package com.google.auth.oauth2;

import com.google.auth.oauth2.k;
import com.google.auth.oauth2.l;
import com.google.common.base.k;
import com.google.common.base.x;
import com.google.common.base.y;
import com.google.common.util.concurrent.r;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;

/* compiled from: ServiceAccountJwtAccessCredentials.java */
/* loaded from: classes2.dex */
public class p extends com.google.auth.a {
    static final String JWT_ACCESS_PREFIX = "Bearer ";
    static final long LIFE_SPAN_SECS = TimeUnit.HOURS.toSeconds(1);
    private static final long c = TimeUnit.MINUTES.toSeconds(5);
    private static final long serialVersionUID = -7274955171379494197L;
    private transient com.google.common.cache.h<k, l> b;
    private final String clientEmail;
    private final String clientId;
    transient com.google.api.client.util.i clock;
    private final URI defaultAudience;
    private final PrivateKey privateKey;
    private final String privateKeyId;
    private final String quotaProjectId;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ServiceAccountJwtAccessCredentials.java */
    /* loaded from: classes2.dex */
    public final class a extends com.google.common.cache.e<k, l> {
        a() {
        }

        @Override // com.google.common.cache.e
        public final l a(k kVar) throws Exception {
            l.b newBuilder = l.newBuilder();
            newBuilder.i(p.this.privateKey);
            newBuilder.j(p.this.privateKeyId);
            newBuilder.g(kVar);
            newBuilder.h(Long.valueOf(p.LIFE_SPAN_SECS));
            newBuilder.f(p.this.clock);
            return new l(newBuilder, null);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ServiceAccountJwtAccessCredentials.java */
    /* loaded from: classes2.dex */
    public final class b extends y {
        b() {
        }

        @Override // com.google.common.base.y
        public final long a() {
            return TimeUnit.MILLISECONDS.toNanos(p.this.clock.a());
        }
    }

    /* compiled from: ServiceAccountJwtAccessCredentials.java */
    /* loaded from: classes2.dex */
    public static class c {
        protected c() {
        }

        protected c(p pVar) {
            String unused = pVar.clientId;
            String unused2 = pVar.clientEmail;
            PrivateKey unused3 = pVar.privateKey;
            String unused4 = pVar.privateKeyId;
            URI unused5 = pVar.defaultAudience;
            String unused6 = pVar.quotaProjectId;
        }
    }

    @Deprecated
    public p(String str, String str2, PrivateKey privateKey, String str3) {
        this(str, str2, privateKey, str3, null, null);
    }

    private p(String str, String str2, PrivateKey privateKey, String str3, URI uri, String str4) {
        this.clock = com.google.api.client.util.i.f2069a;
        this.clientId = str;
        str2.getClass();
        this.clientEmail = str2;
        privateKey.getClass();
        this.privateKey = privateKey;
        this.privateKeyId = str3;
        this.defaultAudience = uri;
        this.b = a();
        this.quotaProjectId = str4;
    }

    /* synthetic */ p(String str, String str2, PrivateKey privateKey, String str3, URI uri, String str4, a aVar) {
        this(str, str2, privateKey, str3, uri, str4);
    }

    private com.google.common.cache.h<k, l> a() {
        com.google.common.cache.d<Object, Object> f10 = com.google.common.cache.d.f();
        f10.e(100L);
        f10.d(LIFE_SPAN_SECS - c, TimeUnit.SECONDS);
        f10.g(new b());
        return f10.b(new a());
    }

    static p fromJson(Map<String, Object> map) throws IOException {
        return fromJson(map, null);
    }

    static p fromJson(Map<String, Object> map, URI uri) throws IOException {
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("quota_project_id");
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return fromPkcs8(str, str2, str3, str4, uri, str5);
    }

    public static p fromPkcs8(String str, String str2, String str3, String str4) throws IOException {
        return fromPkcs8(str, str2, str3, str4, null);
    }

    public static p fromPkcs8(String str, String str2, String str3, String str4, URI uri) throws IOException {
        return fromPkcs8(str, str2, str3, str4, uri, null);
    }

    static p fromPkcs8(String str, String str2, String str3, String str4, URI uri, String str5) throws IOException {
        return new p(str, str2, o.privateKeyFromPkcs8(str3), str4, uri, str5);
    }

    public static p fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, null);
    }

    public static p fromStream(InputStream inputStream, URI uri) throws IOException {
        inputStream.getClass();
        w2.a aVar = (w2.a) new w2.d(n.f2120d).a(inputStream, n.f2121e, w2.a.class);
        String str = (String) aVar.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if ("service_account".equals(str)) {
            return fromJson(aVar, uri);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, "service_account"));
    }

    public static c newBuilder() {
        return new c();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.clock = com.google.api.client.util.i.f2069a;
        this.b = a();
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof p)) {
            return false;
        }
        p pVar = (p) obj;
        return Objects.equals(this.clientId, pVar.clientId) && Objects.equals(this.clientEmail, pVar.clientEmail) && Objects.equals(this.privateKey, pVar.privateKey) && Objects.equals(this.privateKeyId, pVar.privateKeyId) && Objects.equals(this.defaultAudience, pVar.defaultAudience) && Objects.equals(this.quotaProjectId, pVar.quotaProjectId);
    }

    public String getAccount() {
        return getClientEmail();
    }

    @Override // com.google.auth.a
    public String getAuthenticationType() {
        return "JWTAccess";
    }

    public final String getClientEmail() {
        return this.clientEmail;
    }

    public final String getClientId() {
        return this.clientId;
    }

    public final PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public final String getPrivateKeyId() {
        return this.privateKeyId;
    }

    public String getQuotaProjectId() {
        return this.quotaProjectId;
    }

    @Override // com.google.auth.a
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        if (uri == null && (uri = this.defaultAudience) == null) {
            throw new IOException("JwtAccess requires Audience uri to be passed in or the defaultAudience to be specified");
        }
        try {
            k.a newBuilder = k.newBuilder();
            newBuilder.c(uri.toString());
            newBuilder.d(this.clientEmail);
            newBuilder.e(this.clientEmail);
            return g.addQuotaProjectIdToRequestMetadata(this.quotaProjectId, this.b.get(newBuilder.a()).getRequestMetadata(uri));
        } catch (r e10) {
            x.b(e10);
            throw new IllegalStateException("generateJwtAccess threw an unchecked exception that couldn't be rethrown", e10);
        } catch (ExecutionException e11) {
            x.a(e11.getCause(), IOException.class);
            throw new IllegalStateException("generateJwtAccess threw an unexpected checked exception", e11.getCause());
        }
    }

    @Override // com.google.auth.a
    public void getRequestMetadata(URI uri, Executor executor, com.google.auth.b bVar) {
        blockingGetToCallback(uri, bVar);
    }

    @Override // com.google.auth.a
    public boolean hasRequestMetadata() {
        return true;
    }

    @Override // com.google.auth.a
    public boolean hasRequestMetadataOnly() {
        return true;
    }

    public int hashCode() {
        return Objects.hash(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, this.defaultAudience, this.quotaProjectId);
    }

    public l jwtWithClaims(k kVar) {
        k.a newBuilder = k.newBuilder();
        newBuilder.d(this.clientEmail);
        newBuilder.e(this.clientEmail);
        URI uri = this.defaultAudience;
        if (uri != null) {
            newBuilder.c(uri.toString());
        }
        l.b newBuilder2 = l.newBuilder();
        newBuilder2.i(this.privateKey);
        newBuilder2.j(this.privateKeyId);
        newBuilder2.g(newBuilder.a().merge(kVar));
        newBuilder2.h(Long.valueOf(LIFE_SPAN_SECS));
        newBuilder2.f(this.clock);
        return new l(newBuilder2, null);
    }

    @Override // com.google.auth.a
    public void refresh() {
        this.b.invalidateAll();
    }

    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e10) {
            throw new com.google.auth.c("Failed to sign the provided bytes", e10);
        }
    }

    public c toBuilder() {
        return new c(this);
    }

    public String toString() {
        k.a c10 = com.google.common.base.k.c(this);
        c10.c(this.clientId, "clientId");
        c10.c(this.clientEmail, "clientEmail");
        c10.c(this.privateKeyId, "privateKeyId");
        c10.c(this.defaultAudience, "defaultAudience");
        c10.c(this.quotaProjectId, "quotaProjectId");
        return c10.toString();
    }
}
