package com.google.auth.oauth2;

import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.e0;
import com.google.api.client.http.x;
import com.google.api.client.util.GenericData;
import com.google.auth.oauth2.GoogleCredentials;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Date;
import java.util.Map;
import java.util.Objects;
import nd.e;
import sd.a;
import sd.b;

/* loaded from: classes3.dex */
public class GdchCredentials extends GoogleCredentials {
    static final String SUPPORTED_FORMAT_VERSION = "1";
    private final URI apiAudience;
    private final String caCertPath;
    private final int lifetime;
    private final PrivateKey privateKey;
    private final String privateKeyId;
    private final String projectId;

    /* renamed from: q, reason: collision with root package name */
    private transient wd.b f32638q;
    private final String serviceIdentityName;
    private final URI tokenServerUri;
    private final String transportFactoryClassName;

    /* loaded from: classes3.dex */
    public static class a extends GoogleCredentials.a {

        /* renamed from: f, reason: collision with root package name */
        private String f32639f;

        /* renamed from: g, reason: collision with root package name */
        private String f32640g;

        /* renamed from: h, reason: collision with root package name */
        private PrivateKey f32641h;

        /* renamed from: i, reason: collision with root package name */
        private String f32642i;

        /* renamed from: j, reason: collision with root package name */
        private URI f32643j;

        /* renamed from: k, reason: collision with root package name */
        private URI f32644k;

        /* renamed from: l, reason: collision with root package name */
        private wd.b f32645l;

        /* renamed from: m, reason: collision with root package name */
        private String f32646m;

        /* renamed from: n, reason: collision with root package name */
        private int f32647n;

        protected a() {
            this.f32647n = 3600;
        }

        protected a(GdchCredentials gdchCredentials) {
            this.f32647n = 3600;
            this.f32639f = gdchCredentials.projectId;
            this.f32640g = gdchCredentials.privateKeyId;
            this.f32641h = gdchCredentials.privateKey;
            this.f32642i = gdchCredentials.serviceIdentityName;
            this.f32643j = gdchCredentials.tokenServerUri;
            this.f32645l = gdchCredentials.f32638q;
            this.f32646m = gdchCredentials.caCertPath;
            this.f32647n = gdchCredentials.lifetime;
        }

        public a A(PrivateKey privateKey) {
            this.f32641h = privateKey;
            return this;
        }

        public a B(String str) {
            this.f32640g = str;
            return this;
        }

        public a C(String str) {
            this.f32639f = str;
            return this;
        }

        public a D(String str) {
            this.f32642i = str;
            return this;
        }

        public a E(URI uri) {
            this.f32643j = uri;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: w, reason: merged with bridge method [inline-methods] */
        public GdchCredentials h() {
            return new GdchCredentials(this);
        }

        public a x(String str) {
            this.f32646m = str;
            return this;
        }

        public a y(URI uri) {
            this.f32644k = uri;
            return this;
        }

        public a z(wd.b bVar) {
            this.f32645l = bVar;
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class b implements wd.b {

        /* renamed from: a, reason: collision with root package name */
        x f32648a;

        public b(String str) {
            b(str);
        }

        private void b(String str) {
            if (str == null || str.isEmpty()) {
                this.f32648a = new nd.e();
                return;
            }
            try {
                this.f32648a = new e.a().e(GdchCredentials.readStream(new File(str))).a();
            } catch (IOException e10) {
                throw new IOException(String.format("Error reading certificate file from CA cert path, value '%s': %s", str, e10.getMessage()), e10);
            } catch (GeneralSecurityException e11) {
                throw new IOException("Error initiating transport with certificate stream.", e11);
            }
        }

        @Override // wd.b
        public x a() {
            return this.f32648a;
        }
    }

    GdchCredentials(a aVar) {
        this.projectId = (String) com.google.common.base.l.o(aVar.f32639f);
        this.privateKeyId = (String) com.google.common.base.l.o(aVar.f32640g);
        this.privateKey = (PrivateKey) com.google.common.base.l.o(aVar.f32641h);
        this.serviceIdentityName = (String) com.google.common.base.l.o(aVar.f32642i);
        this.tokenServerUri = (URI) com.google.common.base.l.o(aVar.f32643j);
        wd.b bVar = (wd.b) com.google.common.base.l.o(aVar.f32645l);
        this.f32638q = bVar;
        this.transportFactoryClassName = bVar.getClass().getName();
        this.caCertPath = aVar.f32646m;
        this.apiAudience = aVar.f32644k;
        this.lifetime = aVar.f32647n;
    }

    private static String f(String str, String str2) {
        if (str == null || str.isEmpty()) {
            throw new IOException(String.format("Error reading GDCH service account credential from JSON, %s is misconfigured.", str2));
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GdchCredentials fromJson(Map<String, Object> map) throws IOException {
        return fromJson(map, new b((String) map.get("ca_cert_path")));
    }

    static GdchCredentials fromJson(Map<String, Object> map, wd.b bVar) throws IOException {
        String f10 = f((String) map.get("format_version"), "format_version");
        String f11 = f((String) map.get("project"), "project");
        String f12 = f((String) map.get("private_key_id"), "private_key_id");
        String f13 = f((String) map.get("private_key"), "private_key");
        String f14 = f((String) map.get("name"), "name");
        String f15 = f((String) map.get("token_uri"), "token_uri");
        String str = (String) map.get("ca_cert_path");
        if (!SUPPORTED_FORMAT_VERSION.equals(f10)) {
            throw new IOException(String.format("Only format version %s is supported.", SUPPORTED_FORMAT_VERSION));
        }
        try {
            return fromPkcs8(f13, newBuilder().C(f11).B(f12).E(new URI(f15)).D(f14).x(str).z(bVar));
        } catch (URISyntaxException unused) {
            throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
        }
    }

    static GdchCredentials fromPkcs8(String str, a aVar) throws IOException {
        aVar.A(p.b(str));
        return new GdchCredentials(aVar);
    }

    static String getIssuerSubjectValue(String str, String str2) {
        return String.format("system:serviceaccount:%s:%s", str, str2);
    }

    public static a newBuilder() {
        return new a();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.f32638q = (wd.b) OAuth2Credentials.newInstance(this.transportFactoryClassName);
    }

    static InputStream readStream(File file) throws FileNotFoundException {
        return new FileInputStream(file);
    }

    String createAssertion(pd.c cVar, long j10, URI uri) throws IOException {
        a.C0525a c0525a = new a.C0525a();
        c0525a.k("RS256");
        c0525a.o("JWT");
        c0525a.l(this.privateKeyId);
        b.C0526b c0526b = new b.C0526b();
        c0526b.k(getIssuerSubjectValue(this.projectId, this.serviceIdentityName));
        c0526b.l(getIssuerSubjectValue(this.projectId, this.serviceIdentityName));
        long j11 = j10 / 1000;
        c0526b.i(Long.valueOf(j11));
        c0526b.g(Long.valueOf(j11 + this.lifetime));
        c0526b.f(getTokenServerUri().toString());
        try {
            c0526b.set("api_audience", uri.toString());
            return sd.a.f(this.privateKey, cVar, c0525a, c0526b);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    public GdchCredentials createWithGdchAudience(URI uri) throws IOException {
        com.google.common.base.l.p(uri, "Audience are not configured for GDCH service account credentials.");
        return toBuilder().y(uri).h();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof GdchCredentials)) {
            return false;
        }
        GdchCredentials gdchCredentials = (GdchCredentials) obj;
        return Objects.equals(this.projectId, gdchCredentials.projectId) && Objects.equals(this.privateKeyId, gdchCredentials.privateKeyId) && Objects.equals(this.privateKey, gdchCredentials.privateKey) && Objects.equals(this.serviceIdentityName, gdchCredentials.serviceIdentityName) && Objects.equals(this.tokenServerUri, gdchCredentials.tokenServerUri) && Objects.equals(this.transportFactoryClassName, gdchCredentials.transportFactoryClassName) && Objects.equals(this.apiAudience, gdchCredentials.apiAudience) && Objects.equals(this.caCertPath, gdchCredentials.caCertPath) && Objects.equals(Integer.valueOf(this.lifetime), Integer.valueOf(gdchCredentials.lifetime));
    }

    public final URI getApiAudience() {
        return this.apiAudience;
    }

    public final String getCaCertPath() {
        return this.caCertPath;
    }

    public final PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public final String getPrivateKeyId() {
        return this.privateKeyId;
    }

    public final String getProjectId() {
        return this.projectId;
    }

    public final String getServiceIdentityName() {
        return this.serviceIdentityName;
    }

    public final URI getTokenServerUri() {
        return this.tokenServerUri;
    }

    public final wd.b getTransportFactory() {
        return this.f32638q;
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.projectId, this.privateKeyId, this.privateKey, this.serviceIdentityName, this.tokenServerUri, this.transportFactoryClassName, this.apiAudience, this.caCertPath, Integer.valueOf(this.lifetime));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() throws IOException {
        com.google.common.base.l.p(this.apiAudience, "Audience are not configured for GDCH service account. Specify the audience by calling createWithGDCHAudience.");
        pd.c cVar = p.f32777f;
        String createAssertion = createAssertion(cVar, this.clock.a(), getApiAudience());
        GenericData genericData = new GenericData();
        genericData.set("grant_type", "urn:ietf:params:oauth:token-type:token-exchange");
        genericData.set("assertion", createAssertion);
        com.google.api.client.http.r b10 = this.f32638q.a().c().b(new com.google.api.client.http.g(this.tokenServerUri), new e0(genericData));
        b10.A(new pd.e(cVar));
        try {
            return new AccessToken(p.g((GenericData) b10.b().m(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.clock.a() + (p.c(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
        } catch (HttpResponseException e10) {
            throw GoogleAuthException.createWithTokenEndpointResponseException(e10, String.format("Error getting access token for GDCH service account: %s, iss: %s", e10.getMessage(), getServiceIdentityName()));
        } catch (IOException e11) {
            throw GoogleAuthException.createWithTokenEndpointIOException(e11, String.format("Error getting access token for GDCH service account: %s, iss: %s", e11.getMessage(), getServiceIdentityName()));
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public a toBuilder() {
        return new a(this);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return com.google.common.base.g.b(this).b("projectId", this.projectId).b("privateKeyId", this.privateKeyId).b("serviceIdentityName", this.serviceIdentityName).b("tokenServerUri", this.tokenServerUri).b("transportFactoryClassName", this.transportFactoryClassName).b("caCertPath", this.caCertPath).b("apiAudience", this.apiAudience).a("lifetime", this.lifetime).toString();
    }
}
