package com.google.auth.oauth2;

import A.AbstractC0934e;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.auth.oauth2.AwsCredentials;
import com.google.auth.oauth2.IdentityPoolCredentials;
import com.google.auth.oauth2.PluggableAuthCredentials;
import java.io.InputStream;
import java.io.Serializable;
import java.math.BigDecimal;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.Executor;
import java.util.regex.Pattern;
import z7.C17233h;

/* loaded from: classes11.dex */
public abstract class ExternalAccountCredentials extends GoogleCredentials {
    static final String EXECUTABLE_SOURCE_KEY = "executable";
    static final String EXTERNAL_ACCOUNT_FILE_TYPE = "external_account";
    private static final long serialVersionUID = 8049126194174465023L;
    private final String audience;
    private final String clientId;
    private final String clientSecret;
    private final CredentialSource credentialSource;
    private InterfaceC7265l environmentProvider;
    protected final ImpersonatedCredentials impersonatedCredentials;
    private ImpersonatedCredentials impersonatedCredentialsOverride;
    private final Collection<String> scopes;
    private final ServiceAccountImpersonationOptions serviceAccountImpersonationOptions;
    private final String serviceAccountImpersonationUrl;
    private final String subjectTokenType;
    private final String tokenInfoUrl;
    private final String tokenUrl;
    protected transient F7.b transportFactory;
    private final String transportFactoryClassName;
    private final String universeDomain;
    private final String workforcePoolUserProject;

    /* loaded from: classes11.dex */
    public static abstract class CredentialSource implements Serializable {
        private static final long serialVersionUID = 8204657811562399944L;

        public CredentialSource(Map<String, Object> map) {
            map.getClass();
        }
    }

    /* loaded from: classes11.dex */
    public static final class ServiceAccountImpersonationOptions implements Serializable {
        private static final long serialVersionUID = 4250771921886280953L;
        private final int lifetime;

        public ServiceAccountImpersonationOptions(Map<String, Object> map) {
            if (!map.containsKey("token_lifetime_seconds")) {
                this.lifetime = 3600;
                return;
            }
            try {
                Object obj = map.get("token_lifetime_seconds");
                if (obj instanceof BigDecimal) {
                    this.lifetime = ((BigDecimal) obj).intValue();
                } else if (map.get("token_lifetime_seconds") instanceof Integer) {
                    this.lifetime = ((Integer) obj).intValue();
                } else {
                    this.lifetime = Integer.parseInt((String) obj);
                }
                int i11 = this.lifetime;
                if (i11 < 600 || i11 > 43200) {
                    throw new IllegalArgumentException("The \"token_lifetime_seconds\" field must be between 600 and 43200 seconds.");
                }
            } catch (ArithmeticException e11) {
                e = e11;
                throw new IllegalArgumentException("Value of \"token_lifetime_seconds\" field could not be parsed into an integer.", e);
            } catch (NumberFormatException e12) {
                e = e12;
                throw new IllegalArgumentException("Value of \"token_lifetime_seconds\" field could not be parsed into an integer.", e);
            }
        }

        public int getLifetime() {
            return this.lifetime;
        }
    }

    public ExternalAccountCredentials(F7.b bVar, String str, String str2, String str3, CredentialSource credentialSource, String str4, String str5, String str6, String str7, String str8, Collection<String> collection) {
        this(bVar, str, str2, str3, credentialSource, str4, str5, str6, str7, str8, collection, null);
    }

    public ExternalAccountCredentials(F7.b bVar, String str, String str2, String str3, CredentialSource credentialSource, String str4, String str5, String str6, String str7, String str8, Collection<String> collection, InterfaceC7265l interfaceC7265l) {
        super(null, str6);
        F7.b bVar2 = (F7.b) com.google.common.base.u.r(bVar, OAuth2Credentials.getFromServiceLoader(F7.b.class, J.f43976c));
        this.transportFactory = bVar2;
        this.transportFactoryClassName = bVar2.getClass().getName();
        str.getClass();
        this.audience = str;
        str2.getClass();
        this.subjectTokenType = str2;
        str3.getClass();
        this.tokenUrl = str3;
        credentialSource.getClass();
        this.credentialSource = credentialSource;
        this.tokenInfoUrl = str4;
        this.serviceAccountImpersonationUrl = str5;
        this.clientId = str7;
        this.clientSecret = str8;
        this.scopes = (collection == null || collection.isEmpty()) ? Arrays.asList("https://www.googleapis.com/auth/cloud-platform") : collection;
        this.environmentProvider = interfaceC7265l == null ? SystemEnvironmentProvider.getInstance() : interfaceC7265l;
        this.workforcePoolUserProject = null;
        this.universeDomain = null;
        this.serviceAccountImpersonationOptions = new ServiceAccountImpersonationOptions(new HashMap());
        validateTokenUrl(str3);
        if (str5 != null) {
            validateServiceAccountImpersonationInfoUrl(str5);
        }
        this.impersonatedCredentials = buildImpersonatedCredentials();
    }

    public ExternalAccountCredentials(r rVar) {
        super(rVar);
        F7.b bVar = (F7.b) com.google.common.base.u.r(rVar.f44052k, OAuth2Credentials.getFromServiceLoader(F7.b.class, J.f43976c));
        this.transportFactory = bVar;
        this.transportFactoryClassName = bVar.getClass().getName();
        String str = rVar.f44047e;
        str.getClass();
        this.audience = str;
        String str2 = rVar.f44048f;
        str2.getClass();
        this.subjectTokenType = str2;
        String str3 = rVar.f44049g;
        str3.getClass();
        this.tokenUrl = str3;
        CredentialSource credentialSource = rVar.f44051i;
        credentialSource.getClass();
        this.credentialSource = credentialSource;
        this.tokenInfoUrl = rVar.f44050h;
        String str4 = rVar.f44053l;
        this.serviceAccountImpersonationUrl = str4;
        this.clientId = rVar.f44054m;
        this.clientSecret = rVar.f44055n;
        Collection collection = rVar.f44056o;
        this.scopes = (collection == null || collection.isEmpty()) ? Arrays.asList("https://www.googleapis.com/auth/cloud-platform") : rVar.f44056o;
        InterfaceC7265l interfaceC7265l = rVar.j;
        this.environmentProvider = interfaceC7265l == null ? SystemEnvironmentProvider.getInstance() : interfaceC7265l;
        ServiceAccountImpersonationOptions serviceAccountImpersonationOptions = rVar.f44058q;
        this.serviceAccountImpersonationOptions = serviceAccountImpersonationOptions == null ? new ServiceAccountImpersonationOptions(new HashMap()) : serviceAccountImpersonationOptions;
        String str5 = rVar.f44057p;
        this.workforcePoolUserProject = str5;
        if (str5 != null && !isWorkforcePoolConfiguration()) {
            throw new IllegalArgumentException("The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.");
        }
        this.universeDomain = rVar.f44059r;
        validateTokenUrl(str3);
        if (str4 != null) {
            validateServiceAccountImpersonationInfoUrl(str4);
        }
        this.impersonatedCredentials = buildImpersonatedCredentials();
    }

    public static boolean e(String str) {
        URI create;
        try {
            create = URI.create(str);
        } catch (Exception unused) {
        }
        return (create.getScheme() == null || create.getHost() == null || !"https".equals(create.getScheme().toLowerCase(Locale.US))) ? false : true;
    }

    public static ExternalAccountCredentials fromJson(Map<String, Object> map, F7.b bVar) {
        map.getClass();
        bVar.getClass();
        String str = (String) map.get("audience");
        String str2 = (String) map.get("subject_token_type");
        String str3 = (String) map.get("token_url");
        Map map2 = (Map) map.get("credential_source");
        String str4 = (String) map.get("service_account_impersonation_url");
        String str5 = (String) map.get("token_info_url");
        String str6 = (String) map.get("client_id");
        String str7 = (String) map.get("client_secret");
        String str8 = (String) map.get("quota_project_id");
        String str9 = (String) map.get("workforce_pool_user_project");
        String str10 = (String) map.get("universe_domain");
        Map map3 = (Map) map.get("service_account_impersonation");
        if (map3 == null) {
            map3 = new HashMap();
        }
        if (map2.containsKey("environment_id") && ((String) map2.get("environment_id")).startsWith("aws")) {
            C7258e newBuilder = AwsCredentials.newBuilder();
            newBuilder.f44052k = bVar;
            newBuilder.f44047e = str;
            newBuilder.f44048f = str2;
            newBuilder.f44049g = str3;
            newBuilder.f44050h = str5;
            newBuilder.f44051i = new AwsCredentials.AwsCredentialSource(map2);
            newBuilder.f44053l = str4;
            newBuilder.f44069d = str8;
            newBuilder.f44054m = str6;
            newBuilder.f44055n = str7;
            newBuilder.f44058q = new ServiceAccountImpersonationOptions(map3);
            newBuilder.f44059r = str10;
            return new AwsCredentials(newBuilder);
        }
        if (map2.containsKey(EXECUTABLE_SOURCE_KEY)) {
            K newBuilder2 = PluggableAuthCredentials.newBuilder();
            newBuilder2.f44052k = bVar;
            newBuilder2.f44047e = str;
            newBuilder2.f44048f = str2;
            newBuilder2.f44049g = str3;
            newBuilder2.f44050h = str5;
            newBuilder2.f44051i = new PluggableAuthCredentials.PluggableAuthCredentialSource(map2);
            newBuilder2.f44053l = str4;
            newBuilder2.f44069d = str8;
            newBuilder2.f44054m = str6;
            newBuilder2.f44055n = str7;
            newBuilder2.f44057p = str9;
            newBuilder2.f44058q = new ServiceAccountImpersonationOptions(map3);
            newBuilder2.f44059r = str10;
            return new PluggableAuthCredentials(newBuilder2);
        }
        v newBuilder3 = IdentityPoolCredentials.newBuilder();
        newBuilder3.f44052k = bVar;
        newBuilder3.f44047e = str;
        newBuilder3.f44048f = str2;
        newBuilder3.f44049g = str3;
        newBuilder3.f44050h = str5;
        newBuilder3.f44051i = new IdentityPoolCredentials.IdentityPoolCredentialSource(map2);
        newBuilder3.f44053l = str4;
        newBuilder3.f44069d = str8;
        newBuilder3.f44054m = str6;
        newBuilder3.f44055n = str7;
        newBuilder3.f44057p = str9;
        newBuilder3.f44058q = new ServiceAccountImpersonationOptions(map3);
        newBuilder3.f44059r = str10;
        return new IdentityPoolCredentials(newBuilder3);
    }

    public static ExternalAccountCredentials fromStream(InputStream inputStream) {
        return fromStream(inputStream, (F7.b) J.f43976c);
    }

    public static ExternalAccountCredentials fromStream(InputStream inputStream, F7.b bVar) {
        inputStream.getClass();
        bVar.getClass();
        try {
            return fromJson((GenericJson) new JsonObjectParser(J.f43977d).parseAndClose(inputStream, StandardCharsets.UTF_8, GenericJson.class), bVar);
        } catch (ClassCastException | IllegalArgumentException e11) {
            throw new CredentialFormatException("An invalid input stream was provided.", e11);
        }
    }

    public static void validateServiceAccountImpersonationInfoUrl(String str) {
        if (!e(str)) {
            throw new IllegalArgumentException("The provided service account impersonation URL is invalid.");
        }
    }

    public static void validateTokenUrl(String str) {
        if (!e(str)) {
            throw new IllegalArgumentException("The provided token URL is invalid.");
        }
    }

    public ImpersonatedCredentials buildImpersonatedCredentials() {
        GoogleCredentials identityPoolCredentials;
        if (this.serviceAccountImpersonationUrl == null) {
            return null;
        }
        if (this instanceof AwsCredentials) {
            C7258e newBuilder = AwsCredentials.newBuilder((AwsCredentials) this);
            newBuilder.f44053l = null;
            identityPoolCredentials = new AwsCredentials(newBuilder);
        } else if (this instanceof PluggableAuthCredentials) {
            K newBuilder2 = PluggableAuthCredentials.newBuilder((PluggableAuthCredentials) this);
            newBuilder2.f44053l = null;
            identityPoolCredentials = new PluggableAuthCredentials(newBuilder2);
        } else {
            v newBuilder3 = IdentityPoolCredentials.newBuilder((IdentityPoolCredentials) this);
            newBuilder3.f44053l = null;
            identityPoolCredentials = new IdentityPoolCredentials(newBuilder3);
        }
        String extractTargetPrincipal = ImpersonatedCredentials.extractTargetPrincipal(this.serviceAccountImpersonationUrl);
        x newBuilder4 = ImpersonatedCredentials.newBuilder();
        newBuilder4.f44070e = identityPoolCredentials;
        newBuilder4.j = this.transportFactory;
        newBuilder4.f44071f = extractTargetPrincipal;
        newBuilder4.f44073h = new ArrayList(this.scopes);
        newBuilder4.g(this.serviceAccountImpersonationOptions.lifetime);
        newBuilder4.f44075k = this.serviceAccountImpersonationUrl;
        return newBuilder4.a();
    }

    public AccessToken exchangeExternalCredentialForAccessToken(N n11) {
        String str;
        ImpersonatedCredentials impersonatedCredentials = this.impersonatedCredentialsOverride;
        if (impersonatedCredentials != null) {
            return impersonatedCredentials.refreshAccessToken();
        }
        ImpersonatedCredentials impersonatedCredentials2 = this.impersonatedCredentials;
        if (impersonatedCredentials2 != null) {
            return impersonatedCredentials2.refreshAccessToken();
        }
        String str2 = this.tokenUrl;
        org.matrix.android.sdk.internal.session.room.membership.g a11 = this.transportFactory.a().a();
        if (isWorkforcePoolConfiguration()) {
            GenericJson genericJson = new GenericJson();
            genericJson.setFactory(J.f43977d);
            genericJson.put("userProject", (Object) this.workforcePoolUserProject);
            str = genericJson.toString();
        } else {
            str = null;
        }
        n11.getClass();
        com.google.api.client.util.s sVar = new com.google.api.client.util.s();
        sVar.set("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange");
        sVar.set("subject_token_type", n11.f43998b);
        sVar.set("subject_token", n11.f43997a);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = n11.f43999c;
        if (arrayList2 != null && !arrayList2.isEmpty()) {
            arrayList.addAll(arrayList2);
            sVar.set("scope", N1.b.h(' ').g(arrayList));
        }
        sVar.set("requested_token_type", "urn:ietf:params:oauth:token-type:access_token");
        String str3 = n11.f44000d;
        if (str3 != null && !str3.isEmpty()) {
            sVar.set("audience", str3);
        }
        if (str != null && !str.isEmpty()) {
            sVar.set("options", str);
        }
        z7.p c11 = a11.c("POST", new C17233h(str2), new z7.x(sVar));
        c11.f141610q = new JsonObjectParser(J.f43977d);
        try {
            return (AccessToken) AbstractC0934e.b((com.google.api.client.util.s) c11.b().e(com.google.api.client.util.s.class)).f17434b;
        } catch (HttpResponseException e11) {
            throw OAuthException.createFromHttpResponseException(e11);
        }
    }

    public String getAudience() {
        return this.audience;
    }

    public String getClientId() {
        return this.clientId;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public CredentialSource getCredentialSource() {
        return this.credentialSource;
    }

    public InterfaceC7265l getEnvironmentProvider() {
        return this.environmentProvider;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) {
        return GoogleCredentials.addQuotaProjectIdToRequestMetadata(this.quotaProjectId, super.getRequestMetadata(uri));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public void getRequestMetadata(URI uri, Executor executor, E7.a aVar) {
        super.getRequestMetadata(uri, executor, new q(this, aVar));
    }

    public Collection<String> getScopes() {
        return this.scopes;
    }

    public String getServiceAccountEmail() {
        String str = this.serviceAccountImpersonationUrl;
        if (str == null || str.isEmpty()) {
            return null;
        }
        return ImpersonatedCredentials.extractTargetPrincipal(this.serviceAccountImpersonationUrl);
    }

    public ServiceAccountImpersonationOptions getServiceAccountImpersonationOptions() {
        return this.serviceAccountImpersonationOptions;
    }

    public String getServiceAccountImpersonationUrl() {
        return this.serviceAccountImpersonationUrl;
    }

    public String getSubjectTokenType() {
        return this.subjectTokenType;
    }

    public String getTokenInfoUrl() {
        return this.tokenInfoUrl;
    }

    public String getTokenUrl() {
        return this.tokenUrl;
    }

    public String getUniverseDomain() {
        return this.universeDomain;
    }

    public String getWorkforcePoolUserProject() {
        return this.workforcePoolUserProject;
    }

    public boolean isWorkforcePoolConfiguration() {
        return this.workforcePoolUserProject != null && Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$").matcher(getAudience()).matches();
    }

    public void overrideImpersonatedCredentials(ImpersonatedCredentials impersonatedCredentials) {
        this.impersonatedCredentialsOverride = impersonatedCredentials;
    }

    public abstract String retrieveSubjectToken();
}
