package com.google.auth.oauth2;

import com.google.api.client.http.HttpHeaders;
import com.google.api.client.json.GenericJson;
import com.google.auth.RequestMetadataCallback;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.StsRequestHandler;
import com.google.common.base.MoreObjects;
import com.google.common.base.Preconditions;
import com.google.logging.type.LogSeverity;
import java.io.Serializable;
import java.math.BigDecimal;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.regex.Pattern;

/* loaded from: classes6.dex */
public abstract class ExternalAccountCredentials extends GoogleCredentials {
    private static final long serialVersionUID = 8049126194174465023L;
    public final String A;
    public transient HttpTransportFactory B;
    public final ImpersonatedCredentials C;
    public ImpersonatedCredentials D;
    public EnvironmentProvider E;

    /* renamed from: n, reason: collision with root package name */
    public final String f21877n;

    /* renamed from: o, reason: collision with root package name */
    public final String f21878o;

    /* renamed from: p, reason: collision with root package name */
    public final String f21879p;

    /* renamed from: q, reason: collision with root package name */
    public final String f21880q;

    /* renamed from: r, reason: collision with root package name */
    public final CredentialSource f21881r;

    /* renamed from: s, reason: collision with root package name */
    public final Collection f21882s;

    /* renamed from: t, reason: collision with root package name */
    public final ServiceAccountImpersonationOptions f21883t;

    /* renamed from: u, reason: collision with root package name */
    public ExternalAccountMetricsHandler f21884u;

    /* renamed from: v, reason: collision with root package name */
    public final String f21885v;

    /* renamed from: w, reason: collision with root package name */
    public final String f21886w;

    /* renamed from: x, reason: collision with root package name */
    public final String f21887x;

    /* renamed from: y, reason: collision with root package name */
    public final String f21888y;

    /* renamed from: z, reason: collision with root package name */
    public final String f21889z;

    /* renamed from: com.google.auth.oauth2.ExternalAccountCredentials$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    class AnonymousClass1 implements RequestMetadataCallback {

        /* renamed from: a, reason: collision with root package name */
        public final /* synthetic */ RequestMetadataCallback f21890a;

        /* renamed from: b, reason: collision with root package name */
        public final /* synthetic */ ExternalAccountCredentials f21891b;

        @Override // com.google.auth.RequestMetadataCallback
        public void a(Map map) {
            this.f21890a.a(GoogleCredentials.z(this.f21891b.f21935l, map));
        }

        @Override // com.google.auth.RequestMetadataCallback
        public void onFailure(Throwable th2) {
            this.f21890a.onFailure(th2);
        }
    }

    /* loaded from: classes6.dex */
    public static abstract class Builder extends GoogleCredentials.Builder {

        /* renamed from: e, reason: collision with root package name */
        public String f21892e;

        /* renamed from: f, reason: collision with root package name */
        public String f21893f;

        /* renamed from: g, reason: collision with root package name */
        public String f21894g;

        /* renamed from: h, reason: collision with root package name */
        public String f21895h;

        /* renamed from: i, reason: collision with root package name */
        public CredentialSource f21896i;

        /* renamed from: j, reason: collision with root package name */
        public EnvironmentProvider f21897j;

        /* renamed from: k, reason: collision with root package name */
        public HttpTransportFactory f21898k;

        /* renamed from: l, reason: collision with root package name */
        public String f21899l;

        /* renamed from: m, reason: collision with root package name */
        public String f21900m;

        /* renamed from: n, reason: collision with root package name */
        public String f21901n;

        /* renamed from: o, reason: collision with root package name */
        public Collection f21902o;

        /* renamed from: p, reason: collision with root package name */
        public String f21903p;

        /* renamed from: q, reason: collision with root package name */
        public ServiceAccountImpersonationOptions f21904q;

        /* renamed from: r, reason: collision with root package name */
        public String f21905r;

        /* renamed from: s, reason: collision with root package name */
        public ExternalAccountMetricsHandler f21906s;

        public Builder() {
        }

        public Builder(ExternalAccountCredentials externalAccountCredentials) {
            super(externalAccountCredentials);
            this.f21898k = externalAccountCredentials.B;
            this.f21892e = externalAccountCredentials.f21878o;
            this.f21893f = externalAccountCredentials.f21879p;
            this.f21894g = externalAccountCredentials.f21880q;
            this.f21895h = externalAccountCredentials.f21885v;
            this.f21899l = externalAccountCredentials.f21886w;
            this.f21896i = externalAccountCredentials.f21881r;
            this.f21900m = externalAccountCredentials.f21887x;
            this.f21901n = externalAccountCredentials.f21888y;
            this.f21902o = externalAccountCredentials.f21882s;
            this.f21897j = externalAccountCredentials.E;
            this.f21903p = externalAccountCredentials.A;
            this.f21904q = externalAccountCredentials.f21883t;
            this.f21905r = externalAccountCredentials.f21889z;
            this.f21906s = externalAccountCredentials.f21884u;
        }

        public abstract ExternalAccountCredentials f();

        public Builder g(String str) {
            this.f21892e = str;
            return this;
        }

        public Builder h(String str) {
            this.f21900m = str;
            return this;
        }

        public Builder i(String str) {
            this.f21901n = str;
            return this;
        }

        public Builder j(CredentialSource credentialSource) {
            this.f21896i = credentialSource;
            return this;
        }

        public Builder k(HttpTransportFactory httpTransportFactory) {
            this.f21898k = httpTransportFactory;
            return this;
        }

        public Builder l(String str) {
            super.e(str);
            return this;
        }

        public Builder m(Collection collection) {
            this.f21902o = collection;
            return this;
        }

        public Builder n(Map map) {
            this.f21904q = new ServiceAccountImpersonationOptions(map);
            return this;
        }

        public Builder o(String str) {
            this.f21899l = str;
            return this;
        }

        public Builder p(String str) {
            this.f21893f = str;
            return this;
        }

        public Builder q(String str) {
            this.f21895h = str;
            return this;
        }

        public Builder r(String str) {
            this.f21894g = str;
            return this;
        }

        public Builder s(String str) {
            this.f21905r = str;
            return this;
        }

        public Builder t(String str) {
            this.f21903p = str;
            return this;
        }
    }

    /* loaded from: classes4.dex */
    public static abstract class CredentialSource implements Serializable {
        private static final long serialVersionUID = 8204657811562399944L;

        public CredentialSource(Map map) {
            Preconditions.s(map);
        }
    }

    /* loaded from: classes.dex */
    public static final class ServiceAccountImpersonationOptions implements Serializable {
        private static final long serialVersionUID = 4250771921886280953L;

        /* renamed from: b, reason: collision with root package name */
        public final int f21907b;

        /* renamed from: c, reason: collision with root package name */
        public final boolean f21908c;

        public ServiceAccountImpersonationOptions(Map map) {
            boolean containsKey = map.containsKey("token_lifetime_seconds");
            this.f21908c = containsKey;
            if (!containsKey) {
                this.f21907b = 3600;
                return;
            }
            try {
                Object obj = map.get("token_lifetime_seconds");
                if (obj instanceof BigDecimal) {
                    this.f21907b = ((BigDecimal) obj).intValue();
                } else if (map.get("token_lifetime_seconds") instanceof Integer) {
                    this.f21907b = ((Integer) obj).intValue();
                } else {
                    this.f21907b = Integer.parseInt((String) obj);
                }
                int i10 = this.f21907b;
                if (i10 < 600 || i10 > 43200) {
                    throw new IllegalArgumentException(String.format("The \"token_lifetime_seconds\" field must be between %s and %s seconds.", Integer.valueOf(LogSeverity.CRITICAL_VALUE), 43200));
                }
            } catch (ArithmeticException | NumberFormatException e10) {
                throw new IllegalArgumentException("Value of \"token_lifetime_seconds\" field could not be parsed into an integer.", e10);
            }
        }
    }

    public ExternalAccountCredentials(Builder builder) {
        super(builder);
        HttpTransportFactory httpTransportFactory = (HttpTransportFactory) MoreObjects.a(builder.f21898k, OAuth2Credentials.q(HttpTransportFactory.class, OAuth2Utils.f22016e));
        this.B = httpTransportFactory;
        this.f21877n = (String) Preconditions.s(httpTransportFactory.getClass().getName());
        this.f21878o = (String) Preconditions.s(builder.f21892e);
        this.f21879p = (String) Preconditions.s(builder.f21893f);
        String str = (String) Preconditions.s(builder.f21894g);
        this.f21880q = str;
        this.f21881r = (CredentialSource) Preconditions.s(builder.f21896i);
        this.f21885v = builder.f21895h;
        String str2 = builder.f21899l;
        this.f21886w = str2;
        this.f21887x = builder.f21900m;
        this.f21888y = builder.f21901n;
        Collection collection = builder.f21902o;
        this.f21882s = (collection == null || collection.isEmpty()) ? Arrays.asList("https://www.googleapis.com/auth/cloud-platform") : builder.f21902o;
        EnvironmentProvider environmentProvider = builder.f21897j;
        this.E = environmentProvider == null ? SystemEnvironmentProvider.b() : environmentProvider;
        ServiceAccountImpersonationOptions serviceAccountImpersonationOptions = builder.f21904q;
        this.f21883t = serviceAccountImpersonationOptions == null ? new ServiceAccountImpersonationOptions(new HashMap()) : serviceAccountImpersonationOptions;
        String str3 = builder.f21903p;
        this.A = str3;
        if (str3 != null && !X2()) {
            throw new IllegalArgumentException("The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.");
        }
        this.f21889z = builder.f21905r;
        q3(str);
        if (str2 != null) {
            k3(str2);
        }
        ExternalAccountMetricsHandler externalAccountMetricsHandler = builder.f21906s;
        this.f21884u = externalAccountMetricsHandler == null ? new ExternalAccountMetricsHandler(this) : externalAccountMetricsHandler;
        this.C = y1();
    }

    public static boolean J2(Map map) {
        return map.containsKey("environment_id") && ((String) map.get("environment_id")).startsWith("aws");
    }

    public static ExternalAccountCredentials K1(Map map, HttpTransportFactory httpTransportFactory) {
        Preconditions.s(map);
        Preconditions.s(httpTransportFactory);
        String str = (String) map.get("audience");
        String str2 = (String) map.get("subject_token_type");
        String str3 = (String) map.get("token_url");
        Map map2 = (Map) map.get("credential_source");
        String str4 = (String) map.get("service_account_impersonation_url");
        String str5 = (String) map.get("token_info_url");
        String str6 = (String) map.get("client_id");
        String str7 = (String) map.get("client_secret");
        String str8 = (String) map.get("quota_project_id");
        String str9 = (String) map.get("workforce_pool_user_project");
        String str10 = (String) map.get("universe_domain");
        Map map3 = (Map) map.get("service_account_impersonation");
        if (map3 == null) {
            map3 = new HashMap();
        }
        return J2(map2) ? AwsCredentials.k4().k(httpTransportFactory).g(str).p(str2).r(str3).q(str5).j(new AwsCredentialSource(map2)).o(str4).l(str8).h(str6).i(str7).n(map3).s(str10).f() : O2(map2) ? PluggableAuthCredentials.P3().k(httpTransportFactory).g(str).p(str2).r(str3).q(str5).j(new PluggableAuthCredentialSource(map2)).o(str4).l(str8).h(str6).i(str7).t(str9).n(map3).s(str10).f() : IdentityPoolCredentials.P3().k(httpTransportFactory).g(str).p(str2).r(str3).q(str5).j(new IdentityPoolCredentialSource(map2)).o(str4).l(str8).h(str6).i(str7).t(str9).n(map3).s(str10).f();
    }

    public static boolean O2(Map map) {
        return map.containsKey("executable");
    }

    public static boolean V2(String str) {
        URI create;
        try {
            create = URI.create(str);
        } catch (Exception unused) {
        }
        return (create.getScheme() == null || create.getHost() == null || !"https".equals(create.getScheme().toLowerCase(Locale.US))) ? false : true;
    }

    public static void k3(String str) {
        if (!V2(str)) {
            throw new IllegalArgumentException("The provided service account impersonation URL is invalid.");
        }
    }

    public static void q3(String str) {
        if (!V2(str)) {
            throw new IllegalArgumentException("The provided token URL is invalid.");
        }
    }

    public AccessToken D1(StsTokenExchangeRequest stsTokenExchangeRequest) {
        ImpersonatedCredentials impersonatedCredentials = this.D;
        if (impersonatedCredentials != null) {
            return impersonatedCredentials.w();
        }
        ImpersonatedCredentials impersonatedCredentials2 = this.C;
        if (impersonatedCredentials2 != null) {
            return impersonatedCredentials2.w();
        }
        StsRequestHandler.Builder d10 = StsRequestHandler.d(this.f21880q, stsTokenExchangeRequest, this.B.a().c());
        if (X2()) {
            GenericJson genericJson = new GenericJson();
            genericJson.h(OAuth2Utils.f22017f);
            genericJson.put("userProject", this.A);
            d10.c(genericJson.toString());
        }
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.k("x-goog-api-client", this.f21884u.a());
        d10.b(httpHeaders);
        if (stsTokenExchangeRequest.c() != null) {
            d10.c(stsTokenExchangeRequest.c());
        }
        return d10.a().c().a();
    }

    public String P1() {
        return this.f21878o;
    }

    public CredentialSource Q1() {
        return this.f21881r;
    }

    public String W1() {
        return "unknown";
    }

    public EnvironmentProvider X1() {
        return this.E;
    }

    public boolean X2() {
        return this.A != null && Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$").matcher(P1()).matches();
    }

    public Collection Z1() {
        return this.f21882s;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map c(URI uri) {
        return GoogleCredentials.z(this.f21935l, super.c(uri));
    }

    public void e3(ImpersonatedCredentials impersonatedCredentials) {
        this.D = impersonatedCredentials;
    }

    public String h2() {
        String str = this.f21886w;
        if (str == null || str.isEmpty()) {
            return null;
        }
        return ImpersonatedCredentials.W(this.f21886w);
    }

    public ServiceAccountImpersonationOptions k2() {
        return this.f21883t;
    }

    public String o2() {
        return this.f21886w;
    }

    public String s2() {
        return this.f21879p;
    }

    public ImpersonatedCredentials y1() {
        if (this.f21886w == null) {
            return null;
        }
        return ImpersonatedCredentials.G0().u(this instanceof AwsCredentials ? AwsCredentials.C4((AwsCredentials) this).o(null).f() : this instanceof PluggableAuthCredentials ? PluggableAuthCredentials.V3((PluggableAuthCredentials) this).o(null).f() : IdentityPoolCredentials.V3((IdentityPoolCredentials) this).o(null).f()).p(this.B).v(ImpersonatedCredentials.W(this.f21886w)).t(new ArrayList(this.f21882s)).r(this.f21883t.f21907b).q(this.f21886w).g();
    }
}
