google.auth.oauth2.i
    public int hashCode() {
        return Objects.hash(this.f45051j, this.f45052k, this.f45053l, this.f45054m, this.f45057p, this.f45058q, this.f45059r);
    }

    String q(com.google.api.client.json.d dVar, long j10) throws IOException {
        a.C0638a c0638a = new a.C0638a();
        c0638a.setAlgorithm("RS256");
        c0638a.setType("JWT");
        c0638a.setKeyId(this.f45054m);
        b.C0639b c0639b = new b.C0639b();
        c0639b.setIssuer(this.f45052k);
        c0639b.setAudience(j.f45039b.toString());
        long j11 = j10 / 1000;
        c0639b.setIssuedAtTimeSeconds(Long.valueOf(j11));
        c0639b.setExpirationTimeSeconds(Long.valueOf(j11 + 3600));
        c0639b.setSubject(this.f45055n);
        c0639b.put("scope", (Object) u.on(org.apache.http.conn.ssl.k.SP).join(this.f45059r));
        try {
            return c5.a.signUsingRsaSha256(this.f45053l, dVar, c0638a, c0639b);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    @Override // com.google.auth.oauth2.i
    public com.google.auth.oauth2.a refreshAccessToken() throws IOException {
        if (createScopedRequired()) {
            throw new IOException("Scopes not configured for service account. Scoped should be specified by calling createScoped or passing scopes to constructor.");
        }
        com.google.api.client.json.d dVar = j.f45044g;
        String q10 = q(dVar, this.f45036e.currentTimeMillis());
        s sVar = new s();
        sVar.set("grant_type", f45049t);
        sVar.set("assertion", q10);
        com.google.api.client.http.u buildPostRequest = this.f45060s.create().createRequestFactory().buildPostRequest(new com.google.api.client.http.j(this.f45058q), new com.google.api.client.http.h0(sVar));
        buildPostRequest.setParser(new com.google.api.client.json.f(dVar));
        buildPostRequest.setIOExceptionHandler(new com.google.api.client.http.k(new q()));
        buildPostRequest.setUnsuccessfulResponseHandler(new com.google.api.client.http.l(new q()).setBackOffRequired(new a()));
        try {
            return new com.google.auth.oauth2.a(j.f((s) buildPostRequest.execute().parseAs(s.class), "access_token", f45050u), new Date(this.f45036e.currentTimeMillis() + (j.c(r0, "expires_in", f45050u) * 1000)));
        } catch (IOException e10) {
            throw new IOException("Error getting access token for service account: ", e10);
        }
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance(OidcSecurityUtil.SIGNATURE_ALGORITHM_SHA256);
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e10) {
            throw new ServiceAccountSigner.SigningException("Failed to sign the provided bytes", e10);
        }
    }

    @Override // com.google.auth.oauth2.g, com.google.auth.oauth2.i
    public b toBuilder() {
        return new b(this);
    }

    @Override // com.google.auth.oauth2.i
    public String toString() {
        return com.google.common.base.x.toStringHelper(this).add("clientId", this.f45051j).add("clientEmail", this.f45052k).add("privateKeyId", this.f45054m).add("transportFactoryClassName", this.f45057p).add("tokenServerUri", this.f45058q).add("scopes", this.f45059r).add("serviceAccountUser", this.f45055n).toString();
    }
}
