package com.google.auth.oauth2;

import com.google.api.client.http.HttpResponseException;
import com.google.api.client.util.GenericData;
import com.google.auth.Credentials;
import com.google.auth.ServiceAccountSigner$SigningException;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.base.g;
import com.google.common.collect.ImmutableSet;
import j$.time.Duration;
import j$.util.Objects;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.http.client.config.CookieSpecs;

/* loaded from: classes2.dex */
public class ComputeEngineCredentials extends GoogleCredentials {
    static final int COMPUTE_PING_CONNECTION_TIMEOUT_MS = 500;
    static final String DEFAULT_METADATA_SERVER_URL = "http://metadata.google.internal";
    static final int MAX_COMPUTE_PING_TRIES = 3;
    static final String SIGN_BLOB_URL_FORMAT = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:signBlob";
    private static final long serialVersionUID = -4113476462526554235L;

    /* renamed from: q, reason: collision with root package name */
    private transient xd.b f32592q;
    private final Collection<String> scopes;
    private final String transportFactoryClassName;
    private String universeDomainFromMetadata;

    /* renamed from: x, reason: collision with root package name */
    private transient String f32593x;
    static final Duration COMPUTE_EXPIRATION_MARGIN = Duration.ofMinutes(3);
    static final Duration COMPUTE_REFRESH_MARGIN = Duration.ofMinutes(3).plusSeconds(45);

    /* renamed from: y, reason: collision with root package name */
    private static final Logger f32591y = Logger.getLogger(ComputeEngineCredentials.class.getName());

    /* loaded from: classes2.dex */
    public static class b extends GoogleCredentials.a {

        /* renamed from: f, reason: collision with root package name */
        private xd.b f32594f;

        /* renamed from: g, reason: collision with root package name */
        private Collection f32595g;

        /* renamed from: h, reason: collision with root package name */
        private Collection f32596h;

        protected b() {
            g(ComputeEngineCredentials.COMPUTE_REFRESH_MARGIN);
            f(ComputeEngineCredentials.COMPUTE_EXPIRATION_MARGIN);
        }

        protected b(ComputeEngineCredentials computeEngineCredentials) {
            super(computeEngineCredentials);
            this.f32594f = computeEngineCredentials.f32592q;
            this.f32595g = computeEngineCredentials.scopes;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: o, reason: merged with bridge method [inline-methods] */
        public ComputeEngineCredentials h() {
            return new ComputeEngineCredentials(this);
        }

        public Collection p() {
            return this.f32596h;
        }

        public xd.b q() {
            return this.f32594f;
        }

        public b r(Collection collection) {
            this.f32596h = collection;
            return this;
        }

        public b s(xd.b bVar) {
            this.f32594f = bVar;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: t, reason: merged with bridge method [inline-methods] */
        public b l(String str) {
            this.f32636d = str;
            return this;
        }

        public b u(Collection collection) {
            this.f32595g = collection;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: v, reason: merged with bridge method [inline-methods] */
        public b m(String str) {
            this.f32637e = str;
            return this;
        }
    }

    private ComputeEngineCredentials(b bVar) {
        super(bVar);
        this.universeDomainFromMetadata = null;
        xd.b bVar2 = (xd.b) com.google.common.base.g.a(bVar.q(), OAuth2Credentials.getFromServiceLoader(xd.b.class, p.f32762e));
        this.f32592q = bVar2;
        this.transportFactoryClassName = bVar2.getClass().getName();
        Collection collection = bVar.f32595g;
        collection = (collection == null || collection.isEmpty()) ? bVar.p() : collection;
        if (collection == null) {
            this.scopes = ImmutableSet.of();
            return;
        }
        ArrayList arrayList = new ArrayList(collection);
        arrayList.removeAll(Arrays.asList("", null));
        this.scopes = ImmutableSet.copyOf((Collection) arrayList);
    }

    static boolean checkProductNameOnLinux(BufferedReader bufferedReader) throws IOException {
        return bufferedReader.readLine().trim().startsWith("Google");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean checkStaticGceDetection(f fVar) {
        String e10 = fVar.e();
        try {
            if (e10.startsWith("linux")) {
                return checkProductNameOnLinux(new BufferedReader(new InputStreamReader(fVar.j(new File("/sys/class/dmi/id/product_name")))));
            }
            e10.startsWith("windows");
            return false;
        } catch (IOException e11) {
            f32591y.log(Level.FINE, "Encountered an unexpected exception when checking SMBIOS value", (Throwable) e11);
            return false;
        }
    }

    public static ComputeEngineCredentials create() {
        return new ComputeEngineCredentials(newBuilder());
    }

    private String f() {
        com.google.api.client.http.u g10 = g(getServiceAccountsUrl());
        int h10 = g10.h();
        if (h10 == 404) {
            throw new IOException(String.format("Error code %s trying to get service accounts from Compute Engine metadata. This may be because the virtual machine instance does not have permission scopes specified.", Integer.valueOf(h10)));
        }
        if (h10 != 200) {
            throw new IOException(String.format("Unexpected Error code %s trying to get service accounts from Compute Engine metadata: %s", Integer.valueOf(h10), g10.n()));
        }
        if (g10.c() != null) {
            return p.g(p.e((GenericData) g10.m(GenericData.class), CookieSpecs.DEFAULT, "Error parsing service account response. "), "email", "Error parsing service account response. ");
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    private com.google.api.client.http.u g(String str) {
        com.google.api.client.http.r a10 = this.f32592q.a().c().a(new com.google.api.client.http.g(str));
        a10.A(new qd.e(p.f32763f));
        a10.f().set("Metadata-Flavor", "Google");
        a10.E(false);
        try {
            com.google.api.client.http.u b10 = a10.b();
            if (b10.h() != 503) {
                return b10;
            }
            throw GoogleAuthException.createWithTokenEndpointResponseException(new HttpResponseException(b10));
        } catch (UnknownHostException e10) {
            throw new IOException("ComputeEngineCredentials cannot find the metadata server. This is likely because code is not running on Google Compute Engine.", e10);
        }
    }

    public static String getIdentityDocumentUrl() {
        return getMetadataServerUrl(f.f32741d) + "/computeMetadata/v1/instance/service-accounts/default/identity";
    }

    public static String getMetadataServerUrl() {
        return getMetadataServerUrl(f.f32741d);
    }

    public static String getMetadataServerUrl(f fVar) {
        String d10 = fVar.d("GCE_METADATA_HOST");
        if (d10 == null) {
            return DEFAULT_METADATA_SERVER_URL;
        }
        return "http://" + d10;
    }

    public static String getServiceAccountsUrl() {
        return getMetadataServerUrl(f.f32741d) + "/computeMetadata/v1/instance/service-accounts/?recursive=true";
    }

    public static String getTokenServerEncodedUrl() {
        return getTokenServerEncodedUrl(f.f32741d);
    }

    public static String getTokenServerEncodedUrl(f fVar) {
        return getMetadataServerUrl(fVar) + "/computeMetadata/v1/instance/service-accounts/default/token";
    }

    public static String getUniverseDomainUrl() {
        return getMetadataServerUrl(f.f32741d) + "/computeMetadata/v1/universe/universe_domain";
    }

    private String h() {
        com.google.api.client.http.u g10 = g(getUniverseDomainUrl());
        int h10 = g10.h();
        if (h10 == 404) {
            return Credentials.GOOGLE_DEFAULT_UNIVERSE;
        }
        if (h10 != 200) {
            throw new GoogleAuthException(true, new IOException(String.format("Unexpected Error code %s trying to get universe domain from Compute Engine metadata for the default service account: %s", Integer.valueOf(h10), g10.n())));
        }
        String n10 = g10.n();
        return n10.isEmpty() ? Credentials.GOOGLE_DEFAULT_UNIVERSE : n10;
    }

    private static boolean i(xd.b bVar, f fVar) {
        com.google.api.client.http.g gVar = new com.google.api.client.http.g(getMetadataServerUrl(fVar));
        for (int i10 = 1; i10 <= 3; i10++) {
            try {
                com.google.api.client.http.r a10 = bVar.a().c().a(gVar);
                a10.t(500);
                a10.f().set("Metadata-Flavor", "Google");
                com.google.api.client.http.u b10 = a10.b();
                try {
                    return p.a(b10.f(), "Metadata-Flavor", "Google");
                } finally {
                    b10.a();
                }
            } catch (SocketTimeoutException unused) {
                continue;
            } catch (IOException e10) {
                f32591y.log(Level.FINE, "Encountered an unexpected exception when checking if running on Google Compute Engine using Metadata Service ping.", (Throwable) e10);
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized boolean isOnGce(xd.b bVar, f fVar) {
        synchronized (ComputeEngineCredentials.class) {
            if (Boolean.parseBoolean(fVar.d("NO_GCE_CHECK"))) {
                return false;
            }
            boolean i10 = i(bVar, fVar);
            if (!i10) {
                i10 = checkStaticGceDetection(fVar);
            }
            if (!i10) {
                f32591y.log(Level.FINE, "Failed to detect whether running on Google Compute Engine.");
            }
            return i10;
        }
    }

    public static b newBuilder() {
        return new b();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.f32592q = (xd.b) OAuth2Credentials.newInstance(this.transportFactoryClassName);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection) {
        return new ComputeEngineCredentials(toBuilder().s(this.f32592q).u(collection));
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection, Collection<String> collection2) {
        return new ComputeEngineCredentials(newBuilder().s(this.f32592q).u(collection).r(collection2));
    }

    String createTokenUrlWithScopes() {
        com.google.api.client.http.g gVar = new com.google.api.client.http.g(getTokenServerEncodedUrl());
        if (!this.scopes.isEmpty()) {
            gVar.set("scopes", com.google.common.base.f.g(',').d(this.scopes));
        }
        return gVar.toString();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ComputeEngineCredentials) || !super.equals(obj)) {
            return false;
        }
        ComputeEngineCredentials computeEngineCredentials = (ComputeEngineCredentials) obj;
        return Objects.equals(this.transportFactoryClassName, computeEngineCredentials.transportFactoryClassName) && Objects.equals(this.scopes, computeEngineCredentials.scopes) && Objects.equals(this.universeDomainFromMetadata, computeEngineCredentials.universeDomainFromMetadata);
    }

    public String getAccount() {
        if (this.f32593x == null) {
            try {
                this.f32593x = f();
            } catch (IOException e10) {
                throw new RuntimeException("Failed to get service account", e10);
            }
        }
        return this.f32593x;
    }

    public final Collection<String> getScopes() {
        return this.scopes;
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.Credentials
    public String getUniverseDomain() throws IOException {
        if (isExplicitUniverseDomain()) {
            return super.getUniverseDomain();
        }
        synchronized (this) {
            String str = this.universeDomainFromMetadata;
            if (str != null) {
                return str;
            }
            String h10 = h();
            synchronized (this) {
                this.universeDomainFromMetadata = h10;
            }
            return h10;
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.transportFactoryClassName);
    }

    public IdToken idTokenWithAudience(String str, List<IdTokenProvider$Option> list) throws IOException {
        com.google.api.client.http.g gVar = new com.google.api.client.http.g(getIdentityDocumentUrl());
        if (list != null) {
            if (list.contains(IdTokenProvider$Option.FORMAT_FULL)) {
                gVar.set("format", "full");
            }
            if (list.contains(IdTokenProvider$Option.LICENSES_TRUE)) {
                gVar.set("format", "full");
                gVar.set("license", "TRUE");
            }
        }
        gVar.set("audience", str);
        com.google.api.client.http.u g10 = g(gVar.toString());
        if (g10.c() != null) {
            return IdToken.create(g10.n());
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() throws IOException {
        com.google.api.client.http.u g10 = g(createTokenUrlWithScopes());
        int h10 = g10.h();
        if (h10 == 404) {
            throw new IOException(String.format("Error code %s trying to get security access token from Compute Engine metadata for the default service account. This may be because the virtual machine instance does not have permission scopes specified. It is possible to skip checking for Compute Engine metadata by specifying the environment  variable NO_GCE_CHECK=true.", Integer.valueOf(h10)));
        }
        if (h10 != 200) {
            throw new IOException(String.format("Unexpected Error code %s trying to get security access token from Compute Engine metadata for the default service account: %s", Integer.valueOf(h10), g10.n()));
        }
        if (g10.c() == null) {
            throw new IOException("Empty content from metadata token server request.");
        }
        return new AccessToken(p.g((GenericData) g10.m(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.clock.a() + (p.c(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
    }

    public byte[] sign(byte[] bArr) {
        try {
            return n.c(getAccount(), this, this.f32592q.a(), bArr, Collections.emptyMap());
        } catch (ServiceAccountSigner$SigningException e10) {
            throw e10;
        } catch (RuntimeException e11) {
            throw new ServiceAccountSigner$SigningException("Signing failed", e11);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public b toBuilder() {
        return new b(this);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    protected g.b toStringHelper() {
        g.b b10;
        synchronized (this) {
            b10 = super.toStringHelper().b("transportFactoryClassName", this.transportFactoryClassName).b("scopes", this.scopes).b("universeDomainFromMetadata", this.universeDomainFromMetadata);
        }
        return b10;
    }
}
