package com.google.auth.oauth2;

import com.facebook.internal.security.OidcSecurityUtil;
import com.google.api.client.http.i0;
import com.google.api.client.http.m;
import com.google.api.client.http.v;
import com.google.api.client.http.y;
import com.google.api.client.json.l.b;
import com.google.api.client.json.l.c;
import com.google.api.client.util.GenericData;
import com.google.api.client.util.e0;
import com.google.api.client.util.f0;
import com.google.api.client.util.g0;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.auth.oauth2.ServiceAccountJwtAccessCredentials;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.StringReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Executor;
import org.apache.http.message.TokenParser;

/* loaded from: classes2.dex */
public class ServiceAccountCredentials extends GoogleCredentials implements ServiceAccountSigner, IdTokenProvider, j, m {
    private static final String F = "urn:ietf:params:oauth:grant-type:jwt-bearer";
    private static final String K = "Error parsing token refresh response. ";
    private static final int R = 43200;
    private static final int T = 3600;
    private static final long serialVersionUID = 7807543542681217978L;
    private final String clientEmail;
    private final String clientId;
    private final Collection<String> defaultScopes;
    private transient com.google.auth.b.c k0;
    private final int lifetime;
    private final PrivateKey privateKey;
    private final String privateKeyId;
    private final String projectId;
    private final String quotaProjectId;
    private final Collection<String> scopes;
    private final String serviceAccountUser;
    private final URI tokenServerUri;
    private final String transportFactoryClassName;
    private transient ServiceAccountJwtAccessCredentials x0;

    /* loaded from: classes2.dex */
    class a implements m.a {
        a() {
        }

        @Override // com.google.api.client.http.m.a
        public boolean a(y yVar) {
            int k = yVar.k();
            return k / 100 == 5 || k == 403;
        }
    }

    /* loaded from: classes2.dex */
    public static class b extends GoogleCredentials.a {

        /* renamed from: b, reason: collision with root package name */
        private String f23581b;

        /* renamed from: c, reason: collision with root package name */
        private String f23582c;

        /* renamed from: d, reason: collision with root package name */
        private PrivateKey f23583d;

        /* renamed from: e, reason: collision with root package name */
        private String f23584e;

        /* renamed from: f, reason: collision with root package name */
        private String f23585f;

        /* renamed from: g, reason: collision with root package name */
        private String f23586g;

        /* renamed from: h, reason: collision with root package name */
        private URI f23587h;
        private Collection<String> i;
        private Collection<String> j;
        private com.google.auth.b.c k;
        private String l;
        private int m;

        protected b() {
            this.m = 3600;
        }

        protected b(ServiceAccountCredentials serviceAccountCredentials) {
            this.m = 3600;
            this.f23581b = serviceAccountCredentials.clientId;
            this.f23582c = serviceAccountCredentials.clientEmail;
            this.f23583d = serviceAccountCredentials.privateKey;
            this.f23584e = serviceAccountCredentials.privateKeyId;
            this.i = serviceAccountCredentials.scopes;
            this.j = serviceAccountCredentials.defaultScopes;
            this.k = serviceAccountCredentials.k0;
            this.f23587h = serviceAccountCredentials.tokenServerUri;
            this.f23585f = serviceAccountCredentials.serviceAccountUser;
            this.f23586g = serviceAccountCredentials.projectId;
            this.l = serviceAccountCredentials.quotaProjectId;
            this.m = serviceAccountCredentials.lifetime;
        }

        public b A(Collection<String> collection) {
            this.i = collection;
            this.j = ImmutableSet.t();
            return this;
        }

        public b B(Collection<String> collection, Collection<String> collection2) {
            this.i = collection;
            this.j = collection2;
            return this;
        }

        public b C(String str) {
            this.f23585f = str;
            return this;
        }

        public b D(URI uri) {
            this.f23587h = uri;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: f, reason: merged with bridge method [inline-methods] */
        public ServiceAccountCredentials d() {
            return new ServiceAccountCredentials(this.f23581b, this.f23582c, this.f23583d, this.f23584e, this.i, this.j, this.k, this.f23587h, this.f23585f, this.f23586g, this.l, this.m);
        }

        public String g() {
            return this.f23582c;
        }

        public String h() {
            return this.f23581b;
        }

        public Collection<String> i() {
            return this.j;
        }

        public com.google.auth.b.c j() {
            return this.k;
        }

        public int k() {
            return this.m;
        }

        public PrivateKey l() {
            return this.f23583d;
        }

        public String m() {
            return this.f23584e;
        }

        public String n() {
            return this.f23586g;
        }

        public String o() {
            return this.l;
        }

        public Collection<String> p() {
            return this.i;
        }

        public String q() {
            return this.f23585f;
        }

        public URI r() {
            return this.f23587h;
        }

        public b s(String str) {
            this.f23582c = str;
            return this;
        }

        public b t(String str) {
            this.f23581b = str;
            return this;
        }

        public b u(com.google.auth.b.c cVar) {
            this.k = cVar;
            return this;
        }

        public b v(int i) {
            if (i == 0) {
                i = 3600;
            }
            this.m = i;
            return this;
        }

        public b w(PrivateKey privateKey) {
            this.f23583d = privateKey;
            return this;
        }

        public b x(String str) {
            this.f23584e = str;
            return this;
        }

        public b y(String str) {
            this.f23586g = str;
            return this;
        }

        public b z(String str) {
            this.l = str;
            return this;
        }
    }

    ServiceAccountCredentials(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, Collection<String> collection2, com.google.auth.b.c cVar, URI uri, String str4, String str5, String str6, int i) {
        this.x0 = null;
        this.clientId = str;
        this.clientEmail = (String) f0.d(str2);
        this.privateKey = (PrivateKey) f0.d(privateKey);
        this.privateKeyId = str3;
        ImmutableSet t = collection == null ? ImmutableSet.t() : ImmutableSet.o(collection);
        this.scopes = t;
        this.defaultScopes = collection2 == null ? ImmutableSet.t() : ImmutableSet.o(collection2);
        com.google.auth.b.c cVar2 = (com.google.auth.b.c) com.google.common.base.q.a(cVar, OAuth2Credentials.t(com.google.auth.b.c.class, l.f23698f));
        this.k0 = cVar2;
        this.transportFactoryClassName = cVar2.getClass().getName();
        this.tokenServerUri = uri == null ? l.f23694b : uri;
        this.serviceAccountUser = str4;
        this.projectId = str5;
        this.quotaProjectId = str6;
        if (i > R) {
            throw new IllegalStateException("lifetime must be less than or equal to 43200");
        }
        this.lifetime = i;
        if (t.isEmpty()) {
            this.x0 = new ServiceAccountJwtAccessCredentials.c().h(str2).i(str).k(privateKey).l(str3).m(str6).a();
        }
    }

    public static b B0() {
        return new b();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey C0(String str) throws IOException {
        e0.a c2 = e0.c(new StringReader(str), "PRIVATE KEY");
        if (c2 == null) {
            throw new IOException("Invalid PKCS#8 data.");
        }
        try {
            return g0.g().generatePrivate(new PKCS8EncodedKeySpec(c2.a()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
            throw new IOException("Unexpected exception reading PKCS#8 data", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ServiceAccountCredentials g0(Map<String, Object> map, com.google.auth.b.c cVar) throws IOException {
        URI uri;
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        String str7 = (String) map.get("quota_project_id");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        URI uri2 = uri;
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return n0(str, str2, str3, str4, null, null, cVar, uri2, null, str5, str7);
    }

    public static ServiceAccountCredentials h0(String str, String str2, String str3, String str4, Collection<String> collection) throws IOException {
        return n0(str, str2, str3, str4, collection, null, null, null, null, null, null);
    }

    public static ServiceAccountCredentials i0(String str, String str2, String str3, String str4, Collection<String> collection, com.google.auth.b.c cVar, URI uri) throws IOException {
        return n0(str, str2, str3, str4, collection, null, cVar, uri, null, null, null);
    }

    public static ServiceAccountCredentials j0(String str, String str2, String str3, String str4, Collection<String> collection, com.google.auth.b.c cVar, URI uri, String str5) throws IOException {
        return n0(str, str2, str3, str4, collection, null, cVar, uri, str5, null, null);
    }

    public static ServiceAccountCredentials k0(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2) throws IOException {
        return n0(str, str2, str3, str4, collection, collection2, null, null, null, null, null);
    }

    public static ServiceAccountCredentials l0(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2, com.google.auth.b.c cVar, URI uri) throws IOException {
        return n0(str, str2, str3, str4, collection, collection2, cVar, uri, null, null, null);
    }

    public static ServiceAccountCredentials m0(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2, com.google.auth.b.c cVar, URI uri, String str5) throws IOException {
        return n0(str, str2, str3, str4, collection, collection2, cVar, uri, str5, null, null);
    }

    static ServiceAccountCredentials n0(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2, com.google.auth.b.c cVar, URI uri, String str5, String str6, String str7) throws IOException {
        return new ServiceAccountCredentials(str, str2, C0(str3), str4, collection, collection2, cVar, uri, str5, str6, str7, 3600);
    }

    public static ServiceAccountCredentials o0(InputStream inputStream) throws IOException {
        return p0(inputStream, l.f23698f);
    }

    public static ServiceAccountCredentials p0(InputStream inputStream, com.google.auth.b.c cVar) throws IOException {
        f0.d(inputStream);
        f0.d(cVar);
        com.google.api.client.json.b bVar = (com.google.api.client.json.b) new com.google.api.client.json.f(l.f23699g).a(inputStream, StandardCharsets.UTF_8, com.google.api.client.json.b.class);
        String str = (String) bVar.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if ("service_account".equals(str)) {
            return g0(bVar, cVar);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, "service_account"));
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.k0 = (com.google.auth.b.c) OAuth2Credentials.y(this.transportFactoryClassName);
    }

    private String t0() {
        return this.clientEmail;
    }

    public final URI A0() {
        return this.tokenServerUri;
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    /* renamed from: D0, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public b Q() {
        return new b(this);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials G(String str) {
        return new ServiceAccountCredentials(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, this.scopes, this.defaultScopes, this.k0, this.tokenServerUri, str, this.projectId, this.quotaProjectId, this.lifetime);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials H(Collection<String> collection) {
        return I(collection, null);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials I(Collection<String> collection, Collection<String> collection2) {
        return new ServiceAccountCredentials(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, collection, collection2, this.k0, this.tokenServerUri, this.serviceAccountUser, this.projectId, this.quotaProjectId, this.lifetime);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public boolean K() {
        return this.scopes.isEmpty() && this.defaultScopes.isEmpty();
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] a(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance(OidcSecurityUtil.SIGNATURE_ALGORITHM_SHA256);
            signature.initSign(v0());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
            throw new ServiceAccountSigner.SigningException("Failed to sign the provided bytes", e2);
        }
    }

    @Override // com.google.auth.oauth2.j
    public JwtCredentials b(JwtClaims jwtClaims) {
        return JwtCredentials.n().j(this.privateKey).k(this.privateKeyId).h(JwtClaims.g().d(t0()).e(this.clientEmail).a().f(jwtClaims)).g(this.m).a();
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken c(String str, List<IdTokenProvider.Option> list) throws IOException {
        com.google.api.client.json.d dVar = l.f23699g;
        String e0 = e0(dVar, this.m.currentTimeMillis(), this.tokenServerUri.toString(), str);
        GenericData genericData = new GenericData();
        genericData.p("grant_type", F);
        genericData.p("assertion", e0);
        v e2 = this.k0.create().c().e(new com.google.api.client.http.k(this.tokenServerUri), new i0(genericData));
        e2.T(new com.google.api.client.json.f(dVar));
        try {
            return IdToken.d(l.g((GenericData) e2.b().r(GenericData.class), "id_token", K));
        } catch (IOException e3) {
            throw new IOException(String.format("Error getting id token for service account: %s, iss: %s", e3.getMessage(), t0()), e3);
        }
    }

    @Override // com.google.auth.oauth2.m
    public String d() {
        return this.quotaProjectId;
    }

    String d0(com.google.api.client.json.d dVar, long j, String str) throws IOException {
        b.a aVar = new b.a();
        aVar.F("RS256");
        aVar.r("JWT");
        aVar.J(this.privateKeyId);
        c.b bVar = new c.b();
        bVar.D(t0());
        long j2 = j / 1000;
        bVar.B(Long.valueOf(j2));
        bVar.A(Long.valueOf(j2 + this.lifetime));
        bVar.G(this.serviceAccountUser);
        if (this.scopes.isEmpty()) {
            bVar.put("scope", com.google.api.client.util.s.b(TokenParser.SP).a(this.defaultScopes));
        } else {
            bVar.put("scope", com.google.api.client.util.s.b(TokenParser.SP).a(this.scopes));
        }
        if (str == null) {
            bVar.z(l.f23694b.toString());
        } else {
            bVar.z(str);
        }
        try {
            return com.google.api.client.json.l.b.i(this.privateKey, dVar, aVar, bVar);
        } catch (GeneralSecurityException e2) {
            throw new IOException("Error signing service account access token request with private key.", e2);
        }
    }

    @c.e.c.a.d
    String e0(com.google.api.client.json.d dVar, long j, String str, String str2) throws IOException {
        b.a aVar = new b.a();
        aVar.F("RS256");
        aVar.r("JWT");
        aVar.J(this.privateKeyId);
        c.b bVar = new c.b();
        bVar.D(t0());
        long j2 = j / 1000;
        bVar.B(Long.valueOf(j2));
        bVar.A(Long.valueOf(j2 + this.lifetime));
        bVar.G(this.serviceAccountUser);
        if (str == null) {
            bVar.z(l.f23694b.toString());
        } else {
            bVar.z(str);
        }
        try {
            bVar.p("target_audience", str2);
            return com.google.api.client.json.l.b.i(this.privateKey, dVar, aVar, bVar);
        } catch (GeneralSecurityException e2) {
            throw new IOException("Error signing service account access token request with private key.", e2);
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.clientId, serviceAccountCredentials.clientId) && Objects.equals(this.clientEmail, serviceAccountCredentials.clientEmail) && Objects.equals(this.privateKey, serviceAccountCredentials.privateKey) && Objects.equals(this.privateKeyId, serviceAccountCredentials.privateKeyId) && Objects.equals(this.transportFactoryClassName, serviceAccountCredentials.transportFactoryClassName) && Objects.equals(this.tokenServerUri, serviceAccountCredentials.tokenServerUri) && Objects.equals(this.scopes, serviceAccountCredentials.scopes) && Objects.equals(this.defaultScopes, serviceAccountCredentials.defaultScopes) && Objects.equals(this.quotaProjectId, serviceAccountCredentials.quotaProjectId) && Objects.equals(Integer.valueOf(this.lifetime), Integer.valueOf(serviceAccountCredentials.lifetime));
    }

    public ServiceAccountCredentials f0(int i) {
        return C().v(i).d();
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        return q0();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map<String, List<String>> h(URI uri) throws IOException {
        if (this.scopes.isEmpty() && this.defaultScopes.isEmpty() && uri == null) {
            throw new IOException("Scopes and uri are not configured for service account. Either pass uri to getRequestMetadata to use self signed JWT, or specify the scopes by calling createScoped or passing scopes to constructor.");
        }
        ServiceAccountJwtAccessCredentials serviceAccountJwtAccessCredentials = this.x0;
        return (serviceAccountJwtAccessCredentials == null || uri == null) ? super.h(uri) : serviceAccountJwtAccessCredentials.h(uri);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, this.transportFactoryClassName, this.tokenServerUri, this.scopes, this.defaultScopes, this.quotaProjectId, Integer.valueOf(this.lifetime));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public void i(URI uri, Executor executor, com.google.auth.a aVar) {
        ServiceAccountJwtAccessCredentials serviceAccountJwtAccessCredentials = this.x0;
        if (serviceAccountJwtAccessCredentials == null || uri == null) {
            super.i(uri, executor, aVar);
        } else {
            serviceAccountJwtAccessCredentials.i(uri, executor, aVar);
        }
    }

    public final String q0() {
        return this.clientEmail;
    }

    public final String r0() {
        return this.clientId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.google.auth.oauth2.OAuth2Credentials
    public Map<String, List<String>> s() {
        Map<String, List<String>> s = super.s();
        String str = this.quotaProjectId;
        return str != null ? GoogleCredentials.E(str, s) : s;
    }

    public final Collection<String> s0() {
        return this.defaultScopes;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return com.google.common.base.q.c(this).f("clientId", this.clientId).f("clientEmail", this.clientEmail).f("privateKeyId", this.privateKeyId).f("transportFactoryClassName", this.transportFactoryClassName).f("tokenServerUri", this.tokenServerUri).f("scopes", this.scopes).f("defaultScopes", this.defaultScopes).f("serviceAccountUser", this.serviceAccountUser).f("quotaProjectId", this.quotaProjectId).d("lifetime", this.lifetime).toString();
    }

    @c.e.c.a.d
    int u0() {
        return this.lifetime;
    }

    public final PrivateKey v0() {
        return this.privateKey;
    }

    public final String w0() {
        return this.privateKeyId;
    }

    public final String x0() {
        return this.projectId;
    }

    public final Collection<String> y0() {
        return this.scopes;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken z() throws IOException {
        com.google.api.client.json.d dVar = l.f23699g;
        String d0 = d0(dVar, this.m.currentTimeMillis(), this.tokenServerUri.toString());
        GenericData genericData = new GenericData();
        genericData.p("grant_type", F);
        genericData.p("assertion", d0);
        v e2 = this.k0.create().c().e(new com.google.api.client.http.k(this.tokenServerUri), new i0(genericData));
        e2.T(new com.google.api.client.json.f(dVar));
        e2.P(new com.google.api.client.http.l(new com.google.api.client.util.p()));
        e2.d0(new com.google.api.client.http.m(new com.google.api.client.util.p()).e(new a()));
        try {
            return new AccessToken(l.g((GenericData) e2.b().r(GenericData.class), "access_token", K), new Date(this.m.currentTimeMillis() + (l.c(r0, "expires_in", K) * 1000)));
        } catch (IOException e3) {
            throw new IOException(String.format("Error getting access token for service account: %s, iss: %s", e3.getMessage(), t0()), e3);
        }
    }

    public final String z0() {
        return this.serviceAccountUser;
    }
}
