package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.GenericData;
import com.google.auth.oauth2.c0;
import j$.util.Objects;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Date;
import java.util.Map;

/* loaded from: classes4.dex */
public class z extends c0 {

    /* renamed from: f, reason: collision with root package name */
    private final PrivateKey f28581f;

    /* renamed from: g, reason: collision with root package name */
    private final String f28582g;

    /* renamed from: h, reason: collision with root package name */
    private final String f28583h;

    /* renamed from: i, reason: collision with root package name */
    private final String f28584i;

    /* renamed from: j, reason: collision with root package name */
    private final URI f28585j;

    /* renamed from: k, reason: collision with root package name */
    private final URI f28586k;

    /* renamed from: l, reason: collision with root package name */
    private final int f28587l;

    /* renamed from: m, reason: collision with root package name */
    private final String f28588m;

    /* renamed from: n, reason: collision with root package name */
    private final String f28589n;

    /* renamed from: o, reason: collision with root package name */
    private transient gf.b f28590o;

    /* loaded from: classes4.dex */
    public static class a extends c0.a {

        /* renamed from: f, reason: collision with root package name */
        private String f28591f;

        /* renamed from: g, reason: collision with root package name */
        private String f28592g;

        /* renamed from: h, reason: collision with root package name */
        private PrivateKey f28593h;

        /* renamed from: i, reason: collision with root package name */
        private String f28594i;

        /* renamed from: j, reason: collision with root package name */
        private URI f28595j;

        /* renamed from: k, reason: collision with root package name */
        private URI f28596k;

        /* renamed from: l, reason: collision with root package name */
        private gf.b f28597l;

        /* renamed from: m, reason: collision with root package name */
        private String f28598m;

        /* renamed from: n, reason: collision with root package name */
        private int f28599n;

        protected a() {
            this.f28599n = 3600;
        }

        protected a(z zVar) {
            this.f28599n = 3600;
            this.f28591f = zVar.f28583h;
            this.f28592g = zVar.f28582g;
            this.f28593h = zVar.f28581f;
            this.f28594i = zVar.f28584i;
            this.f28595j = zVar.f28585j;
            this.f28597l = zVar.f28590o;
            this.f28598m = zVar.f28589n;
            this.f28599n = zVar.f28587l;
        }

        public a A(PrivateKey privateKey) {
            this.f28593h = privateKey;
            return this;
        }

        public a B(String str) {
            this.f28592g = str;
            return this;
        }

        public a C(String str) {
            this.f28591f = str;
            return this;
        }

        public a D(String str) {
            this.f28594i = str;
            return this;
        }

        public a E(URI uri) {
            this.f28595j = uri;
            return this;
        }

        @Override // com.google.auth.oauth2.c0.a
        /* renamed from: w, reason: merged with bridge method [inline-methods] */
        public z a() {
            return new z(this);
        }

        public a x(String str) {
            this.f28598m = str;
            return this;
        }

        public a y(URI uri) {
            this.f28596k = uri;
            return this;
        }

        public a z(gf.b bVar) {
            this.f28597l = bVar;
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public static class b implements gf.b {

        /* renamed from: a, reason: collision with root package name */
        HttpTransport f28600a;

        public b(String str) throws IOException {
            a(str);
        }

        private void a(String str) throws IOException {
            if (str == null || str.isEmpty()) {
                this.f28600a = new NetHttpTransport();
                return;
            }
            try {
                this.f28600a = new NetHttpTransport.Builder().trustCertificatesFromStream(z.L(new File(str))).build();
            } catch (IOException e10) {
                throw new IOException(String.format("Error reading certificate file from CA cert path, value '%s': %s", str, e10.getMessage()), e10);
            } catch (GeneralSecurityException e11) {
                throw new IOException("Error initiating transport with certificate stream.", e11);
            }
        }

        @Override // gf.b
        public HttpTransport create() {
            return this.f28600a;
        }
    }

    z(a aVar) {
        this.f28583h = (String) p000if.t.s(aVar.f28591f);
        this.f28582g = (String) p000if.t.s(aVar.f28592g);
        this.f28581f = (PrivateKey) p000if.t.s(aVar.f28593h);
        this.f28584i = (String) p000if.t.s(aVar.f28594i);
        this.f28585j = (URI) p000if.t.s(aVar.f28595j);
        gf.b bVar = (gf.b) p000if.t.s(aVar.f28597l);
        this.f28590o = bVar;
        this.f28588m = bVar.getClass().getName();
        this.f28589n = aVar.f28598m;
        this.f28586k = aVar.f28596k;
        this.f28587l = aVar.f28599n;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static z B(Map<String, Object> map) throws IOException {
        return C(map, new b((String) map.get("ca_cert_path")));
    }

    static z C(Map<String, Object> map, gf.b bVar) throws IOException {
        String N = N((String) map.get("format_version"), "format_version");
        String N2 = N((String) map.get("project"), "project");
        String N3 = N((String) map.get("private_key_id"), "private_key_id");
        String N4 = N((String) map.get("private_key"), "private_key");
        String N5 = N((String) map.get("name"), "name");
        String N6 = N((String) map.get("token_uri"), "token_uri");
        String str = (String) map.get("ca_cert_path");
        if (!"1".equals(N)) {
            throw new IOException(String.format("Only format version %s is supported.", "1"));
        }
        try {
            return D(N4, K().C(N2).B(N3).E(new URI(N6)).D(N5).x(str).z(bVar));
        } catch (URISyntaxException unused) {
            throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
        }
    }

    static z D(String str, a aVar) throws IOException {
        aVar.A(m0.b(str));
        return new z(aVar);
    }

    static String H(String str, String str2) {
        return String.format("system:serviceaccount:%s:%s", str, str2);
    }

    public static a K() {
        return new a();
    }

    static InputStream L(File file) throws FileNotFoundException {
        return new FileInputStream(file);
    }

    private static String N(String str, String str2) throws IOException {
        if (str == null || str.isEmpty()) {
            throw new IOException(String.format("Error reading GDCH service account credential from JSON, %s is misconfigured.", str2));
        }
        return str;
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.f28590o = (gf.b) l0.newInstance(this.f28588m);
    }

    public final URI F() {
        return this.f28586k;
    }

    public final String I() {
        return this.f28584i;
    }

    public final URI J() {
        return this.f28585j;
    }

    @Override // com.google.auth.oauth2.c0, com.google.auth.oauth2.l0
    /* renamed from: M, reason: merged with bridge method [inline-methods] */
    public a toBuilder() {
        return new a(this);
    }

    @Override // com.google.auth.oauth2.c0, com.google.auth.oauth2.l0
    public boolean equals(Object obj) {
        if (!(obj instanceof z)) {
            return false;
        }
        z zVar = (z) obj;
        return Objects.equals(this.f28583h, zVar.f28583h) && Objects.equals(this.f28582g, zVar.f28582g) && Objects.equals(this.f28581f, zVar.f28581f) && Objects.equals(this.f28584i, zVar.f28584i) && Objects.equals(this.f28585j, zVar.f28585j) && Objects.equals(this.f28588m, zVar.f28588m) && Objects.equals(this.f28586k, zVar.f28586k) && Objects.equals(this.f28589n, zVar.f28589n) && Integer.valueOf(this.f28587l).equals(Integer.valueOf(zVar.f28587l));
    }

    @Override // com.google.auth.oauth2.c0, com.google.auth.oauth2.l0
    public int hashCode() {
        return Objects.hash(this.f28583h, this.f28582g, this.f28581f, this.f28584i, this.f28585j, this.f28588m, this.f28586k, this.f28589n, Integer.valueOf(this.f28587l));
    }

    @Override // com.google.auth.oauth2.l0
    public com.google.auth.oauth2.a refreshAccessToken() throws IOException {
        p000if.t.t(this.f28586k, "Audience are not configured for GDCH service account. Specify the audience by calling createWithGDCHAudience.");
        JsonFactory jsonFactory = m0.f28428f;
        String y10 = y(jsonFactory, this.clock.currentTimeMillis(), F());
        GenericData genericData = new GenericData();
        genericData.set("grant_type", "urn:ietf:params:oauth:token-type:token-exchange");
        genericData.set("assertion", y10);
        HttpRequest buildPostRequest = this.f28590o.create().createRequestFactory().buildPostRequest(new GenericUrl(this.f28585j), new UrlEncodedContent(genericData));
        buildPostRequest.setParser(new JsonObjectParser(jsonFactory));
        try {
            return new com.google.auth.oauth2.a(m0.f((GenericData) buildPostRequest.execute().parseAs(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.clock.currentTimeMillis() + (m0.c(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
        } catch (HttpResponseException e10) {
            throw a0.e(e10, String.format("Error getting access token for GDCH service account: %s, iss: %s", e10.getMessage(), I()));
        } catch (IOException e11) {
            throw a0.c(e11, String.format("Error getting access token for GDCH service account: %s, iss: %s", e11.getMessage(), I()));
        }
    }

    @Override // com.google.auth.oauth2.c0, com.google.auth.oauth2.l0
    public String toString() {
        return p000if.n.c(this).e("projectId", this.f28583h).e("privateKeyId", this.f28582g).e("serviceIdentityName", this.f28584i).e("tokenServerUri", this.f28585j).e("transportFactoryClassName", this.f28588m).e("caCertPath", this.f28589n).e("apiAudience", this.f28586k).c("lifetime", this.f28587l).toString();
    }

    String y(JsonFactory jsonFactory, long j10, URI uri) throws IOException {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.f28582g);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.setIssuer(H(this.f28583h, this.f28584i));
        payload.setSubject(H(this.f28583h, this.f28584i));
        long j11 = j10 / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(j11));
        payload.setExpirationTimeSeconds(Long.valueOf(j11 + this.f28587l));
        payload.setAudience(J().toString());
        try {
            payload.set("api_audience", (Object) uri.toString());
            return JsonWebSignature.signUsingRsaSha256(this.f28581f, jsonFactory, header, payload);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    public z z(URI uri) throws IOException {
        p000if.t.t(uri, "Audience are not configured for GDCH service account credentials.");
        return toBuilder().y(uri).a();
    }
}
