package com.google.auth.oauth2;

import com.facebook.AuthenticationToken;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpBackOffIOExceptionHandler;
import com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.ExponentialBackOff;
import com.google.api.client.util.GenericData;
import com.google.api.client.util.Joiner;
import com.google.api.client.util.Preconditions;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.JwtClaims;
import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableSet;
import j$.util.Objects;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;

/* loaded from: classes6.dex */
public class ServiceAccountCredentials extends GoogleCredentials implements ServiceAccountSigner, IdTokenProvider, JwtProvider {
    private static final long serialVersionUID = 7807543542681217978L;
    public transient HttpTransportFactory A;
    public transient JwtCredentials B;

    /* renamed from: n, reason: collision with root package name */
    public final String f22036n;

    /* renamed from: o, reason: collision with root package name */
    public final String f22037o;

    /* renamed from: p, reason: collision with root package name */
    public final PrivateKey f22038p;

    /* renamed from: q, reason: collision with root package name */
    public final String f22039q;

    /* renamed from: r, reason: collision with root package name */
    public final String f22040r;

    /* renamed from: s, reason: collision with root package name */
    public final String f22041s;

    /* renamed from: t, reason: collision with root package name */
    public final String f22042t;

    /* renamed from: u, reason: collision with root package name */
    public final URI f22043u;

    /* renamed from: v, reason: collision with root package name */
    public final Collection f22044v;

    /* renamed from: w, reason: collision with root package name */
    public final Collection f22045w;

    /* renamed from: x, reason: collision with root package name */
    public final int f22046x;

    /* renamed from: y, reason: collision with root package name */
    public final boolean f22047y;

    /* renamed from: z, reason: collision with root package name */
    public final boolean f22048z;

    /* loaded from: classes2.dex */
    public static class Builder extends GoogleCredentials.Builder {

        /* renamed from: e, reason: collision with root package name */
        public String f22049e;

        /* renamed from: f, reason: collision with root package name */
        public String f22050f;

        /* renamed from: g, reason: collision with root package name */
        public PrivateKey f22051g;

        /* renamed from: h, reason: collision with root package name */
        public String f22052h;

        /* renamed from: i, reason: collision with root package name */
        public String f22053i;

        /* renamed from: j, reason: collision with root package name */
        public String f22054j;

        /* renamed from: k, reason: collision with root package name */
        public URI f22055k;

        /* renamed from: l, reason: collision with root package name */
        public Collection f22056l;

        /* renamed from: m, reason: collision with root package name */
        public Collection f22057m;

        /* renamed from: n, reason: collision with root package name */
        public HttpTransportFactory f22058n;

        /* renamed from: o, reason: collision with root package name */
        public int f22059o;

        /* renamed from: p, reason: collision with root package name */
        public boolean f22060p;

        /* renamed from: q, reason: collision with root package name */
        public boolean f22061q;

        public Builder() {
            this.f22059o = 3600;
            this.f22060p = false;
            this.f22061q = true;
        }

        public Builder(ServiceAccountCredentials serviceAccountCredentials) {
            super(serviceAccountCredentials);
            this.f22059o = 3600;
            this.f22060p = false;
            this.f22061q = true;
            this.f22049e = serviceAccountCredentials.f22036n;
            this.f22050f = serviceAccountCredentials.f22037o;
            this.f22051g = serviceAccountCredentials.f22038p;
            this.f22052h = serviceAccountCredentials.f22039q;
            this.f22056l = serviceAccountCredentials.f22044v;
            this.f22057m = serviceAccountCredentials.f22045w;
            this.f22058n = serviceAccountCredentials.A;
            this.f22055k = serviceAccountCredentials.f22043u;
            this.f22053i = serviceAccountCredentials.f22040r;
            this.f22054j = serviceAccountCredentials.f22041s;
            this.f22059o = serviceAccountCredentials.f22046x;
            this.f22060p = serviceAccountCredentials.f22047y;
            this.f22061q = serviceAccountCredentials.f22048z;
        }

        public Builder A(Collection collection, Collection collection2) {
            this.f22056l = collection;
            this.f22057m = collection2;
            return this;
        }

        public Builder B(URI uri) {
            this.f22055k = uri;
            return this;
        }

        public ServiceAccountCredentials s() {
            return new ServiceAccountCredentials(this);
        }

        public Builder t(String str) {
            this.f22050f = str;
            return this;
        }

        public Builder u(String str) {
            this.f22049e = str;
            return this;
        }

        public Builder v(HttpTransportFactory httpTransportFactory) {
            this.f22058n = httpTransportFactory;
            return this;
        }

        public Builder w(PrivateKey privateKey) {
            this.f22051g = privateKey;
            return this;
        }

        public Builder x(String str) {
            this.f22052h = str;
            return this;
        }

        public Builder y(String str) {
            this.f22054j = str;
            return this;
        }

        public Builder z(String str) {
            super.e(str);
            return this;
        }
    }

    public ServiceAccountCredentials(Builder builder) {
        super(builder);
        this.B = null;
        this.f22036n = builder.f22049e;
        this.f22037o = (String) Preconditions.d(builder.f22050f);
        this.f22038p = (PrivateKey) Preconditions.d(builder.f22051g);
        this.f22039q = builder.f22052h;
        this.f22044v = builder.f22056l == null ? ImmutableSet.Z0() : ImmutableSet.G0(builder.f22056l);
        this.f22045w = builder.f22057m == null ? ImmutableSet.Z0() : ImmutableSet.G0(builder.f22057m);
        HttpTransportFactory httpTransportFactory = (HttpTransportFactory) MoreObjects.a(builder.f22058n, OAuth2Credentials.q(HttpTransportFactory.class, OAuth2Utils.f22016e));
        this.A = httpTransportFactory;
        this.f22042t = httpTransportFactory.getClass().getName();
        this.f22043u = builder.f22055k == null ? OAuth2Utils.f22012a : builder.f22055k;
        this.f22040r = builder.f22053i;
        this.f22041s = builder.f22054j;
        if (builder.f22059o > 43200) {
            throw new IllegalStateException("lifetime must be less than or equal to 43200");
        }
        this.f22046x = builder.f22059o;
        this.f22047y = builder.f22060p;
        this.f22048z = builder.f22061q;
    }

    public static ServiceAccountCredentials W1(Map map, HttpTransportFactory httpTransportFactory) {
        URI uri;
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        String str7 = (String) map.get("quota_project_id");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return X1(str3, o2().u(str).t(str2).x(str4).v(httpTransportFactory).B(uri).y(str5).z(str7));
    }

    public static ServiceAccountCredentials X1(String str, Builder builder) {
        builder.w(OAuth2Utils.a(str));
        return new ServiceAccountCredentials(builder);
    }

    public static URI h2(URI uri) {
        if (uri != null && uri.getScheme() != null && uri.getHost() != null) {
            try {
                return new URI(uri.getScheme(), uri.getHost(), "/", null);
            } catch (URISyntaxException unused) {
            }
        }
        return uri;
    }

    public static /* synthetic */ boolean k2(HttpResponse httpResponse) {
        return OAuth2Utils.f22020i.contains(Integer.valueOf(httpResponse.g()));
    }

    public static Builder o2() {
        return new Builder();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.A = (HttpTransportFactory) OAuth2Credentials.v(this.f22042t);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials A(Collection collection) {
        return K1(collection, null);
    }

    public String D1(JsonFactory jsonFactory, long j10, String str, String str2) {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.q("RS256");
        header.s("JWT");
        header.r(this.f22039q);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.r(Z1());
        long j11 = j10 / 1000;
        payload.q(Long.valueOf(j11));
        payload.p(Long.valueOf(j11 + this.f22046x));
        payload.s(this.f22040r);
        if (str == null) {
            payload.n(OAuth2Utils.f22012a.toString());
        } else {
            payload.n(str);
        }
        try {
            payload.k("target_audience", str2);
            return JsonWebSignature.f(this.f22038p, jsonFactory, header, payload);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    public GoogleCredentials K1(Collection collection, Collection collection2) {
        return s2().A(collection, collection2).s();
    }

    public boolean P1() {
        return this.f22044v.isEmpty() && this.f22045w.isEmpty();
    }

    public JwtCredentials Q1(URI uri) {
        JwtClaims.Builder e10 = JwtClaims.g().d(this.f22037o).e(this.f22037o);
        if (uri == null) {
            e10.b(Collections.singletonMap("scope", !this.f22044v.isEmpty() ? Joiner.b(' ').a(this.f22044v) : Joiner.b(' ').a(this.f22045w)));
        } else {
            e10.c(h2(uri).toString());
        }
        return JwtCredentials.i().j(this.f22038p).k(this.f22039q).h(e10.a()).g(this.f21993h).a();
    }

    public final String Z1() {
        return this.f22037o;
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken a(String str, List list) {
        JsonFactory jsonFactory = OAuth2Utils.f22017f;
        String D1 = D1(jsonFactory, this.f21993h.currentTimeMillis(), this.f22043u.toString(), str);
        GenericData genericData = new GenericData();
        genericData.h("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        genericData.h("assertion", D1);
        HttpRequest b10 = this.A.a().c().b(new GenericUrl(this.f22043u), new UrlEncodedContent(genericData));
        b10.A(new JsonObjectParser(jsonFactory));
        try {
            return IdToken.e(OAuth2Utils.f((GenericData) b10.b().l(GenericData.class), AuthenticationToken.AUTHENTICATION_TOKEN_KEY, "Error parsing token refresh response. "));
        } catch (IOException e10) {
            throw new IOException(String.format("Error getting id token for service account: %s, iss: %s", e10.getMessage(), Z1()), e10);
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map c(URI uri) {
        String str;
        JwtCredentials Q1;
        if (P1() && uri == null) {
            throw new IOException("Scopes and uri are not configured for service account. Specify the scopes by calling createScoped or passing scopes to constructor or providing uri to getRequestMetadata.");
        }
        if ((!P1() && !this.f22047y) || ((str = this.f22040r) != null && str.length() > 0)) {
            return super.c(uri);
        }
        if (P1() || !this.f22047y) {
            Q1 = Q1(uri);
        } else {
            if (this.B == null) {
                this.B = Q1(null);
            }
            Q1 = this.B;
        }
        return GoogleCredentials.z(this.f21935l, Q1.c(null));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.f22036n, serviceAccountCredentials.f22036n) && Objects.equals(this.f22037o, serviceAccountCredentials.f22037o) && Objects.equals(this.f22038p, serviceAccountCredentials.f22038p) && Objects.equals(this.f22039q, serviceAccountCredentials.f22039q) && Objects.equals(this.f22042t, serviceAccountCredentials.f22042t) && Objects.equals(this.f22043u, serviceAccountCredentials.f22043u) && Objects.equals(this.f22044v, serviceAccountCredentials.f22044v) && Objects.equals(this.f22045w, serviceAccountCredentials.f22045w) && Objects.equals(this.f21935l, serviceAccountCredentials.f21935l) && Objects.equals(Integer.valueOf(this.f22046x), Integer.valueOf(serviceAccountCredentials.f22046x)) && Objects.equals(Boolean.valueOf(this.f22047y), Boolean.valueOf(serviceAccountCredentials.f22047y)) && Objects.equals(Boolean.valueOf(this.f22048z), Boolean.valueOf(serviceAccountCredentials.f22048z));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.f22036n, this.f22037o, this.f22038p, this.f22039q, this.f22042t, this.f22043u, this.f22044v, this.f22045w, this.f21935l, Integer.valueOf(this.f22046x), Boolean.valueOf(this.f22047y), Boolean.valueOf(this.f22048z));
    }

    public Builder s2() {
        return new Builder(this);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return MoreObjects.c(this).d("clientId", this.f22036n).d("clientEmail", this.f22037o).d("privateKeyId", this.f22039q).d("transportFactoryClassName", this.f22042t).d("tokenServerUri", this.f22043u).d("scopes", this.f22044v).d("defaultScopes", this.f22045w).d("serviceAccountUser", this.f22040r).d("quotaProjectId", this.f21935l).b("lifetime", this.f22046x).e("useJwtAccessWithScope", this.f22047y).e("defaultRetriesEnabled", this.f22048z).toString();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken w() {
        JsonFactory jsonFactory = OAuth2Utils.f22017f;
        String y12 = y1(jsonFactory, this.f21993h.currentTimeMillis());
        GenericData genericData = new GenericData();
        genericData.h("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        genericData.h("assertion", y12);
        HttpRequest b10 = this.A.a().c().b(new GenericUrl(this.f22043u), new UrlEncodedContent(genericData));
        if (this.f22048z) {
            b10.z(3);
        } else {
            b10.z(0);
        }
        b10.A(new JsonObjectParser(jsonFactory));
        ExponentialBackOff a10 = new ExponentialBackOff.Builder().b(1000).d(0.1d).c(2.0d).a();
        b10.F(new HttpBackOffUnsuccessfulResponseHandler(a10).b(new HttpBackOffUnsuccessfulResponseHandler.BackOffRequired() { // from class: com.google.auth.oauth2.f
            @Override // com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler.BackOffRequired
            public final boolean a(HttpResponse httpResponse) {
                boolean k22;
                k22 = ServiceAccountCredentials.k2(httpResponse);
                return k22;
            }
        }));
        b10.x(new HttpBackOffIOExceptionHandler(a10));
        try {
            return new AccessToken(OAuth2Utils.f((GenericData) b10.b().l(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.f21993h.currentTimeMillis() + (OAuth2Utils.b(r0, com.facebook.AccessToken.EXPIRES_IN_KEY, "Error parsing token refresh response. ") * 1000)));
        } catch (HttpResponseException e10) {
            throw GoogleAuthException.d(e10, String.format("Error getting access token for service account: %s, iss: %s", e10.getMessage(), Z1()));
        } catch (IOException e11) {
            throw GoogleAuthException.b(e11, String.format("Error getting access token for service account: %s, iss: %s", e11.getMessage(), Z1()));
        }
    }

    public String y1(JsonFactory jsonFactory, long j10) {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.q("RS256");
        header.s("JWT");
        header.r(this.f22039q);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.r(Z1());
        long j11 = j10 / 1000;
        payload.q(Long.valueOf(j11));
        payload.p(Long.valueOf(j11 + this.f22046x));
        payload.s(this.f22040r);
        if (this.f22044v.isEmpty()) {
            payload.put("scope", Joiner.b(' ').a(this.f22045w));
        } else {
            payload.put("scope", Joiner.b(' ').a(this.f22044v));
        }
        payload.n(OAuth2Utils.f22012a.toString());
        try {
            return JsonWebSignature.f(this.f22038p, jsonFactory, header, payload);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }
}
