package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.GenericData;
import com.google.auth.oauth2.c0;
import j$.util.Objects;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Date;
import java.util.Map;

/* compiled from: GdchCredentials.java */
/* loaded from: classes8.dex */
public class z extends c0 {

    /* renamed from: e, reason: collision with root package name */
    public final PrivateKey f28356e;

    /* renamed from: f, reason: collision with root package name */
    public final String f28357f;

    /* renamed from: g, reason: collision with root package name */
    public final String f28358g;

    /* renamed from: h, reason: collision with root package name */
    public final String f28359h;

    /* renamed from: i, reason: collision with root package name */
    public final URI f28360i;

    /* renamed from: j, reason: collision with root package name */
    public final URI f28361j;

    /* renamed from: k, reason: collision with root package name */
    public final int f28362k;

    /* renamed from: l, reason: collision with root package name */
    public final String f28363l;

    /* renamed from: m, reason: collision with root package name */
    public final String f28364m;

    /* renamed from: n, reason: collision with root package name */
    public transient ol.b f28365n;

    /* compiled from: GdchCredentials.java */
    /* loaded from: classes8.dex */
    public static class a extends c0.a {

        /* renamed from: f, reason: collision with root package name */
        public String f28366f;

        /* renamed from: g, reason: collision with root package name */
        public String f28367g;

        /* renamed from: h, reason: collision with root package name */
        public PrivateKey f28368h;

        /* renamed from: i, reason: collision with root package name */
        public String f28369i;

        /* renamed from: j, reason: collision with root package name */
        public URI f28370j;

        /* renamed from: k, reason: collision with root package name */
        public URI f28371k;

        /* renamed from: l, reason: collision with root package name */
        public ol.b f28372l;

        /* renamed from: m, reason: collision with root package name */
        public String f28373m;

        /* renamed from: n, reason: collision with root package name */
        public int f28374n;

        public a() {
            this.f28374n = 3600;
        }

        public a(z zVar) {
            this.f28374n = 3600;
            this.f28366f = zVar.f28358g;
            this.f28367g = zVar.f28357f;
            this.f28368h = zVar.f28356e;
            this.f28369i = zVar.f28359h;
            this.f28370j = zVar.f28360i;
            this.f28372l = zVar.f28365n;
            this.f28373m = zVar.f28364m;
            this.f28374n = zVar.f28362k;
        }

        public a A(PrivateKey privateKey) {
            this.f28368h = privateKey;
            return this;
        }

        public a B(String str) {
            this.f28367g = str;
            return this;
        }

        public a C(String str) {
            this.f28366f = str;
            return this;
        }

        public a D(String str) {
            this.f28369i = str;
            return this;
        }

        public a E(URI uri) {
            this.f28370j = uri;
            return this;
        }

        @Override // com.google.auth.oauth2.c0.a
        /* renamed from: w, reason: merged with bridge method [inline-methods] */
        public z a() {
            return new z(this);
        }

        public a x(String str) {
            this.f28373m = str;
            return this;
        }

        public a y(URI uri) {
            this.f28371k = uri;
            return this;
        }

        public a z(ol.b bVar) {
            this.f28372l = bVar;
            return this;
        }
    }

    /* compiled from: GdchCredentials.java */
    /* loaded from: classes8.dex */
    public static class b implements ol.b {

        /* renamed from: a, reason: collision with root package name */
        public HttpTransport f28375a;

        public b(String str) throws IOException {
            a(str);
        }

        public final void a(String str) throws IOException {
            if (str == null || str.isEmpty()) {
                this.f28375a = new NetHttpTransport();
                return;
            }
            try {
                this.f28375a = new NetHttpTransport.Builder().trustCertificatesFromStream(z.K(new File(str))).build();
            } catch (IOException e11) {
                throw new IOException(String.format("Error reading certificate file from CA cert path, value '%s': %s", str, e11.getMessage()), e11);
            } catch (GeneralSecurityException e12) {
                throw new IOException("Error initiating transport with certificate stream.", e12);
            }
        }

        @Override // ol.b
        public HttpTransport create() {
            return this.f28375a;
        }
    }

    public z(a aVar) {
        this.f28358g = (String) ql.t.s(aVar.f28366f);
        this.f28357f = (String) ql.t.s(aVar.f28367g);
        this.f28356e = (PrivateKey) ql.t.s(aVar.f28368h);
        this.f28359h = (String) ql.t.s(aVar.f28369i);
        this.f28360i = (URI) ql.t.s(aVar.f28370j);
        ol.b bVar = (ol.b) ql.t.s(aVar.f28372l);
        this.f28365n = bVar;
        this.f28363l = bVar.getClass().getName();
        this.f28364m = aVar.f28373m;
        this.f28361j = aVar.f28371k;
        this.f28362k = aVar.f28374n;
    }

    public static z A(Map<String, Object> map) throws IOException {
        return B(map, new b((String) map.get("ca_cert_path")));
    }

    public static z B(Map<String, Object> map, ol.b bVar) throws IOException {
        String N = N((String) map.get("format_version"), "format_version");
        String N2 = N((String) map.get("project"), "project");
        String N3 = N((String) map.get("private_key_id"), "private_key_id");
        String N4 = N((String) map.get("private_key"), "private_key");
        String N5 = N((String) map.get("name"), "name");
        String N6 = N((String) map.get("token_uri"), "token_uri");
        String str = (String) map.get("ca_cert_path");
        if (!"1".equals(N)) {
            throw new IOException(String.format("Only format version %s is supported.", "1"));
        }
        try {
            return C(N4, J().C(N2).B(N3).E(new URI(N6)).D(N5).x(str).z(bVar));
        } catch (URISyntaxException unused) {
            throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
        }
    }

    public static z C(String str, a aVar) throws IOException {
        aVar.A(m0.b(str));
        return new z(aVar);
    }

    public static String F(String str, String str2) {
        return String.format("system:serviceaccount:%s:%s", str, str2);
    }

    public static a J() {
        return new a();
    }

    public static InputStream K(File file) throws FileNotFoundException {
        return new FileInputStream(file);
    }

    public static String N(String str, String str2) throws IOException {
        if (str == null || str.isEmpty()) {
            throw new IOException(String.format("Error reading GDCH service account credential from JSON, %s is misconfigured.", str2));
        }
        return str;
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.f28365n = (ol.b) l0.newInstance(this.f28363l);
    }

    public final URI E() {
        return this.f28361j;
    }

    public final String G() {
        return this.f28359h;
    }

    public final URI H() {
        return this.f28360i;
    }

    @Override // com.google.auth.oauth2.c0, com.google.auth.oauth2.l0
    /* renamed from: M, reason: merged with bridge method [inline-methods] */
    public a toBuilder() {
        return new a(this);
    }

    @Override // com.google.auth.oauth2.c0, com.google.auth.oauth2.l0
    public boolean equals(Object obj) {
        if (!(obj instanceof z)) {
            return false;
        }
        z zVar = (z) obj;
        return Objects.equals(this.f28358g, zVar.f28358g) && Objects.equals(this.f28357f, zVar.f28357f) && Objects.equals(this.f28356e, zVar.f28356e) && Objects.equals(this.f28359h, zVar.f28359h) && Objects.equals(this.f28360i, zVar.f28360i) && Objects.equals(this.f28363l, zVar.f28363l) && Objects.equals(this.f28361j, zVar.f28361j) && Objects.equals(this.f28364m, zVar.f28364m) && Integer.valueOf(this.f28362k).equals(Integer.valueOf(zVar.f28362k));
    }

    @Override // com.google.auth.oauth2.c0, com.google.auth.oauth2.l0
    public int hashCode() {
        return Objects.hash(this.f28358g, this.f28357f, this.f28356e, this.f28359h, this.f28360i, this.f28363l, this.f28361j, this.f28364m, Integer.valueOf(this.f28362k));
    }

    @Override // com.google.auth.oauth2.l0
    public com.google.auth.oauth2.a refreshAccessToken() throws IOException {
        ql.t.t(this.f28361j, "Audience are not configured for GDCH service account. Specify the audience by calling createWithGDCHAudience.");
        JsonFactory jsonFactory = m0.f28203f;
        String y10 = y(jsonFactory, this.clock.currentTimeMillis(), E());
        GenericData genericData = new GenericData();
        genericData.set("grant_type", "urn:ietf:params:oauth:token-type:token-exchange");
        genericData.set("assertion", y10);
        HttpRequest buildPostRequest = this.f28365n.create().createRequestFactory().buildPostRequest(new GenericUrl(this.f28360i), new UrlEncodedContent(genericData));
        buildPostRequest.setParser(new JsonObjectParser(jsonFactory));
        try {
            return new com.google.auth.oauth2.a(m0.f((GenericData) buildPostRequest.execute().parseAs(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.clock.currentTimeMillis() + (m0.c(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
        } catch (HttpResponseException e11) {
            throw a0.e(e11, String.format("Error getting access token for GDCH service account: %s, iss: %s", e11.getMessage(), G()));
        } catch (IOException e12) {
            throw a0.c(e12, String.format("Error getting access token for GDCH service account: %s, iss: %s", e12.getMessage(), G()));
        }
    }

    @Override // com.google.auth.oauth2.c0, com.google.auth.oauth2.l0
    public String toString() {
        return ql.n.c(this).e("projectId", this.f28358g).e("privateKeyId", this.f28357f).e("serviceIdentityName", this.f28359h).e("tokenServerUri", this.f28360i).e("transportFactoryClassName", this.f28363l).e("caCertPath", this.f28364m).e("apiAudience", this.f28361j).c("lifetime", this.f28362k).toString();
    }

    public String y(JsonFactory jsonFactory, long j11, URI uri) throws IOException {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.f28357f);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.setIssuer(F(this.f28358g, this.f28359h));
        payload.setSubject(F(this.f28358g, this.f28359h));
        long j12 = j11 / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(j12));
        payload.setExpirationTimeSeconds(Long.valueOf(j12 + this.f28362k));
        payload.setAudience(H().toString());
        try {
            payload.set("api_audience", (Object) uri.toString());
            return JsonWebSignature.signUsingRsaSha256(this.f28356e, jsonFactory, header, payload);
        } catch (GeneralSecurityException e11) {
            throw new IOException("Error signing service account access token request with private key.", e11);
        }
    }

    public z z(URI uri) throws IOException {
        ql.t.t(uri, "Audience are not configured for GDCH service account credentials.");
        return toBuilder().y(uri).a();
    }
}
