package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpBackOffIOExceptionHandler;
import com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.ExponentialBackOff;
import com.google.api.client.util.GenericData;
import com.google.api.client.util.Joiner;
import com.google.api.client.util.PemReader;
import com.google.api.client.util.Preconditions;
import com.google.api.client.util.SecurityUtils;
import com.google.auth.http.HttpTransportFactory;
import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.StringReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;

/* loaded from: classes.dex */
public class ServiceAccountCredentials extends GoogleCredentials {
    private static final long serialVersionUID = 7807543542681217978L;
    private final String f;
    private final String g;

    /* renamed from: h, reason: collision with root package name */
    private final PrivateKey f4914h;
    private final String i;

    /* renamed from: j, reason: collision with root package name */
    private final String f4915j;
    private final String k;
    private final String l;
    private final URI m;
    private final Collection<String> n;
    private final String o;
    private transient HttpTransportFactory p;

    ServiceAccountCredentials(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, HttpTransportFactory httpTransportFactory, URI uri, String str4, String str5, String str6) {
        this.f = str;
        this.g = (String) Preconditions.d(str2);
        this.f4914h = (PrivateKey) Preconditions.d(privateKey);
        this.i = str3;
        this.n = collection == null ? ImmutableSet.of() : ImmutableSet.copyOf((Collection) collection);
        HttpTransportFactory httpTransportFactory2 = (HttpTransportFactory) MoreObjects.firstNonNull(httpTransportFactory, OAuth2Credentials.d(HttpTransportFactory.class, OAuth2Utils.c));
        this.p = httpTransportFactory2;
        this.l = httpTransportFactory2.getClass().getName();
        this.m = uri == null ? OAuth2Utils.f4912a : uri;
        this.f4915j = str4;
        this.k = str5;
        this.o = str6;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ServiceAccountCredentials r(Map<String, Object> map, HttpTransportFactory httpTransportFactory) throws IOException {
        URI uri;
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        String str7 = (String) map.get("quota_project_id");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        URI uri2 = uri;
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return s(str, str2, str3, str4, null, httpTransportFactory, uri2, null, str5, str7);
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.p = (HttpTransportFactory) OAuth2Credentials.f(this.l);
    }

    static ServiceAccountCredentials s(String str, String str2, String str3, String str4, Collection<String> collection, HttpTransportFactory httpTransportFactory, URI uri, String str5, String str6, String str7) throws IOException {
        return new ServiceAccountCredentials(str, str2, t(str3), str4, collection, httpTransportFactory, uri, str5, str6, str7);
    }

    static PrivateKey t(String str) throws IOException {
        PemReader.Section b = PemReader.b(new StringReader(str), "PRIVATE KEY");
        if (b == null) {
            throw new IOException("Invalid PKCS#8 data.");
        }
        try {
            return SecurityUtils.a().generatePrivate(new PKCS8EncodedKeySpec(b.a()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new IOException("Unexpected exception reading PKCS#8 data", e);
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map<String, List<String>> a(URI uri) throws IOException {
        return GoogleCredentials.k(this.o, super.a(uri));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.f, serviceAccountCredentials.f) && Objects.equals(this.g, serviceAccountCredentials.g) && Objects.equals(this.f4914h, serviceAccountCredentials.f4914h) && Objects.equals(this.i, serviceAccountCredentials.i) && Objects.equals(this.l, serviceAccountCredentials.l) && Objects.equals(this.m, serviceAccountCredentials.m) && Objects.equals(this.n, serviceAccountCredentials.n) && Objects.equals(this.o, serviceAccountCredentials.o);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken h() throws IOException {
        if (q()) {
            throw new IOException("Scopes not configured for service account. Scoped should be specified by calling createScoped or passing scopes to constructor.");
        }
        JsonFactory jsonFactory = OAuth2Utils.f4913d;
        String o = o(jsonFactory, this.e.a(), this.m.toString());
        GenericData genericData = new GenericData();
        genericData.d("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        genericData.d("assertion", o);
        HttpRequest a2 = this.p.create().c().a(new GenericUrl(this.m), new UrlEncodedContent(genericData));
        a2.o(new JsonObjectParser(jsonFactory));
        a2.n(new HttpBackOffIOExceptionHandler(new ExponentialBackOff()));
        HttpBackOffUnsuccessfulResponseHandler httpBackOffUnsuccessfulResponseHandler = new HttpBackOffUnsuccessfulResponseHandler(new ExponentialBackOff());
        httpBackOffUnsuccessfulResponseHandler.b(new HttpBackOffUnsuccessfulResponseHandler.BackOffRequired(this) { // from class: com.google.auth.oauth2.ServiceAccountCredentials.1
            @Override // com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler.BackOffRequired
            public boolean a(HttpResponse httpResponse) {
                int f = httpResponse.f();
                return f / 100 == 5 || f == 403;
            }
        });
        a2.q(httpBackOffUnsuccessfulResponseHandler);
        try {
            return new AccessToken(OAuth2Utils.b((GenericData) a2.b().k(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.e.a() + (OAuth2Utils.a(r0, com.facebook.AccessToken.EXPIRES_IN_KEY, "Error parsing token refresh response. ") * 1000)));
        } catch (IOException e) {
            throw new IOException(String.format("Error getting access token for service account: %s", e.getMessage()), e);
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.f, this.g, this.f4914h, this.i, this.l, this.m, this.n, this.o);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials l(Collection<String> collection) {
        return new ServiceAccountCredentials(this.f, this.g, this.f4914h, this.i, collection, this.p, this.m, this.f4915j, this.k, this.o);
    }

    String o(JsonFactory jsonFactory, long j2, String str) throws IOException {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.o("RS256");
        header.q("JWT");
        header.p(this.i);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.o(this.g);
        long j3 = j2 / 1000;
        payload.n(Long.valueOf(j3));
        payload.m(Long.valueOf(j3 + 3600));
        payload.p(this.f4915j);
        payload.put("scope", Joiner.b(' ').a(this.n));
        if (str == null) {
            payload.k(OAuth2Utils.f4912a.toString());
        } else {
            payload.k(str);
        }
        try {
            return JsonWebSignature.a(this.f4914h, jsonFactory, header, payload);
        } catch (GeneralSecurityException e) {
            throw new IOException("Error signing service account access token request with private key.", e);
        }
    }

    public boolean q() {
        return this.n.isEmpty();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return MoreObjects.toStringHelper(this).add("clientId", this.f).add("clientEmail", this.g).add("privateKeyId", this.i).add("transportFactoryClassName", this.l).add("tokenServerUri", this.m).add("scopes", this.n).add("serviceAccountUser", this.f4915j).add("quotaProjectId", this.o).toString();
    }
}
