package com.google.auth.oauth2;

import com.facebook.internal.security.OidcSecurityUtil;
import com.google.api.client.util.h0;
import com.google.auth.ServiceAccountSigner;
import com.google.common.base.x;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Executor;
import l3.a;
import l3.b;

/* compiled from: ServiceAccountJwtAccessCredentials.java */
/* loaded from: classes3.dex */
public class l extends com.google.auth.a implements ServiceAccountSigner {

    /* renamed from: g, reason: collision with root package name */
    static final String f32520g = "Bearer ";
    private static final long serialVersionUID = -7274955171379494197L;

    /* renamed from: a, reason: collision with root package name */
    private final String f32521a;

    /* renamed from: b, reason: collision with root package name */
    private final String f32522b;

    /* renamed from: c, reason: collision with root package name */
    private final PrivateKey f32523c;

    /* renamed from: d, reason: collision with root package name */
    private final String f32524d;

    /* renamed from: e, reason: collision with root package name */
    private final URI f32525e;

    /* renamed from: f, reason: collision with root package name */
    @y3.d
    transient com.google.api.client.util.l f32526f;

    /* compiled from: ServiceAccountJwtAccessCredentials.java */
    /* loaded from: classes3.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        private String f32527a;

        /* renamed from: b, reason: collision with root package name */
        private String f32528b;

        /* renamed from: c, reason: collision with root package name */
        private PrivateKey f32529c;

        /* renamed from: d, reason: collision with root package name */
        private String f32530d;

        /* renamed from: e, reason: collision with root package name */
        private URI f32531e;

        protected a() {
        }

        protected a(l lVar) {
            this.f32527a = lVar.f32521a;
            this.f32528b = lVar.f32522b;
            this.f32529c = lVar.f32523c;
            this.f32530d = lVar.f32524d;
            this.f32531e = lVar.f32525e;
        }

        public l build() {
            return new l(this.f32527a, this.f32528b, this.f32529c, this.f32530d, this.f32531e);
        }

        public String getClientEmail() {
            return this.f32528b;
        }

        public String getClientId() {
            return this.f32527a;
        }

        public URI getDefaultAudience() {
            return this.f32531e;
        }

        public PrivateKey getPrivateKey() {
            return this.f32529c;
        }

        public String getPrivateKeyId() {
            return this.f32530d;
        }

        public a setClientEmail(String str) {
            this.f32528b = str;
            return this;
        }

        public a setClientId(String str) {
            this.f32527a = str;
            return this;
        }

        public a setDefaultAudience(URI uri) {
            this.f32531e = uri;
            return this;
        }

        public a setPrivateKey(PrivateKey privateKey) {
            this.f32529c = privateKey;
            return this;
        }

        public a setPrivateKeyId(String str) {
            this.f32530d = str;
            return this;
        }
    }

    @Deprecated
    public l(String str, String str2, PrivateKey privateKey, String str3) {
        this(str, str2, privateKey, str3, null);
    }

    @Deprecated
    public l(String str, String str2, PrivateKey privateKey, String str3, URI uri) {
        this.f32526f = com.google.api.client.util.l.SYSTEM;
        this.f32521a = str;
        this.f32522b = (String) h0.checkNotNull(str2);
        this.f32523c = (PrivateKey) h0.checkNotNull(privateKey);
        this.f32524d = str3;
        this.f32525e = uri;
    }

    public static l fromPkcs8(String str, String str2, String str3, String str4) throws IOException {
        return fromPkcs8(str, str2, str3, str4, null);
    }

    public static l fromPkcs8(String str, String str2, String str3, String str4, URI uri) throws IOException {
        return new l(str, str2, k.t(str3), str4, uri);
    }

    public static l fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, null);
    }

    public static l fromStream(InputStream inputStream, URI uri) throws IOException {
        h0.checkNotNull(inputStream);
        com.google.api.client.json.b bVar = (com.google.api.client.json.b) new com.google.api.client.json.f(j.f32493g).parseAndClose(inputStream, j.f32494h, com.google.api.client.json.b.class);
        String str = (String) bVar.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if ("service_account".equals(str)) {
            return h(bVar, uri);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, "service_account"));
    }

    static l g(Map<String, Object> map) throws IOException {
        return h(map, null);
    }

    static l h(Map<String, Object> map, URI uri) throws IOException {
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return fromPkcs8(str, str2, str3, str4, uri);
    }

    private String i(URI uri) throws IOException {
        a.C1193a c1193a = new a.C1193a();
        c1193a.setAlgorithm("RS256");
        c1193a.setType("JWT");
        c1193a.setKeyId(this.f32524d);
        b.C1194b c1194b = new b.C1194b();
        long currentTimeMillis = this.f32526f.currentTimeMillis();
        c1194b.setIssuer(this.f32522b);
        c1194b.setSubject(this.f32522b);
        c1194b.setAudience(uri.toString());
        long j10 = currentTimeMillis / 1000;
        c1194b.setIssuedAtTimeSeconds(Long.valueOf(j10));
        c1194b.setExpirationTimeSeconds(Long.valueOf(j10 + 3600));
        try {
            return l3.a.signUsingRsaSha256(this.f32523c, j.f32493g, c1193a, c1194b);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account JWT access header with private key.", e10);
        }
    }

    public static a newBuilder() {
        return new a();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.f32526f = com.google.api.client.util.l.SYSTEM;
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof l)) {
            return false;
        }
        l lVar = (l) obj;
        return Objects.equals(this.f32521a, lVar.f32521a) && Objects.equals(this.f32522b, lVar.f32522b) && Objects.equals(this.f32523c, lVar.f32523c) && Objects.equals(this.f32524d, lVar.f32524d) && Objects.equals(this.f32525e, lVar.f32525e);
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        return getClientEmail();
    }

    @Override // com.google.auth.a
    public String getAuthenticationType() {
        return "JWTAccess";
    }

    public final String getClientEmail() {
        return this.f32522b;
    }

    public final String getClientId() {
        return this.f32521a;
    }

    public final PrivateKey getPrivateKey() {
        return this.f32523c;
    }

    public final String getPrivateKeyId() {
        return this.f32524d;
    }

    @Override // com.google.auth.a
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        if (uri == null && (uri = this.f32525e) == null) {
            throw new IOException("JwtAccess requires Audience uri to be passed in or the defaultAudience to be specified");
        }
        return Collections.singletonMap("Authorization", Collections.singletonList(f32520g + i(uri)));
    }

    @Override // com.google.auth.a
    public void getRequestMetadata(URI uri, Executor executor, com.google.auth.b bVar) {
        a(uri, bVar);
    }

    @Override // com.google.auth.a
    public boolean hasRequestMetadata() {
        return true;
    }

    @Override // com.google.auth.a
    public boolean hasRequestMetadataOnly() {
        return true;
    }

    public int hashCode() {
        return Objects.hash(this.f32521a, this.f32522b, this.f32523c, this.f32524d, this.f32525e);
    }

    @Override // com.google.auth.a
    public void refresh() {
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance(OidcSecurityUtil.SIGNATURE_ALGORITHM_SHA256);
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e10) {
            throw new ServiceAccountSigner.SigningException("Failed to sign the provided bytes", e10);
        }
    }

    public a toBuilder() {
        return new a(this);
    }

    public String toString() {
        return x.toStringHelper(this).add("clientId", this.f32521a).add("clientEmail", this.f32522b).add("privateKeyId", this.f32524d).add("defaultAudience", this.f32525e).toString();
    }
}
