package com.google.auth.oauth2;

import com.facebook.common.util.UriUtil;
import com.google.auth.oauth2.AwsCredentials;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdentityPoolCredentials;
import com.google.common.base.o000oOoO;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.Executor;
import java.util.regex.Pattern;
import javax.annotation.Nullable;

/* loaded from: classes2.dex */
public abstract class ExternalAccountCredentials extends GoogleCredentials {
    private static final String CLOUD_PLATFORM_SCOPE = "https://www.googleapis.com/auth/cloud-platform";
    static final String EXTERNAL_ACCOUNT_FILE_TYPE = "external_account";
    private final String audience;

    @Nullable
    private final String clientId;

    @Nullable
    private final String clientSecret;
    private final OooO0OO credentialSource;
    private OooOOO0 environmentProvider;

    @Nullable
    protected final ImpersonatedCredentials impersonatedCredentials;

    @Nullable
    private final String quotaProjectId;
    private final Collection<String> scopes;

    @Nullable
    private final String serviceAccountImpersonationUrl;
    private final String subjectTokenType;

    @Nullable
    private final String tokenInfoUrl;
    private final String tokenUrl;
    protected transient o0o0Oo.OooO0O0 transportFactory;
    private final String transportFactoryClassName;

    /* loaded from: classes2.dex */
    class OooO00o implements com.google.auth.OooO00o {

        /* renamed from: OooO00o, reason: collision with root package name */
        final /* synthetic */ com.google.auth.OooO00o f19146OooO00o;

        OooO00o(com.google.auth.OooO00o oooO00o) {
            this.f19146OooO00o = oooO00o;
        }

        @Override // com.google.auth.OooO00o
        public void OooO00o(Map<String, List<String>> map) {
            this.f19146OooO00o.OooO00o(GoogleCredentials.addQuotaProjectIdToRequestMetadata(ExternalAccountCredentials.this.quotaProjectId, map));
        }

        @Override // com.google.auth.OooO00o
        public void onFailure(Throwable th) {
            this.f19146OooO00o.onFailure(th);
        }
    }

    /* loaded from: classes2.dex */
    public static abstract class OooO0O0 extends GoogleCredentials.OooO00o {

        /* renamed from: OooO, reason: collision with root package name */
        protected OooOOO0 f19148OooO;

        /* renamed from: OooO0Oo, reason: collision with root package name */
        protected String f19149OooO0Oo;

        /* renamed from: OooO0o, reason: collision with root package name */
        protected String f19150OooO0o;

        /* renamed from: OooO0o0, reason: collision with root package name */
        protected String f19151OooO0o0;

        /* renamed from: OooO0oO, reason: collision with root package name */
        protected String f19152OooO0oO;

        /* renamed from: OooO0oo, reason: collision with root package name */
        protected OooO0OO f19153OooO0oo;

        /* renamed from: OooOO0, reason: collision with root package name */
        protected o0o0Oo.OooO0O0 f19154OooOO0;

        /* renamed from: OooOO0O, reason: collision with root package name */
        @Nullable
        protected String f19155OooOO0O;

        /* renamed from: OooOO0o, reason: collision with root package name */
        @Nullable
        protected String f19156OooOO0o;

        /* renamed from: OooOOO, reason: collision with root package name */
        @Nullable
        protected String f19157OooOOO;

        /* renamed from: OooOOO0, reason: collision with root package name */
        @Nullable
        protected String f19158OooOOO0;

        /* renamed from: OooOOOO, reason: collision with root package name */
        @Nullable
        protected Collection<String> f19159OooOOOO;

        /* JADX INFO: Access modifiers changed from: protected */
        public OooO0O0() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public OooO0O0(ExternalAccountCredentials externalAccountCredentials) {
            this.f19154OooOO0 = externalAccountCredentials.transportFactory;
            this.f19149OooO0Oo = externalAccountCredentials.audience;
            this.f19151OooO0o0 = externalAccountCredentials.subjectTokenType;
            this.f19150OooO0o = externalAccountCredentials.tokenUrl;
            this.f19152OooO0oO = externalAccountCredentials.tokenInfoUrl;
            this.f19155OooOO0O = externalAccountCredentials.serviceAccountImpersonationUrl;
            this.f19153OooO0oo = externalAccountCredentials.credentialSource;
            this.f19156OooOO0o = externalAccountCredentials.quotaProjectId;
            this.f19158OooOOO0 = externalAccountCredentials.clientId;
            this.f19157OooOOO = externalAccountCredentials.clientSecret;
            this.f19159OooOOOO = externalAccountCredentials.scopes;
            this.f19148OooO = externalAccountCredentials.environmentProvider;
        }

        public OooO0O0 OooO(String str) {
            this.f19157OooOOO = str;
            return this;
        }

        public abstract ExternalAccountCredentials OooO0o();

        public OooO0O0 OooO0oO(String str) {
            this.f19149OooO0Oo = str;
            return this;
        }

        public OooO0O0 OooO0oo(String str) {
            this.f19158OooOOO0 = str;
            return this;
        }

        public OooO0O0 OooOO0(OooO0OO oooO0OO) {
            this.f19153OooO0oo = oooO0OO;
            return this;
        }

        public OooO0O0 OooOO0O(o0o0Oo.OooO0O0 oooO0O0) {
            this.f19154OooOO0 = oooO0O0;
            return this;
        }

        public OooO0O0 OooOO0o(String str) {
            this.f19156OooOO0o = str;
            return this;
        }

        public OooO0O0 OooOOO(String str) {
            this.f19155OooOO0O = str;
            return this;
        }

        public OooO0O0 OooOOO0(Collection<String> collection) {
            this.f19159OooOOOO = collection;
            return this;
        }

        public OooO0O0 OooOOOO(String str) {
            this.f19151OooO0o0 = str;
            return this;
        }

        public OooO0O0 OooOOOo(String str) {
            this.f19152OooO0oO = str;
            return this;
        }

        public OooO0O0 OooOOo0(String str) {
            this.f19150OooO0o = str;
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static abstract class OooO0OO {
        /* JADX INFO: Access modifiers changed from: package-private */
        public OooO0OO(Map<String, Object> map) {
            o000oOoO.OooOOo(map);
        }
    }

    protected ExternalAccountCredentials(o0o0Oo.OooO0O0 oooO0O0, String str, String str2, String str3, OooO0OO oooO0OO, @Nullable String str4, @Nullable String str5, @Nullable String str6, @Nullable String str7, @Nullable String str8, @Nullable Collection<String> collection) {
        this(oooO0O0, str, str2, str3, oooO0OO, str4, str5, str6, str7, str8, collection, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ExternalAccountCredentials(o0o0Oo.OooO0O0 oooO0O0, String str, String str2, String str3, OooO0OO oooO0OO, @Nullable String str4, @Nullable String str5, @Nullable String str6, @Nullable String str7, @Nullable String str8, @Nullable Collection<String> collection, @Nullable OooOOO0 oooOOO0) {
        o0o0Oo.OooO0O0 oooO0O02 = (o0o0Oo.OooO0O0) com.google.common.base.OooOOOO.OooO00o(oooO0O0, OAuth2Credentials.getFromServiceLoader(o0o0Oo.OooO0O0.class, OooOOOO.f19244OooO0o0));
        this.transportFactory = oooO0O02;
        this.transportFactoryClassName = (String) o000oOoO.OooOOo(oooO0O02.getClass().getName());
        this.audience = (String) o000oOoO.OooOOo(str);
        this.subjectTokenType = (String) o000oOoO.OooOOo(str2);
        this.tokenUrl = (String) o000oOoO.OooOOo(str3);
        this.credentialSource = (OooO0OO) o000oOoO.OooOOo(oooO0OO);
        this.tokenInfoUrl = str4;
        this.serviceAccountImpersonationUrl = str5;
        this.quotaProjectId = str6;
        this.clientId = str7;
        this.clientSecret = str8;
        this.scopes = (collection == null || collection.isEmpty()) ? Arrays.asList(CLOUD_PLATFORM_SCOPE) : collection;
        this.environmentProvider = oooOOO0 == null ? Oooo0.OooO0O0() : oooOOO0;
        validateTokenUrl(str3);
        if (str5 != null) {
            validateServiceAccountImpersonationInfoUrl(str5);
        }
        this.impersonatedCredentials = initializeImpersonatedCredentials();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ExternalAccountCredentials fromJson(Map<String, Object> map, o0o0Oo.OooO0O0 oooO0O0) {
        o000oOoO.OooOOo(map);
        o000oOoO.OooOOo(oooO0O0);
        String str = (String) map.get("audience");
        String str2 = (String) map.get("subject_token_type");
        String str3 = (String) map.get("token_url");
        Map map2 = (Map) map.get("credential_source");
        String str4 = (String) map.get("service_account_impersonation_url");
        String str5 = (String) map.get("token_info_url");
        String str6 = (String) map.get("client_id");
        String str7 = (String) map.get("client_secret");
        String str8 = (String) map.get("quota_project_id");
        return isAwsCredential(map2) ? new AwsCredentials(oooO0O0, str, str2, str3, new AwsCredentials.OooO00o(map2), str5, str4, str8, str6, str7, null, null) : IdentityPoolCredentials.newBuilder().OooOo00((String) map.get("workforce_pool_user_project")).OooOO0O(oooO0O0).OooO0oO(str).OooOOOO(str2).OooOOo0(str3).OooOOOo(str5).OooOO0(new IdentityPoolCredentials.IdentityPoolCredentialSource(map2)).OooOOO(str4).OooOO0o(str8).OooO0oo(str6).OooO(str7).OooO0o();
    }

    public static ExternalAccountCredentials fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, OooOOOO.f19244OooO0o0);
    }

    public static ExternalAccountCredentials fromStream(InputStream inputStream, o0o0Oo.OooO0O0 oooO0O0) throws IOException {
        o000oOoO.OooOOo(inputStream);
        o000oOoO.OooOOo(oooO0O0);
        try {
            return fromJson((oo0O.OooO0O0) new oo0O.OooO(OooOOOO.f19243OooO0o).OooO00o(inputStream, StandardCharsets.UTF_8, oo0O.OooO0O0.class), oooO0O0);
        } catch (ClassCastException | IllegalArgumentException e) {
            throw new CredentialFormatException("An invalid input stream was provided.", e);
        }
    }

    private ImpersonatedCredentials initializeImpersonatedCredentials() {
        if (this.serviceAccountImpersonationUrl == null) {
            return null;
        }
        return ImpersonatedCredentials.newBuilder().OooOOoo(this instanceof AwsCredentials ? AwsCredentials.newBuilder((AwsCredentials) this).OooOOO(null).OooO0o() : IdentityPoolCredentials.newBuilder((IdentityPoolCredentials) this).OooOOO(null).OooO0o()).OooOOOO(this.transportFactory).OooOo00(ImpersonatedCredentials.extractTargetPrincipal(this.serviceAccountImpersonationUrl)).OooOOo(new ArrayList(this.scopes)).OooOOOo(3600).OooO00o();
    }

    private static boolean isAwsCredential(Map<String, Object> map) {
        return map.containsKey("environment_id") && ((String) map.get("environment_id")).startsWith("aws");
    }

    private static boolean isValidUrl(List<Pattern> list, String str) {
        try {
            URI create = URI.create(str);
            if (create.getScheme() != null && create.getHost() != null && UriUtil.HTTPS_SCHEME.equals(create.getScheme().toLowerCase(Locale.US))) {
                Iterator<Pattern> it = list.iterator();
                while (it.hasNext()) {
                    if (it.next().matcher(create.getHost().toLowerCase(Locale.US)).matches()) {
                        return true;
                    }
                }
            }
        } catch (Exception unused) {
        }
        return false;
    }

    static void validateServiceAccountImpersonationInfoUrl(String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Pattern.compile("^[^\\.\\s\\/\\\\]+\\.iamcredentials\\.googleapis\\.com$"));
        arrayList.add(Pattern.compile("^iamcredentials\\.googleapis\\.com$"));
        arrayList.add(Pattern.compile("^iamcredentials\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com$"));
        arrayList.add(Pattern.compile("^[^\\.\\s\\/\\\\]+\\-iamcredentials\\.googleapis\\.com$"));
        if (!isValidUrl(arrayList, str)) {
            throw new IllegalArgumentException("The provided service account impersonation URL is invalid.");
        }
    }

    static void validateTokenUrl(String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Pattern.compile("^[^\\.\\s\\/\\\\]+\\.sts\\.googleapis\\.com$"));
        arrayList.add(Pattern.compile("^sts\\.googleapis\\.com$"));
        arrayList.add(Pattern.compile("^sts\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com$"));
        arrayList.add(Pattern.compile("^[^\\.\\s\\/\\\\]+\\-sts\\.googleapis\\.com$"));
        if (!isValidUrl(arrayList, str)) {
            throw new IllegalArgumentException("The provided token URL is invalid.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessToken exchangeExternalCredentialForAccessToken(OooOo oooOo) throws IOException {
        ImpersonatedCredentials impersonatedCredentials = this.impersonatedCredentials;
        return impersonatedCredentials != null ? impersonatedCredentials.refreshAccessToken() : OooOo00.OooO0Oo(this.tokenUrl, oooOo, this.transportFactory.create().OooO0OO()).OooO0O0(oooOo.OooO0OO()).OooO00o().OooO0OO().OooO00o();
    }

    public String getAudience() {
        return this.audience;
    }

    @Nullable
    public String getClientId() {
        return this.clientId;
    }

    @Nullable
    public String getClientSecret() {
        return this.clientSecret;
    }

    public OooO0OO getCredentialSource() {
        return this.credentialSource;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OooOOO0 getEnvironmentProvider() {
        return this.environmentProvider;
    }

    @Nullable
    public String getQuotaProjectId() {
        return this.quotaProjectId;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        return GoogleCredentials.addQuotaProjectIdToRequestMetadata(this.quotaProjectId, super.getRequestMetadata(uri));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public void getRequestMetadata(URI uri, Executor executor, com.google.auth.OooO00o oooO00o) {
        super.getRequestMetadata(uri, executor, new OooO00o(oooO00o));
    }

    @Nullable
    public Collection<String> getScopes() {
        return this.scopes;
    }

    @Nullable
    public String getServiceAccountImpersonationUrl() {
        return this.serviceAccountImpersonationUrl;
    }

    public String getSubjectTokenType() {
        return this.subjectTokenType;
    }

    public String getTokenInfoUrl() {
        return this.tokenInfoUrl;
    }

    public String getTokenUrl() {
        return this.tokenUrl;
    }

    public abstract String retrieveSubjectToken() throws IOException;
}
