package com.google.auth.oauth2;

import com.google.api.client.http.d;
import com.google.api.client.http.g;
import com.google.api.client.http.o;
import com.google.api.client.http.y;
import com.google.api.client.json.b.a;
import com.google.api.client.json.b.b;
import com.google.api.client.json.e;
import com.google.api.client.util.B;
import com.google.api.client.util.C;
import com.google.api.client.util.D;
import com.google.api.client.util.GenericData;
import com.google.api.client.util.q;
import com.google.api.client.util.t;
import com.google.auth.ServiceAccountSigner;
import com.google.common.base.n;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.io.StringReader;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.sql.Date;
import java.util.Collection;
import java.util.Map;
import java.util.Objects;

/* loaded from: classes.dex */
public class ServiceAccountCredentials extends GoogleCredentials implements ServiceAccountSigner {
    private static final long serialVersionUID = 7807543542681217978L;
    private final String g;
    private final String h;
    private final PrivateKey i;
    private final String j;
    private final String k;
    private final String l;
    private final URI m;
    private final Collection<String> n;
    private transient com.google.auth.a.a o;

    ServiceAccountCredentials(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, com.google.auth.a.a aVar, URI uri, String str4) {
        this.g = str;
        C.a(str2);
        this.h = str2;
        C.a(privateKey);
        this.i = privateKey;
        this.j = str3;
        this.n = collection == null ? ImmutableSet.j() : ImmutableSet.a((Collection) collection);
        this.o = (com.google.auth.a.a) n.a(aVar, OAuth2Credentials.a(com.google.auth.a.a.class, b.f6478e));
        this.l = this.o.getClass().getName();
        this.m = uri == null ? b.f6474a : uri;
        this.k = str4;
    }

    public static ServiceAccountCredentials a(String str, String str2, String str3, String str4, Collection<String> collection, com.google.auth.a.a aVar, URI uri) {
        return a(str, str2, str3, str4, collection, aVar, uri, null);
    }

    public static ServiceAccountCredentials a(String str, String str2, String str3, String str4, Collection<String> collection, com.google.auth.a.a aVar, URI uri, String str5) {
        return new ServiceAccountCredentials(str, str2, b(str3), str4, collection, aVar, uri, str5);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ServiceAccountCredentials a(Map<String, Object> map, com.google.auth.a.a aVar) {
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return a(str, str2, str3, str4, null, aVar, null);
    }

    static PrivateKey b(String str) {
        B.a a2 = B.a(new StringReader(str), "PRIVATE KEY");
        if (a2 == null) {
            throw new IOException("Invalid PKCS#8 data.");
        }
        try {
            return D.a().generatePrivate(new PKCS8EncodedKeySpec(a2.a()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
            throw new IOException("Unexpected exception reading PKCS#8 data", e2);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials a(Collection<String> collection) {
        return new ServiceAccountCredentials(this.g, this.h, this.i, this.j, collection, this.o, this.m, this.k);
    }

    String a(com.google.api.client.json.c cVar, long j) {
        a.C0135a c0135a = new a.C0135a();
        c0135a.b("RS256");
        c0135a.a("JWT");
        c0135a.c(this.j);
        b.C0136b c0136b = new b.C0136b();
        c0136b.a(this.h);
        c0136b.a((Object) b.f6474a.toString());
        long j2 = j / 1000;
        c0136b.b(Long.valueOf(j2));
        c0136b.a(Long.valueOf(j2 + 3600));
        c0136b.b(this.k);
        c0136b.put("scope", t.a(' ').a(this.n));
        try {
            return com.google.api.client.json.b.a.a(this.i, cVar, c0135a, c0136b);
        } catch (GeneralSecurityException e2) {
            throw new IOException("Error signing service account access token request with private key.", e2);
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken b() {
        if (d()) {
            throw new IOException("Scopes not configured for service account. Scoped should be specified by calling createScoped or passing scopes to constructor.");
        }
        com.google.api.client.json.c cVar = b.f;
        String a2 = a(cVar, this.f6465e.a());
        GenericData genericData = new GenericData();
        genericData.b("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        genericData.b("assertion", a2);
        o a3 = this.o.a().b().a(new com.google.api.client.http.c(this.m), new y(genericData));
        a3.a(new e(cVar));
        a3.a(new d(new q()));
        g gVar = new g(new q());
        gVar.a(new c(this));
        a3.a(gVar);
        try {
            return new AccessToken(b.b((GenericData) a3.a().a(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.f6465e.a() + (b.a(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
        } catch (IOException e2) {
            throw new IOException("Error getting access token for service account: ", e2);
        }
    }

    public boolean d() {
        return this.n.isEmpty();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.g, serviceAccountCredentials.g) && Objects.equals(this.h, serviceAccountCredentials.h) && Objects.equals(this.i, serviceAccountCredentials.i) && Objects.equals(this.j, serviceAccountCredentials.j) && Objects.equals(this.l, serviceAccountCredentials.l) && Objects.equals(this.m, serviceAccountCredentials.m) && Objects.equals(this.n, serviceAccountCredentials.n);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.g, this.h, this.i, this.j, this.l, this.m, this.n);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        n.a a2 = n.a(this);
        a2.a("clientId", this.g);
        a2.a("clientEmail", this.h);
        a2.a("privateKeyId", this.j);
        a2.a("transportFactoryClassName", this.l);
        a2.a("tokenServerUri", this.m);
        a2.a("scopes", this.n);
        a2.a("serviceAccountUser", this.k);
        return a2.toString();
    }
}
