package com.google.auth.oauth2;

import Kf.h;
import N4.d;
import Z.AbstractC1380b;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.util.A;
import com.google.api.client.util.s;
import com.google.auth.ServiceAccountSigner$SigningException;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.huawei.openalliance.ad.ppskit.constant.fe;
import i8.AbstractC4444m;
import i8.C4434c;
import i8.C4440i;
import i8.C4443l;
import j$.time.Duration;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import n8.InterfaceC5023b;
import q8.AbstractC5246m;
import q8.v;

/* loaded from: classes3.dex */
public class ComputeEngineCredentials extends GoogleCredentials implements IdTokenProvider {
    static final int COMPUTE_PING_CONNECTION_TIMEOUT_MS = 500;
    static final String DEFAULT_METADATA_SERVER_URL = "http://metadata.google.internal";
    private static final String GOOGLE = "Google";
    private static final String LINUX = "linux";
    static final int MAX_COMPUTE_PING_TRIES = 3;
    private static final String METADATA_FLAVOR = "Metadata-Flavor";
    private static final String PARSE_ERROR_ACCOUNT = "Error parsing service account response. ";
    private static final String PARSE_ERROR_PREFIX = "Error parsing token refresh response. ";
    static final String SIGN_BLOB_URL_FORMAT = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:signBlob";
    private static final String WINDOWS = "windows";
    private static final long serialVersionUID = -4113476462526554235L;
    private final Collection<String> scopes;
    private transient String serviceAccountEmail;
    private transient InterfaceC5023b transportFactory;
    private final String transportFactoryClassName;
    static final Duration COMPUTE_EXPIRATION_MARGIN = Duration.ofMinutes(3);
    static final Duration COMPUTE_REFRESH_MARGIN = Duration.ofMinutes(4);
    private static final Logger LOGGER = Logger.getLogger(ComputeEngineCredentials.class.getName());

    /* loaded from: classes3.dex */
    public static class Builder extends GoogleCredentials.Builder {
        private Collection<String> scopes;
        private InterfaceC5023b transportFactory;

        public Builder() {
        }

        public Builder(ComputeEngineCredentials computeEngineCredentials) {
            this.transportFactory = computeEngineCredentials.transportFactory;
            this.scopes = computeEngineCredentials.scopes;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // com.google.auth.oauth2.GoogleCredentials.Builder, com.google.auth.oauth2.OAuth2Credentials.Builder
        public ComputeEngineCredentials build() {
            return new ComputeEngineCredentials(this.transportFactory, this.scopes, null);
        }

        public InterfaceC5023b getHttpTransportFactory() {
            return this.transportFactory;
        }

        public Collection<String> getScopes() {
            return this.scopes;
        }

        public Builder setHttpTransportFactory(InterfaceC5023b interfaceC5023b) {
            this.transportFactory = interfaceC5023b;
            return this;
        }

        public Builder setScopes(Collection<String> collection) {
            this.scopes = collection;
            return this;
        }
    }

    private ComputeEngineCredentials(InterfaceC5023b interfaceC5023b, Collection<String> collection, Collection<String> collection2) {
        super(null, COMPUTE_REFRESH_MARGIN, COMPUTE_EXPIRATION_MARGIN);
        InterfaceC5023b interfaceC5023b2 = (InterfaceC5023b) android.support.v4.media.session.a.R(interfaceC5023b, OAuth2Credentials.getFromServiceLoader(InterfaceC5023b.class, OAuth2Utils.HTTP_TRANSPORT_FACTORY));
        this.transportFactory = interfaceC5023b2;
        this.transportFactoryClassName = interfaceC5023b2.getClass().getName();
        collection = (collection == null || collection.isEmpty()) ? collection2 : collection;
        if (collection == null) {
            int i5 = AbstractC5246m.f50755c;
            this.scopes = v.f50778j;
        } else {
            ArrayList arrayList = new ArrayList(collection);
            arrayList.removeAll(Arrays.asList("", null));
            this.scopes = AbstractC5246m.G(arrayList);
        }
    }

    public static boolean checkProductNameOnLinux(BufferedReader bufferedReader) throws IOException {
        return bufferedReader.readLine().trim().startsWith(GOOGLE);
    }

    public static boolean checkStaticGceDetection(DefaultCredentialsProvider defaultCredentialsProvider) {
        String osName = defaultCredentialsProvider.getOsName();
        try {
            if (osName.startsWith(LINUX)) {
                return checkProductNameOnLinux(new BufferedReader(new InputStreamReader(defaultCredentialsProvider.readStream(new File("/sys/class/dmi/id/product_name")))));
            }
            osName.startsWith(WINDOWS);
            return false;
        } catch (IOException e7) {
            LOGGER.log(Level.FINE, "Encountered an unexpected exception when checking SMBIOS value", (Throwable) e7);
            return false;
        }
    }

    public static ComputeEngineCredentials create() {
        return new ComputeEngineCredentials(null, null, null);
    }

    private String getDefaultServiceAccount() throws IOException {
        C4443l metadataResponse = getMetadataResponse(getServiceAccountsUrl());
        int i5 = metadataResponse.f45499e;
        if (i5 == 404) {
            throw new IOException(AbstractC1380b.h(i5, "Error code ", " trying to get service accounts from Compute Engine metadata. This may be because the virtual machine instance does not have permission scopes specified."));
        }
        if (i5 != 200) {
            throw new IOException(AbstractC1380b.l("Unexpected Error code ", i5, " trying to get service accounts from Compute Engine metadata: ", metadataResponse.f()));
        }
        if (metadataResponse.b() != null) {
            return OAuth2Utils.validateString(OAuth2Utils.validateMap((s) metadataResponse.e(s.class), "default", PARSE_ERROR_ACCOUNT), "email", PARSE_ERROR_ACCOUNT);
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    public static String getIdentityDocumentUrl() {
        return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT) + "/computeMetadata/v1/instance/service-accounts/default/identity";
    }

    private C4443l getMetadataResponse(String str) throws IOException {
        C4434c c4434c = new C4434c(str);
        AbstractC4444m create = this.transportFactory.create();
        create.getClass();
        C4440i c4440i = new C4440i(create);
        c4440i.f45485j = c4434c;
        c4440i.c("GET");
        c4440i.f45489o = new JsonObjectParser(OAuth2Utils.JSON_FACTORY);
        c4440i.f45476a.d(GOOGLE, METADATA_FLAVOR);
        c4440i.f45491q = false;
        try {
            C4443l a10 = c4440i.a();
            if (a10.f45499e != 503) {
                return a10;
            }
            throw GoogleAuthException.createWithTokenEndpointResponseException(new HttpResponseException(new d(a10)));
        } catch (UnknownHostException e7) {
            throw new IOException("ComputeEngineCredentials cannot find the metadata server. This is likely because code is not running on Google Compute Engine.", e7);
        }
    }

    public static String getMetadataServerUrl() {
        return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT);
    }

    public static String getMetadataServerUrl(DefaultCredentialsProvider defaultCredentialsProvider) {
        String env = defaultCredentialsProvider.getEnv("GCE_METADATA_HOST");
        return env != null ? fe.f33626a.concat(env) : DEFAULT_METADATA_SERVER_URL;
    }

    public static String getServiceAccountsUrl() {
        return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT) + "/computeMetadata/v1/instance/service-accounts/?recursive=true";
    }

    public static String getTokenServerEncodedUrl() {
        return getTokenServerEncodedUrl(DefaultCredentialsProvider.DEFAULT);
    }

    public static String getTokenServerEncodedUrl(DefaultCredentialsProvider defaultCredentialsProvider) {
        return getMetadataServerUrl(defaultCredentialsProvider) + "/computeMetadata/v1/instance/service-accounts/default/token";
    }

    public static synchronized boolean isOnGce(InterfaceC5023b interfaceC5023b, DefaultCredentialsProvider defaultCredentialsProvider) {
        synchronized (ComputeEngineCredentials.class) {
            try {
                if (Boolean.parseBoolean(defaultCredentialsProvider.getEnv("NO_GCE_CHECK"))) {
                    return false;
                }
                boolean pingComputeEngineMetadata = pingComputeEngineMetadata(interfaceC5023b, defaultCredentialsProvider);
                if (!pingComputeEngineMetadata) {
                    pingComputeEngineMetadata = checkStaticGceDetection(defaultCredentialsProvider);
                }
                if (!pingComputeEngineMetadata) {
                    LOGGER.log(Level.FINE, "Failed to detect whether running on Google Compute Engine.");
                }
                return pingComputeEngineMetadata;
            } catch (Throwable th2) {
                throw th2;
            }
        }
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    private static boolean pingComputeEngineMetadata(InterfaceC5023b interfaceC5023b, DefaultCredentialsProvider defaultCredentialsProvider) {
        C4434c c4434c = new C4434c(getMetadataServerUrl(defaultCredentialsProvider));
        for (int i5 = 1; i5 <= 3; i5++) {
            try {
                AbstractC4444m create = interfaceC5023b.create();
                create.getClass();
                C4440i c4440i = new C4440i(create);
                c4440i.f45485j = c4434c;
                c4440i.c("GET");
                c4440i.k = 500;
                c4440i.f45476a.d(GOOGLE, METADATA_FLAVOR);
                C4443l a10 = c4440i.a();
                try {
                    return OAuth2Utils.headersContainValue(a10.f45501g.f45477b, METADATA_FLAVOR, GOOGLE);
                } finally {
                    a10.a();
                }
            } catch (SocketTimeoutException unused) {
            } catch (IOException e7) {
                LOGGER.log(Level.FINE, "Encountered an unexpected exception when checking if running on Google Compute Engine using Metadata Service ping.", (Throwable) e7);
            }
        }
        return false;
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.transportFactory = (InterfaceC5023b) OAuth2Credentials.newInstance(this.transportFactoryClassName);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection) {
        return new ComputeEngineCredentials(this.transportFactory, collection, null);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection, Collection<String> collection2) {
        return new ComputeEngineCredentials(this.transportFactory, collection, collection2);
    }

    public String createTokenUrlWithScopes() {
        C4434c c4434c = new C4434c(getTokenServerEncodedUrl());
        if (!this.scopes.isEmpty()) {
            c4434c.e(new h(String.valueOf(','), 7).d(this.scopes), "scopes");
        }
        return c4434c.c();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ComputeEngineCredentials)) {
            return false;
        }
        ComputeEngineCredentials computeEngineCredentials = (ComputeEngineCredentials) obj;
        return Objects.equals(this.transportFactoryClassName, computeEngineCredentials.transportFactoryClassName) && Objects.equals(this.scopes, computeEngineCredentials.scopes);
    }

    public String getAccount() {
        if (this.serviceAccountEmail == null) {
            try {
                this.serviceAccountEmail = getDefaultServiceAccount();
            } catch (IOException e7) {
                throw new RuntimeException("Failed to get service account", e7);
            }
        }
        return this.serviceAccountEmail;
    }

    public final Collection<String> getScopes() {
        return this.scopes;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.transportFactoryClassName);
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken idTokenWithAudience(String str, List<IdTokenProvider.Option> list) throws IOException {
        C4434c c4434c = new C4434c(getIdentityDocumentUrl());
        if (list != null) {
            if (list.contains(IdTokenProvider.Option.FORMAT_FULL)) {
                c4434c.e("full", "format");
            }
            if (list.contains(IdTokenProvider.Option.LICENSES_TRUE)) {
                c4434c.e("full", "format");
                c4434c.e("TRUE", "license");
            }
        }
        c4434c.e(str, "audience");
        C4443l metadataResponse = getMetadataResponse(c4434c.c());
        if (metadataResponse.b() != null) {
            return IdToken.create(metadataResponse.f());
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() throws IOException {
        C4443l metadataResponse = getMetadataResponse(createTokenUrlWithScopes());
        int i5 = metadataResponse.f45499e;
        if (i5 == 404) {
            throw new IOException(AbstractC1380b.h(i5, "Error code ", " trying to get security access token from Compute Engine metadata for the default service account. This may be because the virtual machine instance does not have permission scopes specified. It is possible to skip checking for Compute Engine metadata by specifying the environment  variable NO_GCE_CHECK=true."));
        }
        if (i5 != 200) {
            throw new IOException(AbstractC1380b.l("Unexpected Error code ", i5, " trying to get security access token from Compute Engine metadata for the default service account: ", metadataResponse.f()));
        }
        if (metadataResponse.b() == null) {
            throw new IOException("Empty content from metadata token server request.");
        }
        s sVar = (s) metadataResponse.e(s.class);
        String validateString = OAuth2Utils.validateString(sVar, "access_token", PARSE_ERROR_PREFIX);
        int validateInt32 = OAuth2Utils.validateInt32(sVar, "expires_in", PARSE_ERROR_PREFIX);
        ((A) this.clock).getClass();
        return new AccessToken(validateString, new Date(System.currentTimeMillis() + (validateInt32 * 1000)));
    }

    public byte[] sign(byte[] bArr) {
        try {
            return IamUtils.sign(getAccount(), this, this.transportFactory.create(), bArr, Collections.emptyMap());
        } catch (ServiceAccountSigner$SigningException e7) {
            throw e7;
        } catch (RuntimeException e10) {
            throw new RuntimeException("Signing failed", e10);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public Builder toBuilder() {
        return new Builder(this);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        u3.s o02 = android.support.v4.media.session.a.o0(this);
        o02.a(this.transportFactoryClassName, "transportFactoryClassName");
        return o02.toString();
    }
}
