package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpBackOffIOExceptionHandler;
import com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.Clock;
import com.google.api.client.util.ExponentialBackOff;
import com.google.api.client.util.GenericData;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.base.Joiner;
import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterators;
import j$.util.Objects;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.ServiceLoader;
import java.util.concurrent.TimeUnit;

/* loaded from: classes.dex */
public class ServiceAccountCredentials extends GoogleCredentials implements ServiceAccountSigner, IdTokenProvider, JwtProvider {
    public static final /* synthetic */ int E = 0;
    public final boolean A;
    public final boolean B;
    public final transient HttpTransportFactory C;
    public transient JwtCredentials D;
    public final String p;
    public final String q;
    public final PrivateKey r;
    public final String s;
    public final String t;
    public final String u;
    public final String v;
    public final URI w;
    public final ImmutableSet x;
    public final ImmutableSet y;
    public final int z;

    /* loaded from: classes.dex */
    public static class Builder extends GoogleCredentials.Builder {
        public String c;

        /* renamed from: d, reason: collision with root package name */
        public String f2478d;
        public PrivateKey e;
        public String f;
        public String g;
        public String h;
        public URI i;
        public Collection j;
        public Collection k;
        public HttpTransportFactory l;
        public int m;
        public boolean n;
        public boolean o;
    }

    public ServiceAccountCredentials(Builder builder) {
        super(builder);
        this.D = null;
        this.p = builder.c;
        String str = builder.f2478d;
        str.getClass();
        this.q = str;
        PrivateKey privateKey = builder.e;
        privateKey.getClass();
        this.r = privateKey;
        this.s = builder.f;
        Collection collection = builder.j;
        this.x = collection == null ? ImmutableSet.x() : ImmutableSet.s(collection);
        Collection collection2 = builder.k;
        this.y = collection2 == null ? ImmutableSet.x() : ImmutableSet.s(collection2);
        HttpTransportFactory httpTransportFactory = (HttpTransportFactory) MoreObjects.a(builder.l, Iterators.f(OAuth2Utils.c, ServiceLoader.load(HttpTransportFactory.class).iterator()));
        this.C = httpTransportFactory;
        this.v = httpTransportFactory.getClass().getName();
        URI uri = builder.i;
        this.w = uri == null ? OAuth2Utils.f2473a : uri;
        this.t = builder.g;
        this.u = builder.h;
        int i = builder.m;
        if (i > 43200) {
            throw new IllegalStateException("lifetime must be less than or equal to 43200");
        }
        this.z = i;
        this.A = builder.n;
        this.B = builder.o;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public final Map a(URI uri) {
        String str;
        JwtCredentials l;
        if (k() && uri == null) {
            throw new IOException("Scopes and uri are not configured for service account. Specify the scopes by calling createScoped or passing scopes to constructor or providing uri to getRequestMetadata.");
        }
        boolean k = k();
        boolean z = this.A;
        if ((!k && !z) || ((str = this.t) != null && str.length() > 0)) {
            return super.a(uri);
        }
        if (k() || !z) {
            l = l(uri);
        } else {
            if (this.D == null) {
                this.D = l(null);
            }
            l = this.D;
        }
        return GoogleCredentials.i(this.o, l.a(null));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public final boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.p, serviceAccountCredentials.p) && Objects.equals(this.q, serviceAccountCredentials.q) && Objects.equals(this.r, serviceAccountCredentials.r) && Objects.equals(this.s, serviceAccountCredentials.s) && Objects.equals(this.v, serviceAccountCredentials.v) && Objects.equals(this.w, serviceAccountCredentials.w) && Objects.equals(this.x, serviceAccountCredentials.x) && Objects.equals(this.y, serviceAccountCredentials.y) && Objects.equals(this.o, serviceAccountCredentials.o) && Integer.valueOf(this.z).equals(Integer.valueOf(serviceAccountCredentials.z)) && Boolean.valueOf(this.A).equals(Boolean.valueOf(serviceAccountCredentials.A)) && Boolean.valueOf(this.B).equals(Boolean.valueOf(serviceAccountCredentials.B));
    }

    /* JADX WARN: Type inference failed for: r7v4, types: [java.lang.Object, com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler$BackOffRequired] */
    @Override // com.google.auth.oauth2.OAuth2Credentials
    public final AccessToken g() {
        GsonFactory gsonFactory = OAuth2Utils.f2474d;
        Clock clock = this.k;
        long a2 = clock.a();
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.s);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        String str = this.q;
        payload.setIssuer(str);
        long j = a2 / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(j));
        payload.setExpirationTimeSeconds(Long.valueOf(j + this.z));
        payload.setSubject(this.t);
        ImmutableSet immutableSet = this.x;
        payload.put("scope", (Object) (immutableSet.isEmpty() ? new Joiner(String.valueOf(' ')).b(this.y) : new Joiner(String.valueOf(' ')).b(immutableSet)));
        payload.setAudience(OAuth2Utils.f2473a.toString());
        try {
            String signUsingRsaSha256 = JsonWebSignature.signUsingRsaSha256(this.r, gsonFactory, header, payload);
            GenericData genericData = new GenericData();
            genericData.set("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
            genericData.set("assertion", signUsingRsaSha256);
            HttpRequest a3 = this.C.a().b().a("POST", new GenericUrl(this.w), new UrlEncodedContent(genericData));
            if (this.B) {
                a3.f2410d = 3;
            } else {
                a3.f2410d = 0;
            }
            a3.q = new JsonObjectParser(gsonFactory);
            ExponentialBackOff.Builder builder = new ExponentialBackOff.Builder();
            builder.f2442a = 1000;
            builder.b = 0.1d;
            builder.c = 2.0d;
            ExponentialBackOff exponentialBackOff = new ExponentialBackOff(builder);
            HttpBackOffUnsuccessfulResponseHandler httpBackOffUnsuccessfulResponseHandler = new HttpBackOffUnsuccessfulResponseHandler(exponentialBackOff);
            httpBackOffUnsuccessfulResponseHandler.b = new Object();
            a3.n = httpBackOffUnsuccessfulResponseHandler;
            a3.o = new HttpBackOffIOExceptionHandler(exponentialBackOff);
            try {
                return new AccessToken(OAuth2Utils.b("access_token", "Error parsing token refresh response. ", (GenericData) a3.b().e(GenericData.class)), new Date((OAuth2Utils.a(r0) * 1000) + clock.a()));
            } catch (HttpResponseException e) {
                throw GoogleAuthException.a(e, String.format("Error getting access token for service account: %s, iss: %s", e.getMessage(), str));
            } catch (IOException e2) {
                String format = String.format("Error getting access token for service account: %s, iss: %s", e2.getMessage(), str);
                if (format == null) {
                    throw new IOException(e2);
                }
                throw new IOException(format, e2);
            }
        } catch (GeneralSecurityException e3) {
            throw new IOException("Error signing service account access token request with private key.", e3);
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public final int hashCode() {
        return Objects.hash(this.p, this.q, this.r, this.s, this.v, this.w, this.x, this.y, this.o, Integer.valueOf(this.z), Boolean.valueOf(this.A), Boolean.valueOf(this.B));
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.google.auth.oauth2.GoogleCredentials$Builder, com.google.auth.oauth2.ServiceAccountCredentials$Builder] */
    @Override // com.google.auth.oauth2.GoogleCredentials
    public final GoogleCredentials j(List list) {
        ?? builder = new GoogleCredentials.Builder(this);
        builder.c = this.p;
        builder.f2478d = this.q;
        builder.e = this.r;
        builder.f = this.s;
        builder.l = this.C;
        builder.i = this.w;
        builder.g = this.t;
        builder.h = this.u;
        builder.m = this.z;
        builder.n = this.A;
        builder.o = this.B;
        builder.j = list;
        builder.k = null;
        return new ServiceAccountCredentials(builder);
    }

    public final boolean k() {
        return this.x.isEmpty() && this.y.isEmpty();
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.google.auth.oauth2.AutoValue_JwtClaims$Builder, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r7v6, types: [com.google.auth.oauth2.JwtCredentials$Builder, java.lang.Object] */
    public final JwtCredentials l(URI uri) {
        ?? obj = new Object();
        ImmutableMap j = ImmutableMap.j();
        if (j == null) {
            throw new NullPointerException("Null additionalClaims");
        }
        obj.f2460d = j;
        String str = this.q;
        obj.b = str;
        obj.c = str;
        if (uri == null) {
            ImmutableSet immutableSet = this.x;
            Map singletonMap = Collections.singletonMap("scope", !immutableSet.isEmpty() ? new Joiner(String.valueOf(' ')).b(immutableSet) : new Joiner(String.valueOf(' ')).b(this.y));
            if (singletonMap == null) {
                throw new NullPointerException("Null additionalClaims");
            }
            obj.f2460d = singletonMap;
        } else {
            if (uri.getScheme() != null && uri.getHost() != null) {
                try {
                    uri = new URI(uri.getScheme(), uri.getHost(), "/", null);
                } catch (URISyntaxException unused) {
                }
            }
            obj.f2459a = uri.toString();
        }
        int i = JwtCredentials.o;
        ?? obj2 = new Object();
        obj2.f2467d = Clock.f2438a;
        obj2.e = Long.valueOf(TimeUnit.HOURS.toSeconds(1L));
        PrivateKey privateKey = this.r;
        privateKey.getClass();
        obj2.f2466a = privateKey;
        obj2.b = this.s;
        Map map = obj.f2460d;
        if (map == null) {
            throw new IllegalStateException("Missing required properties: additionalClaims");
        }
        obj2.c = new AutoValue_JwtClaims(obj.f2459a, obj.b, obj.c, map);
        Clock clock = this.k;
        clock.getClass();
        obj2.f2467d = clock;
        return new JwtCredentials(obj2);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public final String toString() {
        MoreObjects.ToStringHelper b = MoreObjects.b(this);
        b.a(this.p, "clientId");
        b.a(this.q, "clientEmail");
        b.a(this.s, "privateKeyId");
        b.a(this.v, "transportFactoryClassName");
        b.a(this.w, "tokenServerUri");
        b.a(this.x, "scopes");
        b.a(this.y, "defaultScopes");
        b.a(this.t, "serviceAccountUser");
        b.a(this.o, "quotaProjectId");
        b.c(String.valueOf(this.z), "lifetime");
        b.c(String.valueOf(this.A), "useJwtAccessWithScope");
        b.c(String.valueOf(this.B), "defaultRetriesEnabled");
        return b.toString();
    }
}
