package b.b.c.e;

import b.b.c.e.f0;
import b.b.c.e.g;
import b.b.c.e.j0;
import b.b.c.e.u;
import b.b.c.e.y;
import b.b.c.e.z;
import com.bytsh.bytshlib.utilcode.constant.CacheConstants;
import java.io.InputStream;
import java.math.BigDecimal;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.Executor;
import java.util.regex.Pattern;

/* compiled from: ExternalAccountCredentials.java */
/* loaded from: classes2.dex */
public abstract class s extends u {
    static final String EXECUTABLE_SOURCE_KEY = "executable";
    static final String EXTERNAL_ACCOUNT_FILE_TYPE = "external_account";
    private final String audience;
    private final String clientId;
    private final String clientSecret;
    private final c credentialSource;
    private p environmentProvider;
    protected final z impersonatedCredentials;
    private z impersonatedCredentialsOverride;
    private final String quotaProjectId;
    private final Collection<String> scopes;
    private final d serviceAccountImpersonationOptions;
    private final String serviceAccountImpersonationUrl;
    private final String subjectTokenType;
    private final String tokenInfoUrl;
    private final String tokenUrl;
    protected transient b.b.c.d.b transportFactory;
    private final String transportFactoryClassName;
    private final String workforcePoolUserProject;

    /* compiled from: ExternalAccountCredentials.java */
    /* loaded from: classes2.dex */
    class a implements b.b.c.b {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ b.b.c.b f4083a;

        a(b.b.c.b bVar) {
            this.f4083a = bVar;
        }

        @Override // b.b.c.b
        public void a(Throwable th) {
            this.f4083a.a(th);
        }

        @Override // b.b.c.b
        public void b(Map<String, List<String>> map) {
            this.f4083a.b(u.addQuotaProjectIdToRequestMetadata(s.this.quotaProjectId, map));
        }
    }

    /* compiled from: ExternalAccountCredentials.java */
    /* loaded from: classes2.dex */
    public static abstract class b extends u.a {

        /* renamed from: d, reason: collision with root package name */
        protected String f4085d;

        /* renamed from: e, reason: collision with root package name */
        protected String f4086e;

        /* renamed from: f, reason: collision with root package name */
        protected String f4087f;

        /* renamed from: g, reason: collision with root package name */
        protected String f4088g;

        /* renamed from: h, reason: collision with root package name */
        protected c f4089h;

        /* renamed from: i, reason: collision with root package name */
        protected p f4090i;
        protected b.b.c.d.b j;
        protected String k;
        protected String l;
        protected String m;
        protected String n;
        protected Collection<String> o;
        protected String p;
        protected d q;

        /* JADX INFO: Access modifiers changed from: protected */
        public b() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public b(s sVar) {
            this.j = sVar.transportFactory;
            this.f4085d = sVar.audience;
            this.f4086e = sVar.subjectTokenType;
            this.f4087f = sVar.tokenUrl;
            this.f4088g = sVar.tokenInfoUrl;
            this.k = sVar.serviceAccountImpersonationUrl;
            this.f4089h = sVar.credentialSource;
            this.l = sVar.quotaProjectId;
            this.m = sVar.clientId;
            this.n = sVar.clientSecret;
            this.o = sVar.scopes;
            this.f4090i = sVar.environmentProvider;
            this.p = sVar.workforcePoolUserProject;
            this.q = sVar.serviceAccountImpersonationOptions;
        }

        public abstract s f();

        public b g(String str) {
            this.f4085d = str;
            return this;
        }

        public b h(String str) {
            this.m = str;
            return this;
        }

        public b i(String str) {
            this.n = str;
            return this;
        }

        public b j(c cVar) {
            this.f4089h = cVar;
            return this;
        }

        public b k(b.b.c.d.b bVar) {
            this.j = bVar;
            return this;
        }

        public b l(String str) {
            this.l = str;
            return this;
        }

        public b m(Collection<String> collection) {
            this.o = collection;
            return this;
        }

        public b n(Map<String, Object> map) {
            this.q = new d(map);
            return this;
        }

        public b o(String str) {
            this.k = str;
            return this;
        }

        public b p(String str) {
            this.f4086e = str;
            return this;
        }

        public b q(String str) {
            this.f4088g = str;
            return this;
        }

        public b r(String str) {
            this.f4087f = str;
            return this;
        }

        public b s(String str) {
            this.p = str;
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ExternalAccountCredentials.java */
    /* loaded from: classes2.dex */
    public static abstract class c {
        /* JADX INFO: Access modifiers changed from: package-private */
        public c(Map<String, Object> map) {
            b.b.d.a.r.n(map);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ExternalAccountCredentials.java */
    /* loaded from: classes2.dex */
    public static final class d {

        /* renamed from: a, reason: collision with root package name */
        private final int f4091a;

        d(Map<String, Object> map) {
            if (!map.containsKey("token_lifetime_seconds")) {
                this.f4091a = CacheConstants.HOUR;
                return;
            }
            try {
                Object obj = map.get("token_lifetime_seconds");
                if (obj instanceof BigDecimal) {
                    this.f4091a = ((BigDecimal) obj).intValue();
                } else if (map.get("token_lifetime_seconds") instanceof Integer) {
                    this.f4091a = ((Integer) obj).intValue();
                } else {
                    this.f4091a = Integer.parseInt((String) obj);
                }
                int i2 = this.f4091a;
                if (i2 < 600 || i2 > 43200) {
                    throw new IllegalArgumentException(String.format("The \"token_lifetime_seconds\" field must be between %s and %s seconds.", 600, 43200));
                }
            } catch (ArithmeticException | NumberFormatException e2) {
                throw new IllegalArgumentException("Value of \"token_lifetime_seconds\" field could not be parsed into an integer.", e2);
            }
        }
    }

    protected s(b.b.c.d.b bVar, String str, String str2, String str3, c cVar, String str4, String str5, String str6, String str7, String str8, Collection<String> collection) {
        this(bVar, str, str2, str3, cVar, str4, str5, str6, str7, str8, collection, null);
    }

    protected s(b.b.c.d.b bVar, String str, String str2, String str3, c cVar, String str4, String str5, String str6, String str7, String str8, Collection<String> collection, p pVar) {
        b.b.c.d.b bVar2 = (b.b.c.d.b) b.b.d.a.k.a(bVar, c0.getFromServiceLoader(b.b.c.d.b.class, d0.f3955e));
        this.transportFactory = bVar2;
        String name = bVar2.getClass().getName();
        b.b.d.a.r.n(name);
        this.transportFactoryClassName = name;
        b.b.d.a.r.n(str);
        this.audience = str;
        b.b.d.a.r.n(str2);
        this.subjectTokenType = str2;
        b.b.d.a.r.n(str3);
        this.tokenUrl = str3;
        b.b.d.a.r.n(cVar);
        this.credentialSource = cVar;
        this.tokenInfoUrl = str4;
        this.serviceAccountImpersonationUrl = str5;
        this.quotaProjectId = str6;
        this.clientId = str7;
        this.clientSecret = str8;
        this.scopes = (collection == null || collection.isEmpty()) ? Arrays.asList("https://www.googleapis.com/auth/cloud-platform") : collection;
        this.environmentProvider = pVar == null ? m0.b() : pVar;
        this.workforcePoolUserProject = null;
        this.serviceAccountImpersonationOptions = new d(new HashMap());
        validateTokenUrl(str3);
        if (str5 != null) {
            validateServiceAccountImpersonationInfoUrl(str5);
        }
        this.impersonatedCredentials = buildImpersonatedCredentials();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public s(b bVar) {
        b.b.c.d.b bVar2 = (b.b.c.d.b) b.b.d.a.k.a(bVar.j, c0.getFromServiceLoader(b.b.c.d.b.class, d0.f3955e));
        this.transportFactory = bVar2;
        String name = bVar2.getClass().getName();
        b.b.d.a.r.n(name);
        this.transportFactoryClassName = name;
        String str = bVar.f4085d;
        b.b.d.a.r.n(str);
        this.audience = str;
        String str2 = bVar.f4086e;
        b.b.d.a.r.n(str2);
        this.subjectTokenType = str2;
        String str3 = bVar.f4087f;
        b.b.d.a.r.n(str3);
        this.tokenUrl = str3;
        c cVar = bVar.f4089h;
        b.b.d.a.r.n(cVar);
        this.credentialSource = cVar;
        this.tokenInfoUrl = bVar.f4088g;
        this.serviceAccountImpersonationUrl = bVar.k;
        this.quotaProjectId = bVar.l;
        this.clientId = bVar.m;
        this.clientSecret = bVar.n;
        Collection<String> collection = bVar.o;
        this.scopes = (collection == null || collection.isEmpty()) ? Arrays.asList("https://www.googleapis.com/auth/cloud-platform") : bVar.o;
        p pVar = bVar.f4090i;
        this.environmentProvider = pVar == null ? m0.b() : pVar;
        d dVar = bVar.q;
        this.serviceAccountImpersonationOptions = dVar == null ? new d(new HashMap()) : dVar;
        String str4 = bVar.p;
        this.workforcePoolUserProject = str4;
        if (str4 != null && !isWorkforcePoolConfiguration()) {
            throw new IllegalArgumentException("The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.");
        }
        validateTokenUrl(this.tokenUrl);
        String str5 = this.serviceAccountImpersonationUrl;
        if (str5 != null) {
            validateServiceAccountImpersonationInfoUrl(str5);
        }
        this.impersonatedCredentials = buildImpersonatedCredentials();
    }

    private static boolean f(Map<String, Object> map) {
        return map.containsKey("environment_id") && ((String) map.get("environment_id")).startsWith("aws");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static s fromJson(Map<String, Object> map, b.b.c.d.b bVar) {
        b.b.d.a.r.n(map);
        b.b.d.a.r.n(bVar);
        String str = (String) map.get("audience");
        String str2 = (String) map.get("subject_token_type");
        String str3 = (String) map.get("token_url");
        Map map2 = (Map) map.get("credential_source");
        String str4 = (String) map.get("service_account_impersonation_url");
        String str5 = (String) map.get("token_info_url");
        String str6 = (String) map.get("client_id");
        String str7 = (String) map.get("client_secret");
        String str8 = (String) map.get("quota_project_id");
        String str9 = (String) map.get("workforce_pool_user_project");
        Map<String, Object> map3 = (Map) map.get("service_account_impersonation");
        if (map3 == null) {
            map3 = new HashMap<>();
        }
        if (f(map2)) {
            g.c newBuilder = g.newBuilder();
            newBuilder.k(bVar);
            newBuilder.g(str);
            newBuilder.p(str2);
            newBuilder.r(str3);
            newBuilder.q(str5);
            newBuilder.j(new g.b(map2));
            newBuilder.o(str4);
            newBuilder.l(str8);
            newBuilder.h(str6);
            newBuilder.i(str7);
            newBuilder.n(map3);
            return newBuilder.f();
        }
        if (g(map2)) {
            f0.b newBuilder2 = f0.newBuilder();
            newBuilder2.k(bVar);
            newBuilder2.g(str);
            newBuilder2.p(str2);
            newBuilder2.r(str3);
            newBuilder2.q(str5);
            newBuilder2.j(new f0.c(map2));
            newBuilder2.o(str4);
            newBuilder2.l(str8);
            newBuilder2.h(str6);
            newBuilder2.i(str7);
            newBuilder2.s(str9);
            newBuilder2.n(map3);
            return newBuilder2.f();
        }
        y.a newBuilder3 = y.newBuilder();
        newBuilder3.k(bVar);
        newBuilder3.g(str);
        newBuilder3.p(str2);
        newBuilder3.r(str3);
        newBuilder3.q(str5);
        newBuilder3.j(new y.b(map2));
        newBuilder3.o(str4);
        newBuilder3.l(str8);
        newBuilder3.h(str6);
        newBuilder3.i(str7);
        newBuilder3.s(str9);
        newBuilder3.n(map3);
        return newBuilder3.f();
    }

    public static s fromStream(InputStream inputStream) {
        return fromStream(inputStream, d0.f3955e);
    }

    public static s fromStream(InputStream inputStream, b.b.c.d.b bVar) {
        b.b.d.a.r.n(inputStream);
        b.b.d.a.r.n(bVar);
        try {
            return fromJson((b.b.b.a.b.b) new b.b.b.a.b.e(d0.f3956f).a(inputStream, StandardCharsets.UTF_8, b.b.b.a.b.b.class), bVar);
        } catch (ClassCastException | IllegalArgumentException e2) {
            throw new n("An invalid input stream was provided.", e2);
        }
    }

    private static boolean g(Map<String, Object> map) {
        return map.containsKey(EXECUTABLE_SOURCE_KEY);
    }

    private static boolean h(List<Pattern> list, String str) {
        try {
            URI create = URI.create(str);
            if (create.getScheme() != null && create.getHost() != null && "https".equals(create.getScheme().toLowerCase(Locale.US))) {
                Iterator<Pattern> it = list.iterator();
                while (it.hasNext()) {
                    if (it.next().matcher(create.getHost().toLowerCase(Locale.US)).matches()) {
                        return true;
                    }
                }
            }
        } catch (Exception unused) {
        }
        return false;
    }

    static void validateServiceAccountImpersonationInfoUrl(String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Pattern.compile("^[^\\.\\s\\/\\\\]+\\.iamcredentials\\.googleapis\\.com$"));
        arrayList.add(Pattern.compile("^iamcredentials\\.googleapis\\.com$"));
        arrayList.add(Pattern.compile("^iamcredentials\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com$"));
        arrayList.add(Pattern.compile("^[^\\.\\s\\/\\\\]+\\-iamcredentials\\.googleapis\\.com$"));
        if (!h(arrayList, str)) {
            throw new IllegalArgumentException("The provided service account impersonation URL is invalid.");
        }
    }

    static void validateTokenUrl(String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Pattern.compile("^[^\\.\\s\\/\\\\]+\\.sts\\.googleapis\\.com$"));
        arrayList.add(Pattern.compile("^sts\\.googleapis\\.com$"));
        arrayList.add(Pattern.compile("^sts\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com$"));
        arrayList.add(Pattern.compile("^[^\\.\\s\\/\\\\]+\\-sts\\.googleapis\\.com$"));
        if (!h(arrayList, str)) {
            throw new IllegalArgumentException("The provided token URL is invalid.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public z buildImpersonatedCredentials() {
        s f2;
        if (this.serviceAccountImpersonationUrl == null) {
            return null;
        }
        if (this instanceof g) {
            g.c newBuilder = g.newBuilder((g) this);
            newBuilder.o(null);
            f2 = newBuilder.f();
        } else if (this instanceof f0) {
            f0.b newBuilder2 = f0.newBuilder((f0) this);
            newBuilder2.o(null);
            f2 = newBuilder2.f();
        } else {
            y.a newBuilder3 = y.newBuilder((y) this);
            newBuilder3.o(null);
            f2 = newBuilder3.f();
        }
        String extractTargetPrincipal = z.extractTargetPrincipal(this.serviceAccountImpersonationUrl);
        z.b newBuilder4 = z.newBuilder();
        newBuilder4.w(f2);
        newBuilder4.r(this.transportFactory);
        newBuilder4.x(extractTargetPrincipal);
        newBuilder4.v(new ArrayList(this.scopes));
        newBuilder4.t(this.serviceAccountImpersonationOptions.f4091a);
        newBuilder4.s(this.serviceAccountImpersonationUrl);
        return newBuilder4.d();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public b.b.c.e.c exchangeExternalCredentialForAccessToken(k0 k0Var) {
        z zVar = this.impersonatedCredentialsOverride;
        if (zVar != null) {
            return zVar.refreshAccessToken();
        }
        z zVar2 = this.impersonatedCredentials;
        if (zVar2 != null) {
            return zVar2.refreshAccessToken();
        }
        j0.b d2 = j0.d(this.tokenUrl, k0Var, this.transportFactory.a().c());
        if (isWorkforcePoolConfiguration()) {
            b.b.b.a.b.b bVar = new b.b.b.a.b.b();
            bVar.i(d0.f3956f);
            bVar.put("userProject", this.workforcePoolUserProject);
            d2.b(bVar.toString());
        }
        if (k0Var.c() != null) {
            d2.b(k0Var.c());
        }
        return d2.a().c().a();
    }

    public String getAudience() {
        return this.audience;
    }

    public String getClientId() {
        return this.clientId;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public c getCredentialSource() {
        return this.credentialSource;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public p getEnvironmentProvider() {
        return this.environmentProvider;
    }

    public String getQuotaProjectId() {
        return this.quotaProjectId;
    }

    @Override // b.b.c.e.c0, b.b.c.a
    public Map<String, List<String>> getRequestMetadata(URI uri) {
        return u.addQuotaProjectIdToRequestMetadata(this.quotaProjectId, super.getRequestMetadata(uri));
    }

    @Override // b.b.c.e.c0, b.b.c.a
    public void getRequestMetadata(URI uri, Executor executor, b.b.c.b bVar) {
        super.getRequestMetadata(uri, executor, new a(bVar));
    }

    public Collection<String> getScopes() {
        return this.scopes;
    }

    public String getServiceAccountEmail() {
        String str = this.serviceAccountImpersonationUrl;
        if (str == null || str.isEmpty()) {
            return null;
        }
        return z.extractTargetPrincipal(this.serviceAccountImpersonationUrl);
    }

    public d getServiceAccountImpersonationOptions() {
        return this.serviceAccountImpersonationOptions;
    }

    public String getServiceAccountImpersonationUrl() {
        return this.serviceAccountImpersonationUrl;
    }

    public String getSubjectTokenType() {
        return this.subjectTokenType;
    }

    public String getTokenInfoUrl() {
        return this.tokenInfoUrl;
    }

    public String getTokenUrl() {
        return this.tokenUrl;
    }

    public String getWorkforcePoolUserProject() {
        return this.workforcePoolUserProject;
    }

    public boolean isWorkforcePoolConfiguration() {
        return this.workforcePoolUserProject != null && Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$").matcher(getAudience()).matches();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void overrideImpersonatedCredentials(z zVar) {
        this.impersonatedCredentialsOverride = zVar;
    }

    public abstract String retrieveSubjectToken();
}
