package com.google.auth.oauth2;

import com.google.auth.Credentials;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.o000oOoO;
import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import o00OO.OooO00o;
import o00OO.OooO0O0;

/* loaded from: classes2.dex */
public class JwtCredentials extends Credentials {
    private static final long CLOCK_SKEW = TimeUnit.MINUTES.toSeconds(5);
    private static final String JWT_ACCESS_PREFIX = "Bearer ";
    private static final String JWT_INCOMPLETE_ERROR_MESSAGE = "JWT claims must contain audience, issuer, and subject.";

    @VisibleForTesting
    transient com.google.api.client.util.OooOOO clock;
    private transient Long expiryInSeconds;
    private transient String jwt;
    private final JwtClaims jwtClaims;
    private final Long lifeSpanSeconds;
    private final Object lock;
    private final PrivateKey privateKey;
    private final String privateKeyId;

    /* loaded from: classes2.dex */
    public static class OooO0O0 {

        /* renamed from: OooO00o, reason: collision with root package name */
        private PrivateKey f19176OooO00o;

        /* renamed from: OooO0O0, reason: collision with root package name */
        private String f19177OooO0O0;

        /* renamed from: OooO0OO, reason: collision with root package name */
        private JwtClaims f19178OooO0OO;

        /* renamed from: OooO0Oo, reason: collision with root package name */
        private com.google.api.client.util.OooOOO f19179OooO0Oo = com.google.api.client.util.OooOOO.f18782OooO00o;

        /* renamed from: OooO0o0, reason: collision with root package name */
        private Long f19180OooO0o0 = Long.valueOf(TimeUnit.HOURS.toSeconds(1));

        protected OooO0O0() {
        }

        public OooO0O0 OooO(Long l) {
            this.f19180OooO0o0 = (Long) o000oOoO.OooOOo(l);
            return this;
        }

        public JwtCredentials OooO00o() {
            return new JwtCredentials(this);
        }

        com.google.api.client.util.OooOOO OooO0O0() {
            return this.f19179OooO0Oo;
        }

        public JwtClaims OooO0OO() {
            return this.f19178OooO0OO;
        }

        public Long OooO0Oo() {
            return this.f19180OooO0o0;
        }

        public String OooO0o() {
            return this.f19177OooO0O0;
        }

        public PrivateKey OooO0o0() {
            return this.f19176OooO00o;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public OooO0O0 OooO0oO(com.google.api.client.util.OooOOO oooOOO) {
            this.f19179OooO0Oo = (com.google.api.client.util.OooOOO) o000oOoO.OooOOo(oooOOO);
            return this;
        }

        public OooO0O0 OooO0oo(JwtClaims jwtClaims) {
            this.f19178OooO0OO = (JwtClaims) o000oOoO.OooOOo(jwtClaims);
            return this;
        }

        public OooO0O0 OooOO0(PrivateKey privateKey) {
            this.f19176OooO00o = (PrivateKey) o000oOoO.OooOOo(privateKey);
            return this;
        }

        public OooO0O0 OooOO0O(String str) {
            this.f19177OooO0O0 = str;
            return this;
        }
    }

    private JwtCredentials(OooO0O0 oooO0O0) {
        this.lock = new byte[0];
        this.privateKey = (PrivateKey) o000oOoO.OooOOo(oooO0O0.OooO0o0());
        this.privateKeyId = oooO0O0.OooO0o();
        JwtClaims jwtClaims = (JwtClaims) o000oOoO.OooOOo(oooO0O0.OooO0OO());
        this.jwtClaims = jwtClaims;
        o000oOoO.OooOoO(jwtClaims.isComplete(), JWT_INCOMPLETE_ERROR_MESSAGE);
        this.lifeSpanSeconds = (Long) o000oOoO.OooOOo(oooO0O0.OooO0Oo());
        this.clock = (com.google.api.client.util.OooOOO) o000oOoO.OooOOo(oooO0O0.OooO0O0());
    }

    public static OooO0O0 newBuilder() {
        return new OooO0O0();
    }

    private boolean shouldRefresh() {
        return this.expiryInSeconds == null || getClock().OooO00o() / 1000 > this.expiryInSeconds.longValue() - CLOCK_SKEW;
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof JwtCredentials)) {
            return false;
        }
        JwtCredentials jwtCredentials = (JwtCredentials) obj;
        return Objects.equals(this.privateKey, jwtCredentials.privateKey) && Objects.equals(this.privateKeyId, jwtCredentials.privateKeyId) && Objects.equals(this.jwtClaims, jwtCredentials.jwtClaims) && Objects.equals(this.lifeSpanSeconds, jwtCredentials.lifeSpanSeconds);
    }

    @Override // com.google.auth.Credentials
    public String getAuthenticationType() {
        return "JWT";
    }

    com.google.api.client.util.OooOOO getClock() {
        if (this.clock == null) {
            this.clock = com.google.api.client.util.OooOOO.f18782OooO00o;
        }
        return this.clock;
    }

    @Override // com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        Map<String, List<String>> singletonMap;
        synchronized (this.lock) {
            if (shouldRefresh()) {
                refresh();
            }
            singletonMap = Collections.singletonMap("Authorization", Collections.singletonList(JWT_ACCESS_PREFIX + this.jwt));
        }
        return singletonMap;
    }

    @Override // com.google.auth.Credentials
    public boolean hasRequestMetadata() {
        return true;
    }

    @Override // com.google.auth.Credentials
    public boolean hasRequestMetadataOnly() {
        return true;
    }

    public int hashCode() {
        return Objects.hash(this.privateKey, this.privateKeyId, this.jwtClaims, this.lifeSpanSeconds);
    }

    public JwtCredentials jwtWithClaims(JwtClaims jwtClaims) {
        return newBuilder().OooOO0(this.privateKey).OooOO0O(this.privateKeyId).OooO0oo(this.jwtClaims.merge(jwtClaims)).OooO00o();
    }

    @Override // com.google.auth.Credentials
    public void refresh() throws IOException {
        OooO00o.C0237OooO00o c0237OooO00o = new OooO00o.C0237OooO00o();
        c0237OooO00o.OooOO0O("RS256");
        c0237OooO00o.OooOOO0("JWT");
        c0237OooO00o.OooOO0o(this.privateKeyId);
        OooO0O0.C0238OooO0O0 c0238OooO0O0 = new OooO0O0.C0238OooO0O0();
        c0238OooO0O0.OooO0oo(this.jwtClaims.getAudience());
        c0238OooO0O0.OooOO0O(this.jwtClaims.getIssuer());
        c0238OooO0O0.OooOO0o(this.jwtClaims.getSubject());
        long OooO00o2 = this.clock.OooO00o() / 1000;
        c0238OooO0O0.OooOO0(Long.valueOf(OooO00o2));
        c0238OooO0O0.OooO(Long.valueOf(OooO00o2 + this.lifeSpanSeconds.longValue()));
        c0238OooO0O0.putAll(this.jwtClaims.getAdditionalClaims());
        synchronized (this.lock) {
            this.expiryInSeconds = c0238OooO0O0.OooO0o();
            try {
                this.jwt = o00OO.OooO00o.OooO0o(this.privateKey, OooOOOO.f19243OooO0o, c0237OooO00o, c0238OooO0O0);
            } catch (GeneralSecurityException e) {
                throw new IOException("Error signing service account JWT access header with private key.", e);
            }
        }
    }
}
