package com.google.auth.oauth2;

import com.google.api.client.http.HttpResponseException;
import com.google.auth.ServiceAccountSigner$SigningException;
import com.google.common.collect.ImmutableSet;
import iq.AbstractC12852i;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.net.UnknownHostException;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: classes5.dex */
public class ComputeEngineCredentials extends GoogleCredentials {
    static final int COMPUTE_PING_CONNECTION_TIMEOUT_MS = 500;
    static final String DEFAULT_METADATA_SERVER_URL = "http://metadata.google.internal";
    static final int MAX_COMPUTE_PING_TRIES = 3;
    static final String SIGN_BLOB_URL_FORMAT = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:signBlob";
    private static final long serialVersionUID = -4113476462526554235L;

    /* renamed from: d, reason: collision with root package name */
    public transient K7.b f52315d;

    /* renamed from: e, reason: collision with root package name */
    public transient String f52316e;
    private final Collection<String> scopes;
    private final String transportFactoryClassName;
    static final Duration COMPUTE_EXPIRATION_MARGIN = Duration.ofMinutes(3);
    static final Duration COMPUTE_REFRESH_MARGIN = Duration.ofMinutes(4);

    /* renamed from: f, reason: collision with root package name */
    public static final Logger f52314f = Logger.getLogger(ComputeEngineCredentials.class.getName());

    public ComputeEngineCredentials(K7.b bVar, Collection collection, Collection collection2) {
        super(null, COMPUTE_REFRESH_MARGIN, COMPUTE_EXPIRATION_MARGIN);
        K7.b bVar2 = (K7.b) com.google.common.base.u.r(bVar, OAuth2Credentials.getFromServiceLoader(K7.b.class, J.f52330c));
        this.f52315d = bVar2;
        this.transportFactoryClassName = bVar2.getClass().getName();
        collection = (collection == null || collection.isEmpty()) ? collection2 : collection;
        if (collection == null) {
            this.scopes = ImmutableSet.of();
            return;
        }
        ArrayList arrayList = new ArrayList(collection);
        arrayList.removeAll(Arrays.asList("", null));
        this.scopes = ImmutableSet.copyOf((Collection) arrayList);
    }

    public static boolean checkProductNameOnLinux(BufferedReader bufferedReader) {
        return bufferedReader.readLine().trim().startsWith("Google");
    }

    public static boolean checkStaticGceDetection(C8895k c8895k) {
        c8895k.getClass();
        String lowerCase = System.getProperty("os.name", "").toLowerCase(Locale.US);
        try {
            if (lowerCase.startsWith("linux")) {
                return checkProductNameOnLinux(new BufferedReader(new InputStreamReader(new FileInputStream(new File("/sys/class/dmi/id/product_name")))));
            }
            lowerCase.startsWith("windows");
            return false;
        } catch (IOException e10) {
            f52314f.log(Level.FINE, "Encountered an unexpected exception when checking SMBIOS value", (Throwable) e10);
            return false;
        }
    }

    public static ComputeEngineCredentials create() {
        return new ComputeEngineCredentials(null, null, null);
    }

    public static boolean g(K7.b bVar, C8895k c8895k) {
        boolean z4;
        B7.h hVar = new B7.h(getMetadataServerUrl(c8895k));
        int i6 = 1;
        while (true) {
            z4 = false;
            if (i6 > 3) {
                return false;
            }
            try {
                B7.q x10 = bVar.a().a().x("GET", hVar, null);
                x10.f972l = COMPUTE_PING_CONNECTION_TIMEOUT_MS;
                x10.f963b.j("Google", "Metadata-Flavor");
                B7.s b3 = x10.b();
                try {
                    B7.n nVar = b3.f989h.f964c;
                    URI uri = J.f52328a;
                    Object obj = nVar.get("Metadata-Flavor");
                    if (!(obj instanceof Collection)) {
                        break;
                    }
                    z4 = ((Collection) obj).contains("Google");
                    break;
                } finally {
                    b3.a();
                }
            } catch (SocketTimeoutException unused) {
                continue;
            } catch (IOException e10) {
                f52314f.log(Level.FINE, "Encountered an unexpected exception when checking if running on Google Compute Engine using Metadata Service ping.", (Throwable) e10);
            }
            i6++;
        }
        return z4;
    }

    public static String getIdentityDocumentUrl() {
        return getMetadataServerUrl(C8895k.f52378d) + "/computeMetadata/v1/instance/service-accounts/default/identity";
    }

    public static String getMetadataServerUrl() {
        return getMetadataServerUrl(C8895k.f52378d);
    }

    public static String getMetadataServerUrl(C8895k c8895k) {
        c8895k.getClass();
        String str = System.getenv("GCE_METADATA_HOST");
        return str != null ? "http://".concat(str) : DEFAULT_METADATA_SERVER_URL;
    }

    public static String getServiceAccountsUrl() {
        return getMetadataServerUrl(C8895k.f52378d) + "/computeMetadata/v1/instance/service-accounts/?recursive=true";
    }

    public static String getTokenServerEncodedUrl() {
        return getTokenServerEncodedUrl(C8895k.f52378d);
    }

    public static String getTokenServerEncodedUrl(C8895k c8895k) {
        return getMetadataServerUrl(c8895k) + "/computeMetadata/v1/instance/service-accounts/default/token";
    }

    public static synchronized boolean isOnGce(K7.b bVar, C8895k c8895k) {
        synchronized (ComputeEngineCredentials.class) {
            try {
                c8895k.getClass();
                if (Boolean.parseBoolean(System.getenv("NO_GCE_CHECK"))) {
                    return false;
                }
                boolean g10 = g(bVar, c8895k);
                if (!g10) {
                    g10 = checkStaticGceDetection(c8895k);
                }
                if (!g10) {
                    f52314f.log(Level.FINE, "Failed to detect whether running on Google Compute Engine.");
                }
                return g10;
            } catch (Throwable th2) {
                throw th2;
            }
        }
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.google.auth.oauth2.j, com.google.auth.oauth2.C] */
    public static C8894j newBuilder() {
        return new C();
    }

    private void readObject(ObjectInputStream objectInputStream) {
        objectInputStream.defaultReadObject();
        this.f52315d = (K7.b) OAuth2Credentials.newInstance(this.transportFactoryClassName);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection) {
        return new ComputeEngineCredentials(this.f52315d, collection, null);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection, Collection<String> collection2) {
        return new ComputeEngineCredentials(this.f52315d, collection, collection2);
    }

    public String createTokenUrlWithScopes() {
        B7.h hVar = new B7.h(getTokenServerEncodedUrl());
        if (!this.scopes.isEmpty()) {
            hVar.g("scopes", P1.b.f(',').c(this.scopes));
        }
        return hVar.e();
    }

    public final String e() {
        B7.s f10 = f(getServiceAccountsUrl());
        int i6 = f10.f987f;
        if (i6 == 404) {
            throw new IOException(AbstractC12852i.l("Error code ", i6, " trying to get service accounts from Compute Engine metadata. This may be because the virtual machine instance does not have permission scopes specified."));
        }
        if (i6 != 200) {
            throw new IOException(E.d.t(i6, "Unexpected Error code ", " trying to get service accounts from Compute Engine metadata: ", f10.f()));
        }
        if (f10.b() != null) {
            return J.e("email", "Error parsing service account response. ", J.c((com.google.api.client.util.s) f10.e(com.google.api.client.util.s.class), "default", "Error parsing service account response. "));
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ComputeEngineCredentials)) {
            return false;
        }
        ComputeEngineCredentials computeEngineCredentials = (ComputeEngineCredentials) obj;
        return Objects.equals(this.transportFactoryClassName, computeEngineCredentials.transportFactoryClassName) && Objects.equals(this.scopes, computeEngineCredentials.scopes);
    }

    public final B7.s f(String str) {
        B7.q x10 = this.f52315d.a().a().x("GET", new B7.h(str), null);
        x10.f977q = new WU.c(J.f52331d);
        x10.f963b.j("Google", "Metadata-Flavor");
        x10.f980t = false;
        try {
            B7.s b3 = x10.b();
            if (b3.f987f != 503) {
                return b3;
            }
            throw GoogleAuthException.createWithTokenEndpointResponseException(new HttpResponseException(b3));
        } catch (UnknownHostException e10) {
            throw new IOException("ComputeEngineCredentials cannot find the metadata server. This is likely because code is not running on Google Compute Engine.", e10);
        }
    }

    public String getAccount() {
        if (this.f52316e == null) {
            try {
                this.f52316e = e();
            } catch (IOException e10) {
                throw new RuntimeException("Failed to get service account", e10);
            }
        }
        return this.f52316e;
    }

    public final Collection<String> getScopes() {
        return this.scopes;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.transportFactoryClassName);
    }

    public IdToken idTokenWithAudience(String str, List<IdTokenProvider$Option> list) {
        B7.h hVar = new B7.h(getIdentityDocumentUrl());
        if (list != null) {
            if (list.contains(IdTokenProvider$Option.FORMAT_FULL)) {
                hVar.g("format", "full");
            }
            if (list.contains(IdTokenProvider$Option.LICENSES_TRUE)) {
                hVar.g("format", "full");
                hVar.g("license", "TRUE");
            }
        }
        hVar.g("audience", str);
        B7.s f10 = f(hVar.e());
        if (f10.b() != null) {
            return IdToken.create(f10.f());
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() {
        B7.s f10 = f(createTokenUrlWithScopes());
        int i6 = f10.f987f;
        if (i6 == 404) {
            throw new IOException(AbstractC12852i.l("Error code ", i6, " trying to get security access token from Compute Engine metadata for the default service account. This may be because the virtual machine instance does not have permission scopes specified. It is possible to skip checking for Compute Engine metadata by specifying the environment  variable NO_GCE_CHECK=true."));
        }
        if (i6 != 200) {
            throw new IOException(E.d.t(i6, "Unexpected Error code ", " trying to get security access token from Compute Engine metadata for the default service account: ", f10.f()));
        }
        if (f10.b() == null) {
            throw new IOException("Empty content from metadata token server request.");
        }
        com.google.api.client.util.s sVar = (com.google.api.client.util.s) f10.e(com.google.api.client.util.s.class);
        String e10 = J.e("access_token", "Error parsing token refresh response. ", sVar);
        int b3 = J.b(sVar);
        ((com.google.api.client.util.x) this.clock).getClass();
        return new AccessToken(e10, new Date(System.currentTimeMillis() + (b3 * 1000)));
    }

    public byte[] sign(byte[] bArr) {
        try {
            String account = getAccount();
            C7.d a10 = this.f52315d.a();
            Map emptyMap = Collections.emptyMap();
            M7.d dVar = M7.g.f17114a;
            try {
                return dVar.a(com.reddit.devvit.actor.reddit.a.y(account, this, a10, dVar.c(bArr), emptyMap));
            } catch (IOException e10) {
                throw new ServiceAccountSigner$SigningException("Failed to sign the provided bytes", e10);
            }
        } catch (ServiceAccountSigner$SigningException e11) {
            throw e11;
        } catch (RuntimeException e12) {
            throw new ServiceAccountSigner$SigningException("Signing failed", e12);
        }
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.google.auth.oauth2.j, com.google.auth.oauth2.C] */
    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public C8894j toBuilder() {
        ?? c10 = new C();
        c10.f52376e = this.f52315d;
        c10.f52377f = this.scopes;
        return c10;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        B2.n x10 = com.google.common.base.u.x(this);
        x10.d(this.transportFactoryClassName, "transportFactoryClassName");
        return x10.toString();
    }
}
