package k.m.d.b;

import com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.OAuth2Credentials;
import com.snapchat.kit.sdk.util.SnapConstants;
import io.netty.handler.ssl.OpenSslKeyMaterialManager;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.StringReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.sql.Date;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.ServiceLoader;
import k.m.c.f.a.g;
import k.m.c.f.a.i;
import k.m.c.f.a.n;
import k.m.c.f.c.k;
import k.m.c.f.c.m;
import k.m.c.f.c.t;
import k.m.f.a.h;
import k.m.f.c.o;

/* loaded from: classes2.dex */
public class e extends c implements ServiceAccountSigner {
    public static final long serialVersionUID = 7807543542681217978L;
    public final String f;
    public final String g;
    public final PrivateKey h;
    public final String i;
    public final String j;

    /* renamed from: k, reason: collision with root package name */
    public final String f615k;
    public final String l;
    public final URI m;
    public final Collection<String> n;
    public transient HttpTransportFactory o;

    /* loaded from: classes2.dex */
    public class a implements HttpBackOffUnsuccessfulResponseHandler.BackOffRequired {
        public a(e eVar) {
        }

        @Override // com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler.BackOffRequired
        public boolean isRequired(i iVar) {
            int i = iVar.e;
            return i / 100 == 5 || i == 403;
        }
    }

    public e(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, HttpTransportFactory httpTransportFactory, URI uri, String str4, String str5) {
        this.f = str;
        if (str2 == null) {
            throw new NullPointerException();
        }
        this.g = str2;
        if (privateKey == null) {
            throw new NullPointerException();
        }
        this.h = privateKey;
        this.i = str3;
        this.n = collection == null ? o.h() : o.a((Collection) collection);
        Object obj = d.c;
        Iterator it = ServiceLoader.load(HttpTransportFactory.class).iterator();
        this.o = (HttpTransportFactory) k.m.b.d.f.n.n.a.e(httpTransportFactory, it.hasNext() ? it.next() : obj);
        this.l = this.o.getClass().getName();
        this.m = uri == null ? d.a : uri;
        this.j = str4;
        this.f615k = str5;
    }

    public static e a(Map<String, Object> map, HttpTransportFactory httpTransportFactory) throws IOException {
        URI uri;
        String str = (String) map.get(SnapConstants.CLIENT_ID);
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        t tVar = new t(new StringReader(str3));
        try {
            t.a a2 = tVar.a("PRIVATE KEY");
            if (a2 == null) {
                throw new IOException("Invalid PKCS#8 data.");
            }
            try {
                return new e(str, str2, KeyFactory.getInstance(OpenSslKeyMaterialManager.KEY_TYPE_RSA).generatePrivate(new PKCS8EncodedKeySpec(a2.a)), str4, null, httpTransportFactory, uri, null, str5);
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                throw new IOException("Unexpected exception reading PKCS#8 data", e);
            }
        } finally {
            tVar.a();
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.o = (HttpTransportFactory) OAuth2Credentials.b(this.l);
    }

    public String a(k.m.c.f.b.c cVar, long j, String str) throws IOException {
        k.m.c.f.b.k.a aVar = new k.m.c.f.b.k.a();
        aVar.a("RS256");
        aVar.c("JWT");
        aVar.b(this.i);
        k.m.c.f.b.k.c cVar2 = new k.m.c.f.b.k.c();
        cVar2.a(this.g);
        long j2 = j / 1000;
        cVar2.b(Long.valueOf(j2));
        cVar2.a(Long.valueOf(j2 + 3600));
        cVar2.b(this.j);
        cVar2.put("scope", m.a(' ').a(this.n));
        if (str == null) {
            cVar2.a((Object) d.a.toString());
        } else {
            cVar2.a((Object) str);
        }
        try {
            return k.m.b.d.f.n.n.a.a(this.h, cVar, aVar, cVar2);
        } catch (GeneralSecurityException e) {
            throw new IOException("Error signing service account access token request with private key.", e);
        }
    }

    @Override // k.m.d.b.c
    public c a(Collection<String> collection) {
        return new e(this.f, this.g, this.h, this.i, collection, this.o, this.m, this.j, this.f615k);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public k.m.d.b.a d() throws IOException {
        if (e()) {
            throw new IOException("Scopes not configured for service account. Scoped should be specified by calling createScoped or passing scopes to constructor.");
        }
        k.m.c.f.b.c cVar = d.d;
        String a2 = a(cVar, this.e.currentTimeMillis(), this.m.toString());
        k kVar = new k();
        kVar.b("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        kVar.b("assertion", a2);
        g a3 = this.o.create().b().a(new k.m.c.f.a.b(this.m), new n(kVar));
        a3.r = new k.m.c.f.b.e(cVar);
        a3.p = new k.m.c.f.a.c(new k.m.c.f.c.i());
        HttpBackOffUnsuccessfulResponseHandler httpBackOffUnsuccessfulResponseHandler = new HttpBackOffUnsuccessfulResponseHandler(new k.m.c.f.c.i());
        httpBackOffUnsuccessfulResponseHandler.b = new a(this);
        a3.o = httpBackOffUnsuccessfulResponseHandler;
        try {
            return new k.m.d.b.a(d.b((k) a3.a().a(k.class), "access_token", "Error parsing token refresh response. "), new Date((d.a(r0, "expires_in", "Error parsing token refresh response. ") * 1000) + this.e.currentTimeMillis()));
        } catch (IOException e) {
            throw new IOException(String.format("Error getting access token for service account: %s", e.getMessage()), e);
        }
    }

    public boolean e() {
        return this.n.isEmpty();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof e)) {
            return false;
        }
        e eVar = (e) obj;
        return Objects.equals(this.f, eVar.f) && Objects.equals(this.g, eVar.g) && Objects.equals(this.h, eVar.h) && Objects.equals(this.i, eVar.i) && Objects.equals(this.l, eVar.l) && Objects.equals(this.m, eVar.m) && Objects.equals(this.n, eVar.n);
    }

    public final String f() {
        return this.g;
    }

    public final PrivateKey g() {
        return this.h;
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        return f();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.f, this.g, this.h, this.i, this.l, this.m, this.n);
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(g());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new ServiceAccountSigner.SigningException("Failed to sign the provided bytes", e);
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        h f = k.m.b.d.f.n.n.a.f(this);
        f.a("clientId", this.f);
        f.a("clientEmail", this.g);
        f.a("privateKeyId", this.i);
        f.a("transportFactoryClassName", this.l);
        f.a("tokenServerUri", this.m);
        f.a("scopes", this.n);
        f.a("serviceAccountUser", this.j);
        return f.toString();
    }
}
