package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.GenericData;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.MoreObjects;
import com.google.common.base.Preconditions;
import com.google.firebase.crashlytics.internal.settings.SettingsJsonConstants;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Date;
import java.util.Map;
import java.util.Objects;

/* loaded from: classes3.dex */
public class GdchCredentials extends GoogleCredentials {
    public final String B;
    public transient HttpTransportFactory C;
    public final PrivateKey m;
    public final String n;
    public final String o;
    public final String p;
    public final URI q;
    public final URI r;
    public final int s;
    public final String t;

    /* loaded from: classes3.dex */
    public static class Builder extends GoogleCredentials.Builder {
        public String e;
        public String f;
        public PrivateKey g;
        public String h;
        public URI i;
        public URI j;
        public HttpTransportFactory k;
        public String l;
        public int m;

        public Builder() {
            this.m = SettingsJsonConstants.SETTINGS_CACHE_DURATION_DEFAULT;
        }

        public Builder(GdchCredentials gdchCredentials) {
            this.m = SettingsJsonConstants.SETTINGS_CACHE_DURATION_DEFAULT;
            this.e = gdchCredentials.o;
            this.f = gdchCredentials.n;
            this.g = gdchCredentials.m;
            this.h = gdchCredentials.p;
            this.i = gdchCredentials.q;
            this.k = gdchCredentials.C;
            this.l = gdchCredentials.B;
            this.m = gdchCredentials.s;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder
        /* renamed from: p, reason: merged with bridge method [inline-methods] */
        public GdchCredentials c() {
            return new GdchCredentials(this);
        }

        public Builder q(String str) {
            this.l = str;
            return this;
        }

        public Builder r(HttpTransportFactory httpTransportFactory) {
            this.k = httpTransportFactory;
            return this;
        }

        public Builder s(PrivateKey privateKey) {
            this.g = privateKey;
            return this;
        }

        public Builder t(String str) {
            this.f = str;
            return this;
        }

        public Builder u(String str) {
            this.e = str;
            return this;
        }

        public Builder v(String str) {
            this.h = str;
            return this;
        }

        public Builder w(URI uri) {
            this.i = uri;
            return this;
        }
    }

    /* loaded from: classes3.dex */
    public static class TransportFactoryForGdch implements HttpTransportFactory {

        /* renamed from: a, reason: collision with root package name */
        public HttpTransport f6005a;

        public TransportFactoryForGdch(String str) throws IOException {
            b(str);
        }

        @Override // com.google.auth.http.HttpTransportFactory
        public HttpTransport a() {
            return this.f6005a;
        }

        public final void b(String str) throws IOException {
            if (str == null || str.isEmpty()) {
                this.f6005a = new NetHttpTransport();
                return;
            }
            try {
                this.f6005a = new NetHttpTransport.Builder().e(GdchCredentials.T(new File(str))).a();
            } catch (IOException e) {
                throw new IOException(String.format("Error reading certificate file from CA cert path, value '%s': %s", str, e.getMessage()), e);
            } catch (GeneralSecurityException e2) {
                throw new IOException("Error initiating transport with certificate stream.", e2);
            }
        }
    }

    @VisibleForTesting
    public GdchCredentials(Builder builder) {
        this.o = (String) Preconditions.t(builder.e);
        this.n = (String) Preconditions.t(builder.f);
        this.m = (PrivateKey) Preconditions.t(builder.g);
        this.p = (String) Preconditions.t(builder.h);
        this.q = (URI) Preconditions.t(builder.i);
        HttpTransportFactory httpTransportFactory = (HttpTransportFactory) Preconditions.t(builder.k);
        this.C = httpTransportFactory;
        this.t = httpTransportFactory.getClass().getName();
        this.B = builder.l;
        this.r = builder.j;
        this.s = builder.m;
    }

    public static GdchCredentials L(Map<String, Object> map) throws IOException {
        return M(map, new TransportFactoryForGdch((String) map.get("ca_cert_path")));
    }

    @VisibleForTesting
    public static GdchCredentials M(Map<String, Object> map, HttpTransportFactory httpTransportFactory) throws IOException {
        String V = V((String) map.get("format_version"), "format_version");
        String V2 = V((String) map.get("project"), "project");
        String V3 = V((String) map.get("private_key_id"), "private_key_id");
        String V4 = V((String) map.get("private_key"), "private_key");
        String V5 = V((String) map.get("name"), "name");
        String V6 = V((String) map.get("token_uri"), "token_uri");
        String str = (String) map.get("ca_cert_path");
        if (!"1".equals(V)) {
            throw new IOException(String.format("Only format version %s is supported.", "1"));
        }
        try {
            return N(V4, S().u(V2).t(V3).w(new URI(V6)).v(V5).q(str).r(httpTransportFactory));
        } catch (URISyntaxException unused) {
            throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
        }
    }

    public static GdchCredentials N(String str, Builder builder) throws IOException {
        builder.s(OAuth2Utils.b(str));
        return new GdchCredentials(builder);
    }

    @VisibleForTesting
    public static String P(String str, String str2) {
        return String.format("system:serviceaccount:%s:%s", str, str2);
    }

    public static Builder S() {
        return new Builder();
    }

    public static InputStream T(File file) throws FileNotFoundException {
        return new FileInputStream(file);
    }

    public static String V(String str, String str2) throws IOException {
        if (str == null || str.isEmpty()) {
            throw new IOException(String.format("Error reading GDCH service account credential from JSON, %s is misconfigured.", str2));
        }
        return str;
    }

    public String K(JsonFactory jsonFactory, long j, URI uri) throws IOException {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.p("RS256");
        header.r("JWT");
        header.q(this.n);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.p(P(this.o, this.p));
        payload.q(P(this.o, this.p));
        long j2 = j / 1000;
        payload.o(Long.valueOf(j2));
        payload.m(Long.valueOf(j2 + this.s));
        payload.l(R().toString());
        try {
            payload.j("api_audience", uri.toString());
            return JsonWebSignature.f(this.m, jsonFactory, header, payload);
        } catch (GeneralSecurityException e) {
            throw new IOException("Error signing service account access token request with private key.", e);
        }
    }

    public final URI O() {
        return this.r;
    }

    public final String Q() {
        return this.p;
    }

    public final URI R() {
        return this.q;
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    /* renamed from: U, reason: merged with bridge method [inline-methods] */
    public Builder B() {
        return new Builder(this);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof GdchCredentials)) {
            return false;
        }
        GdchCredentials gdchCredentials = (GdchCredentials) obj;
        return Objects.equals(this.o, gdchCredentials.o) && Objects.equals(this.n, gdchCredentials.n) && Objects.equals(this.m, gdchCredentials.m) && Objects.equals(this.p, gdchCredentials.p) && Objects.equals(this.q, gdchCredentials.q) && Objects.equals(this.t, gdchCredentials.t) && Objects.equals(this.r, gdchCredentials.r) && Objects.equals(this.B, gdchCredentials.B) && Objects.equals(Integer.valueOf(this.s), Integer.valueOf(gdchCredentials.s));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.o, this.n, this.m, this.p, this.q, this.t, this.r, this.B, Integer.valueOf(this.s));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken r() throws IOException {
        Preconditions.u(this.r, "Audience are not configured for GDCH service account. Specify the audience by calling createWithGDCHAudience.");
        JsonFactory jsonFactory = OAuth2Utils.f;
        String K = K(jsonFactory, this.g.currentTimeMillis(), O());
        GenericData genericData = new GenericData();
        genericData.j("grant_type", "urn:ietf:params:oauth:token-type:token-exchange");
        genericData.j("assertion", K);
        HttpRequest b = this.C.a().c().b(new GenericUrl(this.q), new UrlEncodedContent(genericData));
        b.t(new JsonObjectParser(jsonFactory));
        try {
            return new AccessToken(OAuth2Utils.g((GenericData) b.b().k(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.g.currentTimeMillis() + (OAuth2Utils.c(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
        } catch (HttpResponseException e) {
            throw GoogleAuthException.d(e, String.format("Error getting access token for GDCH service account: %s, iss: %s", e.getMessage(), Q()));
        } catch (IOException e2) {
            throw GoogleAuthException.b(e2, String.format("Error getting access token for GDCH service account: %s, iss: %s", e2.getMessage(), Q()));
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return MoreObjects.c(this).d("projectId", this.o).d("privateKeyId", this.n).d("serviceIdentityName", this.p).d("tokenServerUri", this.q).d("transportFactoryClassName", this.t).d("caCertPath", this.B).d("apiAudience", this.r).b("lifetime", this.s).toString();
    }
}
