package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpBackOffIOExceptionHandler;
import com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.ExponentialBackOff;
import com.google.api.client.util.GenericData;
import com.google.api.client.util.Joiner;
import com.google.api.client.util.Preconditions;
import com.google.auth.RequestMetadataCallback;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.auth.oauth2.JwtClaims;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableSet;
import com.google.firebase.crashlytics.internal.settings.SettingsJsonConstants;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Executor;
import org.apache.http.message.TokenParser;

/* loaded from: classes3.dex */
public class ServiceAccountCredentials extends GoogleCredentials implements ServiceAccountSigner, IdTokenProvider, JwtProvider {
    public final Collection<String> B;
    public final Collection<String> C;
    public final int D;
    public final boolean E;
    public final boolean K;
    public transient HttpTransportFactory T;
    public transient JwtCredentials U;
    public final String m;
    public final String n;
    public final PrivateKey o;
    public final String p;
    public final String q;
    public final String r;
    public final String s;
    public final URI t;

    /* loaded from: classes3.dex */
    public static class Builder extends GoogleCredentials.Builder {
        public String e;
        public String f;
        public PrivateKey g;
        public String h;
        public String i;
        public String j;
        public URI k;
        public Collection<String> l;
        public Collection<String> m;
        public HttpTransportFactory n;
        public int o;
        public boolean p;
        public boolean q;

        public Builder() {
            this.o = SettingsJsonConstants.SETTINGS_CACHE_DURATION_DEFAULT;
            this.p = false;
            this.q = true;
        }

        public Builder(ServiceAccountCredentials serviceAccountCredentials) {
            super(serviceAccountCredentials);
            this.o = SettingsJsonConstants.SETTINGS_CACHE_DURATION_DEFAULT;
            this.p = false;
            this.q = true;
            this.e = serviceAccountCredentials.m;
            this.f = serviceAccountCredentials.n;
            this.g = serviceAccountCredentials.o;
            this.h = serviceAccountCredentials.p;
            this.l = serviceAccountCredentials.B;
            this.m = serviceAccountCredentials.C;
            this.n = serviceAccountCredentials.T;
            this.k = serviceAccountCredentials.t;
            this.i = serviceAccountCredentials.q;
            this.j = serviceAccountCredentials.r;
            this.o = serviceAccountCredentials.D;
            this.p = serviceAccountCredentials.E;
            this.q = serviceAccountCredentials.K;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder
        /* renamed from: A, reason: merged with bridge method [inline-methods] */
        public Builder f(String str) {
            super.f(str);
            return this;
        }

        public Builder B(Collection<String> collection, Collection<String> collection2) {
            this.l = collection;
            this.m = collection2;
            return this;
        }

        public Builder C(URI uri) {
            this.k = uri;
            return this;
        }

        public Builder D(boolean z) {
            this.p = z;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder
        /* renamed from: t, reason: merged with bridge method [inline-methods] */
        public ServiceAccountCredentials c() {
            return new ServiceAccountCredentials(this);
        }

        public Builder u(String str) {
            this.f = str;
            return this;
        }

        public Builder v(String str) {
            this.e = str;
            return this;
        }

        public Builder w(HttpTransportFactory httpTransportFactory) {
            this.n = httpTransportFactory;
            return this;
        }

        public Builder x(PrivateKey privateKey) {
            this.g = privateKey;
            return this;
        }

        public Builder y(String str) {
            this.h = str;
            return this;
        }

        public Builder z(String str) {
            this.j = str;
            return this;
        }
    }

    public ServiceAccountCredentials(Builder builder) {
        super(builder);
        this.U = null;
        this.m = builder.e;
        this.n = (String) Preconditions.d(builder.f);
        this.o = (PrivateKey) Preconditions.d(builder.g);
        this.p = builder.h;
        this.B = builder.l == null ? ImmutableSet.J() : ImmutableSet.F(builder.l);
        this.C = builder.m == null ? ImmutableSet.J() : ImmutableSet.F(builder.m);
        HttpTransportFactory httpTransportFactory = (HttpTransportFactory) MoreObjects.a(builder.n, OAuth2Credentials.n(HttpTransportFactory.class, OAuth2Utils.e));
        this.T = httpTransportFactory;
        this.s = httpTransportFactory.getClass().getName();
        this.t = builder.k == null ? OAuth2Utils.f6023a : builder.k;
        this.q = builder.i;
        this.r = builder.j;
        if (builder.o > 43200) {
            throw new IllegalStateException("lifetime must be less than or equal to 43200");
        }
        this.D = builder.o;
        this.E = builder.p;
        this.K = builder.q;
    }

    public static ServiceAccountCredentials V(Map<String, Object> map, HttpTransportFactory httpTransportFactory) throws IOException {
        URI uri;
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        String str7 = (String) map.get("quota_project_id");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return W(str3, e0().v(str).u(str2).y(str4).w(httpTransportFactory).C(uri).z(str5).f(str7));
    }

    public static ServiceAccountCredentials W(String str, Builder builder) throws IOException {
        builder.x(OAuth2Utils.b(str));
        return new ServiceAccountCredentials(builder);
    }

    @VisibleForTesting
    public static URI c0(URI uri) {
        if (uri != null && uri.getScheme() != null && uri.getHost() != null) {
            try {
                return new URI(uri.getScheme(), uri.getHost(), "/", null);
            } catch (URISyntaxException unused) {
            }
        }
        return uri;
    }

    public static /* synthetic */ boolean d0(HttpResponse httpResponse) {
        return OAuth2Utils.i.contains(Integer.valueOf(httpResponse.f()));
    }

    public static Builder e0() {
        return new Builder();
    }

    public String Q(JsonFactory jsonFactory, long j) throws IOException {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.p("RS256");
        header.r("JWT");
        header.q(this.p);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.p(Z());
        long j2 = j / 1000;
        payload.o(Long.valueOf(j2));
        payload.m(Long.valueOf(j2 + this.D));
        payload.q(this.q);
        if (this.B.isEmpty()) {
            payload.put("scope", Joiner.b(TokenParser.SP).a(this.C));
        } else {
            payload.put("scope", Joiner.b(TokenParser.SP).a(this.B));
        }
        payload.l(OAuth2Utils.f6023a.toString());
        try {
            return JsonWebSignature.f(this.o, jsonFactory, header, payload);
        } catch (GeneralSecurityException e) {
            throw new IOException("Error signing service account access token request with private key.", e);
        }
    }

    @VisibleForTesting
    public String R(JsonFactory jsonFactory, long j, String str, String str2) throws IOException {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.p("RS256");
        header.r("JWT");
        header.q(this.p);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.p(Z());
        long j2 = j / 1000;
        payload.o(Long.valueOf(j2));
        payload.m(Long.valueOf(j2 + this.D));
        payload.q(this.q);
        if (str == null) {
            payload.l(OAuth2Utils.f6023a.toString());
        } else {
            payload.l(str);
        }
        try {
            payload.j("target_audience", str2);
            return JsonWebSignature.f(this.o, jsonFactory, header, payload);
        } catch (GeneralSecurityException e) {
            throw new IOException("Error signing service account access token request with private key.", e);
        }
    }

    public GoogleCredentials S(Collection<String> collection, Collection<String> collection2) {
        return B().B(collection, collection2).c();
    }

    @VisibleForTesting
    public JwtCredentials T(URI uri) {
        JwtClaims.Builder e = JwtClaims.f().d(this.n).e(this.n);
        if (uri == null) {
            e.b(Collections.singletonMap("scope", !this.B.isEmpty() ? Joiner.b(TokenParser.SP).a(this.B) : Joiner.b(TokenParser.SP).a(this.C)));
        } else {
            e.c(c0(uri).toString());
        }
        return JwtCredentials.j().j(this.o).k(this.p).h(e.a()).g(this.g).a();
    }

    public ServiceAccountCredentials U(boolean z) {
        return B().D(z).c();
    }

    public final String X() {
        return this.n;
    }

    public final String Y() {
        return this.m;
    }

    public final String Z() {
        return this.n;
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken a(String str, List<IdTokenProvider.Option> list) throws IOException {
        JsonFactory jsonFactory = OAuth2Utils.f;
        String R = R(jsonFactory, this.g.currentTimeMillis(), this.t.toString(), str);
        GenericData genericData = new GenericData();
        genericData.j("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        genericData.j("assertion", R);
        HttpRequest b = this.T.a().c().b(new GenericUrl(this.t), new UrlEncodedContent(genericData));
        b.t(new JsonObjectParser(jsonFactory));
        try {
            return IdToken.e(OAuth2Utils.g((GenericData) b.b().k(GenericData.class), "id_token", "Error parsing token refresh response. "));
        } catch (IOException e) {
            throw new IOException(String.format("Error getting id token for service account: %s, iss: %s", e.getMessage(), Z()), e);
        }
    }

    public final PrivateKey a0() {
        return this.o;
    }

    public final String b0() {
        return this.p;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map<String, List<String>> e(URI uri) throws IOException {
        String str;
        JwtCredentials T;
        if (w() && uri == null) {
            throw new IOException("Scopes and uri are not configured for service account. Specify the scopes by calling createScoped or passing scopes to constructor or providing uri to getRequestMetadata.");
        }
        if ((!w() && !this.E) || ((str = this.q) != null && str.length() > 0)) {
            return super.e(uri);
        }
        if (w() || !this.E) {
            T = T(uri);
        } else {
            if (this.U == null) {
                this.U = T(null);
            }
            T = this.U;
        }
        return GoogleCredentials.u(this.k, T.e(null));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.m, serviceAccountCredentials.m) && Objects.equals(this.n, serviceAccountCredentials.n) && Objects.equals(this.o, serviceAccountCredentials.o) && Objects.equals(this.p, serviceAccountCredentials.p) && Objects.equals(this.s, serviceAccountCredentials.s) && Objects.equals(this.t, serviceAccountCredentials.t) && Objects.equals(this.B, serviceAccountCredentials.B) && Objects.equals(this.C, serviceAccountCredentials.C) && Objects.equals(this.k, serviceAccountCredentials.k) && Objects.equals(Integer.valueOf(this.D), Integer.valueOf(serviceAccountCredentials.D)) && Objects.equals(Boolean.valueOf(this.E), Boolean.valueOf(serviceAccountCredentials.E)) && Objects.equals(Boolean.valueOf(this.K), Boolean.valueOf(serviceAccountCredentials.K));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public void f(URI uri, Executor executor, RequestMetadataCallback requestMetadataCallback) {
        if (this.E) {
            c(uri, requestMetadataCallback);
        } else {
            super.f(uri, executor, requestMetadataCallback);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    /* renamed from: f0, reason: merged with bridge method [inline-methods] */
    public Builder B() {
        return new Builder(this);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.m, this.n, this.o, this.p, this.s, this.t, this.B, this.C, this.k, Integer.valueOf(this.D), Boolean.valueOf(this.E), Boolean.valueOf(this.K));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken r() throws IOException {
        JsonFactory jsonFactory = OAuth2Utils.f;
        String Q = Q(jsonFactory, this.g.currentTimeMillis());
        GenericData genericData = new GenericData();
        genericData.j("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        genericData.j("assertion", Q);
        HttpRequest b = this.T.a().c().b(new GenericUrl(this.t), new UrlEncodedContent(genericData));
        if (this.K) {
            b.s(3);
        } else {
            b.s(0);
        }
        b.t(new JsonObjectParser(jsonFactory));
        ExponentialBackOff a2 = new ExponentialBackOff.Builder().b(1000).d(0.1d).c(2.0d).a();
        b.w(new HttpBackOffUnsuccessfulResponseHandler(a2).b(new HttpBackOffUnsuccessfulResponseHandler.BackOffRequired() { // from class: do
            @Override // com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler.BackOffRequired
            public final boolean a(HttpResponse httpResponse) {
                boolean d0;
                d0 = ServiceAccountCredentials.d0(httpResponse);
                return d0;
            }
        }));
        b.q(new HttpBackOffIOExceptionHandler(a2));
        try {
            return new AccessToken(OAuth2Utils.g((GenericData) b.b().k(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.g.currentTimeMillis() + (OAuth2Utils.c(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
        } catch (HttpResponseException e) {
            throw GoogleAuthException.d(e, String.format("Error getting access token for service account: %s, iss: %s", e.getMessage(), Z()));
        } catch (IOException e2) {
            throw GoogleAuthException.b(e2, String.format("Error getting access token for service account: %s, iss: %s", e2.getMessage(), Z()));
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return MoreObjects.c(this).d("clientId", this.m).d("clientEmail", this.n).d("privateKeyId", this.p).d("transportFactoryClassName", this.s).d("tokenServerUri", this.t).d("scopes", this.B).d("defaultScopes", this.C).d("serviceAccountUser", this.q).d("quotaProjectId", this.k).b("lifetime", this.D).e("useJwtAccessWithScope", this.E).e("defaultRetriesEnabled", this.K).toString();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials v(Collection<String> collection) {
        return S(collection, null);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public boolean w() {
        return this.B.isEmpty() && this.C.isEmpty();
    }
}
