package com.google.auth.oauth2;

import com.facebook.share.internal.ShareInternalUtility;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpHeaders;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.auth.oauth2.ExternalAccountCredentials;
import com.google.auth.oauth2.StsTokenExchangeRequest;
import com.google.common.io.CharStreams;
import com.tradplus.ads.common.AdType;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import javax.annotation.Nullable;

/* loaded from: classes3.dex */
public class IdentityPoolCredentials extends ExternalAccountCredentials {
    private static final long serialVersionUID = 2471046175477275881L;
    private final IdentityPoolCredentialSource identityPoolCredentialSource;

    /* loaded from: classes3.dex */
    public static class Builder extends ExternalAccountCredentials.Builder {
        Builder() {
        }

        Builder(IdentityPoolCredentials identityPoolCredentials) {
            super(identityPoolCredentials);
        }

        @Override // com.google.auth.oauth2.ExternalAccountCredentials.Builder, com.google.auth.oauth2.GoogleCredentials.Builder, com.google.auth.oauth2.OAuth2Credentials.Builder
        public IdentityPoolCredentials build() {
            return new IdentityPoolCredentials(this);
        }

        @Override // com.google.auth.oauth2.ExternalAccountCredentials.Builder
        public Builder setWorkforcePoolUserProject(String str) {
            super.setWorkforcePoolUserProject(str);
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class IdentityPoolCredentialSource extends ExternalAccountCredentials.CredentialSource {
        private static final long serialVersionUID = -745855247050085694L;
        private CredentialFormatType credentialFormatType;
        private String credentialLocation;
        private IdentityPoolCredentialSourceType credentialSourceType;

        @Nullable
        private Map<String, String> headers;

        @Nullable
        private String subjectTokenFieldName;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes3.dex */
        public enum CredentialFormatType {
            TEXT,
            JSON
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes3.dex */
        public enum IdentityPoolCredentialSourceType {
            FILE,
            URL
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public IdentityPoolCredentialSource(Map<String, Object> map) {
            super(map);
            if (map.containsKey(ShareInternalUtility.STAGING_PARAM) && map.containsKey("url")) {
                throw new IllegalArgumentException("Only one credential source type can be set, either file or url.");
            }
            if (map.containsKey(ShareInternalUtility.STAGING_PARAM)) {
                this.credentialLocation = (String) map.get(ShareInternalUtility.STAGING_PARAM);
                this.credentialSourceType = IdentityPoolCredentialSourceType.FILE;
            } else {
                if (!map.containsKey("url")) {
                    throw new IllegalArgumentException("Missing credential source file location or URL. At least one must be specified.");
                }
                this.credentialLocation = (String) map.get("url");
                this.credentialSourceType = IdentityPoolCredentialSourceType.URL;
            }
            Map map2 = (Map) map.get("headers");
            if (map2 != null && !map2.isEmpty()) {
                HashMap hashMap = new HashMap();
                this.headers = hashMap;
                hashMap.putAll(map2);
            }
            this.credentialFormatType = CredentialFormatType.TEXT;
            Map map3 = (Map) map.get("format");
            if (map3 == null || !map3.containsKey("type")) {
                return;
            }
            String str = (String) map3.get("type");
            if (str == null || !AdType.STATIC_NATIVE.equals(str.toLowerCase(Locale.US))) {
                if (str == null || !"text".equals(str.toLowerCase(Locale.US))) {
                    throw new IllegalArgumentException(String.format("Invalid credential source format type: %s.", str));
                }
                this.credentialFormatType = CredentialFormatType.TEXT;
                return;
            }
            if (!map3.containsKey("subject_token_field_name")) {
                throw new IllegalArgumentException("When specifying a JSON credential type, the subject_token_field_name must be set.");
            }
            this.credentialFormatType = CredentialFormatType.JSON;
            this.subjectTokenFieldName = (String) map3.get("subject_token_field_name");
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean hasHeaders() {
            Map<String, String> map = this.headers;
            return (map == null || map.isEmpty()) ? false : true;
        }
    }

    IdentityPoolCredentials(Builder builder) {
        super(builder);
        this.identityPoolCredentialSource = (IdentityPoolCredentialSource) builder.credentialSource;
    }

    private String getSubjectTokenFromMetadataServer() throws IOException {
        HttpRequest buildGetRequest = this.transportFactory.create().createRequestFactory().buildGetRequest(new GenericUrl(this.identityPoolCredentialSource.credentialLocation));
        buildGetRequest.setParser(new JsonObjectParser(OAuth2Utils.JSON_FACTORY));
        if (this.identityPoolCredentialSource.hasHeaders()) {
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.putAll(this.identityPoolCredentialSource.headers);
            buildGetRequest.setHeaders(httpHeaders);
        }
        try {
            return parseToken(buildGetRequest.execute().getContent());
        } catch (IOException e2) {
            throw new IOException(String.format("Error getting subject token from metadata server: %s", e2.getMessage()), e2);
        }
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    public static Builder newBuilder(IdentityPoolCredentials identityPoolCredentials) {
        return new Builder(identityPoolCredentials);
    }

    private String parseToken(InputStream inputStream) throws IOException {
        if (this.identityPoolCredentialSource.credentialFormatType == IdentityPoolCredentialSource.CredentialFormatType.TEXT) {
            return CharStreams.toString(new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8)));
        }
        GenericJson genericJson = (GenericJson) new JsonObjectParser(OAuth2Utils.JSON_FACTORY).parseAndClose(inputStream, StandardCharsets.UTF_8, GenericJson.class);
        if (genericJson.containsKey(this.identityPoolCredentialSource.subjectTokenFieldName)) {
            return (String) genericJson.get(this.identityPoolCredentialSource.subjectTokenFieldName);
        }
        throw new IOException("Invalid subject token field name. No subject token was found.");
    }

    private String retrieveSubjectTokenFromCredentialFile() throws IOException {
        String str = this.identityPoolCredentialSource.credentialLocation;
        if (!Files.exists(Paths.get(str, new String[0]), LinkOption.NOFOLLOW_LINKS)) {
            throw new IOException(String.format("Invalid credential location. The file at %s does not exist.", str));
        }
        try {
            return parseToken(new FileInputStream(new File(str)));
        } catch (IOException e2) {
            throw new IOException("Error when attempting to read the subject token from the credential file.", e2);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public /* bridge */ /* synthetic */ GoogleCredentials createScoped(Collection collection) {
        return createScoped((Collection<String>) collection);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public IdentityPoolCredentials createScoped(Collection<String> collection) {
        return new IdentityPoolCredentials((Builder) newBuilder(this).setScopes(collection));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() throws IOException {
        StsTokenExchangeRequest.Builder audience = StsTokenExchangeRequest.newBuilder(retrieveSubjectToken(), getSubjectTokenType()).setAudience(getAudience());
        Collection<String> scopes = getScopes();
        if (scopes != null && !scopes.isEmpty()) {
            audience.setScopes(new ArrayList(scopes));
        }
        return exchangeExternalCredentialForAccessToken(audience.build());
    }

    @Override // com.google.auth.oauth2.ExternalAccountCredentials
    public String retrieveSubjectToken() throws IOException {
        return this.identityPoolCredentialSource.credentialSourceType == IdentityPoolCredentialSource.IdentityPoolCredentialSourceType.FILE ? retrieveSubjectTokenFromCredentialFile() : getSubjectTokenFromMetadataServer();
    }
}
