package d.o.c.e;

import com.amazon.identity.auth.device.authorization.AuthorizationResponseParser;
import com.amazon.identity.auth.map.device.AccountManagerConstants;
import d.o.b.h.c.g;
import d.o.b.h.c.r;
import d.o.b.h.d.k.a;
import d.o.b.h.d.k.b;
import d.o.b.h.e.b0;
import d.o.b.h.e.c0;
import d.o.b.h.e.d0;
import d.o.d.a.j;
import java.io.IOException;
import java.io.StringReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.Map;
import java.util.Objects;

/* loaded from: classes2.dex */
public class n extends g implements d.o.c.c, h, k {
    private transient d.o.c.d.a A;
    private final String r;
    private final String s;
    private final PrivateKey t;
    private final String u;
    private final String v;
    private final String w;
    private final String x;
    private final URI y;
    private final Collection<String> z;

    /* loaded from: classes2.dex */
    class a implements g.a {
        a(n nVar) {
        }

        @Override // d.o.b.h.c.g.a
        public boolean a(r rVar) {
            int g2 = rVar.g();
            return g2 / 100 == 5 || g2 == 403;
        }
    }

    n(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, d.o.c.d.a aVar, URI uri, String str4, String str5) {
        this.r = str;
        c0.a(str2);
        this.s = str2;
        c0.a(privateKey);
        this.t = privateKey;
        this.u = str3;
        this.z = collection == null ? d.o.d.c.m.k() : d.o.d.c.m.a(collection);
        this.A = (d.o.c.d.a) d.o.d.a.j.a(aVar, l.a((Class<? extends d.o.c.d.a>) d.o.c.d.a.class, m.f14075c));
        this.x = this.A.getClass().getName();
        this.y = uri == null ? m.f14073a : uri;
        this.v = str4;
        this.w = str5;
    }

    static n a(String str, String str2, String str3, String str4, Collection<String> collection, d.o.c.d.a aVar, URI uri, String str5, String str6) throws IOException {
        return new n(str, str2, a(str3), str4, collection, aVar, uri, str5, str6);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static n a(Map<String, Object> map, d.o.c.d.a aVar) throws IOException {
        URI uri;
        String str = (String) map.get(AccountManagerConstants.CLIENT_ID_LABEL);
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return a(str, str2, str3, str4, null, aVar, uri, null, str5);
    }

    static PrivateKey a(String str) throws IOException {
        b0.a a2 = b0.a(new StringReader(str), "PRIVATE KEY");
        if (a2 == null) {
            throw new IOException("Invalid PKCS#8 data.");
        }
        try {
            return d0.a().generatePrivate(new PKCS8EncodedKeySpec(a2.a()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
            throw new IOException("Unexpected exception reading PKCS#8 data", e2);
        }
    }

    @Override // d.o.c.e.g
    public g a(Collection<String> collection) {
        return new n(this.r, this.s, this.t, this.u, collection, this.A, this.y, this.v, this.w);
    }

    String a(d.o.b.h.d.c cVar, long j2, String str) throws IOException {
        a.C0211a c0211a = new a.C0211a();
        c0211a.c("RS256");
        c0211a.a("JWT");
        c0211a.d(this.u);
        b.C0212b c0212b = new b.C0212b();
        c0212b.a(this.s);
        long j3 = j2 / 1000;
        c0212b.b(Long.valueOf(j3));
        c0212b.a(Long.valueOf(j3 + 3600));
        c0212b.c(this.v);
        c0212b.put(AuthorizationResponseParser.SCOPE, d.o.b.h.e.r.a(' ').a(this.z));
        if (str == null) {
            c0212b.a((Object) m.f14073a.toString());
        } else {
            c0212b.a((Object) str);
        }
        try {
            return d.o.b.h.d.k.a.a(this.t, cVar, c0211a, c0212b);
        } catch (GeneralSecurityException e2) {
            throw new IOException("Error signing service account access token request with private key.", e2);
        }
    }

    @Override // d.o.c.e.l
    public boolean equals(Object obj) {
        if (!(obj instanceof n)) {
            return false;
        }
        n nVar = (n) obj;
        return Objects.equals(this.r, nVar.r) && Objects.equals(this.s, nVar.s) && Objects.equals(this.t, nVar.t) && Objects.equals(this.u, nVar.u) && Objects.equals(this.x, nVar.x) && Objects.equals(this.y, nVar.y) && Objects.equals(this.z, nVar.z);
    }

    @Override // d.o.c.e.l
    public d.o.c.e.a g() throws IOException {
        if (h()) {
            throw new IOException("Scopes not configured for service account. Scoped should be specified by calling createScoped or passing scopes to constructor.");
        }
        d.o.b.h.d.c cVar = m.f14076d;
        String a2 = a(cVar, this.p.b(), this.y.toString());
        d.o.b.h.e.p pVar = new d.o.b.h.e.p();
        pVar.b("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        pVar.b("assertion", a2);
        d.o.b.h.c.o a3 = this.A.create().b().a(new d.o.b.h.c.e(this.y), new d.o.b.h.c.b0(pVar));
        a3.a(new d.o.b.h.d.e(cVar));
        a3.a(new d.o.b.h.c.f(new d.o.b.h.e.n()));
        d.o.b.h.c.g gVar = new d.o.b.h.c.g(new d.o.b.h.e.n());
        gVar.a(new a(this));
        a3.a(gVar);
        try {
            return new d.o.c.e.a(m.b((d.o.b.h.e.p) a3.a().a(d.o.b.h.e.p.class), "access_token", "Error parsing token refresh response. "), new Date(this.p.b() + (m.a(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
        } catch (IOException e2) {
            throw new IOException(String.format("Error getting access token for service account: %s", e2.getMessage()), e2);
        }
    }

    @Override // d.o.c.e.g
    public boolean h() {
        return this.z.isEmpty();
    }

    @Override // d.o.c.e.l
    public int hashCode() {
        return Objects.hash(this.r, this.s, this.t, this.u, this.x, this.y, this.z);
    }

    public final String j() {
        return this.s;
    }

    public final String k() {
        return this.r;
    }

    public final PrivateKey l() {
        return this.t;
    }

    public final String m() {
        return this.u;
    }

    @Override // d.o.c.e.l
    public String toString() {
        j.b a2 = d.o.d.a.j.a(this);
        a2.a(AuthorizationResponseParser.CLIENT_ID_STATE, this.r);
        a2.a("clientEmail", this.s);
        a2.a("privateKeyId", this.u);
        a2.a("transportFactoryClassName", this.x);
        a2.a("tokenServerUri", this.y);
        a2.a("scopes", this.z);
        a2.a("serviceAccountUser", this.v);
        return a2.toString();
    }
}
