package com.google.auth.oauth2;

import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.auth.RequestMetadataCallback;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.base.MoreObjects;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.Executor;
import java.util.regex.Pattern;
import javax.annotation.Nullable;

/* loaded from: classes2.dex */
public abstract class ExternalAccountCredentials extends GoogleCredentials {
    private static final long serialVersionUID = 8049126194174465023L;

    @Nullable
    protected final ImpersonatedCredentials impersonatedCredentials;

    /* renamed from: l, reason: collision with root package name */
    public final String f22613l;

    /* renamed from: m, reason: collision with root package name */
    public final String f22614m;

    /* renamed from: n, reason: collision with root package name */
    public final String f22615n;

    /* renamed from: o, reason: collision with root package name */
    public final o f22616o;

    /* renamed from: p, reason: collision with root package name */
    public final Collection f22617p;

    /* renamed from: q, reason: collision with root package name */
    public final p f22618q;

    /* renamed from: r, reason: collision with root package name */
    public final String f22619r;

    /* renamed from: s, reason: collision with root package name */
    public final String f22620s;

    /* renamed from: t, reason: collision with root package name */
    public final String f22621t;
    protected transient HttpTransportFactory transportFactory;

    /* renamed from: u, reason: collision with root package name */
    public final String f22622u;

    /* renamed from: v, reason: collision with root package name */
    public final String f22623v;

    /* renamed from: w, reason: collision with root package name */
    public final String f22624w;

    /* renamed from: x, reason: collision with root package name */
    public ImpersonatedCredentials f22625x;

    /* renamed from: y, reason: collision with root package name */
    public final k f22626y;

    /* loaded from: classes2.dex */
    public static abstract class Builder extends GoogleCredentials.Builder {
        protected String audience;

        @Nullable
        protected String clientId;

        @Nullable
        protected String clientSecret;
        protected o credentialSource;
        protected k environmentProvider;

        @Nullable
        protected Collection<String> scopes;

        @Nullable
        protected p serviceAccountImpersonationOptions;

        @Nullable
        protected String serviceAccountImpersonationUrl;
        protected String subjectTokenType;
        protected String tokenInfoUrl;
        protected String tokenUrl;
        protected HttpTransportFactory transportFactory;

        @Nullable
        protected String universeDomain;

        @Nullable
        protected String workforcePoolUserProject;

        public Builder() {
        }

        public Builder(ExternalAccountCredentials externalAccountCredentials) {
            super(externalAccountCredentials);
            this.transportFactory = externalAccountCredentials.transportFactory;
            this.audience = externalAccountCredentials.f22613l;
            this.subjectTokenType = externalAccountCredentials.f22614m;
            this.tokenUrl = externalAccountCredentials.f22615n;
            this.tokenInfoUrl = externalAccountCredentials.f22619r;
            this.serviceAccountImpersonationUrl = externalAccountCredentials.f22620s;
            this.credentialSource = externalAccountCredentials.f22616o;
            this.clientId = externalAccountCredentials.f22621t;
            this.clientSecret = externalAccountCredentials.f22622u;
            this.scopes = externalAccountCredentials.f22617p;
            this.environmentProvider = externalAccountCredentials.f22626y;
            this.workforcePoolUserProject = externalAccountCredentials.f22624w;
            this.serviceAccountImpersonationOptions = externalAccountCredentials.f22618q;
            this.universeDomain = externalAccountCredentials.f22623v;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder, com.google.auth.oauth2.OAuth2Credentials.Builder
        public abstract ExternalAccountCredentials build();

        public Builder setAudience(String str) {
            this.audience = str;
            return this;
        }

        public Builder setClientId(String str) {
            this.clientId = str;
            return this;
        }

        public Builder setClientSecret(String str) {
            this.clientSecret = str;
            return this;
        }

        public Builder setCredentialSource(o oVar) {
            this.credentialSource = oVar;
            return this;
        }

        public Builder setHttpTransportFactory(HttpTransportFactory httpTransportFactory) {
            this.transportFactory = httpTransportFactory;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder
        public Builder setQuotaProjectId(String str) {
            super.setQuotaProjectId(str);
            return this;
        }

        public Builder setScopes(Collection<String> collection) {
            this.scopes = collection;
            return this;
        }

        public Builder setServiceAccountImpersonationOptions(Map<String, Object> map) {
            this.serviceAccountImpersonationOptions = new p(map);
            return this;
        }

        public Builder setServiceAccountImpersonationUrl(String str) {
            this.serviceAccountImpersonationUrl = str;
            return this;
        }

        public Builder setSubjectTokenType(String str) {
            this.subjectTokenType = str;
            return this;
        }

        public Builder setTokenInfoUrl(String str) {
            this.tokenInfoUrl = str;
            return this;
        }

        public Builder setTokenUrl(String str) {
            this.tokenUrl = str;
            return this;
        }

        public Builder setUniverseDomain(String str) {
            this.universeDomain = str;
            return this;
        }

        public Builder setWorkforcePoolUserProject(String str) {
            this.workforcePoolUserProject = str;
            return this;
        }
    }

    public ExternalAccountCredentials(HttpTransportFactory httpTransportFactory, String str, String str2, String str3, o oVar, @Nullable String str4, @Nullable String str5, @Nullable String str6, @Nullable String str7, @Nullable String str8, @Nullable Collection<String> collection) {
        this(httpTransportFactory, str, str2, str3, oVar, str4, str5, str6, str7, str8, collection, null);
    }

    public ExternalAccountCredentials(HttpTransportFactory httpTransportFactory, String str, String str2, String str3, o oVar, @Nullable String str4, @Nullable String str5, @Nullable String str6, @Nullable String str7, @Nullable String str8, @Nullable Collection<String> collection, @Nullable k kVar) {
        super(null, str6);
        HttpTransportFactory httpTransportFactory2 = (HttpTransportFactory) MoreObjects.firstNonNull(httpTransportFactory, OAuth2Credentials.getFromServiceLoader(HttpTransportFactory.class, y.f22853e));
        this.transportFactory = httpTransportFactory2;
        this.f22613l = (String) Preconditions.checkNotNull(str);
        this.f22614m = (String) Preconditions.checkNotNull(str2);
        this.f22615n = (String) Preconditions.checkNotNull(str3);
        this.f22616o = (o) Preconditions.checkNotNull(oVar);
        this.f22619r = str4;
        this.f22620s = str5;
        this.f22621t = str7;
        this.f22622u = str8;
        this.f22617p = (collection == null || collection.isEmpty()) ? Arrays.asList("https://www.googleapis.com/auth/cloud-platform") : collection;
        this.f22626y = kVar == null ? i0.f22824a : kVar;
        this.f22624w = null;
        this.f22623v = null;
        this.f22618q = new p(new HashMap());
        if (!h(str3)) {
            throw new IllegalArgumentException("The provided token URL is invalid.");
        }
        if (str5 != null && !h(str5)) {
            throw new IllegalArgumentException("The provided service account impersonation URL is invalid.");
        }
        this.impersonatedCredentials = f();
    }

    public ExternalAccountCredentials(Builder builder) {
        super(builder);
        HttpTransportFactory httpTransportFactory = (HttpTransportFactory) MoreObjects.firstNonNull(builder.transportFactory, OAuth2Credentials.getFromServiceLoader(HttpTransportFactory.class, y.f22853e));
        this.transportFactory = httpTransportFactory;
        this.f22613l = (String) Preconditions.checkNotNull(builder.audience);
        this.f22614m = (String) Preconditions.checkNotNull(builder.subjectTokenType);
        String str = (String) Preconditions.checkNotNull(builder.tokenUrl);
        this.f22615n = str;
        this.f22616o = (o) Preconditions.checkNotNull(builder.credentialSource);
        this.f22619r = builder.tokenInfoUrl;
        String str2 = builder.serviceAccountImpersonationUrl;
        this.f22620s = str2;
        this.f22621t = builder.clientId;
        this.f22622u = builder.clientSecret;
        Collection<String> collection = builder.scopes;
        this.f22617p = (collection == null || collection.isEmpty()) ? Arrays.asList("https://www.googleapis.com/auth/cloud-platform") : builder.scopes;
        k kVar = builder.environmentProvider;
        this.f22626y = kVar == null ? i0.f22824a : kVar;
        p pVar = builder.serviceAccountImpersonationOptions;
        this.f22618q = pVar == null ? new p(new HashMap()) : pVar;
        String str3 = builder.workforcePoolUserProject;
        this.f22624w = str3;
        if (str3 != null && !isWorkforcePoolConfiguration()) {
            throw new IllegalArgumentException("The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.");
        }
        this.f22623v = builder.universeDomain;
        if (!h(str)) {
            throw new IllegalArgumentException("The provided token URL is invalid.");
        }
        if (str2 != null && !h(str2)) {
            throw new IllegalArgumentException("The provided service account impersonation URL is invalid.");
        }
        this.impersonatedCredentials = f();
    }

    public static ExternalAccountCredentials fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, (HttpTransportFactory) y.f22853e);
    }

    public static ExternalAccountCredentials fromStream(InputStream inputStream, HttpTransportFactory httpTransportFactory) throws IOException {
        Preconditions.checkNotNull(inputStream);
        Preconditions.checkNotNull(httpTransportFactory);
        try {
            return g((GenericJson) new JsonObjectParser(y.f22854f).parseAndClose(inputStream, StandardCharsets.UTF_8, GenericJson.class), httpTransportFactory);
        } catch (ClassCastException | IllegalArgumentException e10) {
            throw new i("An invalid input stream was provided.", e10);
        }
    }

    public static ExternalAccountCredentials g(GenericJson genericJson, HttpTransportFactory httpTransportFactory) {
        Preconditions.checkNotNull(genericJson);
        Preconditions.checkNotNull(httpTransportFactory);
        String str = (String) genericJson.get("audience");
        String str2 = (String) genericJson.get("subject_token_type");
        String str3 = (String) genericJson.get("token_url");
        Map map = (Map) genericJson.get("credential_source");
        String str4 = (String) genericJson.get("service_account_impersonation_url");
        String str5 = (String) genericJson.get("token_info_url");
        String str6 = (String) genericJson.get("client_id");
        String str7 = (String) genericJson.get("client_secret");
        String str8 = (String) genericJson.get("quota_project_id");
        String str9 = (String) genericJson.get("workforce_pool_user_project");
        String str10 = (String) genericJson.get("universe_domain");
        Map<String, Object> map2 = (Map) genericJson.get("service_account_impersonation");
        if (map2 == null) {
            map2 = new HashMap<>();
        }
        return map.containsKey("environment_id") && ((String) map.get("environment_id")).startsWith("aws") ? AwsCredentials.newBuilder().setHttpTransportFactory(httpTransportFactory).setAudience(str).setSubjectTokenType(str2).setTokenUrl(str3).setTokenInfoUrl(str5).setCredentialSource(new f(map)).setServiceAccountImpersonationUrl(str4).setQuotaProjectId(str8).setClientId(str6).setClientSecret(str7).setServiceAccountImpersonationOptions(map2).setUniverseDomain(str10).build() : map.containsKey("executable") ? PluggableAuthCredentials.newBuilder().setHttpTransportFactory(httpTransportFactory).setAudience(str).setSubjectTokenType(str2).setTokenUrl(str3).setTokenInfoUrl(str5).setCredentialSource(new a0(map)).setServiceAccountImpersonationUrl(str4).setQuotaProjectId(str8).setClientId(str6).setClientSecret(str7).setWorkforcePoolUserProject(str9).setServiceAccountImpersonationOptions(map2).setUniverseDomain(str10).build() : IdentityPoolCredentials.newBuilder().setHttpTransportFactory(httpTransportFactory).setAudience(str).setSubjectTokenType(str2).setTokenUrl(str3).setTokenInfoUrl(str5).setCredentialSource(new t(map)).setServiceAccountImpersonationUrl(str4).setQuotaProjectId(str8).setClientId(str6).setClientSecret(str7).setWorkforcePoolUserProject(str9).setServiceAccountImpersonationOptions(map2).setUniverseDomain(str10).build();
    }

    public static boolean h(String str) {
        URI create;
        try {
            create = URI.create(str);
        } catch (Exception unused) {
        }
        return (create.getScheme() == null || create.getHost() == null || !"https".equals(create.getScheme().toLowerCase(Locale.US))) ? false : true;
    }

    public AccessToken exchangeExternalCredentialForAccessToken(g0 g0Var) throws IOException {
        ImpersonatedCredentials impersonatedCredentials = this.f22625x;
        if (impersonatedCredentials != null) {
            return impersonatedCredentials.refreshAccessToken();
        }
        ImpersonatedCredentials impersonatedCredentials2 = this.impersonatedCredentials;
        if (impersonatedCredentials2 != null) {
            return impersonatedCredentials2.refreshAccessToken();
        }
        StsRequestHandler$Builder stsRequestHandler$Builder = new StsRequestHandler$Builder(this.f22615n, g0Var, this.transportFactory.create().createRequestFactory());
        if (isWorkforcePoolConfiguration()) {
            GenericJson genericJson = new GenericJson();
            genericJson.setFactory(y.f22854f);
            genericJson.put("userProject", (Object) this.f22624w);
            stsRequestHandler$Builder.setInternalOptions(genericJson.toString());
        }
        String str = g0Var.f22820g;
        if (str != null) {
            stsRequestHandler$Builder.setInternalOptions(str);
        }
        return stsRequestHandler$Builder.build().b().f22823a;
    }

    public final ImpersonatedCredentials f() {
        String str = this.f22620s;
        if (str == null) {
            return null;
        }
        return ImpersonatedCredentials.newBuilder().setSourceCredentials(this instanceof AwsCredentials ? AwsCredentials.newBuilder((AwsCredentials) this).setServiceAccountImpersonationUrl(null).build() : this instanceof PluggableAuthCredentials ? PluggableAuthCredentials.newBuilder((PluggableAuthCredentials) this).setServiceAccountImpersonationUrl(null).build() : IdentityPoolCredentials.newBuilder((IdentityPoolCredentials) this).setServiceAccountImpersonationUrl(null).build()).setHttpTransportFactory(this.transportFactory).setTargetPrincipal(ImpersonatedCredentials.f(str)).setScopes(new ArrayList(this.f22617p)).setLifetime(this.f22618q.f22840a).setIamEndpointOverride(str).build();
    }

    public String getAudience() {
        return this.f22613l;
    }

    @Nullable
    public String getClientId() {
        return this.f22621t;
    }

    @Nullable
    public String getClientSecret() {
        return this.f22622u;
    }

    public o getCredentialSource() {
        return this.f22616o;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        return GoogleCredentials.e(this.quotaProjectId, super.getRequestMetadata(uri));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public void getRequestMetadata(URI uri, Executor executor, RequestMetadataCallback requestMetadataCallback) {
        super.getRequestMetadata(uri, executor, new n(0, this, requestMetadataCallback));
    }

    @Nullable
    public Collection<String> getScopes() {
        return this.f22617p;
    }

    @Nullable
    public String getServiceAccountEmail() {
        String str = this.f22620s;
        if (str == null || str.isEmpty()) {
            return null;
        }
        return ImpersonatedCredentials.f(str);
    }

    @Nullable
    public p getServiceAccountImpersonationOptions() {
        return this.f22618q;
    }

    @Nullable
    public String getServiceAccountImpersonationUrl() {
        return this.f22620s;
    }

    public String getSubjectTokenType() {
        return this.f22614m;
    }

    public String getTokenInfoUrl() {
        return this.f22619r;
    }

    public String getTokenUrl() {
        return this.f22615n;
    }

    @Nullable
    public String getWorkforcePoolUserProject() {
        return this.f22624w;
    }

    public boolean isWorkforcePoolConfiguration() {
        return this.f22624w != null && Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$").matcher(getAudience()).matches();
    }

    public abstract String retrieveSubjectToken() throws IOException;
}
