package com.google.auth.oauth2;

import J2.f;
import J4.d;
import J4.e;
import R4.AbstractC0607v;
import R4.C;
import R4.C0600n;
import R4.W;
import R4.c0;
import com.facebook.ads.AdError;
import com.google.android.gms.internal.ads.C3368hn;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.util.r;
import com.google.api.client.util.y;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.auth.oauth2.MetricsUtils;
import com.google.cloud.storage.spi.v1.HttpStorageRpc;
import j$.time.Duration;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import r3.AbstractC6021t0;
import u.AbstractC6544s;
import v4.g;
import v4.p;
import v4.s;
import v4.t;

/* loaded from: classes.dex */
public class ComputeEngineCredentials extends GoogleCredentials implements e, IdTokenProvider {
    static final int COMPUTE_PING_CONNECTION_TIMEOUT_MS = 500;
    static final String DEFAULT_METADATA_SERVER_URL = "http://metadata.google.internal";
    private static final String GOOGLE = "Google";
    private static final String LINUX = "linux";
    static final int MAX_COMPUTE_PING_TRIES = 3;
    private static final String METADATA_FLAVOR = "Metadata-Flavor";
    private static final String PARSE_ERROR_ACCOUNT = "Error parsing service account response. ";
    private static final String PARSE_ERROR_PREFIX = "Error parsing token refresh response. ";
    static final String SIGN_BLOB_URL_FORMAT = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:signBlob";
    private static final String WINDOWS = "windows";
    private static final long serialVersionUID = -4113476462526554235L;
    private final Collection<String> scopes;
    private transient String serviceAccountEmail;
    private transient K4.b transportFactory;
    private final String transportFactoryClassName;
    private String universeDomainFromMetadata;
    static final Duration COMPUTE_EXPIRATION_MARGIN = Duration.ofMinutes(3);
    static final Duration COMPUTE_REFRESH_MARGIN = Duration.ofMinutes(3).plusSeconds(45);
    private static final Logger LOGGER = Logger.getLogger(ComputeEngineCredentials.class.getName());

    /* loaded from: classes.dex */
    public static class Builder extends GoogleCredentials.Builder {
        private Collection<String> defaultScopes;
        private Collection<String> scopes;
        private K4.b transportFactory;

        public Builder() {
            setRefreshMargin(ComputeEngineCredentials.COMPUTE_REFRESH_MARGIN);
            setExpirationMargin(ComputeEngineCredentials.COMPUTE_EXPIRATION_MARGIN);
        }

        public Builder(ComputeEngineCredentials computeEngineCredentials) {
            super(computeEngineCredentials);
            this.transportFactory = computeEngineCredentials.transportFactory;
            this.scopes = computeEngineCredentials.scopes;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder, com.google.auth.oauth2.OAuth2Credentials.Builder
        public ComputeEngineCredentials build() {
            return new ComputeEngineCredentials(this);
        }

        public Collection<String> getDefaultScopes() {
            return this.defaultScopes;
        }

        public K4.b getHttpTransportFactory() {
            return this.transportFactory;
        }

        public Collection<String> getScopes() {
            return this.scopes;
        }

        public Builder setDefaultScopes(Collection<String> collection) {
            this.defaultScopes = collection;
            return this;
        }

        public Builder setHttpTransportFactory(K4.b bVar) {
            this.transportFactory = bVar;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder
        public Builder setQuotaProjectId(String str) {
            this.quotaProjectId = str;
            return this;
        }

        public Builder setScopes(Collection<String> collection) {
            this.scopes = collection;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder
        public Builder setUniverseDomain(String str) {
            this.universeDomain = str;
            return this;
        }
    }

    private ComputeEngineCredentials(Builder builder) {
        super(builder);
        this.universeDomainFromMetadata = null;
        K4.b bVar = (K4.b) AbstractC6021t0.a(builder.getHttpTransportFactory(), OAuth2Credentials.getFromServiceLoader(K4.b.class, OAuth2Utils.HTTP_TRANSPORT_FACTORY));
        this.transportFactory = bVar;
        this.transportFactoryClassName = bVar.getClass().getName();
        Collection<String> collection = builder.scopes;
        collection = (collection == null || collection.isEmpty()) ? builder.getDefaultScopes() : collection;
        if (collection == null) {
            int i = C.f8627e;
            this.scopes = c0.f8685q0;
        } else {
            ArrayList arrayList = new ArrayList(collection);
            arrayList.removeAll(Arrays.asList("", null));
            this.scopes = C.l(arrayList);
        }
    }

    public static boolean checkProductNameOnLinux(BufferedReader bufferedReader) {
        return bufferedReader.readLine().trim().startsWith(GOOGLE);
    }

    public static boolean checkStaticGceDetection(DefaultCredentialsProvider defaultCredentialsProvider) {
        String osName = defaultCredentialsProvider.getOsName();
        try {
            if (osName.startsWith(LINUX)) {
                return checkProductNameOnLinux(new BufferedReader(new InputStreamReader(defaultCredentialsProvider.readStream(new File("/sys/class/dmi/id/product_name")))));
            }
            osName.startsWith(WINDOWS);
            return false;
        } catch (IOException e9) {
            LOGGER.log(Level.FINE, "Encountered an unexpected exception when checking SMBIOS value", (Throwable) e9);
            return false;
        }
    }

    public static ComputeEngineCredentials create() {
        return new ComputeEngineCredentials(newBuilder());
    }

    private String getDefaultServiceAccount() {
        s metadataResponse = getMetadataResponse(getServiceAccountsUrl(), MetricsUtils.RequestType.UNTRACKED, false);
        int i = metadataResponse.f39537f;
        if (i == 404) {
            throw new IOException(AbstractC6544s.c(i, "Error code ", " trying to get service accounts from Compute Engine metadata. This may be because the virtual machine instance does not have permission scopes specified."));
        }
        if (i == 200) {
            if (metadataResponse.b() != null) {
                return OAuth2Utils.validateString(OAuth2Utils.validateMap((r) metadataResponse.e(r.class), "default", PARSE_ERROR_ACCOUNT), "email", PARSE_ERROR_ACCOUNT);
            }
            throw new IOException("Empty content from metadata token server request.");
        }
        throw new IOException("Unexpected Error code " + i + " trying to get service accounts from Compute Engine metadata: " + metadataResponse.f());
    }

    public static String getIdentityDocumentUrl() {
        return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT) + "/computeMetadata/v1/instance/service-accounts/default/identity";
    }

    private s getMetadataResponse(String str, MetricsUtils.RequestType requestType, boolean z) {
        p a10 = this.transportFactory.create().b().a(new g(str));
        a10.f39524q = new JsonObjectParser(OAuth2Utils.JSON_FACTORY);
        a10.f39511b.m(GOOGLE, METADATA_FLAVOR);
        if (z) {
            MetricsUtils.setMetricsHeader(a10, MetricsUtils.getGoogleCredentialsMetricsHeader(requestType, getMetricsCredentialType()));
        }
        a10.f39527t = false;
        try {
            s b9 = a10.b();
            if (b9.f39537f != 503) {
                return b9;
            }
            throw GoogleAuthException.createWithTokenEndpointResponseException(new t(new C3368hn(b9)));
        } catch (UnknownHostException e9) {
            throw new IOException("ComputeEngineCredentials cannot find the metadata server. This is likely because code is not running on Google Compute Engine.", e9);
        }
    }

    public static String getMetadataServerUrl() {
        return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT);
    }

    public static String getMetadataServerUrl(DefaultCredentialsProvider defaultCredentialsProvider) {
        String env = defaultCredentialsProvider.getEnv("GCE_METADATA_HOST");
        return env != null ? "http://".concat(env) : DEFAULT_METADATA_SERVER_URL;
    }

    public static String getServiceAccountsUrl() {
        return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT) + "/computeMetadata/v1/instance/service-accounts/?recursive=true";
    }

    public static String getTokenServerEncodedUrl() {
        return getTokenServerEncodedUrl(DefaultCredentialsProvider.DEFAULT);
    }

    public static String getTokenServerEncodedUrl(DefaultCredentialsProvider defaultCredentialsProvider) {
        return getMetadataServerUrl(defaultCredentialsProvider) + "/computeMetadata/v1/instance/service-accounts/default/token";
    }

    private String getUniverseDomainFromMetadata() {
        s metadataResponse = getMetadataResponse(getUniverseDomainUrl(), MetricsUtils.RequestType.UNTRACKED, false);
        int i = metadataResponse.f39537f;
        if (i == 404) {
            return J4.b.GOOGLE_DEFAULT_UNIVERSE;
        }
        if (i == 200) {
            String f10 = metadataResponse.f();
            return f10.isEmpty() ? J4.b.GOOGLE_DEFAULT_UNIVERSE : f10;
        }
        throw new GoogleAuthException(true, new IOException("Unexpected Error code " + i + " trying to get universe domain from Compute Engine metadata for the default service account: " + metadataResponse.f()));
    }

    public static String getUniverseDomainUrl() {
        return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT) + "/computeMetadata/v1/universe/universe-domain";
    }

    public static synchronized boolean isOnGce(K4.b bVar, DefaultCredentialsProvider defaultCredentialsProvider) {
        synchronized (ComputeEngineCredentials.class) {
            try {
                if (Boolean.parseBoolean(defaultCredentialsProvider.getEnv("NO_GCE_CHECK"))) {
                    return false;
                }
                boolean pingComputeEngineMetadata = pingComputeEngineMetadata(bVar, defaultCredentialsProvider);
                if (!pingComputeEngineMetadata) {
                    pingComputeEngineMetadata = checkStaticGceDetection(defaultCredentialsProvider);
                }
                if (!pingComputeEngineMetadata) {
                    LOGGER.log(Level.FINE, "Failed to detect whether running on Google Compute Engine.");
                }
                return pingComputeEngineMetadata;
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    private static boolean pingComputeEngineMetadata(K4.b bVar, DefaultCredentialsProvider defaultCredentialsProvider) {
        g gVar = new g(getMetadataServerUrl(defaultCredentialsProvider));
        for (int i = 1; i <= 3; i++) {
            try {
                p a10 = bVar.create().b().a(gVar);
                a10.f39519l = 500;
                a10.f39511b.m(GOOGLE, METADATA_FLAVOR);
                MetricsUtils.setMetricsHeader(a10, MetricsUtils.getGoogleCredentialsMetricsHeader(MetricsUtils.RequestType.METADATA_SERVER_PING, J4.a.DO_NOT_SEND));
                s b9 = a10.b();
                try {
                    return OAuth2Utils.headersContainValue(b9.f39539h.f39512c, METADATA_FLAVOR, GOOGLE);
                } finally {
                    b9.a();
                }
            } catch (SocketTimeoutException unused) {
            } catch (IOException e9) {
                LOGGER.log(Level.FINE, "Encountered an unexpected exception when checking if running on Google Compute Engine using Metadata Service ping.", (Throwable) e9);
            }
        }
        return false;
    }

    private void readObject(ObjectInputStream objectInputStream) {
        objectInputStream.defaultReadObject();
        this.transportFactory = (K4.b) OAuth2Credentials.newInstance(this.transportFactoryClassName);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection) {
        C0600n c0600n = AbstractC0607v.f8725d;
        return createScoped(collection, W.f8666X);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection, Collection<String> collection2) {
        return toBuilder().setHttpTransportFactory(this.transportFactory).setScopes(collection).setDefaultScopes(collection2).setAccessToken((AccessToken) null).build();
    }

    public String createTokenUrlWithScopes() {
        g gVar = new g(getTokenServerEncodedUrl());
        if (!this.scopes.isEmpty()) {
            gVar.f("scopes", f.d(',').c(this.scopes));
        }
        return gVar.d();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ComputeEngineCredentials) || !super.equals(obj)) {
            return false;
        }
        ComputeEngineCredentials computeEngineCredentials = (ComputeEngineCredentials) obj;
        return Objects.equals(this.transportFactoryClassName, computeEngineCredentials.transportFactoryClassName) && Objects.equals(this.scopes, computeEngineCredentials.scopes) && Objects.equals(this.universeDomainFromMetadata, computeEngineCredentials.universeDomainFromMetadata);
    }

    @Override // J4.e
    public String getAccount() {
        if (this.serviceAccountEmail == null) {
            try {
                this.serviceAccountEmail = getDefaultServiceAccount();
            } catch (IOException e9) {
                throw new RuntimeException("Failed to get service account", e9);
            }
        }
        return this.serviceAccountEmail;
    }

    @Override // J4.b
    public J4.a getMetricsCredentialType() {
        return J4.a.VM_CREDENTIALS;
    }

    public final Collection<String> getScopes() {
        return this.scopes;
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, J4.b
    public String getUniverseDomain() {
        if (isExplicitUniverseDomain()) {
            return super.getUniverseDomain();
        }
        synchronized (this) {
            try {
                String str = this.universeDomainFromMetadata;
                if (str != null) {
                    return str;
                }
                String universeDomainFromMetadata = getUniverseDomainFromMetadata();
                synchronized (this) {
                    this.universeDomainFromMetadata = universeDomainFromMetadata;
                }
                return universeDomainFromMetadata;
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.transportFactoryClassName);
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken idTokenWithAudience(String str, List<IdTokenProvider.Option> list) {
        g gVar = new g(getIdentityDocumentUrl());
        if (list != null) {
            if (list.contains(IdTokenProvider.Option.FORMAT_FULL)) {
                gVar.f("format", HttpStorageRpc.DEFAULT_PROJECTION);
            }
            if (list.contains(IdTokenProvider.Option.LICENSES_TRUE)) {
                gVar.f("format", HttpStorageRpc.DEFAULT_PROJECTION);
                gVar.f("license", "TRUE");
            }
        }
        gVar.f("audience", str);
        s metadataResponse = getMetadataResponse(gVar.d(), MetricsUtils.RequestType.ID_TOKEN_REQUEST, true);
        if (metadataResponse.b() != null) {
            return IdToken.create(metadataResponse.f());
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() {
        s metadataResponse = getMetadataResponse(createTokenUrlWithScopes(), MetricsUtils.RequestType.ACCESS_TOKEN_REQUEST, true);
        int i = metadataResponse.f39537f;
        if (i == 404) {
            throw new IOException(AbstractC6544s.c(i, "Error code ", " trying to get security access token from Compute Engine metadata for the default service account. This may be because the virtual machine instance does not have permission scopes specified. It is possible to skip checking for Compute Engine metadata by specifying the environment  variable NO_GCE_CHECK=true."));
        }
        if (i != 200) {
            throw new IOException("Unexpected Error code " + i + " trying to get security access token from Compute Engine metadata for the default service account: " + metadataResponse.f());
        }
        if (metadataResponse.b() == null) {
            throw new IOException("Empty content from metadata token server request.");
        }
        r rVar = (r) metadataResponse.e(r.class);
        String validateString = OAuth2Utils.validateString(rVar, "access_token", PARSE_ERROR_PREFIX);
        int validateInt32 = OAuth2Utils.validateInt32(rVar, "expires_in", PARSE_ERROR_PREFIX);
        ((y) this.clock).getClass();
        return new AccessToken(validateString, new Date(System.currentTimeMillis() + (validateInt32 * AdError.NETWORK_ERROR_CODE)));
    }

    @Override // J4.e
    public byte[] sign(byte[] bArr) {
        try {
            return IamUtils.sign(getAccount(), this, this.transportFactory.create(), bArr, Collections.EMPTY_MAP);
        } catch (d e9) {
            throw e9;
        } catch (RuntimeException e10) {
            throw new RuntimeException("Signing failed", e10);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public Builder toBuilder() {
        return new Builder(this);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public P4.r toStringHelper() {
        P4.r stringHelper;
        synchronized (this) {
            stringHelper = super.toStringHelper();
            stringHelper.c(this.transportFactoryClassName, "transportFactoryClassName");
            stringHelper.c(this.scopes, "scopes");
            stringHelper.c(this.universeDomainFromMetadata, "universeDomainFromMetadata");
        }
        return stringHelper;
    }
}
