package com.google.auth.oauth2;

import com.google.api.client.json.GenericJson;
import com.google.auth.RequestMetadataCallback;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.AwsCredentials;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdentityPoolCredentials;
import com.google.auth.oauth2.PluggableAuthCredentials;
import com.google.auth.oauth2.StsRequestHandler;
import com.google.common.base.MoreObjects;
import com.google.common.base.Preconditions;
import com.google.firebase.crashlytics.internal.settings.SettingsJsonConstants;
import java.io.IOException;
import java.math.BigDecimal;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.Executor;
import java.util.regex.Pattern;
import javax.annotation.Nullable;

/* loaded from: classes3.dex */
public abstract class ExternalAccountCredentials extends GoogleCredentials {

    @Nullable
    public final String B;

    @Nullable
    public final String C;

    @Nullable
    public final String D;

    @Nullable
    public final String E;
    public transient HttpTransportFactory K;

    @Nullable
    public final ImpersonatedCredentials T;

    @Nullable
    public ImpersonatedCredentials U;
    public EnvironmentProvider V;
    public final String m;
    public final String n;
    public final String o;
    public final String p;
    public final CredentialSource q;
    public final Collection<String> r;
    public final ServiceAccountImpersonationOptions s;

    @Nullable
    public final String t;

    /* loaded from: classes3.dex */
    public static abstract class Builder extends GoogleCredentials.Builder {
        public String e;
        public String f;
        public String g;
        public String h;
        public CredentialSource i;
        public EnvironmentProvider j;
        public HttpTransportFactory k;

        @Nullable
        public String l;

        @Nullable
        public String m;

        @Nullable
        public String n;

        @Nullable
        public Collection<String> o;

        @Nullable
        public String p;

        @Nullable
        public ServiceAccountImpersonationOptions q;

        public Builder() {
        }

        public Builder(ExternalAccountCredentials externalAccountCredentials) {
            super(externalAccountCredentials);
            this.k = externalAccountCredentials.K;
            this.e = externalAccountCredentials.n;
            this.f = externalAccountCredentials.o;
            this.g = externalAccountCredentials.p;
            this.h = externalAccountCredentials.t;
            this.l = externalAccountCredentials.B;
            this.i = externalAccountCredentials.q;
            this.m = externalAccountCredentials.C;
            this.n = externalAccountCredentials.D;
            this.o = externalAccountCredentials.r;
            this.j = externalAccountCredentials.V;
            this.p = externalAccountCredentials.E;
            this.q = externalAccountCredentials.s;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder
        /* renamed from: g, reason: merged with bridge method [inline-methods] */
        public abstract ExternalAccountCredentials c();

        public Builder h(String str) {
            this.e = str;
            return this;
        }

        public Builder i(String str) {
            this.m = str;
            return this;
        }

        public Builder j(String str) {
            this.n = str;
            return this;
        }

        public Builder k(CredentialSource credentialSource) {
            this.i = credentialSource;
            return this;
        }

        public Builder l(HttpTransportFactory httpTransportFactory) {
            this.k = httpTransportFactory;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder
        /* renamed from: m, reason: merged with bridge method [inline-methods] */
        public Builder f(String str) {
            super.f(str);
            return this;
        }

        public Builder n(Collection<String> collection) {
            this.o = collection;
            return this;
        }

        public Builder o(Map<String, Object> map) {
            this.q = new ServiceAccountImpersonationOptions(map);
            return this;
        }

        public Builder p(String str) {
            this.l = str;
            return this;
        }

        public Builder q(String str) {
            this.f = str;
            return this;
        }

        public Builder r(String str) {
            this.h = str;
            return this;
        }

        public Builder s(String str) {
            this.g = str;
            return this;
        }

        public Builder t(String str) {
            this.p = str;
            return this;
        }
    }

    /* loaded from: classes3.dex */
    public static abstract class CredentialSource {
        public CredentialSource(Map<String, Object> map) {
            Preconditions.t(map);
        }
    }

    /* loaded from: classes3.dex */
    public static final class ServiceAccountImpersonationOptions {

        /* renamed from: a, reason: collision with root package name */
        public final int f6004a;

        public ServiceAccountImpersonationOptions(Map<String, Object> map) {
            if (!map.containsKey("token_lifetime_seconds")) {
                this.f6004a = SettingsJsonConstants.SETTINGS_CACHE_DURATION_DEFAULT;
                return;
            }
            try {
                Object obj = map.get("token_lifetime_seconds");
                if (obj instanceof BigDecimal) {
                    this.f6004a = ((BigDecimal) obj).intValue();
                } else if (map.get("token_lifetime_seconds") instanceof Integer) {
                    this.f6004a = ((Integer) obj).intValue();
                } else {
                    this.f6004a = Integer.parseInt((String) obj);
                }
                int i = this.f6004a;
                if (i < 600 || i > 43200) {
                    throw new IllegalArgumentException(String.format("The \"token_lifetime_seconds\" field must be between %s and %s seconds.", 600, 43200));
                }
            } catch (ArithmeticException | NumberFormatException e) {
                throw new IllegalArgumentException("Value of \"token_lifetime_seconds\" field could not be parsed into an integer.", e);
            }
        }
    }

    public ExternalAccountCredentials(Builder builder) {
        super(builder);
        HttpTransportFactory httpTransportFactory = (HttpTransportFactory) MoreObjects.a(builder.k, OAuth2Credentials.n(HttpTransportFactory.class, OAuth2Utils.e));
        this.K = httpTransportFactory;
        this.m = (String) Preconditions.t(httpTransportFactory.getClass().getName());
        this.n = (String) Preconditions.t(builder.e);
        this.o = (String) Preconditions.t(builder.f);
        String str = (String) Preconditions.t(builder.g);
        this.p = str;
        this.q = (CredentialSource) Preconditions.t(builder.i);
        this.t = builder.h;
        String str2 = builder.l;
        this.B = str2;
        this.C = builder.m;
        this.D = builder.n;
        Collection<String> collection = builder.o;
        this.r = (collection == null || collection.isEmpty()) ? Arrays.asList("https://www.googleapis.com/auth/cloud-platform") : builder.o;
        EnvironmentProvider environmentProvider = builder.j;
        this.V = environmentProvider == null ? SystemEnvironmentProvider.b() : environmentProvider;
        ServiceAccountImpersonationOptions serviceAccountImpersonationOptions = builder.q;
        this.s = serviceAccountImpersonationOptions == null ? new ServiceAccountImpersonationOptions(new HashMap()) : serviceAccountImpersonationOptions;
        String str3 = builder.p;
        this.E = str3;
        if (str3 != null && !Z()) {
            throw new IllegalArgumentException("The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.");
        }
        c0(str);
        if (str2 != null) {
            b0(str2);
        }
        this.T = O();
    }

    public static ExternalAccountCredentials Q(Map<String, Object> map, HttpTransportFactory httpTransportFactory) {
        Preconditions.t(map);
        Preconditions.t(httpTransportFactory);
        String str = (String) map.get("audience");
        String str2 = (String) map.get("subject_token_type");
        String str3 = (String) map.get("token_url");
        Map map2 = (Map) map.get("credential_source");
        String str4 = (String) map.get("service_account_impersonation_url");
        String str5 = (String) map.get("token_info_url");
        String str6 = (String) map.get("client_id");
        String str7 = (String) map.get("client_secret");
        String str8 = (String) map.get("quota_project_id");
        String str9 = (String) map.get("workforce_pool_user_project");
        Map<String, Object> map3 = (Map) map.get("service_account_impersonation");
        if (map3 == null) {
            map3 = new HashMap<>();
        }
        return W(map2) ? AwsCredentials.l0().l(httpTransportFactory).h(str).q(str2).s(str3).r(str5).k(new AwsCredentials.AwsCredentialSource(map2)).p(str4).f(str8).i(str6).j(str7).o(map3).c() : X(map2) ? PluggableAuthCredentials.f0().l(httpTransportFactory).h(str).q(str2).s(str3).r(str5).k(new PluggableAuthCredentials.PluggableAuthCredentialSource(map2)).p(str4).f(str8).i(str6).j(str7).t(str9).o(map3).c() : IdentityPoolCredentials.f0().l(httpTransportFactory).h(str).q(str2).s(str3).r(str5).k(new IdentityPoolCredentials.IdentityPoolCredentialSource(map2)).p(str4).f(str8).i(str6).j(str7).t(str9).o(map3).c();
    }

    public static boolean W(Map<String, Object> map) {
        return map.containsKey("environment_id") && ((String) map.get("environment_id")).startsWith("aws");
    }

    public static boolean X(Map<String, Object> map) {
        return map.containsKey("executable");
    }

    public static boolean Y(String str) {
        URI create;
        try {
            create = URI.create(str);
        } catch (Exception unused) {
        }
        return (create.getScheme() == null || create.getHost() == null || !"https".equals(create.getScheme().toLowerCase(Locale.US))) ? false : true;
    }

    public static void b0(String str) {
        if (!Y(str)) {
            throw new IllegalArgumentException("The provided service account impersonation URL is invalid.");
        }
    }

    public static void c0(String str) {
        if (!Y(str)) {
            throw new IllegalArgumentException("The provided token URL is invalid.");
        }
    }

    public ImpersonatedCredentials O() {
        if (this.B == null) {
            return null;
        }
        return ImpersonatedCredentials.F().v(this instanceof AwsCredentials ? AwsCredentials.m0((AwsCredentials) this).p(null).c() : this instanceof PluggableAuthCredentials ? PluggableAuthCredentials.g0((PluggableAuthCredentials) this).p(null).c() : IdentityPoolCredentials.g0((IdentityPoolCredentials) this).p(null).c()).q(this.K).w(ImpersonatedCredentials.C(this.B)).u(new ArrayList(this.r)).s(this.s.f6004a).r(this.B).c();
    }

    public AccessToken P(StsTokenExchangeRequest stsTokenExchangeRequest) throws IOException {
        ImpersonatedCredentials impersonatedCredentials = this.U;
        if (impersonatedCredentials != null) {
            return impersonatedCredentials.r();
        }
        ImpersonatedCredentials impersonatedCredentials2 = this.T;
        if (impersonatedCredentials2 != null) {
            return impersonatedCredentials2.r();
        }
        StsRequestHandler.Builder d = StsRequestHandler.d(this.p, stsTokenExchangeRequest, this.K.a().c());
        if (Z()) {
            GenericJson genericJson = new GenericJson();
            genericJson.g(OAuth2Utils.f);
            genericJson.put("userProject", this.E);
            d.b(genericJson.toString());
        }
        if (stsTokenExchangeRequest.c() != null) {
            d.b(stsTokenExchangeRequest.c());
        }
        return d.a().c().a();
    }

    public String R() {
        return this.n;
    }

    public EnvironmentProvider S() {
        return this.V;
    }

    @Nullable
    public Collection<String> T() {
        return this.r;
    }

    @Nullable
    public String U() {
        String str = this.B;
        if (str == null || str.isEmpty()) {
            return null;
        }
        return ImpersonatedCredentials.C(this.B);
    }

    public String V() {
        return this.o;
    }

    public boolean Z() {
        return this.E != null && Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$").matcher(R()).matches();
    }

    public void a0(ImpersonatedCredentials impersonatedCredentials) {
        this.U = impersonatedCredentials;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map<String, List<String>> e(URI uri) throws IOException {
        return GoogleCredentials.u(this.k, super.e(uri));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public void f(URI uri, Executor executor, final RequestMetadataCallback requestMetadataCallback) {
        super.f(uri, executor, new RequestMetadataCallback() { // from class: com.google.auth.oauth2.ExternalAccountCredentials.1
            @Override // com.google.auth.RequestMetadataCallback
            public void a(Map<String, List<String>> map) {
                requestMetadataCallback.a(GoogleCredentials.u(ExternalAccountCredentials.this.k, map));
            }

            @Override // com.google.auth.RequestMetadataCallback
            public void b(Throwable th) {
                requestMetadataCallback.b(th);
            }
        });
    }
}
