package com.google.auth.oauth2;

import com.google.api.client.http.v;
import com.google.api.client.http.y;
import com.google.api.client.util.GenericData;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: classes2.dex */
public class ComputeEngineCredentials extends GoogleCredentials implements ServiceAccountSigner, IdTokenProvider {
    private static final Logger F = Logger.getLogger(ComputeEngineCredentials.class.getName());
    static final String K = "http://metadata.google.internal";
    static final String R = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:signBlob";
    static final int T = 3;
    private static final String a1 = "Error parsing token refresh response. ";
    private static final String c1 = "Error parsing service account response. ";
    static final int k0 = 500;
    private static final long serialVersionUID = -4113476462526554235L;
    private static final String x0 = "Metadata-Flavor";
    private static final String y0 = "Google";
    private transient com.google.auth.b.c k1;
    private final Collection<String> scopes;
    private transient String t1;
    private final String transportFactoryClassName;

    /* loaded from: classes2.dex */
    public static class b extends GoogleCredentials.a {

        /* renamed from: b, reason: collision with root package name */
        private com.google.auth.b.c f23518b;

        /* renamed from: c, reason: collision with root package name */
        private Collection<String> f23519c;

        protected b() {
        }

        protected b(ComputeEngineCredentials computeEngineCredentials) {
            this.f23518b = computeEngineCredentials.k1;
            this.f23519c = computeEngineCredentials.scopes;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: f, reason: merged with bridge method [inline-methods] */
        public ComputeEngineCredentials d() {
            return new ComputeEngineCredentials(this.f23518b, this.f23519c, null);
        }

        public com.google.auth.b.c g() {
            return this.f23518b;
        }

        public Collection<String> h() {
            return this.f23519c;
        }

        public b i(com.google.auth.b.c cVar) {
            this.f23518b = cVar;
            return this;
        }

        public b j(Collection<String> collection) {
            this.f23519c = collection;
            return this;
        }
    }

    private ComputeEngineCredentials(com.google.auth.b.c cVar, Collection<String> collection, Collection<String> collection2) {
        com.google.auth.b.c cVar2 = (com.google.auth.b.c) com.google.common.base.q.a(cVar, OAuth2Credentials.t(com.google.auth.b.c.class, l.f23698f));
        this.k1 = cVar2;
        this.transportFactoryClassName = cVar2.getClass().getName();
        collection = (collection == null || collection.isEmpty()) ? collection2 : collection;
        if (collection == null) {
            this.scopes = ImmutableSet.t();
            return;
        }
        ArrayList arrayList = new ArrayList(collection);
        arrayList.removeAll(Arrays.asList("", null));
        this.scopes = ImmutableSet.o(arrayList);
    }

    public static ComputeEngineCredentials T() {
        return new ComputeEngineCredentials(null, null, null);
    }

    private String V() throws IOException {
        y X = X(b0());
        int k = X.k();
        if (k == 404) {
            throw new IOException(String.format("Error code %s trying to get service accounts from Compute Engine metadata. This may be because the virtual machine instance does not have permission scopes specified.", Integer.valueOf(k)));
        }
        if (k != 200) {
            throw new IOException(String.format("Unexpected Error code %s trying to get service accounts from Compute Engine metadata: %s", Integer.valueOf(k), X.t()));
        }
        if (X.c() != null) {
            return l.g(l.e((GenericData) X.r(GenericData.class), "default", c1), "email", c1);
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    public static String W() {
        return Z(g.f23680a) + "/computeMetadata/v1/instance/service-accounts/default/identity";
    }

    private y X(String str) throws IOException {
        v b2 = this.k1.create().c().b(new com.google.api.client.http.k(str));
        b2.T(new com.google.api.client.json.f(l.f23699g));
        b2.k().p(x0, y0);
        b2.c0(false);
        try {
            return b2.b();
        } catch (UnknownHostException e2) {
            throw new IOException("ComputeEngineCredentials cannot find the metadata server. This is likely because code is not running on Google Compute Engine.", e2);
        }
    }

    public static String Y() {
        return Z(g.f23680a);
    }

    public static String Z(g gVar) {
        String d2 = gVar.d("GCE_METADATA_HOST");
        if (d2 == null) {
            return K;
        }
        return "http://" + d2;
    }

    public static String b0() {
        return Z(g.f23680a) + "/computeMetadata/v1/instance/service-accounts/?recursive=true";
    }

    public static String c0() {
        return d0(g.f23680a);
    }

    public static String d0(g gVar) {
        return Z(gVar) + "/computeMetadata/v1/instance/service-accounts/default/token";
    }

    public static b e0() {
        return new b();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean f0(com.google.auth.b.c cVar, g gVar) {
        if (Boolean.parseBoolean(gVar.d("NO_GCE_CHECK"))) {
            return false;
        }
        com.google.api.client.http.k kVar = new com.google.api.client.http.k(Z(gVar));
        for (int i = 1; i <= 3; i++) {
            try {
                v b2 = cVar.create().c().b(kVar);
                b2.I(500);
                b2.k().p(x0, y0);
                y b3 = b2.b();
                try {
                    return l.a(b3.h(), x0, y0);
                } finally {
                    b3.a();
                }
            } catch (SocketTimeoutException unused) {
            } catch (IOException e2) {
                F.log(Level.FINE, "Encountered an unexpected exception when determining if we are running on Google Compute Engine.", (Throwable) e2);
            }
        }
        F.log(Level.FINE, "Failed to detect whether we are running on Google Compute Engine.");
        return false;
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.k1 = (com.google.auth.b.c) OAuth2Credentials.y(this.transportFactoryClassName);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials H(Collection<String> collection) {
        return new ComputeEngineCredentials(this.k1, collection, null);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials I(Collection<String> collection, Collection<String> collection2) {
        return new ComputeEngineCredentials(this.k1, collection, collection2);
    }

    String U() {
        com.google.api.client.http.k kVar = new com.google.api.client.http.k(c0());
        if (!this.scopes.isEmpty()) {
            kVar.p("scopes", com.google.common.base.p.o(',').k(this.scopes));
        }
        return kVar.toString();
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] a(byte[] bArr) {
        try {
            return i.c(getAccount(), this, this.k1.create(), bArr, Collections.emptyMap());
        } catch (ServiceAccountSigner.SigningException e2) {
            throw e2;
        } catch (RuntimeException e3) {
            throw new ServiceAccountSigner.SigningException("Signing failed", e3);
        }
    }

    public final Collection<String> a0() {
        return this.scopes;
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken c(String str, List<IdTokenProvider.Option> list) throws IOException {
        com.google.api.client.http.k kVar = new com.google.api.client.http.k(W());
        if (list != null) {
            if (list.contains(IdTokenProvider.Option.FORMAT_FULL)) {
                kVar.p("format", "full");
            }
            if (list.contains(IdTokenProvider.Option.LICENSES_TRUE)) {
                kVar.p("format", "full");
                kVar.p("license", "TRUE");
            }
        }
        kVar.p("audience", str);
        y X = X(kVar.toString());
        if (X.c() != null) {
            return IdToken.d(X.t());
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ComputeEngineCredentials)) {
            return false;
        }
        ComputeEngineCredentials computeEngineCredentials = (ComputeEngineCredentials) obj;
        return Objects.equals(this.transportFactoryClassName, computeEngineCredentials.transportFactoryClassName) && Objects.equals(this.scopes, computeEngineCredentials.scopes);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    /* renamed from: g0, reason: merged with bridge method [inline-methods] */
    public b Q() {
        return new b(this);
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        if (this.t1 == null) {
            try {
                this.t1 = V();
            } catch (IOException e2) {
                throw new RuntimeException("Failed to get service account", e2);
            }
        }
        return this.t1;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.transportFactoryClassName);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return com.google.common.base.q.c(this).f("transportFactoryClassName", this.transportFactoryClassName).toString();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken z() throws IOException {
        y X = X(U());
        int k = X.k();
        if (k == 404) {
            throw new IOException(String.format("Error code %s trying to get security access token from Compute Engine metadata for the default service account. This may be because the virtual machine instance does not have permission scopes specified. It is possible to skip checking for Compute Engine metadata by specifying the environment  variable NO_GCE_CHECK=true.", Integer.valueOf(k)));
        }
        if (k != 200) {
            throw new IOException(String.format("Unexpected Error code %s trying to get security access token from Compute Engine metadata for the default service account: %s", Integer.valueOf(k), X.t()));
        }
        if (X.c() == null) {
            throw new IOException("Empty content from metadata token server request.");
        }
        return new AccessToken(l.g((GenericData) X.r(GenericData.class), "access_token", a1), new Date(this.m.currentTimeMillis() + (l.c(r0, "expires_in", a1) * 1000)));
    }
}
