package com.google.auth.oauth2;

import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.util.Clock;
import com.google.api.client.util.Preconditions;
import com.google.auth.Credentials;
import com.google.auth.RequestMetadataCallback;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.oauth2.JwtClaims;
import com.google.auth.oauth2.JwtCredentials;
import com.google.common.base.MoreObjects;
import com.google.common.base.Throwables;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.LoadingCache;
import com.google.common.util.concurrent.UncheckedExecutionException;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;

/* loaded from: classes3.dex */
public class ServiceAccountJwtAccessCredentials extends Credentials implements JwtProvider, ServiceAccountSigner, QuotaProjectIdProvider {

    /* renamed from: i, reason: collision with root package name */
    public static final long f22501i = TimeUnit.HOURS.toSeconds(1);

    /* renamed from: j, reason: collision with root package name */
    public static final long f22502j = TimeUnit.MINUTES.toSeconds(5);
    private static final long serialVersionUID = -7274955171379494197L;

    /* renamed from: a, reason: collision with root package name */
    public final String f22503a;
    public final String b;

    /* renamed from: c, reason: collision with root package name */
    public final PrivateKey f22504c;

    /* renamed from: d, reason: collision with root package name */
    public final String f22505d;

    /* renamed from: e, reason: collision with root package name */
    public final URI f22506e;

    /* renamed from: f, reason: collision with root package name */
    public final String f22507f;
    public transient Clock h = Clock.SYSTEM;

    /* renamed from: g, reason: collision with root package name */
    public transient LoadingCache f22508g = a();

    /* loaded from: classes3.dex */
    public static class Builder {

        /* renamed from: a, reason: collision with root package name */
        public String f22509a;
        public String b;

        /* renamed from: c, reason: collision with root package name */
        public PrivateKey f22510c;

        /* renamed from: d, reason: collision with root package name */
        public String f22511d;

        /* renamed from: e, reason: collision with root package name */
        public URI f22512e;

        /* renamed from: f, reason: collision with root package name */
        public String f22513f;

        public Builder() {
        }

        public Builder(ServiceAccountJwtAccessCredentials serviceAccountJwtAccessCredentials) {
            this.f22509a = serviceAccountJwtAccessCredentials.f22503a;
            this.b = serviceAccountJwtAccessCredentials.b;
            this.f22510c = serviceAccountJwtAccessCredentials.f22504c;
            this.f22511d = serviceAccountJwtAccessCredentials.f22505d;
            this.f22512e = serviceAccountJwtAccessCredentials.f22506e;
            this.f22513f = serviceAccountJwtAccessCredentials.f22507f;
        }

        public ServiceAccountJwtAccessCredentials build() {
            return new ServiceAccountJwtAccessCredentials(this.f22509a, this.b, this.f22510c, this.f22511d, this.f22512e, this.f22513f);
        }

        public String getClientEmail() {
            return this.b;
        }

        public String getClientId() {
            return this.f22509a;
        }

        public URI getDefaultAudience() {
            return this.f22512e;
        }

        public PrivateKey getPrivateKey() {
            return this.f22510c;
        }

        public String getPrivateKeyId() {
            return this.f22511d;
        }

        public String getQuotaProjectId() {
            return this.f22513f;
        }

        public Builder setClientEmail(String str) {
            this.b = str;
            return this;
        }

        public Builder setClientId(String str) {
            this.f22509a = str;
            return this;
        }

        public Builder setDefaultAudience(URI uri) {
            this.f22512e = uri;
            return this;
        }

        public Builder setPrivateKey(PrivateKey privateKey) {
            this.f22510c = privateKey;
            return this;
        }

        public Builder setPrivateKeyId(String str) {
            this.f22511d = str;
            return this;
        }

        public Builder setQuotaProjectId(String str) {
            this.f22513f = str;
            return this;
        }
    }

    public ServiceAccountJwtAccessCredentials(String str, String str2, PrivateKey privateKey, String str3, URI uri, String str4) {
        this.f22503a = str;
        this.b = (String) Preconditions.checkNotNull(str2);
        this.f22504c = (PrivateKey) Preconditions.checkNotNull(privateKey);
        this.f22505d = str3;
        this.f22506e = uri;
        this.f22507f = str4;
    }

    public static ServiceAccountJwtAccessCredentials fromPkcs8(String str, String str2, String str3, String str4) throws IOException {
        return fromPkcs8(str, str2, str3, str4, null);
    }

    public static ServiceAccountJwtAccessCredentials fromPkcs8(String str, String str2, String str3, String str4, URI uri) throws IOException {
        return new ServiceAccountJwtAccessCredentials(str, str2, y.b(str3), str4, uri, null);
    }

    public static ServiceAccountJwtAccessCredentials fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, null);
    }

    public static ServiceAccountJwtAccessCredentials fromStream(InputStream inputStream, URI uri) throws IOException {
        Preconditions.checkNotNull(inputStream);
        GenericJson genericJson = (GenericJson) new JsonObjectParser(y.f22629f).parseAndClose(inputStream, StandardCharsets.UTF_8, GenericJson.class);
        String str = (String) genericJson.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if (!"service_account".equals(str)) {
            throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, "service_account"));
        }
        String str2 = (String) genericJson.get("client_id");
        String str3 = (String) genericJson.get("client_email");
        String str4 = (String) genericJson.get("private_key");
        String str5 = (String) genericJson.get("private_key_id");
        String str6 = (String) genericJson.get("quota_project_id");
        if (str2 == null || str3 == null || str4 == null || str5 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return new ServiceAccountJwtAccessCredentials(str2, str3, y.b(str4), str5, uri, str6);
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.h = Clock.SYSTEM;
        this.f22508g = a();
    }

    public final LoadingCache a() {
        return CacheBuilder.newBuilder().maximumSize(100L).expireAfterWrite(f22501i - f22502j, TimeUnit.SECONDS).ticker(new e0(this)).build(new d0(this));
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountJwtAccessCredentials)) {
            return false;
        }
        ServiceAccountJwtAccessCredentials serviceAccountJwtAccessCredentials = (ServiceAccountJwtAccessCredentials) obj;
        return Objects.equals(this.f22503a, serviceAccountJwtAccessCredentials.f22503a) && Objects.equals(this.b, serviceAccountJwtAccessCredentials.b) && Objects.equals(this.f22504c, serviceAccountJwtAccessCredentials.f22504c) && Objects.equals(this.f22505d, serviceAccountJwtAccessCredentials.f22505d) && Objects.equals(this.f22506e, serviceAccountJwtAccessCredentials.f22506e) && Objects.equals(this.f22507f, serviceAccountJwtAccessCredentials.f22507f);
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        return getClientEmail();
    }

    @Override // com.google.auth.Credentials
    public String getAuthenticationType() {
        return "JWTAccess";
    }

    public final String getClientEmail() {
        return this.b;
    }

    public final String getClientId() {
        return this.f22503a;
    }

    public final PrivateKey getPrivateKey() {
        return this.f22504c;
    }

    public final String getPrivateKeyId() {
        return this.f22505d;
    }

    @Override // com.google.auth.oauth2.QuotaProjectIdProvider
    public String getQuotaProjectId() {
        return this.f22507f;
    }

    @Override // com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        String str = this.b;
        if (uri == null && (uri = this.f22506e) == null) {
            throw new IOException("JwtAccess requires Audience uri to be passed in or the defaultAudience to be specified");
        }
        try {
            return GoogleCredentials.e(this.f22507f, ((JwtCredentials) this.f22508g.get(JwtClaims.newBuilder().setAudience(uri.toString()).setIssuer(str).setSubject(str).build())).getRequestMetadata(uri));
        } catch (UncheckedExecutionException e5) {
            Throwables.throwIfUnchecked(e5);
            throw new IllegalStateException("generateJwtAccess threw an unchecked exception that couldn't be rethrown", e5);
        } catch (ExecutionException e10) {
            Throwables.propagateIfPossible(e10.getCause(), IOException.class);
            throw new IllegalStateException("generateJwtAccess threw an unexpected checked exception", e10.getCause());
        }
    }

    @Override // com.google.auth.Credentials
    public void getRequestMetadata(URI uri, Executor executor, RequestMetadataCallback requestMetadataCallback) {
        blockingGetToCallback(uri, requestMetadataCallback);
    }

    @Override // com.google.auth.Credentials
    public boolean hasRequestMetadata() {
        return true;
    }

    @Override // com.google.auth.Credentials
    public boolean hasRequestMetadataOnly() {
        return true;
    }

    public int hashCode() {
        return Objects.hash(this.f22503a, this.b, this.f22504c, this.f22505d, this.f22506e, this.f22507f);
    }

    @Override // com.google.auth.oauth2.JwtProvider
    public JwtCredentials jwtWithClaims(JwtClaims jwtClaims) {
        JwtClaims.Builder newBuilder = JwtClaims.newBuilder();
        String str = this.b;
        JwtClaims.Builder subject = newBuilder.setIssuer(str).setSubject(str);
        URI uri = this.f22506e;
        if (uri != null) {
            subject.setAudience(uri.toString());
        }
        JwtCredentials.Builder lifeSpanSeconds = JwtCredentials.newBuilder().setPrivateKey(this.f22504c).setPrivateKeyId(this.f22505d).setJwtClaims(subject.build().merge(jwtClaims)).setLifeSpanSeconds(Long.valueOf(f22501i));
        Clock clock = this.h;
        lifeSpanSeconds.getClass();
        lifeSpanSeconds.f22458d = (Clock) com.google.common.base.Preconditions.checkNotNull(clock);
        return lifeSpanSeconds.build();
    }

    @Override // com.google.auth.Credentials
    public void refresh() {
        this.f22508g.invalidateAll();
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e5) {
            throw new ServiceAccountSigner.SigningException("Failed to sign the provided bytes", e5);
        }
    }

    public Builder toBuilder() {
        return new Builder(this);
    }

    public String toString() {
        return MoreObjects.toStringHelper(this).add("clientId", this.f22503a).add("clientEmail", this.b).add("privateKeyId", this.f22505d).add("defaultAudience", this.f22506e).add("quotaProjectId", this.f22507f).toString();
    }
}
