package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpBackOffIOExceptionHandler;
import com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.Clock;
import com.google.api.client.util.ExponentialBackOff;
import com.google.api.client.util.GenericData;
import com.google.api.client.util.Joiner;
import com.google.api.client.util.Preconditions;
import com.google.auth.RequestMetadataCallback;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.auth.oauth2.JwtClaims;
import com.google.auth.oauth2.JwtCredentials;
import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Executor;
import org.apache.http.message.TokenParser;

/* loaded from: classes2.dex */
public class ServiceAccountCredentials extends GoogleCredentials implements ServiceAccountSigner, IdTokenProvider, JwtProvider {
    public static final /* synthetic */ int A = 0;
    private static final long serialVersionUID = 7807543542681217978L;

    /* renamed from: l, reason: collision with root package name */
    public final String f22698l;

    /* renamed from: m, reason: collision with root package name */
    public final String f22699m;

    /* renamed from: n, reason: collision with root package name */
    public final PrivateKey f22700n;

    /* renamed from: o, reason: collision with root package name */
    public final String f22701o;

    /* renamed from: p, reason: collision with root package name */
    public final String f22702p;

    /* renamed from: q, reason: collision with root package name */
    public final String f22703q;

    /* renamed from: r, reason: collision with root package name */
    public final String f22704r;

    /* renamed from: s, reason: collision with root package name */
    public final URI f22705s;

    /* renamed from: t, reason: collision with root package name */
    public final ImmutableSet f22706t;

    /* renamed from: u, reason: collision with root package name */
    public final ImmutableSet f22707u;

    /* renamed from: v, reason: collision with root package name */
    public final int f22708v;

    /* renamed from: w, reason: collision with root package name */
    public final boolean f22709w;

    /* renamed from: x, reason: collision with root package name */
    public final boolean f22710x;

    /* renamed from: y, reason: collision with root package name */
    public transient HttpTransportFactory f22711y;

    /* renamed from: z, reason: collision with root package name */
    public transient JwtCredentials f22712z;

    /* loaded from: classes2.dex */
    public static class Builder extends GoogleCredentials.Builder {

        /* renamed from: d, reason: collision with root package name */
        public String f22713d;

        /* renamed from: e, reason: collision with root package name */
        public String f22714e;

        /* renamed from: f, reason: collision with root package name */
        public PrivateKey f22715f;

        /* renamed from: g, reason: collision with root package name */
        public String f22716g;
        public String h;

        /* renamed from: i, reason: collision with root package name */
        public String f22717i;

        /* renamed from: j, reason: collision with root package name */
        public URI f22718j;

        /* renamed from: k, reason: collision with root package name */
        public Collection f22719k;

        /* renamed from: l, reason: collision with root package name */
        public Collection f22720l;

        /* renamed from: m, reason: collision with root package name */
        public HttpTransportFactory f22721m;

        /* renamed from: n, reason: collision with root package name */
        public int f22722n;

        /* renamed from: o, reason: collision with root package name */
        public boolean f22723o;

        /* renamed from: p, reason: collision with root package name */
        public boolean f22724p;

        public Builder() {
            this.f22722n = 3600;
            this.f22723o = false;
            this.f22724p = true;
        }

        public Builder(ServiceAccountCredentials serviceAccountCredentials) {
            super(serviceAccountCredentials);
            this.f22722n = 3600;
            this.f22723o = false;
            this.f22724p = true;
            this.f22713d = serviceAccountCredentials.f22698l;
            this.f22714e = serviceAccountCredentials.f22699m;
            this.f22715f = serviceAccountCredentials.f22700n;
            this.f22716g = serviceAccountCredentials.f22701o;
            this.f22719k = serviceAccountCredentials.f22706t;
            this.f22720l = serviceAccountCredentials.f22707u;
            this.f22721m = serviceAccountCredentials.f22711y;
            this.f22718j = serviceAccountCredentials.f22705s;
            this.h = serviceAccountCredentials.f22702p;
            this.f22717i = serviceAccountCredentials.f22703q;
            this.f22722n = serviceAccountCredentials.f22708v;
            this.f22723o = serviceAccountCredentials.f22709w;
            this.f22724p = serviceAccountCredentials.f22710x;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder, com.google.auth.oauth2.OAuth2Credentials.Builder
        public ServiceAccountCredentials build() {
            return new ServiceAccountCredentials(this);
        }

        public String getClientEmail() {
            return this.f22714e;
        }

        public String getClientId() {
            return this.f22713d;
        }

        public Collection<String> getDefaultScopes() {
            return this.f22720l;
        }

        public HttpTransportFactory getHttpTransportFactory() {
            return this.f22721m;
        }

        public int getLifetime() {
            return this.f22722n;
        }

        public PrivateKey getPrivateKey() {
            return this.f22715f;
        }

        public String getPrivateKeyId() {
            return this.f22716g;
        }

        public String getProjectId() {
            return this.f22717i;
        }

        public Collection<String> getScopes() {
            return this.f22719k;
        }

        public String getServiceAccountUser() {
            return this.h;
        }

        public URI getTokenServerUri() {
            return this.f22718j;
        }

        public boolean getUseJwtAccessWithScope() {
            return this.f22723o;
        }

        public boolean isDefaultRetriesEnabled() {
            return this.f22724p;
        }

        public Builder setClientEmail(String str) {
            this.f22714e = str;
            return this;
        }

        public Builder setClientId(String str) {
            this.f22713d = str;
            return this;
        }

        public Builder setDefaultRetriesEnabled(boolean z6) {
            this.f22724p = z6;
            return this;
        }

        public Builder setHttpTransportFactory(HttpTransportFactory httpTransportFactory) {
            this.f22721m = httpTransportFactory;
            return this;
        }

        public Builder setLifetime(int i10) {
            if (i10 == 0) {
                i10 = 3600;
            }
            this.f22722n = i10;
            return this;
        }

        public Builder setPrivateKey(PrivateKey privateKey) {
            this.f22715f = privateKey;
            return this;
        }

        public Builder setPrivateKeyId(String str) {
            this.f22716g = str;
            return this;
        }

        public Builder setPrivateKeyString(String str) throws IOException {
            this.f22715f = y.b(str);
            return this;
        }

        public Builder setProjectId(String str) {
            this.f22717i = str;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder
        public Builder setQuotaProjectId(String str) {
            super.setQuotaProjectId(str);
            return this;
        }

        public Builder setScopes(Collection<String> collection) {
            this.f22719k = collection;
            this.f22720l = ImmutableSet.of();
            return this;
        }

        public Builder setScopes(Collection<String> collection, Collection<String> collection2) {
            this.f22719k = collection;
            this.f22720l = collection2;
            return this;
        }

        public Builder setServiceAccountUser(String str) {
            this.h = str;
            return this;
        }

        public Builder setTokenServerUri(URI uri) {
            this.f22718j = uri;
            return this;
        }

        public Builder setUseJwtAccessWithScope(boolean z6) {
            this.f22723o = z6;
            return this;
        }
    }

    public ServiceAccountCredentials(Builder builder) {
        super(builder);
        this.f22712z = null;
        this.f22698l = builder.f22713d;
        this.f22699m = (String) Preconditions.checkNotNull(builder.f22714e);
        this.f22700n = (PrivateKey) Preconditions.checkNotNull(builder.f22715f);
        this.f22701o = builder.f22716g;
        Collection collection = builder.f22719k;
        this.f22706t = collection == null ? ImmutableSet.of() : ImmutableSet.copyOf(collection);
        Collection collection2 = builder.f22720l;
        this.f22707u = collection2 == null ? ImmutableSet.of() : ImmutableSet.copyOf(collection2);
        HttpTransportFactory httpTransportFactory = (HttpTransportFactory) MoreObjects.firstNonNull(builder.f22721m, OAuth2Credentials.getFromServiceLoader(HttpTransportFactory.class, y.f22853e));
        this.f22711y = httpTransportFactory;
        this.f22704r = httpTransportFactory.getClass().getName();
        URI uri = builder.f22718j;
        this.f22705s = uri == null ? y.f22850a : uri;
        this.f22702p = builder.h;
        this.f22703q = builder.f22717i;
        int i10 = builder.f22722n;
        if (i10 > 43200) {
            throw new IllegalStateException("lifetime must be less than or equal to 43200");
        }
        this.f22708v = i10;
        this.f22709w = builder.f22723o;
        this.f22710x = builder.f22724p;
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection) throws IOException {
        return h(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, HttpTransportFactory httpTransportFactory, URI uri) throws IOException {
        return h(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection).setHttpTransportFactory(httpTransportFactory).setTokenServerUri(uri));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, HttpTransportFactory httpTransportFactory, URI uri, String str5) throws IOException {
        return h(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection).setHttpTransportFactory(httpTransportFactory).setTokenServerUri(uri).setServiceAccountUser(str5));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2) throws IOException {
        return h(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection, collection2));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2, HttpTransportFactory httpTransportFactory, URI uri) throws IOException {
        return h(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection, collection2).setHttpTransportFactory(httpTransportFactory).setTokenServerUri(uri));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2, HttpTransportFactory httpTransportFactory, URI uri, String str5) throws IOException {
        return h(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection, collection2).setHttpTransportFactory(httpTransportFactory).setTokenServerUri(uri).setServiceAccountUser(str5));
    }

    public static ServiceAccountCredentials fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, (HttpTransportFactory) y.f22853e);
    }

    public static ServiceAccountCredentials fromStream(InputStream inputStream, HttpTransportFactory httpTransportFactory) throws IOException {
        Preconditions.checkNotNull(inputStream);
        Preconditions.checkNotNull(httpTransportFactory);
        GenericJson genericJson = (GenericJson) new JsonObjectParser(y.f22854f).parseAndClose(inputStream, StandardCharsets.UTF_8, GenericJson.class);
        String str = (String) genericJson.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if ("service_account".equals(str)) {
            return g(genericJson, httpTransportFactory);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, "service_account"));
    }

    public static ServiceAccountCredentials g(Map map, HttpTransportFactory httpTransportFactory) {
        URI uri;
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        String str7 = (String) map.get("quota_project_id");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return h(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setHttpTransportFactory(httpTransportFactory).setTokenServerUri(uri).setProjectId(str5).setQuotaProjectId(str7));
    }

    public static ServiceAccountCredentials h(String str, Builder builder) {
        builder.setPrivateKey(y.b(str));
        return new ServiceAccountCredentials(builder);
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.f22711y = (HttpTransportFactory) OAuth2Credentials.newInstance(this.f22704r);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createDelegated(String str) {
        return toBuilder().setServiceAccountUser(str).build();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection) {
        return createScoped(collection, null);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection, Collection<String> collection2) {
        return toBuilder().setScopes(collection, collection2).build();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public boolean createScopedRequired() {
        return this.f22706t.isEmpty() && this.f22707u.isEmpty();
    }

    public ServiceAccountCredentials createWithCustomLifetime(int i10) {
        return toBuilder().setLifetime(i10).build();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public ServiceAccountCredentials createWithCustomRetryStrategy(boolean z6) {
        return toBuilder().setDefaultRetriesEnabled(z6).build();
    }

    public ServiceAccountCredentials createWithUseJwtAccessWithScope(boolean z6) {
        return toBuilder().setUseJwtAccessWithScope(z6).build();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.f22698l, serviceAccountCredentials.f22698l) && Objects.equals(this.f22699m, serviceAccountCredentials.f22699m) && Objects.equals(this.f22700n, serviceAccountCredentials.f22700n) && Objects.equals(this.f22701o, serviceAccountCredentials.f22701o) && Objects.equals(this.f22704r, serviceAccountCredentials.f22704r) && Objects.equals(this.f22705s, serviceAccountCredentials.f22705s) && Objects.equals(this.f22706t, serviceAccountCredentials.f22706t) && Objects.equals(this.f22707u, serviceAccountCredentials.f22707u) && Objects.equals(this.quotaProjectId, serviceAccountCredentials.quotaProjectId) && Objects.equals(Integer.valueOf(this.f22708v), Integer.valueOf(serviceAccountCredentials.f22708v)) && Objects.equals(Boolean.valueOf(this.f22709w), Boolean.valueOf(serviceAccountCredentials.f22709w)) && Objects.equals(Boolean.valueOf(this.f22710x), Boolean.valueOf(serviceAccountCredentials.f22710x));
    }

    public final JwtCredentials f(URI uri) {
        JwtClaims.Builder newBuilder = JwtClaims.newBuilder();
        String str = this.f22699m;
        JwtClaims.Builder subject = newBuilder.setIssuer(str).setSubject(str);
        if (uri == null) {
            ImmutableSet immutableSet = this.f22706t;
            subject.setAdditionalClaims(Collections.singletonMap("scope", !immutableSet.isEmpty() ? Joiner.on(TokenParser.SP).join(immutableSet) : Joiner.on(TokenParser.SP).join(this.f22707u)));
        } else {
            if (uri.getScheme() != null && uri.getHost() != null) {
                try {
                    uri = new URI(uri.getScheme(), uri.getHost(), "/", null);
                } catch (URISyntaxException unused) {
                }
            }
            subject.setAudience(uri.toString());
        }
        JwtCredentials.Builder jwtClaims = JwtCredentials.newBuilder().setPrivateKey(this.f22700n).setPrivateKeyId(this.f22701o).setJwtClaims(subject.build());
        Clock clock = this.f22691g;
        jwtClaims.getClass();
        jwtClaims.f22681d = (Clock) com.google.common.base.Preconditions.checkNotNull(clock);
        return jwtClaims.build();
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        return getClientEmail();
    }

    public final String getClientEmail() {
        return this.f22699m;
    }

    public final String getClientId() {
        return this.f22698l;
    }

    public final Collection<String> getDefaultScopes() {
        return this.f22707u;
    }

    public final PrivateKey getPrivateKey() {
        return this.f22700n;
    }

    public final String getPrivateKeyId() {
        return this.f22701o;
    }

    public final String getProjectId() {
        return this.f22703q;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        String str;
        JwtCredentials f10;
        if (createScopedRequired() && uri == null) {
            throw new IOException("Scopes and uri are not configured for service account. Specify the scopes by calling createScoped or passing scopes to constructor or providing uri to getRequestMetadata.");
        }
        boolean createScopedRequired = createScopedRequired();
        boolean z6 = this.f22709w;
        if ((!createScopedRequired && !z6) || ((str = this.f22702p) != null && str.length() > 0)) {
            return super.getRequestMetadata(uri);
        }
        if (createScopedRequired() || !z6) {
            f10 = f(uri);
        } else {
            if (this.f22712z == null) {
                this.f22712z = f(null);
            }
            f10 = this.f22712z;
        }
        return GoogleCredentials.e(this.quotaProjectId, f10.getRequestMetadata(null));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public void getRequestMetadata(URI uri, Executor executor, RequestMetadataCallback requestMetadataCallback) {
        if (this.f22709w) {
            blockingGetToCallback(uri, requestMetadataCallback);
        } else {
            super.getRequestMetadata(uri, executor, requestMetadataCallback);
        }
    }

    public final Collection<String> getScopes() {
        return this.f22706t;
    }

    public final String getServiceAccountUser() {
        return this.f22702p;
    }

    public final URI getTokenServerUri() {
        return this.f22705s;
    }

    public boolean getUseJwtAccessWithScope() {
        return this.f22709w;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.f22698l, this.f22699m, this.f22700n, this.f22701o, this.f22704r, this.f22705s, this.f22706t, this.f22707u, this.quotaProjectId, Integer.valueOf(this.f22708v), Boolean.valueOf(this.f22709w), Boolean.valueOf(this.f22710x));
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken idTokenWithAudience(String str, List<IdTokenProvider.Option> list) throws IOException {
        GsonFactory gsonFactory = y.f22854f;
        long currentTimeMillis = this.f22691g.currentTimeMillis();
        URI uri = this.f22705s;
        String uri2 = uri.toString();
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.f22701o);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        String str2 = this.f22699m;
        payload.setIssuer(str2);
        long j10 = currentTimeMillis / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(j10));
        payload.setExpirationTimeSeconds(Long.valueOf(j10 + this.f22708v));
        payload.setSubject(this.f22702p);
        if (uri2 == null) {
            payload.setAudience(y.f22850a.toString());
        } else {
            payload.setAudience(uri2);
        }
        try {
            payload.set("target_audience", (Object) str);
            String signUsingRsaSha256 = JsonWebSignature.signUsingRsaSha256(this.f22700n, gsonFactory, header, payload);
            GenericData genericData = new GenericData();
            genericData.set("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
            genericData.set("assertion", signUsingRsaSha256);
            HttpRequest buildPostRequest = this.f22711y.create().createRequestFactory().buildPostRequest(new GenericUrl(uri), new UrlEncodedContent(genericData));
            buildPostRequest.setParser(new JsonObjectParser(gsonFactory));
            try {
                return IdToken.create(y.g("id_token", "Error parsing token refresh response. ", (GenericData) buildPostRequest.execute().parseAs(GenericData.class)));
            } catch (IOException e10) {
                throw new IOException(String.format("Error getting id token for service account: %s, iss: %s", e10.getMessage(), str2), e10);
            }
        } catch (GeneralSecurityException e11) {
            throw new IOException("Error signing service account access token request with private key.", e11);
        }
    }

    @Override // com.google.auth.oauth2.JwtProvider
    public JwtCredentials jwtWithClaims(JwtClaims jwtClaims) {
        JwtClaims.Builder newBuilder = JwtClaims.newBuilder();
        String str = this.f22699m;
        JwtCredentials.Builder jwtClaims2 = JwtCredentials.newBuilder().setPrivateKey(this.f22700n).setPrivateKeyId(this.f22701o).setJwtClaims(newBuilder.setIssuer(str).setSubject(str).build().merge(jwtClaims));
        Clock clock = this.f22691g;
        jwtClaims2.getClass();
        jwtClaims2.f22681d = (Clock) com.google.common.base.Preconditions.checkNotNull(clock);
        return jwtClaims2.build();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() throws IOException {
        GsonFactory gsonFactory = y.f22854f;
        long currentTimeMillis = this.f22691g.currentTimeMillis();
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.f22701o);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        String str = this.f22699m;
        payload.setIssuer(str);
        long j10 = currentTimeMillis / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(j10));
        payload.setExpirationTimeSeconds(Long.valueOf(j10 + this.f22708v));
        payload.setSubject(this.f22702p);
        ImmutableSet immutableSet = this.f22706t;
        if (immutableSet.isEmpty()) {
            payload.put("scope", (Object) Joiner.on(TokenParser.SP).join(this.f22707u));
        } else {
            payload.put("scope", (Object) Joiner.on(TokenParser.SP).join(immutableSet));
        }
        payload.setAudience(y.f22850a.toString());
        try {
            String signUsingRsaSha256 = JsonWebSignature.signUsingRsaSha256(this.f22700n, gsonFactory, header, payload);
            GenericData genericData = new GenericData();
            genericData.set("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
            genericData.set("assertion", signUsingRsaSha256);
            HttpRequest buildPostRequest = this.f22711y.create().createRequestFactory().buildPostRequest(new GenericUrl(this.f22705s), new UrlEncodedContent(genericData));
            if (this.f22710x) {
                buildPostRequest.setNumberOfRetries(3);
            } else {
                buildPostRequest.setNumberOfRetries(0);
            }
            buildPostRequest.setParser(new JsonObjectParser(gsonFactory));
            ExponentialBackOff build = new ExponentialBackOff.Builder().setInitialIntervalMillis(1000).setRandomizationFactor(0.1d).setMultiplier(2.0d).build();
            buildPostRequest.setUnsuccessfulResponseHandler(new HttpBackOffUnsuccessfulResponseHandler(build).setBackOffRequired(new c0()));
            buildPostRequest.setIOExceptionHandler(new HttpBackOffIOExceptionHandler(build));
            try {
                return new AccessToken(y.g("access_token", "Error parsing token refresh response. ", (GenericData) buildPostRequest.execute().parseAs(GenericData.class)), new Date((y.c("Error parsing token refresh response. ", r0) * 1000) + this.f22691g.currentTimeMillis()));
            } catch (HttpResponseException e10) {
                throw r.a(e10, String.format("Error getting access token for service account: %s, iss: %s", e10.getMessage(), str));
            } catch (IOException e11) {
                String format = String.format("Error getting access token for service account: %s, iss: %s", e11.getMessage(), str);
                if (format == null) {
                    throw new r(true, 3, e11);
                }
                throw new r(format, e11, true, 3);
            }
        } catch (GeneralSecurityException e12) {
            throw new IOException("Error signing service account access token request with private key.", e12);
        }
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e10) {
            throw new ServiceAccountSigner.SigningException("Failed to sign the provided bytes", e10);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public Builder toBuilder() {
        return new Builder(this);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return MoreObjects.toStringHelper(this).add("clientId", this.f22698l).add("clientEmail", this.f22699m).add("privateKeyId", this.f22701o).add("transportFactoryClassName", this.f22704r).add("tokenServerUri", this.f22705s).add("scopes", this.f22706t).add("defaultScopes", this.f22707u).add("serviceAccountUser", this.f22702p).add("quotaProjectId", this.quotaProjectId).add("lifetime", this.f22708v).add("useJwtAccessWithScope", this.f22709w).add("defaultRetriesEnabled", this.f22710x).toString();
    }
}
