package com.google.auth.oauth2;

import com.google.auth.Credentials;
import com.google.auth.ServiceAccountSigner$SigningException;
import com.google.auth.oauth2.AutoValue_JwtClaims;
import com.google.auth.oauth2.JwtClaims;
import com.google.auth.oauth2.JwtCredentials;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LocalCache;
import com.google.common.util.concurrent.UncheckedExecutionException;
import d.e.b.a.b.e;
import d.e.b.a.c.g;
import d.e.e.a.j;
import d.e.e.a.r;
import d.e.e.a.s;
import d.e.e.b.f;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;

/* loaded from: classes.dex */
public class ServiceAccountJwtAccessCredentials extends Credentials {
    public static final String JWT_ACCESS_PREFIX = "Bearer ";
    public static final long LIFE_SPAN_SECS = TimeUnit.HOURS.toSeconds(1);

    /* renamed from: b, reason: collision with root package name */
    public static final long f3569b = TimeUnit.MINUTES.toSeconds(5);
    public static final long serialVersionUID = -7274955171379494197L;

    /* renamed from: a, reason: collision with root package name */
    public transient f<JwtClaims, JwtCredentials> f3570a;
    public final String clientEmail;
    public final String clientId;
    public transient g clock;
    public final URI defaultAudience;
    public final PrivateKey privateKey;
    public final String privateKeyId;
    public final String quotaProjectId;

    /* loaded from: classes.dex */
    public class a extends CacheLoader<JwtClaims, JwtCredentials> {
        public a() {
        }

        @Override // com.google.common.cache.CacheLoader
        public JwtCredentials load(JwtClaims jwtClaims) {
            JwtClaims jwtClaims2 = jwtClaims;
            JwtCredentials.b newBuilder = JwtCredentials.newBuilder();
            newBuilder.a(ServiceAccountJwtAccessCredentials.this.privateKey);
            newBuilder.f3554b = ServiceAccountJwtAccessCredentials.this.privateKeyId;
            if (jwtClaims2 == null) {
                throw null;
            }
            newBuilder.f3555c = jwtClaims2;
            Long valueOf = Long.valueOf(ServiceAccountJwtAccessCredentials.LIFE_SPAN_SECS);
            if (valueOf == null) {
                throw null;
            }
            newBuilder.f3557e = valueOf;
            newBuilder.a(ServiceAccountJwtAccessCredentials.this.clock);
            return newBuilder.a();
        }
    }

    /* loaded from: classes.dex */
    public class b extends s {
        public b() {
        }

        @Override // d.e.e.a.s
        public long a() {
            return TimeUnit.MILLISECONDS.toNanos(ServiceAccountJwtAccessCredentials.this.clock.a());
        }
    }

    /* loaded from: classes.dex */
    public static class c {
        public c() {
        }

        public c(ServiceAccountJwtAccessCredentials serviceAccountJwtAccessCredentials) {
            String unused = serviceAccountJwtAccessCredentials.clientId;
            String unused2 = serviceAccountJwtAccessCredentials.clientEmail;
            PrivateKey unused3 = serviceAccountJwtAccessCredentials.privateKey;
            String unused4 = serviceAccountJwtAccessCredentials.privateKeyId;
            URI unused5 = serviceAccountJwtAccessCredentials.defaultAudience;
            String unused6 = serviceAccountJwtAccessCredentials.quotaProjectId;
        }
    }

    @Deprecated
    public ServiceAccountJwtAccessCredentials(String str, String str2, PrivateKey privateKey, String str3) {
        this(str, str2, privateKey, str3, null, null);
    }

    public ServiceAccountJwtAccessCredentials(String str, String str2, PrivateKey privateKey, String str3, URI uri, String str4) {
        this.clock = g.f8795a;
        this.clientId = str;
        if (str2 == null) {
            throw null;
        }
        this.clientEmail = str2;
        if (privateKey == null) {
            throw null;
        }
        this.privateKey = privateKey;
        this.privateKeyId = str3;
        this.defaultAudience = uri;
        this.f3570a = a();
        this.quotaProjectId = str4;
    }

    public /* synthetic */ ServiceAccountJwtAccessCredentials(String str, String str2, PrivateKey privateKey, String str3, URI uri, String str4, a aVar) {
        this(str, str2, privateKey, str3, uri, str4);
    }

    public static ServiceAccountJwtAccessCredentials fromJson(Map<String, Object> map) {
        return fromJson(map, null);
    }

    public static ServiceAccountJwtAccessCredentials fromJson(Map<String, Object> map, URI uri) {
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("quota_project_id");
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return fromPkcs8(str, str2, str3, str4, uri, str5);
    }

    public static ServiceAccountJwtAccessCredentials fromPkcs8(String str, String str2, String str3, String str4) {
        return fromPkcs8(str, str2, str3, str4, null);
    }

    public static ServiceAccountJwtAccessCredentials fromPkcs8(String str, String str2, String str3, String str4, URI uri) {
        return fromPkcs8(str, str2, str3, str4, uri, null);
    }

    public static ServiceAccountJwtAccessCredentials fromPkcs8(String str, String str2, String str3, String str4, URI uri, String str5) {
        return new ServiceAccountJwtAccessCredentials(str, str2, ServiceAccountCredentials.privateKeyFromPkcs8(str3), str4, uri, str5);
    }

    public static ServiceAccountJwtAccessCredentials fromStream(InputStream inputStream) {
        return fromStream(inputStream, null);
    }

    public static ServiceAccountJwtAccessCredentials fromStream(InputStream inputStream, URI uri) {
        if (inputStream == null) {
            throw null;
        }
        d.e.b.a.b.b bVar = (d.e.b.a.b.b) new e(d.e.c.c.b.f8870d).a(inputStream, d.e.c.c.b.f8871e, d.e.b.a.b.b.class);
        String str = (String) bVar.get(com.umeng.analytics.pro.c.y);
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if (GoogleCredentials.SERVICE_ACCOUNT_FILE_TYPE.equals(str)) {
            return fromJson(bVar, uri);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, GoogleCredentials.SERVICE_ACCOUNT_FILE_TYPE));
    }

    public static c newBuilder() {
        return new c();
    }

    private void readObject(ObjectInputStream objectInputStream) {
        objectInputStream.defaultReadObject();
        this.clock = g.f8795a;
        this.f3570a = a();
    }

    public final f<JwtClaims, JwtCredentials> a() {
        CacheBuilder cacheBuilder = new CacheBuilder();
        cacheBuilder.a(100L);
        cacheBuilder.a(LIFE_SPAN_SECS - f3569b, TimeUnit.SECONDS);
        cacheBuilder.a(new b());
        a aVar = new a();
        cacheBuilder.a();
        return new LocalCache.LocalLoadingCache(cacheBuilder, aVar);
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountJwtAccessCredentials)) {
            return false;
        }
        ServiceAccountJwtAccessCredentials serviceAccountJwtAccessCredentials = (ServiceAccountJwtAccessCredentials) obj;
        return Objects.equals(this.clientId, serviceAccountJwtAccessCredentials.clientId) && Objects.equals(this.clientEmail, serviceAccountJwtAccessCredentials.clientEmail) && Objects.equals(this.privateKey, serviceAccountJwtAccessCredentials.privateKey) && Objects.equals(this.privateKeyId, serviceAccountJwtAccessCredentials.privateKeyId) && Objects.equals(this.defaultAudience, serviceAccountJwtAccessCredentials.defaultAudience) && Objects.equals(this.quotaProjectId, serviceAccountJwtAccessCredentials.quotaProjectId);
    }

    public String getAccount() {
        return getClientEmail();
    }

    @Override // com.google.auth.Credentials
    public String getAuthenticationType() {
        return "JWTAccess";
    }

    public final String getClientEmail() {
        return this.clientEmail;
    }

    public final String getClientId() {
        return this.clientId;
    }

    public final PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public final String getPrivateKeyId() {
        return this.privateKeyId;
    }

    public String getQuotaProjectId() {
        return this.quotaProjectId;
    }

    @Override // com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) {
        if (uri == null && (uri = this.defaultAudience) == null) {
            throw new IOException("JwtAccess requires Audience uri to be passed in or the defaultAudience to be specified");
        }
        try {
            AutoValue_JwtClaims.b bVar = (AutoValue_JwtClaims.b) JwtClaims.newBuilder();
            bVar.f3528a = uri.toString();
            bVar.f3529b = this.clientEmail;
            bVar.f3530c = this.clientEmail;
            return GoogleCredentials.addQuotaProjectIdToRequestMetadata(this.quotaProjectId, this.f3570a.get(bVar.a()).getRequestMetadata(uri));
        } catch (UncheckedExecutionException e2) {
            r.b(e2);
            throw new IllegalStateException("generateJwtAccess threw an unchecked exception that couldn't be rethrown", e2);
        } catch (ExecutionException e3) {
            r.a(e3.getCause(), IOException.class);
            throw new IllegalStateException("generateJwtAccess threw an unexpected checked exception", e3.getCause());
        }
    }

    @Override // com.google.auth.Credentials
    public void getRequestMetadata(URI uri, Executor executor, d.e.c.a aVar) {
        blockingGetToCallback(uri, aVar);
    }

    @Override // com.google.auth.Credentials
    public boolean hasRequestMetadata() {
        return true;
    }

    @Override // com.google.auth.Credentials
    public boolean hasRequestMetadataOnly() {
        return true;
    }

    public int hashCode() {
        return Objects.hash(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, this.defaultAudience, this.quotaProjectId);
    }

    public JwtCredentials jwtWithClaims(JwtClaims jwtClaims) {
        JwtClaims.a newBuilder = JwtClaims.newBuilder();
        String str = this.clientEmail;
        AutoValue_JwtClaims.b bVar = (AutoValue_JwtClaims.b) newBuilder;
        bVar.f3529b = str;
        bVar.f3530c = str;
        URI uri = this.defaultAudience;
        if (uri != null) {
            bVar.f3528a = uri.toString();
        }
        JwtCredentials.b newBuilder2 = JwtCredentials.newBuilder();
        newBuilder2.a(this.privateKey);
        newBuilder2.f3554b = this.privateKeyId;
        newBuilder2.a(bVar.a().merge(jwtClaims));
        Long valueOf = Long.valueOf(LIFE_SPAN_SECS);
        if (valueOf == null) {
            throw null;
        }
        newBuilder2.f3557e = valueOf;
        newBuilder2.a(this.clock);
        return newBuilder2.a();
    }

    @Override // com.google.auth.Credentials
    public void refresh() {
        this.f3570a.invalidateAll();
    }

    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
            throw new ServiceAccountSigner$SigningException("Failed to sign the provided bytes", e2);
        }
    }

    public c toBuilder() {
        return new c(this);
    }

    public String toString() {
        j h2 = b.t.s.h(this);
        h2.a("clientId", this.clientId);
        h2.a("clientEmail", this.clientEmail);
        h2.a("privateKeyId", this.privateKeyId);
        h2.a("defaultAudience", this.defaultAudience);
        h2.a("quotaProjectId", this.quotaProjectId);
        return h2.toString();
    }
}
