package com.google.auth.oauth2;

import com.google.api.client.http.o0OOO0o;
import com.google.api.client.http.oo000o;
import com.google.api.client.http.oo0o0Oo;
import com.google.api.client.util.GenericData;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.o000oOoO;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.litepal.util.Const;

/* loaded from: classes2.dex */
public class ImpersonatedCredentials extends GoogleCredentials implements IdTokenProvider {
    private static final String CLOUD_PLATFORM_SCOPE = "https://www.googleapis.com/auth/cloud-platform";
    private static final int DEFAULT_LIFETIME_IN_SECONDS = 3600;
    private static final String IAM_ACCESS_TOKEN_ENDPOINT = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:generateAccessToken";
    private static final String RFC3339 = "yyyy-MM-dd'T'HH:mm:ss'Z'";
    private static final int TWELVE_HOURS_IN_SECONDS = 43200;
    private static final long serialVersionUID = -2133257318957488431L;
    private List<String> delegates;
    private int lifetime;
    private String quotaProjectId;
    private List<String> scopes;
    private GoogleCredentials sourceCredentials;
    private String targetPrincipal;
    private transient o0o0Oo.OooO0O0 transportFactory;
    private final String transportFactoryClassName;

    /* loaded from: classes2.dex */
    public static class OooO0O0 extends GoogleCredentials.OooO00o {

        /* renamed from: OooO, reason: collision with root package name */
        private o0o0Oo.OooO0O0 f19169OooO;

        /* renamed from: OooO0Oo, reason: collision with root package name */
        private GoogleCredentials f19170OooO0Oo;

        /* renamed from: OooO0o, reason: collision with root package name */
        private List<String> f19171OooO0o;

        /* renamed from: OooO0o0, reason: collision with root package name */
        private String f19172OooO0o0;

        /* renamed from: OooO0oO, reason: collision with root package name */
        private List<String> f19173OooO0oO;

        /* renamed from: OooO0oo, reason: collision with root package name */
        private int f19174OooO0oo = ImpersonatedCredentials.DEFAULT_LIFETIME_IN_SECONDS;

        /* renamed from: OooOO0, reason: collision with root package name */
        private String f19175OooOO0;

        protected OooO0O0() {
        }

        protected OooO0O0(GoogleCredentials googleCredentials, String str) {
            this.f19170OooO0Oo = googleCredentials;
            this.f19172OooO0o0 = str;
        }

        public o0o0Oo.OooO0O0 OooO() {
            return this.f19169OooO;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.OooO00o
        /* renamed from: OooO0oO, reason: merged with bridge method [inline-methods] */
        public ImpersonatedCredentials OooO0o() {
            return new ImpersonatedCredentials(this);
        }

        public List<String> OooO0oo() {
            return this.f19171OooO0o;
        }

        public int OooOO0() {
            return this.f19174OooO0oo;
        }

        public List<String> OooOO0O() {
            return this.f19173OooO0oO;
        }

        public GoogleCredentials OooOO0o() {
            return this.f19170OooO0Oo;
        }

        public OooO0O0 OooOOO(List<String> list) {
            this.f19171OooO0o = list;
            return this;
        }

        public String OooOOO0() {
            return this.f19172OooO0o0;
        }

        public OooO0O0 OooOOOO(o0o0Oo.OooO0O0 oooO0O0) {
            this.f19169OooO = oooO0O0;
            return this;
        }

        public OooO0O0 OooOOOo(int i) {
            if (i == 0) {
                i = ImpersonatedCredentials.DEFAULT_LIFETIME_IN_SECONDS;
            }
            this.f19174OooO0oo = i;
            return this;
        }

        public OooO0O0 OooOOo(List<String> list) {
            this.f19173OooO0oO = list;
            return this;
        }

        public OooO0O0 OooOOo0(String str) {
            this.f19175OooOO0 = str;
            return this;
        }

        public OooO0O0 OooOOoo(GoogleCredentials googleCredentials) {
            this.f19170OooO0Oo = googleCredentials;
            return this;
        }

        public OooO0O0 OooOo00(String str) {
            this.f19172OooO0o0 = str;
            return this;
        }
    }

    private ImpersonatedCredentials(OooO0O0 oooO0O0) {
        this.sourceCredentials = oooO0O0.OooOO0o();
        this.targetPrincipal = oooO0O0.OooOOO0();
        this.delegates = oooO0O0.OooO0oo();
        this.scopes = oooO0O0.OooOO0O();
        this.lifetime = oooO0O0.OooOO0();
        this.transportFactory = (o0o0Oo.OooO0O0) com.google.common.base.OooOOOO.OooO00o(oooO0O0.OooO(), OAuth2Credentials.getFromServiceLoader(o0o0Oo.OooO0O0.class, OooOOOO.f19244OooO0o0));
        this.quotaProjectId = oooO0O0.f19175OooOO0;
        this.transportFactoryClassName = this.transportFactory.getClass().getName();
        if (this.delegates == null) {
            this.delegates = new ArrayList();
        }
        if (this.scopes == null) {
            throw new IllegalStateException("Scopes cannot be null");
        }
        if (this.lifetime > TWELVE_HOURS_IN_SECONDS) {
            throw new IllegalStateException("lifetime must be less than or equal to 43200");
        }
    }

    public static ImpersonatedCredentials create(GoogleCredentials googleCredentials, String str, List<String> list, List<String> list2, int i) {
        return newBuilder().OooOOoo(googleCredentials).OooOo00(str).OooOOO(list).OooOOo(list2).OooOOOo(i).OooO00o();
    }

    public static ImpersonatedCredentials create(GoogleCredentials googleCredentials, String str, List<String> list, List<String> list2, int i, o0o0Oo.OooO0O0 oooO0O0) {
        return newBuilder().OooOOoo(googleCredentials).OooOo00(str).OooOOO(list).OooOOo(list2).OooOOOo(i).OooOOOO(oooO0O0).OooO00o();
    }

    public static ImpersonatedCredentials create(GoogleCredentials googleCredentials, String str, List<String> list, List<String> list2, int i, o0o0Oo.OooO0O0 oooO0O0, String str2) {
        return newBuilder().OooOOoo(googleCredentials).OooOo00(str).OooOOO(list).OooOOo(list2).OooOOOo(i).OooOOOO(oooO0O0).OooOOo0(str2).OooO00o();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String extractTargetPrincipal(String str) {
        int lastIndexOf = str.lastIndexOf(47);
        int indexOf = str.indexOf(":generateAccessToken");
        if (lastIndexOf == -1 || indexOf == -1 || lastIndexOf >= indexOf) {
            throw new IllegalArgumentException("Unable to determine target principal from service account impersonation URL.");
        }
        return str.substring(lastIndexOf + 1, indexOf);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ImpersonatedCredentials fromJson(Map<String, Object> map, o0o0Oo.OooO0O0 oooO0O0) throws IOException {
        GoogleCredentials fromJson;
        o000oOoO.OooOOo(map);
        o000oOoO.OooOOo(oooO0O0);
        try {
            String str = (String) map.get("service_account_impersonation_url");
            List<String> list = map.containsKey("delegates") ? (List) map.get("delegates") : null;
            Map map2 = (Map) map.get("source_credentials");
            String str2 = (String) map2.get(Const.TableSchema.COLUMN_TYPE);
            String str3 = (String) map.get("quota_project_id");
            String extractTargetPrincipal = extractTargetPrincipal(str);
            if ("authorized_user".equals(str2)) {
                fromJson = UserCredentials.fromJson(map2, oooO0O0);
            } else {
                if (!"service_account".equals(str2)) {
                    throw new IOException(String.format("A credential of type %s is not supported as source credential for impersonation.", str2));
                }
                fromJson = ServiceAccountCredentials.fromJson(map2, oooO0O0);
            }
            return newBuilder().OooOOoo(fromJson).OooOo00(extractTargetPrincipal).OooOOO(list).OooOOo(new ArrayList()).OooOOOo(DEFAULT_LIFETIME_IN_SECONDS).OooOOOO(oooO0O0).OooOOo0(str3).OooO00o();
        } catch (ClassCastException | IllegalArgumentException | NullPointerException e) {
            throw new CredentialFormatException("An invalid input stream was provided.", e);
        }
    }

    public static OooO0O0 newBuilder() {
        return new OooO0O0();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection) {
        return toBuilder().OooOOo((List) collection).OooOOOo(this.lifetime).OooOOO(this.delegates).OooOOOO(this.transportFactory).OooOOo0(this.quotaProjectId).OooO00o();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public boolean createScopedRequired() {
        List<String> list = this.scopes;
        return list == null || list.isEmpty();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ImpersonatedCredentials)) {
            return false;
        }
        ImpersonatedCredentials impersonatedCredentials = (ImpersonatedCredentials) obj;
        return Objects.equals(this.sourceCredentials, impersonatedCredentials.sourceCredentials) && Objects.equals(this.targetPrincipal, impersonatedCredentials.targetPrincipal) && Objects.equals(this.delegates, impersonatedCredentials.delegates) && Objects.equals(this.scopes, impersonatedCredentials.scopes) && Objects.equals(Integer.valueOf(this.lifetime), Integer.valueOf(impersonatedCredentials.lifetime)) && Objects.equals(this.transportFactoryClassName, impersonatedCredentials.transportFactoryClassName) && Objects.equals(this.quotaProjectId, impersonatedCredentials.quotaProjectId);
    }

    public String getAccount() {
        return this.targetPrincipal;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.google.auth.oauth2.OAuth2Credentials
    public Map<String, List<String>> getAdditionalHeaders() {
        Map<String, List<String>> additionalHeaders = super.getAdditionalHeaders();
        String str = this.quotaProjectId;
        return str != null ? GoogleCredentials.addQuotaProjectIdToRequestMetadata(str, additionalHeaders) : additionalHeaders;
    }

    @VisibleForTesting
    List<String> getDelegates() {
        return this.delegates;
    }

    int getLifetime() {
        return this.lifetime;
    }

    public String getQuotaProjectId() {
        return this.quotaProjectId;
    }

    @VisibleForTesting
    List<String> getScopes() {
        return this.scopes;
    }

    public GoogleCredentials getSourceCredentials() {
        return this.sourceCredentials;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.sourceCredentials, this.targetPrincipal, this.delegates, this.scopes, Integer.valueOf(this.lifetime), this.quotaProjectId);
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken idTokenWithAudience(String str, List<IdTokenProvider.Option> list) throws IOException {
        return OooOOO.OooO00o(getAccount(), this.sourceCredentials, this.transportFactory.create(), str, list != null && list.contains(IdTokenProvider.Option.INCLUDE_EMAIL), ImmutableMap.of("delegates", this.delegates));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() throws IOException {
        if (this.sourceCredentials.getAccessToken() == null) {
            this.sourceCredentials = this.sourceCredentials.createScoped(Arrays.asList(CLOUD_PLATFORM_SCOPE));
        }
        try {
            this.sourceCredentials.refreshIfExpired();
            oo0o0Oo create = this.transportFactory.create();
            oo0O.OooO oooO = new oo0O.OooO(OooOOOO.f19243OooO0o);
            o0o0Oo.OooO00o oooO00o = new o0o0Oo.OooO00o(this.sourceCredentials);
            oo000o OooO0O02 = create.OooO0OO().OooO0O0(new com.google.api.client.http.OooOOO(String.format(IAM_ACCESS_TOKEN_ENDPOINT, this.targetPrincipal)), new o00OO0oo.OooOOO0(oooO.OooO0O0(), ImmutableMap.of("delegates", (String) this.delegates, "scope", (String) this.scopes, "lifetime", this.lifetime + "s")));
            oooO00o.OooO0OO(OooO0O02);
            OooO0O02.OooOoO(oooO);
            try {
                o0OOO0o OooO0O03 = OooO0O02.OooO0O0();
                GenericData genericData = (GenericData) OooO0O03.OooOOO0(GenericData.class);
                OooO0O03.OooO00o();
                try {
                    return new AccessToken(OooOOOO.OooO0o0(genericData, "accessToken", "Expected to find an accessToken"), new SimpleDateFormat(RFC3339).parse(OooOOOO.OooO0o0(genericData, "expireTime", "Expected to find an expireTime")));
                } catch (ParseException e) {
                    throw new IOException("Error parsing expireTime: " + e.getMessage());
                }
            } catch (IOException e2) {
                throw new IOException("Error requesting access token", e2);
            }
        } catch (IOException e3) {
            throw new IOException("Unable to refresh sourceCredentials", e3);
        }
    }

    public void setTransportFactory(o0o0Oo.OooO0O0 oooO0O0) {
        this.transportFactory = oooO0O0;
    }

    public byte[] sign(byte[] bArr) {
        return OooOOO.OooO0OO(getAccount(), this.sourceCredentials, this.transportFactory.create(), bArr, ImmutableMap.of("delegates", this.delegates));
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public OooO0O0 toBuilder() {
        return new OooO0O0(this.sourceCredentials, this.targetPrincipal);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return com.google.common.base.OooOOOO.OooO0O0(this).OooO0Oo("sourceCredentials", this.sourceCredentials).OooO0Oo("targetPrincipal", this.targetPrincipal).OooO0Oo("delegates", this.delegates).OooO0Oo("scopes", this.scopes).OooO0O0("lifetime", this.lifetime).OooO0Oo("transportFactoryClassName", this.transportFactoryClassName).OooO0Oo("quotaProjectId", this.quotaProjectId).toString();
    }
}
