package com.google.auth.oauth2;

import com.google.api.client.http.j;
import com.google.api.client.http.k;
import com.google.api.client.http.l;
import com.google.api.client.http.u;
import com.google.api.client.http.x;
import com.google.api.client.json.f;
import com.google.api.client.json.l.a;
import com.google.api.client.json.l.b;
import com.google.api.client.util.GenericData;
import com.google.api.client.util.e0;
import com.google.api.client.util.f0;
import com.google.api.client.util.g0;
import com.google.api.client.util.p;
import com.google.api.client.util.s;
import com.google.auth.ServiceAccountSigner;
import com.google.common.base.o;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.sql.Date;
import java.util.Collection;
import java.util.Map;
import java.util.Objects;

/* loaded from: classes3.dex */
public class ServiceAccountCredentials extends GoogleCredentials implements ServiceAccountSigner {
    private static final long serialVersionUID = 7807543542681217978L;
    private static final String x = "urn:ietf:params:oauth:grant-type:jwt-bearer";
    private static final String y = "Error parsing token refresh response. ";
    private final String clientEmail;
    private final String clientId;
    private final PrivateKey privateKey;
    private final String privateKeyId;
    private final Collection<String> scopes;
    private final String serviceAccountUser;
    private final URI tokenServerUri;
    private final String transportFactoryClassName;
    private transient com.google.auth.b.c u;

    /* loaded from: classes3.dex */
    class a implements l.a {
        a() {
        }

        @Override // com.google.api.client.http.l.a
        public boolean a(x xVar) {
            int k = xVar.k();
            return k / 100 == 5 || k == 403;
        }
    }

    public ServiceAccountCredentials(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection) {
        this(str, str2, privateKey, str3, collection, null, null, null);
    }

    public ServiceAccountCredentials(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, com.google.auth.b.c cVar, URI uri) {
        this(str, str2, privateKey, str3, collection, cVar, uri, null);
    }

    ServiceAccountCredentials(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, com.google.auth.b.c cVar, URI uri, String str4) {
        this.clientId = str;
        this.clientEmail = (String) f0.d(str2);
        this.privateKey = (PrivateKey) f0.d(privateKey);
        this.privateKeyId = str3;
        this.scopes = collection == null ? ImmutableSet.A() : ImmutableSet.n(collection);
        com.google.auth.b.c cVar2 = (com.google.auth.b.c) o.a(cVar, OAuth2Credentials.n(com.google.auth.b.c.class, c.f10208f));
        this.u = cVar2;
        this.transportFactoryClassName = cVar2.getClass().getName();
        this.tokenServerUri = uri == null ? c.f10204b : uri;
        this.serviceAccountUser = str4;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ServiceAccountCredentials D(Map<String, Object> map, com.google.auth.b.c cVar) throws IOException {
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return F(str, str2, str3, str4, null, cVar, null);
    }

    public static ServiceAccountCredentials E(String str, String str2, String str3, String str4, Collection<String> collection) throws IOException {
        return G(str, str2, str3, str4, collection, null, null, null);
    }

    public static ServiceAccountCredentials F(String str, String str2, String str3, String str4, Collection<String> collection, com.google.auth.b.c cVar, URI uri) throws IOException {
        return G(str, str2, str3, str4, collection, cVar, uri, null);
    }

    public static ServiceAccountCredentials G(String str, String str2, String str3, String str4, Collection<String> collection, com.google.auth.b.c cVar, URI uri, String str5) throws IOException {
        return new ServiceAccountCredentials(str, str2, R(str3), str4, collection, cVar, uri, str5);
    }

    public static ServiceAccountCredentials H(InputStream inputStream) throws IOException {
        return I(inputStream, c.f10208f);
    }

    public static ServiceAccountCredentials I(InputStream inputStream, com.google.auth.b.c cVar) throws IOException {
        f0.d(inputStream);
        f0.d(cVar);
        com.google.api.client.json.b bVar = (com.google.api.client.json.b) new f(c.f10209g).a(inputStream, c.f10210h, com.google.api.client.json.b.class);
        String str = (String) bVar.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if ("service_account".equals(str)) {
            return D(bVar, cVar);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, "service_account"));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey R(String str) throws IOException {
        e0.a c2 = e0.c(new StringReader(str), "PRIVATE KEY");
        if (c2 == null) {
            throw new IOException("Invalid PKCS#8 data.");
        }
        try {
            return g0.e().generatePrivate(new PKCS8EncodedKeySpec(c2.a()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
            throw new IOException("Unexpected exception reading PKCS#8 data", e2);
        }
    }

    String C(com.google.api.client.json.d dVar, long j2) throws IOException {
        a.C0281a c0281a = new a.C0281a();
        c0281a.D("RS256");
        c0281a.s("JWT");
        c0281a.H(this.privateKeyId);
        b.C0282b c0282b = new b.C0282b();
        c0282b.B(this.clientEmail);
        c0282b.y(c.f10204b.toString());
        long j3 = j2 / 1000;
        c0282b.A(Long.valueOf(j3));
        c0282b.z(Long.valueOf(j3 + 3600));
        c0282b.E(this.serviceAccountUser);
        c0282b.put("scope", s.b(' ').a(this.scopes));
        try {
            return com.google.api.client.json.l.a.h(this.privateKey, dVar, c0281a, c0282b);
        } catch (GeneralSecurityException e2) {
            throw new IOException("Error signing service account access token request with private key.", e2);
        }
    }

    public final String J() {
        return this.clientEmail;
    }

    public final String K() {
        return this.clientId;
    }

    public final PrivateKey L() {
        return this.privateKey;
    }

    public final String O() {
        return this.privateKeyId;
    }

    public final Collection<String> P() {
        return this.scopes;
    }

    public final String Q() {
        return this.serviceAccountUser;
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] a(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(L());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
            throw new ServiceAccountSigner.SigningException("Failed to sign the provided bytes", e2);
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.clientId, serviceAccountCredentials.clientId) && Objects.equals(this.clientEmail, serviceAccountCredentials.clientEmail) && Objects.equals(this.privateKey, serviceAccountCredentials.privateKey) && Objects.equals(this.privateKeyId, serviceAccountCredentials.privateKeyId) && Objects.equals(this.transportFactoryClassName, serviceAccountCredentials.transportFactoryClassName) && Objects.equals(this.tokenServerUri, serviceAccountCredentials.tokenServerUri) && Objects.equals(this.scopes, serviceAccountCredentials.scopes);
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        return J();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, this.transportFactoryClassName, this.tokenServerUri, this.scopes);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken p() throws IOException {
        if (v()) {
            throw new IOException("Scopes not configured for service account. Scoped should be specified by calling createScoped or passing scopes to constructor.");
        }
        com.google.api.client.json.d dVar = c.f10209g;
        String C = C(dVar, this.f10185d.currentTimeMillis());
        GenericData genericData = new GenericData();
        genericData.e("grant_type", x);
        genericData.e("assertion", C);
        u e2 = this.u.create().c().e(new j(this.tokenServerUri), new com.google.api.client.http.g0(genericData));
        e2.O(new f(dVar));
        e2.K(new k(new p()));
        e2.X(new l(new p()).e(new a()));
        try {
            return new AccessToken(c.f((GenericData) e2.a().r(GenericData.class), "access_token", y), new Date(this.f10185d.currentTimeMillis() + (c.c(r0, com.facebook.AccessToken.EXPIRES_IN_KEY, y) * 1000)));
        } catch (IOException e3) {
            throw new IOException("Error getting access token for service account: ", e3);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials t(String str) {
        return new ServiceAccountCredentials(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, this.scopes, this.u, this.tokenServerUri, str);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return o.c(this).f("clientId", this.clientId).f("clientEmail", this.clientEmail).f("privateKeyId", this.privateKeyId).f("transportFactoryClassName", this.transportFactoryClassName).f("tokenServerUri", this.tokenServerUri).f("scopes", this.scopes).f("serviceAccountUser", this.serviceAccountUser).toString();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials u(Collection<String> collection) {
        return new ServiceAccountCredentials(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, collection, this.u, this.tokenServerUri, this.serviceAccountUser);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public boolean v() {
        return this.scopes.isEmpty();
    }
}
