package com.google.auth.oauth2;

import b.t.s;
import com.google.api.client.util.GenericData;
import com.google.auth.ServiceAccountSigner$SigningException;
import com.google.auth.oauth2.AutoValue_JwtClaims;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.auth.oauth2.JwtClaims;
import com.google.auth.oauth2.JwtCredentials;
import com.google.common.collect.ImmutableSet;
import com.umeng.analytics.pro.c;
import d.e.b.a.a.d;
import d.e.b.a.a.e;
import d.e.b.a.a.k;
import d.e.b.a.a.q;
import d.e.b.a.b.j.a;
import d.e.b.a.b.j.b;
import d.e.b.a.c.j;
import d.e.b.a.c.v;
import d.e.e.a.h;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.StringReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;

/* loaded from: classes.dex */
public class ServiceAccountCredentials extends GoogleCredentials implements IdTokenProvider {
    public static final long serialVersionUID = 7807543542681217978L;

    /* renamed from: c, reason: collision with root package name */
    public transient d.e.c.b.b f3560c;
    public final String clientEmail;
    public final String clientId;
    public final PrivateKey privateKey;
    public final String privateKeyId;
    public final String projectId;
    public final String quotaProjectId;
    public final Collection<String> scopes;
    public final String serviceAccountUser;
    public final URI tokenServerUri;
    public final String transportFactoryClassName;

    /* loaded from: classes.dex */
    public class a implements e.a {
        public a(ServiceAccountCredentials serviceAccountCredentials) {
        }

        @Override // d.e.b.a.a.e.a
        public boolean a(k kVar) {
            int i2 = kVar.f8708e;
            return i2 / 100 == 5 || i2 == 403;
        }
    }

    /* loaded from: classes.dex */
    public static class b extends GoogleCredentials.a {

        /* renamed from: b, reason: collision with root package name */
        public String f3561b;

        /* renamed from: c, reason: collision with root package name */
        public String f3562c;

        /* renamed from: d, reason: collision with root package name */
        public PrivateKey f3563d;

        /* renamed from: e, reason: collision with root package name */
        public String f3564e;

        /* renamed from: f, reason: collision with root package name */
        public String f3565f;

        /* renamed from: g, reason: collision with root package name */
        public String f3566g;

        /* renamed from: h, reason: collision with root package name */
        public URI f3567h;

        /* renamed from: i, reason: collision with root package name */
        public Collection<String> f3568i;
        public d.e.c.b.b j;
        public String k;

        public b() {
        }

        public b(ServiceAccountCredentials serviceAccountCredentials) {
            this.f3561b = serviceAccountCredentials.clientId;
            this.f3562c = serviceAccountCredentials.clientEmail;
            this.f3563d = serviceAccountCredentials.privateKey;
            this.f3564e = serviceAccountCredentials.privateKeyId;
            this.f3568i = serviceAccountCredentials.scopes;
            this.j = serviceAccountCredentials.f3560c;
            this.f3567h = serviceAccountCredentials.tokenServerUri;
            this.f3565f = serviceAccountCredentials.serviceAccountUser;
            this.f3566g = serviceAccountCredentials.projectId;
            this.k = serviceAccountCredentials.quotaProjectId;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a, com.google.auth.oauth2.OAuth2Credentials.a
        public ServiceAccountCredentials a() {
            return new ServiceAccountCredentials(this.f3561b, this.f3562c, this.f3563d, this.f3564e, this.f3568i, this.j, this.f3567h, this.f3565f, this.f3566g, this.k);
        }
    }

    public ServiceAccountCredentials(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, d.e.c.b.b bVar, URI uri, String str4, String str5, String str6) {
        this.clientId = str;
        if (str2 == null) {
            throw null;
        }
        this.clientEmail = str2;
        if (privateKey == null) {
            throw null;
        }
        this.privateKey = privateKey;
        this.privateKeyId = str3;
        this.scopes = collection == null ? ImmutableSet.of() : ImmutableSet.copyOf((Collection) collection);
        d.e.c.b.b bVar2 = (d.e.c.b.b) s.d(bVar, OAuth2Credentials.getFromServiceLoader(d.e.c.b.b.class, d.e.c.c.b.f8869c));
        this.f3560c = bVar2;
        this.transportFactoryClassName = bVar2.getClass().getName();
        this.tokenServerUri = uri == null ? d.e.c.c.b.f8867a : uri;
        this.serviceAccountUser = str4;
        this.projectId = str5;
        this.quotaProjectId = str6;
    }

    public static ServiceAccountCredentials fromJson(Map<String, Object> map, d.e.c.b.b bVar) {
        URI uri;
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        String str7 = (String) map.get("quota_project_id");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        URI uri2 = uri;
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return fromPkcs8(str, str2, str3, str4, null, bVar, uri2, null, str5, str7);
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection) {
        return fromPkcs8(str, str2, str3, str4, collection, null, null, null, null, null);
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, d.e.c.b.b bVar, URI uri) {
        return fromPkcs8(str, str2, str3, str4, collection, bVar, uri, null, null, null);
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, d.e.c.b.b bVar, URI uri, String str5) {
        return fromPkcs8(str, str2, str3, str4, collection, bVar, uri, str5, null, null);
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, d.e.c.b.b bVar, URI uri, String str5, String str6, String str7) {
        return new ServiceAccountCredentials(str, str2, privateKeyFromPkcs8(str3), str4, collection, bVar, uri, str5, str6, str7);
    }

    public static ServiceAccountCredentials fromStream(InputStream inputStream) {
        return fromStream(inputStream, d.e.c.c.b.f8869c);
    }

    public static ServiceAccountCredentials fromStream(InputStream inputStream, d.e.c.b.b bVar) {
        if (inputStream == null) {
            throw null;
        }
        if (bVar == null) {
            throw null;
        }
        d.e.b.a.b.b bVar2 = (d.e.b.a.b.b) new d.e.b.a.b.e(d.e.c.c.b.f8870d).a(inputStream, d.e.c.c.b.f8871e, d.e.b.a.b.b.class);
        String str = (String) bVar2.get(c.y);
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if (GoogleCredentials.SERVICE_ACCOUNT_FILE_TYPE.equals(str)) {
            return fromJson(bVar2, bVar);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, GoogleCredentials.SERVICE_ACCOUNT_FILE_TYPE));
    }

    public static b newBuilder() {
        return new b();
    }

    public static PrivateKey privateKeyFromPkcs8(String str) {
        v vVar = new v(new StringReader(str));
        try {
            v.a a2 = vVar.a("PRIVATE KEY");
            if (a2 == null) {
                throw new IOException("Invalid PKCS#8 data.");
            }
            try {
                return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(a2.f8849a));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
                throw new IOException("Unexpected exception reading PKCS#8 data", e2);
            }
        } finally {
            vVar.f8848a.close();
        }
    }

    private void readObject(ObjectInputStream objectInputStream) {
        objectInputStream.defaultReadObject();
        this.f3560c = (d.e.c.b.b) OAuth2Credentials.newInstance(this.transportFactoryClassName);
    }

    public String createAssertion(d.e.b.a.b.c cVar, long j, String str) {
        a.C0119a c0119a = new a.C0119a();
        c0119a.f8759d = "RS256";
        b.C0120b c0120b = new b.C0120b();
        c0120b.f8762d = Long.valueOf((j / 1000) + 3600);
        c0120b.put("scope", h.a(' ').a((Iterable<?>) this.scopes));
        if (str == null) {
            d.e.c.c.b.f8867a.toString();
        }
        try {
            return d.e.b.a.b.j.a.a(this.privateKey, cVar, c0119a, c0120b);
        } catch (GeneralSecurityException e2) {
            throw new IOException("Error signing service account access token request with private key.", e2);
        }
    }

    public String createAssertionForIdToken(d.e.b.a.b.c cVar, long j, String str, String str2) {
        a.C0119a c0119a = new a.C0119a();
        c0119a.f8759d = "RS256";
        b.C0120b c0120b = new b.C0120b();
        c0120b.f8762d = Long.valueOf((j / 1000) + 3600);
        if (str == null) {
            d.e.c.c.b.f8867a.toString();
        }
        try {
            c0120b.b("target_audience", (Object) str2);
            return d.e.b.a.b.j.a.a(this.privateKey, cVar, c0119a, c0120b);
        } catch (GeneralSecurityException e2) {
            throw new IOException("Error signing service account access token request with private key.", e2);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createDelegated(String str) {
        return new ServiceAccountCredentials(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, this.scopes, this.f3560c, this.tokenServerUri, str, this.projectId, this.quotaProjectId);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection) {
        return new ServiceAccountCredentials(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, collection, this.f3560c, this.tokenServerUri, this.serviceAccountUser, this.projectId, this.quotaProjectId);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public boolean createScopedRequired() {
        return this.scopes.isEmpty();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.clientId, serviceAccountCredentials.clientId) && Objects.equals(this.clientEmail, serviceAccountCredentials.clientEmail) && Objects.equals(this.privateKey, serviceAccountCredentials.privateKey) && Objects.equals(this.privateKeyId, serviceAccountCredentials.privateKeyId) && Objects.equals(this.transportFactoryClassName, serviceAccountCredentials.transportFactoryClassName) && Objects.equals(this.tokenServerUri, serviceAccountCredentials.tokenServerUri) && Objects.equals(this.scopes, serviceAccountCredentials.scopes) && Objects.equals(this.quotaProjectId, serviceAccountCredentials.quotaProjectId);
    }

    public String getAccount() {
        return getClientEmail();
    }

    public final String getClientEmail() {
        return this.clientEmail;
    }

    public final String getClientId() {
        return this.clientId;
    }

    public final PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public final String getPrivateKeyId() {
        return this.privateKeyId;
    }

    public final String getProjectId() {
        return this.projectId;
    }

    public String getQuotaProjectId() {
        return this.quotaProjectId;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) {
        return GoogleCredentials.addQuotaProjectIdToRequestMetadata(this.quotaProjectId, super.getRequestMetadata(uri));
    }

    public final Collection<String> getScopes() {
        return this.scopes;
    }

    public final String getServiceAccountUser() {
        return this.serviceAccountUser;
    }

    public final URI getTokenServerUri() {
        return this.tokenServerUri;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, this.transportFactoryClassName, this.tokenServerUri, this.scopes, this.quotaProjectId);
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken idTokenWithAudience(String str, List<IdTokenProvider.Option> list) {
        d.e.b.a.b.c cVar = d.e.c.c.b.f8870d;
        String createAssertionForIdToken = createAssertionForIdToken(cVar, this.clock.a(), this.tokenServerUri.toString(), str);
        GenericData genericData = new GenericData();
        genericData.b("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        genericData.b("assertion", createAssertionForIdToken);
        d.e.b.a.a.h a2 = this.f3560c.a().a().a("POST", new d.e.b.a.a.c(this.tokenServerUri), new q(genericData));
        a2.p = new d.e.b.a.b.e(cVar);
        return IdToken.create(d.e.c.c.b.c((GenericData) a2.a().a(GenericData.class), "id_token", "Error parsing token refresh response. "));
    }

    public JwtCredentials jwtWithClaims(JwtClaims jwtClaims) {
        JwtClaims.a newBuilder = JwtClaims.newBuilder();
        String str = this.clientEmail;
        AutoValue_JwtClaims.b bVar = (AutoValue_JwtClaims.b) newBuilder;
        bVar.f3529b = str;
        bVar.f3530c = str;
        JwtCredentials.b newBuilder2 = JwtCredentials.newBuilder();
        newBuilder2.a(this.privateKey);
        newBuilder2.f3554b = this.privateKeyId;
        newBuilder2.a(bVar.a().merge(jwtClaims));
        newBuilder2.a(this.clock);
        return newBuilder2.a();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() {
        if (createScopedRequired()) {
            throw new IOException("Scopes not configured for service account. Scoped should be specified by calling createScoped or passing scopes to constructor.");
        }
        d.e.b.a.b.c cVar = d.e.c.c.b.f8870d;
        String createAssertion = createAssertion(cVar, this.clock.a(), this.tokenServerUri.toString());
        GenericData genericData = new GenericData();
        genericData.b("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        genericData.b("assertion", createAssertion);
        d.e.b.a.a.h a2 = this.f3560c.a().a().a("POST", new d.e.b.a.a.c(this.tokenServerUri), new q(genericData));
        a2.p = new d.e.b.a.b.e(cVar);
        a2.o = new d(new j());
        e eVar = new e(new j());
        eVar.f8681b = new a(this);
        a2.n = eVar;
        try {
            return new AccessToken(d.e.c.c.b.c((GenericData) a2.a().a(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date((d.e.c.c.b.a(r0, "expires_in", "Error parsing token refresh response. ") * 1000) + this.clock.a()));
        } catch (IOException e2) {
            throw new IOException(String.format("Error getting access token for service account: %s", e2.getMessage()), e2);
        }
    }

    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
            throw new ServiceAccountSigner$SigningException("Failed to sign the provided bytes", e2);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public b toBuilder() {
        return new b(this);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        d.e.e.a.j h2 = s.h(this);
        h2.a("clientId", this.clientId);
        h2.a("clientEmail", this.clientEmail);
        h2.a("privateKeyId", this.privateKeyId);
        h2.a("transportFactoryClassName", this.transportFactoryClassName);
        h2.a("tokenServerUri", this.tokenServerUri);
        h2.a("scopes", this.scopes);
        h2.a("serviceAccountUser", this.serviceAccountUser);
        h2.a("quotaProjectId", this.quotaProjectId);
        return h2.toString();
    }
}
