package com.google.auth.oauth2;

import com.google.api.client.http.e;
import com.google.api.client.http.r;
import com.google.api.client.util.z;
import com.google.auth.oauth2.g;
import com.google.auth.oauth2.k;
import com.google.auth.oauth2.l;
import com.google.common.base.k;
import com.google.common.collect.h0;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.StringReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.apache.http.message.TokenParser;
import y2.a;
import y2.b;

/* compiled from: ServiceAccountCredentials.java */
/* loaded from: classes2.dex */
public class o extends g {
    private static final long serialVersionUID = 7807543542681217978L;
    private final String clientEmail;
    private final String clientId;

    /* renamed from: d, reason: collision with root package name */
    private transient a3.b f2124d;
    private final PrivateKey privateKey;
    private final String privateKeyId;
    private final String projectId;
    private final String quotaProjectId;
    private final Collection<String> scopes;
    private final String serviceAccountUser;
    private final URI tokenServerUri;
    private final String transportFactoryClassName;

    /* compiled from: ServiceAccountCredentials.java */
    /* loaded from: classes2.dex */
    final class a implements e.a {
        a() {
        }

        @Override // com.google.api.client.http.e.a
        public final boolean a(com.google.api.client.http.k kVar) {
            int d10 = kVar.d();
            return d10 / 100 == 5 || d10 == 403;
        }
    }

    /* compiled from: ServiceAccountCredentials.java */
    /* loaded from: classes2.dex */
    public static class b extends g.a {
        private String b;
        private String c;

        /* renamed from: d, reason: collision with root package name */
        private PrivateKey f2125d;

        /* renamed from: e, reason: collision with root package name */
        private String f2126e;

        /* renamed from: f, reason: collision with root package name */
        private String f2127f;

        /* renamed from: g, reason: collision with root package name */
        private String f2128g;

        /* renamed from: h, reason: collision with root package name */
        private URI f2129h;

        /* renamed from: i, reason: collision with root package name */
        private Collection<String> f2130i;

        /* renamed from: j, reason: collision with root package name */
        private a3.b f2131j;

        /* renamed from: k, reason: collision with root package name */
        private String f2132k;

        protected b() {
        }

        protected b(o oVar) {
            this.b = oVar.clientId;
            this.c = oVar.clientEmail;
            this.f2125d = oVar.privateKey;
            this.f2126e = oVar.privateKeyId;
            this.f2130i = oVar.scopes;
            this.f2131j = oVar.f2124d;
            this.f2129h = oVar.tokenServerUri;
            this.f2127f = oVar.serviceAccountUser;
            this.f2128g = oVar.projectId;
            this.f2132k = oVar.quotaProjectId;
        }

        @Override // com.google.auth.oauth2.g.a, com.google.auth.oauth2.m.a
        public final m a() {
            return new o(this.b, this.c, this.f2125d, this.f2126e, this.f2130i, this.f2131j, this.f2129h, this.f2127f, this.f2128g, this.f2132k);
        }

        @Override // com.google.auth.oauth2.g.a
        /* renamed from: d */
        public final g a() {
            return new o(this.b, this.c, this.f2125d, this.f2126e, this.f2130i, this.f2131j, this.f2129h, this.f2127f, this.f2128g, this.f2132k);
        }
    }

    o(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, a3.b bVar, URI uri, String str4, String str5, String str6) {
        this.clientId = str;
        str2.getClass();
        this.clientEmail = str2;
        privateKey.getClass();
        this.privateKey = privateKey;
        this.privateKeyId = str3;
        this.scopes = collection == null ? h0.of() : h0.copyOf((Collection) collection);
        a3.b bVar2 = (a3.b) com.google.common.base.k.a(bVar, m.getFromServiceLoader(a3.b.class, n.c));
        this.f2124d = bVar2;
        this.transportFactoryClassName = bVar2.getClass().getName();
        this.tokenServerUri = uri == null ? n.f2119a : uri;
        this.serviceAccountUser = str4;
        this.projectId = str5;
        this.quotaProjectId = str6;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static o fromJson(Map<String, Object> map, a3.b bVar) throws IOException {
        URI uri;
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        String str7 = (String) map.get("quota_project_id");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        URI uri2 = uri;
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return fromPkcs8(str, str2, str3, str4, null, bVar, uri2, null, str5, str7);
    }

    public static o fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection) throws IOException {
        return fromPkcs8(str, str2, str3, str4, collection, null, null, null, null, null);
    }

    public static o fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, a3.b bVar, URI uri) throws IOException {
        return fromPkcs8(str, str2, str3, str4, collection, bVar, uri, null, null, null);
    }

    public static o fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, a3.b bVar, URI uri, String str5) throws IOException {
        return fromPkcs8(str, str2, str3, str4, collection, bVar, uri, str5, null, null);
    }

    static o fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, a3.b bVar, URI uri, String str5, String str6, String str7) throws IOException {
        return new o(str, str2, privateKeyFromPkcs8(str3), str4, collection, bVar, uri, str5, str6, str7);
    }

    public static o fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, n.c);
    }

    public static o fromStream(InputStream inputStream, a3.b bVar) throws IOException {
        inputStream.getClass();
        bVar.getClass();
        w2.a aVar = (w2.a) new w2.d(n.f2120d).a(inputStream, n.f2121e, w2.a.class);
        String str = (String) aVar.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if ("service_account".equals(str)) {
            return fromJson(aVar, bVar);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, "service_account"));
    }

    public static b newBuilder() {
        return new b();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey privateKeyFromPkcs8(String str) throws IOException {
        z zVar = new z(new StringReader(str));
        try {
            z.a b10 = zVar.b();
            if (b10 == null) {
                throw new IOException("Invalid PKCS#8 data.");
            }
            try {
                return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(b10.a()));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e10) {
                throw new IOException("Unexpected exception reading PKCS#8 data", e10);
            }
        } finally {
            zVar.a();
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.f2124d = (a3.b) m.newInstance(this.transportFactoryClassName);
    }

    String createAssertion(w2.b bVar, long j7, String str) throws IOException {
        a.C0859a c0859a = new a.C0859a();
        c0859a.o();
        b.C0860b c0860b = new b.C0860b();
        c0860b.o(Long.valueOf((j7 / 1000) + 3600));
        c0860b.put(new com.google.api.client.util.q(com.google.common.base.j.c(TokenParser.SP)).h(this.scopes), "scope");
        if (str == null) {
            c0860b.n(n.f2119a.toString());
        } else {
            c0860b.n(str);
        }
        try {
            return y2.a.c(this.privateKey, bVar, c0859a, c0860b);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    String createAssertionForIdToken(w2.b bVar, long j7, String str, String str2) throws IOException {
        a.C0859a c0859a = new a.C0859a();
        c0859a.o();
        b.C0860b c0860b = new b.C0860b();
        c0860b.o(Long.valueOf((j7 / 1000) + 3600));
        if (str == null) {
            c0860b.n(n.f2119a.toString());
        } else {
            c0860b.n(str);
        }
        try {
            c0860b.m(str2, "target_audience");
            return y2.a.c(this.privateKey, bVar, c0859a, c0860b);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    @Override // com.google.auth.oauth2.g
    public g createDelegated(String str) {
        return new o(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, this.scopes, this.f2124d, this.tokenServerUri, str, this.projectId, this.quotaProjectId);
    }

    @Override // com.google.auth.oauth2.g
    public g createScoped(Collection<String> collection) {
        return new o(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, collection, this.f2124d, this.tokenServerUri, this.serviceAccountUser, this.projectId, this.quotaProjectId);
    }

    @Override // com.google.auth.oauth2.g
    public boolean createScopedRequired() {
        return this.scopes.isEmpty();
    }

    @Override // com.google.auth.oauth2.m
    public boolean equals(Object obj) {
        if (!(obj instanceof o)) {
            return false;
        }
        o oVar = (o) obj;
        return Objects.equals(this.clientId, oVar.clientId) && Objects.equals(this.clientEmail, oVar.clientEmail) && Objects.equals(this.privateKey, oVar.privateKey) && Objects.equals(this.privateKeyId, oVar.privateKeyId) && Objects.equals(this.transportFactoryClassName, oVar.transportFactoryClassName) && Objects.equals(this.tokenServerUri, oVar.tokenServerUri) && Objects.equals(this.scopes, oVar.scopes) && Objects.equals(this.quotaProjectId, oVar.quotaProjectId);
    }

    public String getAccount() {
        return getClientEmail();
    }

    public final String getClientEmail() {
        return this.clientEmail;
    }

    public final String getClientId() {
        return this.clientId;
    }

    public final PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public final String getPrivateKeyId() {
        return this.privateKeyId;
    }

    public final String getProjectId() {
        return this.projectId;
    }

    public String getQuotaProjectId() {
        return this.quotaProjectId;
    }

    @Override // com.google.auth.oauth2.m, com.google.auth.a
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        return g.addQuotaProjectIdToRequestMetadata(this.quotaProjectId, super.getRequestMetadata(uri));
    }

    public final Collection<String> getScopes() {
        return this.scopes;
    }

    public final String getServiceAccountUser() {
        return this.serviceAccountUser;
    }

    public final URI getTokenServerUri() {
        return this.tokenServerUri;
    }

    @Override // com.google.auth.oauth2.m
    public int hashCode() {
        return Objects.hash(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, this.transportFactoryClassName, this.tokenServerUri, this.scopes, this.quotaProjectId);
    }

    public i idTokenWithAudience(String str, List<j> list) throws IOException {
        x2.a aVar = n.f2120d;
        String createAssertionForIdToken = createAssertionForIdToken(aVar, this.clock.a(), this.tokenServerUri.toString(), str);
        com.google.api.client.util.o oVar = new com.google.api.client.util.o();
        oVar.f("urn:ietf:params:oauth:grant-type:jwt-bearer", "grant_type");
        oVar.f(createAssertionForIdToken, "assertion");
        com.google.api.client.http.h a10 = this.f2124d.a().b().a("POST", new com.google.api.client.http.c(this.tokenServerUri), new r(oVar));
        a10.n(new w2.d(aVar));
        return i.create(n.c("id_token", "Error parsing token refresh response. ", (com.google.api.client.util.o) a10.b().g(com.google.api.client.util.o.class)));
    }

    public l jwtWithClaims(k kVar) {
        k.a newBuilder = k.newBuilder();
        newBuilder.d(this.clientEmail);
        newBuilder.e(this.clientEmail);
        l.b newBuilder2 = l.newBuilder();
        newBuilder2.i(this.privateKey);
        newBuilder2.j(this.privateKeyId);
        newBuilder2.g(newBuilder.a().merge(kVar));
        newBuilder2.f(this.clock);
        return new l(newBuilder2, null);
    }

    @Override // com.google.auth.oauth2.m
    public com.google.auth.oauth2.a refreshAccessToken() throws IOException {
        if (createScopedRequired()) {
            throw new IOException("Scopes not configured for service account. Scoped should be specified by calling createScoped or passing scopes to constructor.");
        }
        x2.a aVar = n.f2120d;
        String createAssertion = createAssertion(aVar, this.clock.a(), this.tokenServerUri.toString());
        com.google.api.client.util.o oVar = new com.google.api.client.util.o();
        oVar.f("urn:ietf:params:oauth:grant-type:jwt-bearer", "grant_type");
        oVar.f(createAssertion, "assertion");
        com.google.api.client.http.h a10 = this.f2124d.a().b().a("POST", new com.google.api.client.http.c(this.tokenServerUri), new r(oVar));
        a10.n(new w2.d(aVar));
        a10.m(new com.google.api.client.http.d(new com.google.api.client.util.m()));
        com.google.api.client.http.e eVar = new com.google.api.client.http.e(new com.google.api.client.util.m());
        eVar.b(new a());
        a10.q(eVar);
        try {
            return new com.google.auth.oauth2.a(n.c("access_token", "Error parsing token refresh response. ", (com.google.api.client.util.o) a10.b().g(com.google.api.client.util.o.class)), new Date((n.a(r0) * 1000) + this.clock.a()));
        } catch (IOException e10) {
            throw new IOException(String.format("Error getting access token for service account: %s", e10.getMessage()), e10);
        }
    }

    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e10) {
            throw new com.google.auth.c("Failed to sign the provided bytes", e10);
        }
    }

    @Override // com.google.auth.oauth2.g, com.google.auth.oauth2.m
    public b toBuilder() {
        return new b(this);
    }

    @Override // com.google.auth.oauth2.m
    public String toString() {
        k.a c = com.google.common.base.k.c(this);
        c.c(this.clientId, "clientId");
        c.c(this.clientEmail, "clientEmail");
        c.c(this.privateKeyId, "privateKeyId");
        c.c(this.transportFactoryClassName, "transportFactoryClassName");
        c.c(this.tokenServerUri, "tokenServerUri");
        c.c(this.scopes, "scopes");
        c.c(this.serviceAccountUser, "serviceAccountUser");
        c.c(this.quotaProjectId, "quotaProjectId");
        return c.toString();
    }
}
