package com.google.auth.oauth2;

import com.google.auth.oauth2.IdentityPoolCredentialSource;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import j$.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: classes4.dex */
public class CertificateIdentityPoolSubjectTokenSupplier implements IdentityPoolSubjectTokenSupplier {
    public static final Pattern b = Pattern.compile("-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----", 32);

    /* renamed from: a, reason: collision with root package name */
    public final IdentityPoolCredentialSource f10596a;

    public CertificateIdentityPoolSubjectTokenSupplier(IdentityPoolCredentialSource identityPoolCredentialSource) {
        this.f10596a = (IdentityPoolCredentialSource) Preconditions.checkNotNull(identityPoolCredentialSource, "credentialSource cannot be null");
        Preconditions.checkNotNull(identityPoolCredentialSource.f10658f, "credentialSource.certificateConfig cannot be null when creating CertificateIdentityPoolSubjectTokenSupplier");
    }

    public static X509Certificate a(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("Invalid certificate data: Certificate file is empty or null.");
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e10) {
            throw new CertificateException("Failed to parse X.509 certificate data.", e10);
        }
    }

    public static void b(ArrayList arrayList, ArrayList arrayList2, String str) {
        String encodeToString = Base64.getEncoder().encodeToString(((X509Certificate) arrayList2.get(0)).getEncoded());
        if (!encodeToString.equals(str)) {
            arrayList.add(encodeToString);
        }
        for (int i = 1; i < arrayList2.size(); i++) {
            String encodeToString2 = Base64.getEncoder().encodeToString(((X509Certificate) arrayList2.get(i)).getEncoded());
            if (encodeToString2.equals(str)) {
                throw new IllegalArgumentException("The leaf certificate should only appear at the beginning of the trust chain file, or be omitted entirely.");
            }
            arrayList.add(encodeToString2);
        }
    }

    public static ArrayList c(String str) {
        Path path;
        byte[] readAllBytes;
        ArrayList arrayList = new ArrayList();
        if (Strings.isNullOrEmpty(str)) {
            return arrayList;
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        path = Paths.get(str, new String[0]);
        readAllBytes = Files.readAllBytes(path);
        Matcher matcher = b.matcher(new String(readAllBytes, StandardCharsets.UTF_8));
        while (matcher.find()) {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(matcher.group(0).getBytes(StandardCharsets.UTF_8));
                try {
                    Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
                    if (!(generateCertificate instanceof X509Certificate)) {
                        throw new CertificateException("Found non-X.509 certificate in trust chain file: " + str);
                    }
                    arrayList.add((X509Certificate) generateCertificate);
                    byteArrayInputStream.close();
                } catch (Throwable th2) {
                    try {
                        throw th2;
                    } finally {
                    }
                }
            } catch (CertificateException e10) {
                StringBuilder p8 = com.google.android.gms.internal.mlkit_common.a.p("Error loading PEM certificates from the trust chain file: ", str, " - ");
                p8.append(e10.getMessage());
                throw new CertificateException(p8.toString(), e10);
            }
        }
        if (readAllBytes.length <= 0 || !arrayList.isEmpty()) {
            return arrayList;
        }
        throw new CertificateException(r8.j.l("Trust chain file was not empty but no PEM certificates were found: ", str));
    }

    @Override // com.google.auth.oauth2.IdentityPoolSubjectTokenSupplier
    public final String U() {
        IdentityPoolCredentialSource identityPoolCredentialSource = this.f10596a;
        String str = identityPoolCredentialSource.f10655c;
        IdentityPoolCredentialSource.CertificateConfig certificateConfig = identityPoolCredentialSource.f10658f;
        String str2 = certificateConfig != null ? certificateConfig.f10660c : null;
        try {
            String encodeToString = Base64.getEncoder().encodeToString(a(Files.readAllBytes(Paths.get(str, new String[0]))).getEncoded());
            ArrayList arrayList = new ArrayList();
            arrayList.add(encodeToString);
            try {
                ArrayList c5 = c(str2);
                if (!c5.isEmpty()) {
                    b(arrayList, c5, encodeToString);
                }
                return le.m.f30387d.toString(arrayList);
            } catch (NoSuchFileException e10) {
                throw new IOException(r8.j.l("Trust chain file not found: ", str2), e10);
            } catch (IOException e11) {
                throw new IOException(r8.j.l("Failed to read trust chain file: ", str2), e11);
            } catch (IllegalArgumentException e12) {
                throw new IOException(e7.a.q(e12, new StringBuilder("Trust chain misconfiguration: ")), e12);
            } catch (CertificateException e13) {
                throw new IOException(r8.j.l("Failed to parse certificate(s) from trust chain file: ", str2), e13);
            }
        } catch (NoSuchFileException e14) {
            throw new IOException(r8.j.l("Leaf certificate file not found: ", str), e14);
        } catch (IOException e15) {
            throw new IOException(r8.j.l("Failed to read leaf certificate file: ", str), e15);
        } catch (CertificateException e16) {
            throw new IOException(r8.j.l("Failed to parse leaf certificate from file: ", str), e16);
        }
    }
}
