package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpHeaders;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpRequestFactory;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.util.GenericData;
import com.google.auth.RequestMetadataCallback;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.base.Joiner;
import com.google.common.base.MoreObjects;
import java.io.IOException;
import java.io.Serializable;
import java.math.BigDecimal;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.regex.Pattern;

/* loaded from: classes2.dex */
public abstract class ExternalAccountCredentials extends GoogleCredentials {
    public final ServiceAccountImpersonationOptions A;
    public final ExternalAccountMetricsHandler B;
    public final String C;
    public final String D;
    public final String E;
    public final String F;
    public final String G;
    public final transient HttpTransportFactory H;
    public ImpersonatedCredentials I;
    public final EnvironmentProvider J;
    public final String v;
    public final String w;
    public final String x;
    public final CredentialSource y;
    public final Collection z;

    /* renamed from: com.google.auth.oauth2.ExternalAccountCredentials$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    class AnonymousClass1 implements RequestMetadataCallback {
    }

    /* loaded from: classes2.dex */
    public static abstract class Builder extends GoogleCredentials.Builder {
        public final String f;
        public final String g;
        public final String h;
        public final String i;
        public final CredentialSource j;
        public final EnvironmentProvider k;
        public final HttpTransportFactory l;
        public String m;
        public final String n;
        public final String o;
        public Collection p;
        public final String q;
        public final ServiceAccountImpersonationOptions r;
        public final ExternalAccountMetricsHandler s;

        public Builder(ExternalAccountCredentials externalAccountCredentials) {
            super(externalAccountCredentials);
            this.l = externalAccountCredentials.H;
            this.f = externalAccountCredentials.v;
            this.g = externalAccountCredentials.w;
            this.h = externalAccountCredentials.x;
            this.i = externalAccountCredentials.C;
            this.m = externalAccountCredentials.D;
            this.j = externalAccountCredentials.y;
            this.n = externalAccountCredentials.E;
            this.o = externalAccountCredentials.F;
            this.p = externalAccountCredentials.z;
            this.k = externalAccountCredentials.J;
            this.q = externalAccountCredentials.G;
            this.r = externalAccountCredentials.A;
            this.s = externalAccountCredentials.B;
        }
    }

    /* loaded from: classes2.dex */
    public static abstract class CredentialSource implements Serializable {
    }

    /* loaded from: classes2.dex */
    public static final class ServiceAccountImpersonationOptions implements Serializable {
        public final int c;
        public final boolean j;

        public ServiceAccountImpersonationOptions(HashMap hashMap) {
            boolean containsKey = hashMap.containsKey("token_lifetime_seconds");
            this.j = containsKey;
            if (!containsKey) {
                this.c = 3600;
                return;
            }
            try {
                Object obj = hashMap.get("token_lifetime_seconds");
                if (obj instanceof BigDecimal) {
                    this.c = ((BigDecimal) obj).intValue();
                } else if (hashMap.get("token_lifetime_seconds") instanceof Integer) {
                    this.c = ((Integer) obj).intValue();
                } else {
                    this.c = Integer.parseInt((String) obj);
                }
                int i = this.c;
                if (i < 600 || i > 43200) {
                    throw new IllegalArgumentException("The \"token_lifetime_seconds\" field must be between 600 and 43200 seconds.");
                }
            } catch (ArithmeticException e) {
                e = e;
                throw new IllegalArgumentException("Value of \"token_lifetime_seconds\" field could not be parsed into an integer.", e);
            } catch (NumberFormatException e2) {
                e = e2;
                throw new IllegalArgumentException("Value of \"token_lifetime_seconds\" field could not be parsed into an integer.", e);
            }
        }
    }

    /* JADX WARN: Failed to restore enum class, 'enum' modifier and super class removed */
    /* JADX WARN: Unknown enum class pattern. Please report as an issue! */
    /* loaded from: classes2.dex */
    public static final class SubjectTokenTypes {
        public static final /* synthetic */ SubjectTokenTypes[] c = {new Enum("AWS4", 0), new Enum("JWT", 1), new Enum("SAML2", 2), new Enum("ID_TOKEN", 3)};

        /* JADX INFO: Fake field, exist only in values array */
        SubjectTokenTypes EF8;

        public static SubjectTokenTypes valueOf(String str) {
            return (SubjectTokenTypes) Enum.valueOf(SubjectTokenTypes.class, str);
        }

        public static SubjectTokenTypes[] values() {
            return (SubjectTokenTypes[]) c.clone();
        }
    }

    public ExternalAccountCredentials(Builder builder) {
        super(builder);
        this.H = (HttpTransportFactory) MoreObjects.a(builder.l, OAuth2Credentials.f(OAuth2Utils.c));
        String str = builder.f;
        str.getClass();
        this.v = str;
        String str2 = builder.g;
        str2.getClass();
        this.w = str2;
        this.y = builder.j;
        this.C = builder.i;
        String str3 = builder.m;
        this.D = str3;
        this.E = builder.n;
        this.F = builder.o;
        String str4 = builder.h;
        if (str4 == null) {
            try {
                this.x = "https://sts.{UNIVERSE_DOMAIN}/v1/token".replace("{UNIVERSE_DOMAIN}", this.r);
            } catch (IOException e) {
                throw new IllegalStateException(e);
            }
        } else {
            this.x = str4;
        }
        Collection collection = builder.p;
        this.z = (collection == null || collection.isEmpty()) ? Arrays.asList("https://www.googleapis.com/auth/cloud-platform") : builder.p;
        EnvironmentProvider environmentProvider = builder.k;
        this.J = environmentProvider == null ? SystemEnvironmentProvider.c : environmentProvider;
        ServiceAccountImpersonationOptions serviceAccountImpersonationOptions = builder.r;
        this.A = serviceAccountImpersonationOptions == null ? new ServiceAccountImpersonationOptions(new HashMap()) : serviceAccountImpersonationOptions;
        String str5 = builder.q;
        this.G = str5;
        if (str5 != null) {
            Pattern compile = Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$");
            if (str5 == null || !compile.matcher(str).matches()) {
                throw new IllegalArgumentException("The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.");
            }
        }
        if (!p(this.x)) {
            throw new IllegalArgumentException("The provided token URL is invalid.");
        }
        if (str3 != null && !p(str3)) {
            throw new IllegalArgumentException("The provided service account impersonation URL is invalid.");
        }
        ExternalAccountMetricsHandler externalAccountMetricsHandler = builder.s;
        this.B = externalAccountMetricsHandler == null ? new ExternalAccountMetricsHandler(this) : externalAccountMetricsHandler;
    }

    public static boolean p(String str) {
        URI create;
        try {
            create = URI.create(str);
        } catch (Exception unused) {
        }
        return (create.getScheme() == null || create.getHost() == null || !"https".equals(create.getScheme().toLowerCase(Locale.US))) ? false : true;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public final Map a(URI uri) {
        return GoogleCredentials.k(this.t, super.a(uri));
    }

    /* JADX WARN: Type inference failed for: r2v2, types: [java.lang.Object, com.google.auth.oauth2.StsRequestHandler$Builder] */
    /* JADX WARN: Type inference failed for: r4v11, types: [com.google.auth.oauth2.AwsCredentials$Builder, com.google.auth.oauth2.ExternalAccountCredentials$Builder] */
    /* JADX WARN: Type inference failed for: r4v5, types: [com.google.api.client.util.GenericData, com.google.api.client.json.GenericJson] */
    /* JADX WARN: Type inference failed for: r4v7, types: [com.google.auth.oauth2.IdentityPoolCredentials$Builder, com.google.auth.oauth2.ExternalAccountCredentials$Builder] */
    /* JADX WARN: Type inference failed for: r4v8, types: [com.google.auth.oauth2.PluggableAuthCredentials$Builder, com.google.auth.oauth2.ExternalAccountCredentials$Builder] */
    /* JADX WARN: Type inference failed for: r5v7, types: [com.google.auth.oauth2.GoogleCredentials$Builder, com.google.auth.oauth2.ImpersonatedCredentials$Builder] */
    public final AccessToken n(StsTokenExchangeRequest stsTokenExchangeRequest) {
        GoogleCredentials identityPoolCredentials;
        HttpTransportFactory httpTransportFactory = this.H;
        String str = this.D;
        if (str != null && this.I == null) {
            if (this instanceof AwsCredentials) {
                AwsCredentials awsCredentials = (AwsCredentials) this;
                ?? builder = new Builder(awsCredentials);
                if (builder.j == null) {
                    builder.t = awsCredentials.K;
                }
                builder.u = awsCredentials.L;
                builder.m = null;
                identityPoolCredentials = new AwsCredentials(builder);
            } else if (this instanceof PluggableAuthCredentials) {
                PluggableAuthCredentials pluggableAuthCredentials = (PluggableAuthCredentials) this;
                ?? builder2 = new Builder(pluggableAuthCredentials);
                builder2.t = pluggableAuthCredentials.L;
                builder2.m = null;
                identityPoolCredentials = new PluggableAuthCredentials(builder2);
            } else {
                IdentityPoolCredentials identityPoolCredentials2 = (IdentityPoolCredentials) this;
                ?? builder3 = new Builder(identityPoolCredentials2);
                if (builder3.j == null) {
                    builder3.t = identityPoolCredentials2.K;
                }
                builder3.m = null;
                identityPoolCredentials = new IdentityPoolCredentials(builder3);
            }
            String n = ImpersonatedCredentials.n(str);
            ?? builder4 = new GoogleCredentials.Builder();
            builder4.j = 3600;
            builder4.m = Calendar.getInstance();
            builder4.f = identityPoolCredentials;
            builder4.k = httpTransportFactory;
            builder4.g = n;
            builder4.i = new ArrayList(this.z);
            int i = this.A.c;
            builder4.j = i != 0 ? i : 3600;
            builder4.l = str;
            this.I = new ImpersonatedCredentials(builder4);
        }
        ImpersonatedCredentials impersonatedCredentials = this.I;
        if (impersonatedCredentials != null) {
            return impersonatedCredentials.i();
        }
        HttpRequestFactory createRequestFactory = httpTransportFactory.a().createRequestFactory();
        String str2 = this.x;
        ?? obj = new Object();
        Pattern compile = Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$");
        String str3 = this.G;
        if (str3 != null && compile.matcher(this.v).matches()) {
            ?? genericData = new GenericData();
            genericData.setFactory(OAuth2Utils.d);
            genericData.put("userProject", str3);
            obj.f5786a = genericData.toString();
        }
        HttpHeaders httpHeaders = new HttpHeaders();
        ExternalAccountMetricsHandler externalAccountMetricsHandler = this.B;
        externalAccountMetricsHandler.getClass();
        String str4 = MetricsUtils.f5778a;
        httpHeaders.set("x-goog-api-client", (Object) (("gl-java/" + MetricsUtils.b + " auth/" + MetricsUtils.f5778a) + " google-byoid-sdk source/" + externalAccountMetricsHandler.k.o() + " sa-impersonation/" + externalAccountMetricsHandler.j + " config-lifetime/" + externalAccountMetricsHandler.c));
        String str5 = stsTokenExchangeRequest.h;
        if (str5 != null) {
            obj.f5786a = str5;
        }
        String str6 = obj.f5786a;
        GenericData genericData2 = new GenericData().set("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange").set("subject_token_type", stsTokenExchangeRequest.b).set("subject_token", stsTokenExchangeRequest.f5787a);
        ArrayList arrayList = new ArrayList();
        List list = stsTokenExchangeRequest.d;
        if (list != null && !list.isEmpty()) {
            arrayList.addAll(list);
            genericData2.set("scope", Joiner.c(' ').b(arrayList));
        }
        String str7 = stsTokenExchangeRequest.g;
        if (str7 == null || str7.isEmpty()) {
            str7 = "urn:ietf:params:oauth:token-type:access_token";
        }
        genericData2.set("requested_token_type", str7);
        String str8 = stsTokenExchangeRequest.e;
        if (str8 != null && !str8.isEmpty()) {
            genericData2.set("resource", str8);
        }
        String str9 = stsTokenExchangeRequest.f;
        if (str9 != null && !str9.isEmpty()) {
            genericData2.set("audience", str9);
        }
        if (stsTokenExchangeRequest.c != null) {
            genericData2.set("actor_token", null);
            genericData2.set("actor_token_type", null);
        }
        if (str6 != null && !str6.isEmpty()) {
            genericData2.set("options", str6);
        }
        HttpRequest buildPostRequest = createRequestFactory.buildPostRequest(new GenericUrl(str2), new UrlEncodedContent(genericData2));
        buildPostRequest.setParser(new JsonObjectParser(OAuth2Utils.d));
        buildPostRequest.setHeaders(httpHeaders);
        try {
            return StsRequestHandler.a((GenericData) buildPostRequest.execute().parseAs(GenericData.class)).f5789a;
        } catch (HttpResponseException e) {
            throw OAuthException.b(e);
        }
    }

    public String o() {
        return "unknown";
    }
}
