package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpHeaders;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpRequestFactory;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.util.GenericData;
import com.google.auth.RequestMetadataCallback;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.OAuth2Credentials;
import com.google.auth.oauth2.StsRequestHandler;
import com.google.common.base.Joiner;
import com.google.common.base.MoreObjects;
import com.google.common.collect.Iterators;
import java.io.Serializable;
import java.math.BigDecimal;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.ServiceLoader;
import java.util.regex.Pattern;

/* loaded from: classes.dex */
public abstract class ExternalAccountCredentials extends GoogleCredentials {
    public final String A;
    public final String B;
    public final transient HttpTransportFactory C;
    public final ImpersonatedCredentials D;
    public ImpersonatedCredentials E;
    public final EnvironmentProvider F;
    public final String p;
    public final String q;
    public final String r;
    public final CredentialSource s;
    public final Collection t;
    public final ServiceAccountImpersonationOptions u;
    public final ExternalAccountMetricsHandler v;
    public final String w;
    public final String x;
    public final String y;
    public final String z;

    /* renamed from: com.google.auth.oauth2.ExternalAccountCredentials$1, reason: invalid class name */
    /* loaded from: classes.dex */
    class AnonymousClass1 implements RequestMetadataCallback {
    }

    /* loaded from: classes.dex */
    public static abstract class Builder extends GoogleCredentials.Builder {
        public final String c;

        /* renamed from: d, reason: collision with root package name */
        public final String f2464d;
        public final String e;
        public final String f;
        public final CredentialSource g;
        public final EnvironmentProvider h;
        public final HttpTransportFactory i;
        public String j;
        public final String k;
        public final String l;
        public Collection m;
        public final String n;
        public final ServiceAccountImpersonationOptions o;
        public final String p;
        public final ExternalAccountMetricsHandler q;

        public Builder(ExternalAccountCredentials externalAccountCredentials) {
            super(externalAccountCredentials);
            this.i = externalAccountCredentials.C;
            this.c = externalAccountCredentials.p;
            this.f2464d = externalAccountCredentials.q;
            this.e = externalAccountCredentials.r;
            this.f = externalAccountCredentials.w;
            this.j = externalAccountCredentials.x;
            this.g = externalAccountCredentials.s;
            this.k = externalAccountCredentials.y;
            this.l = externalAccountCredentials.z;
            this.m = externalAccountCredentials.t;
            this.h = externalAccountCredentials.F;
            this.n = externalAccountCredentials.B;
            this.o = externalAccountCredentials.u;
            this.p = externalAccountCredentials.A;
            this.q = externalAccountCredentials.v;
        }
    }

    /* loaded from: classes.dex */
    public static abstract class CredentialSource implements Serializable {
    }

    /* loaded from: classes.dex */
    public static final class ServiceAccountImpersonationOptions implements Serializable {
        public final int f;
        public final boolean g;

        public ServiceAccountImpersonationOptions(HashMap hashMap) {
            boolean containsKey = hashMap.containsKey("token_lifetime_seconds");
            this.g = containsKey;
            if (!containsKey) {
                this.f = 3600;
                return;
            }
            try {
                Object obj = hashMap.get("token_lifetime_seconds");
                this.f = obj instanceof BigDecimal ? ((BigDecimal) obj).intValue() : hashMap.get("token_lifetime_seconds") instanceof Integer ? ((Integer) obj).intValue() : Integer.parseInt((String) obj);
                int i = this.f;
                if (i < 600 || i > 43200) {
                    throw new IllegalArgumentException(String.format("The \"token_lifetime_seconds\" field must be between %s and %s seconds.", 600, 43200));
                }
            } catch (ArithmeticException e) {
                e = e;
                throw new IllegalArgumentException("Value of \"token_lifetime_seconds\" field could not be parsed into an integer.", e);
            } catch (NumberFormatException e2) {
                e = e2;
                throw new IllegalArgumentException("Value of \"token_lifetime_seconds\" field could not be parsed into an integer.", e);
            }
        }
    }

    public ExternalAccountCredentials(Builder builder) {
        super(builder);
        this.C = (HttpTransportFactory) MoreObjects.a(builder.i, Iterators.f(OAuth2Utils.c, ServiceLoader.load(HttpTransportFactory.class).iterator()));
        String str = builder.c;
        str.getClass();
        this.p = str;
        String str2 = builder.f2464d;
        str2.getClass();
        this.q = str2;
        String str3 = builder.e;
        str3.getClass();
        this.r = str3;
        CredentialSource credentialSource = builder.g;
        credentialSource.getClass();
        this.s = credentialSource;
        this.w = builder.f;
        String str4 = builder.j;
        this.x = str4;
        this.y = builder.k;
        this.z = builder.l;
        Collection collection = builder.m;
        this.t = (collection == null || collection.isEmpty()) ? Arrays.asList("https://www.googleapis.com/auth/cloud-platform") : builder.m;
        EnvironmentProvider environmentProvider = builder.h;
        this.F = environmentProvider == null ? SystemEnvironmentProvider.f : environmentProvider;
        ServiceAccountImpersonationOptions serviceAccountImpersonationOptions = builder.o;
        this.u = serviceAccountImpersonationOptions == null ? new ServiceAccountImpersonationOptions(new HashMap()) : serviceAccountImpersonationOptions;
        String str5 = builder.n;
        this.B = str5;
        if (str5 != null) {
            Pattern compile = Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$");
            if (str5 == null || !compile.matcher(str).matches()) {
                throw new IllegalArgumentException("The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.");
            }
        }
        this.A = builder.p;
        if (!n(str3)) {
            throw new IllegalArgumentException("The provided token URL is invalid.");
        }
        if (str4 != null && !n(str4)) {
            throw new IllegalArgumentException("The provided service account impersonation URL is invalid.");
        }
        ExternalAccountMetricsHandler externalAccountMetricsHandler = builder.q;
        this.v = externalAccountMetricsHandler == null ? new ExternalAccountMetricsHandler(this) : externalAccountMetricsHandler;
        this.D = k();
    }

    public static boolean n(String str) {
        URI create;
        try {
            create = URI.create(str);
        } catch (Exception unused) {
        }
        return (create.getScheme() == null || create.getHost() == null || !"https".equals(create.getScheme().toLowerCase(Locale.US))) ? false : true;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public final Map a(URI uri) {
        return GoogleCredentials.i(this.o, super.a(uri));
    }

    /* JADX WARN: Type inference failed for: r3v0, types: [com.google.auth.oauth2.IdentityPoolCredentials$Builder, com.google.auth.oauth2.ExternalAccountCredentials$Builder] */
    /* JADX WARN: Type inference failed for: r3v1, types: [com.google.auth.oauth2.PluggableAuthCredentials$Builder, com.google.auth.oauth2.ExternalAccountCredentials$Builder] */
    /* JADX WARN: Type inference failed for: r3v2, types: [com.google.auth.oauth2.OAuth2Credentials$Builder, com.google.auth.oauth2.ImpersonatedCredentials$Builder] */
    /* JADX WARN: Type inference failed for: r3v3, types: [com.google.auth.oauth2.AwsCredentials$Builder, com.google.auth.oauth2.ExternalAccountCredentials$Builder] */
    public final ImpersonatedCredentials k() {
        GoogleCredentials identityPoolCredentials;
        String str = this.x;
        if (str == null) {
            return null;
        }
        if (this instanceof AwsCredentials) {
            ?? builder = new Builder((AwsCredentials) this);
            builder.j = null;
            identityPoolCredentials = new AwsCredentials(builder);
        } else if (this instanceof PluggableAuthCredentials) {
            PluggableAuthCredentials pluggableAuthCredentials = (PluggableAuthCredentials) this;
            ?? builder2 = new Builder(pluggableAuthCredentials);
            builder2.r = pluggableAuthCredentials.H;
            builder2.j = null;
            identityPoolCredentials = new PluggableAuthCredentials(builder2);
        } else {
            ?? builder3 = new Builder((IdentityPoolCredentials) this);
            builder3.j = null;
            identityPoolCredentials = new IdentityPoolCredentials(builder3);
        }
        String k = ImpersonatedCredentials.k(str);
        ?? builder4 = new OAuth2Credentials.Builder();
        builder4.g = 3600;
        builder4.j = Calendar.getInstance();
        builder4.c = identityPoolCredentials;
        builder4.h = this.C;
        builder4.f2465d = k;
        builder4.f = new ArrayList(this.t);
        int i = this.u.f;
        builder4.g = i != 0 ? i : 3600;
        builder4.i = str;
        return new ImpersonatedCredentials(builder4);
    }

    public final AccessToken l(StsTokenExchangeRequest stsTokenExchangeRequest) {
        ImpersonatedCredentials impersonatedCredentials = this.E;
        if (impersonatedCredentials != null) {
            return impersonatedCredentials.g();
        }
        ImpersonatedCredentials impersonatedCredentials2 = this.D;
        if (impersonatedCredentials2 != null) {
            return impersonatedCredentials2.g();
        }
        HttpRequestFactory b = this.C.a().b();
        String str = this.r;
        StsRequestHandler.Builder builder = new StsRequestHandler.Builder(str, stsTokenExchangeRequest, b);
        Pattern compile = Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$");
        String str2 = this.B;
        if (str2 != null && compile.matcher(this.p).matches()) {
            GenericJson genericJson = new GenericJson();
            genericJson.setFactory(OAuth2Utils.f2474d);
            genericJson.put("userProject", (Object) str2);
            builder.f2479a = genericJson.toString();
        }
        HttpHeaders httpHeaders = new HttpHeaders();
        ExternalAccountMetricsHandler externalAccountMetricsHandler = this.v;
        externalAccountMetricsHandler.getClass();
        httpHeaders.k(String.format("%s %s %s/%s %s/%s %s/%s", String.format("gl-java/%s auth/%s", MetricsUtils.b, MetricsUtils.f2468a), "google-byoid-sdk", "source", externalAccountMetricsHandler.h, "sa-impersonation", Boolean.valueOf(externalAccountMetricsHandler.g), "config-lifetime", Boolean.valueOf(externalAccountMetricsHandler.f)), "x-goog-api-client");
        String str3 = stsTokenExchangeRequest.h;
        if (str3 != null) {
            builder.f2479a = str3;
        }
        String str4 = builder.f2479a;
        GenericData genericData = new GenericData();
        genericData.set("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange");
        genericData.set("subject_token_type", stsTokenExchangeRequest.b);
        genericData.set("subject_token", stsTokenExchangeRequest.f2480a);
        ArrayList arrayList = new ArrayList();
        List list = stsTokenExchangeRequest.f2481d;
        if (list != null && !list.isEmpty()) {
            arrayList.addAll(list);
            genericData.set("scope", new Joiner(String.valueOf(' ')).b(arrayList));
        }
        String str5 = stsTokenExchangeRequest.g;
        if (str5 == null || str5.isEmpty()) {
            str5 = "urn:ietf:params:oauth:token-type:access_token";
        }
        genericData.set("requested_token_type", str5);
        String str6 = stsTokenExchangeRequest.e;
        if (str6 != null && !str6.isEmpty()) {
            genericData.set("resource", str6);
        }
        String str7 = stsTokenExchangeRequest.f;
        if (str7 != null && !str7.isEmpty()) {
            genericData.set("audience", str7);
        }
        if (stsTokenExchangeRequest.c != null) {
            genericData.set("actor_token", null);
            genericData.set("actor_token_type", null);
        }
        if (str4 != null && !str4.isEmpty()) {
            genericData.set("options", str4);
        }
        HttpRequest a2 = b.a("POST", new GenericUrl(str), new UrlEncodedContent(genericData));
        a2.q = new JsonObjectParser(OAuth2Utils.f2474d);
        a2.b = httpHeaders;
        try {
            return StsRequestHandler.a((GenericData) a2.b().e(GenericData.class)).f2483a;
        } catch (HttpResponseException e) {
            int i = OAuthException.i;
            GenericJson genericJson2 = (GenericJson) OAuth2Utils.f2474d.createJsonParser(e.g).parseAndClose(GenericJson.class);
            throw new OAuthException((String) genericJson2.get("error"), genericJson2.containsKey("error_description") ? (String) genericJson2.get("error_description") : null, genericJson2.containsKey("error_uri") ? (String) genericJson2.get("error_uri") : null);
        }
    }

    public String m() {
        return "unknown";
    }
}
