package com.google.auth.oauth2;

import com.google.api.client.util.f0;
import com.google.api.client.util.l;
import com.google.auth.Credentials;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.oauth2.JwtClaims;
import com.google.common.base.a0;
import com.google.common.base.o;
import com.google.common.base.z;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.util.concurrent.UncheckedExecutionException;
import com.tencent.connect.common.Constants;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;

/* loaded from: classes2.dex */
public class ServiceAccountJwtAccessCredentials extends Credentials implements d, ServiceAccountSigner {
    public static final String JWT_ACCESS_PREFIX = "Bearer ";

    @v2.d
    public static final long LIFE_SPAN_SECS = TimeUnit.HOURS.toSeconds(1);

    /* renamed from: b, reason: collision with root package name */
    private static final long f21680b = TimeUnit.MINUTES.toSeconds(5);
    private static final long serialVersionUID = -7274955171379494197L;

    /* renamed from: a, reason: collision with root package name */
    private transient com.google.common.cache.h<JwtClaims, JwtCredentials> f21681a;
    private final String clientEmail;
    private final String clientId;

    @v2.d
    public transient l clock;
    private final URI defaultAudience;
    private final PrivateKey privateKey;
    private final String privateKeyId;

    /* loaded from: classes2.dex */
    public class a extends CacheLoader<JwtClaims, JwtCredentials> {
        public a() {
        }

        @Override // com.google.common.cache.CacheLoader
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public JwtCredentials load(JwtClaims jwtClaims) throws Exception {
            return JwtCredentials.newBuilder().j(ServiceAccountJwtAccessCredentials.this.privateKey).k(ServiceAccountJwtAccessCredentials.this.privateKeyId).h(jwtClaims).i(Long.valueOf(ServiceAccountJwtAccessCredentials.LIFE_SPAN_SECS)).g(ServiceAccountJwtAccessCredentials.this.clock).a();
        }
    }

    /* loaded from: classes2.dex */
    public class b extends a0 {
        public b() {
        }

        @Override // com.google.common.base.a0
        public long a() {
            return TimeUnit.MILLISECONDS.toNanos(ServiceAccountJwtAccessCredentials.this.clock.a());
        }
    }

    /* loaded from: classes2.dex */
    public static class c {

        /* renamed from: a, reason: collision with root package name */
        private String f21684a;

        /* renamed from: b, reason: collision with root package name */
        private String f21685b;

        /* renamed from: c, reason: collision with root package name */
        private PrivateKey f21686c;

        /* renamed from: d, reason: collision with root package name */
        private String f21687d;

        /* renamed from: e, reason: collision with root package name */
        private URI f21688e;

        public c() {
        }

        public c(ServiceAccountJwtAccessCredentials serviceAccountJwtAccessCredentials) {
            this.f21684a = serviceAccountJwtAccessCredentials.clientId;
            this.f21685b = serviceAccountJwtAccessCredentials.clientEmail;
            this.f21686c = serviceAccountJwtAccessCredentials.privateKey;
            this.f21687d = serviceAccountJwtAccessCredentials.privateKeyId;
            this.f21688e = serviceAccountJwtAccessCredentials.defaultAudience;
        }

        public ServiceAccountJwtAccessCredentials a() {
            return new ServiceAccountJwtAccessCredentials(this.f21684a, this.f21685b, this.f21686c, this.f21687d, this.f21688e, null);
        }

        public String b() {
            return this.f21685b;
        }

        public String c() {
            return this.f21684a;
        }

        public URI d() {
            return this.f21688e;
        }

        public PrivateKey e() {
            return this.f21686c;
        }

        public String f() {
            return this.f21687d;
        }

        public c g(String str) {
            this.f21685b = str;
            return this;
        }

        public c h(String str) {
            this.f21684a = str;
            return this;
        }

        public c i(URI uri) {
            this.f21688e = uri;
            return this;
        }

        public c j(PrivateKey privateKey) {
            this.f21686c = privateKey;
            return this;
        }

        public c k(String str) {
            this.f21687d = str;
            return this;
        }
    }

    @Deprecated
    public ServiceAccountJwtAccessCredentials(String str, String str2, PrivateKey privateKey, String str3) {
        this(str, str2, privateKey, str3, null);
    }

    private ServiceAccountJwtAccessCredentials(String str, String str2, PrivateKey privateKey, String str3, URI uri) {
        this.clock = l.f21497a;
        this.clientId = str;
        this.clientEmail = (String) f0.d(str2);
        this.privateKey = (PrivateKey) f0.d(privateKey);
        this.privateKeyId = str3;
        this.defaultAudience = uri;
        this.f21681a = a();
    }

    public /* synthetic */ ServiceAccountJwtAccessCredentials(String str, String str2, PrivateKey privateKey, String str3, URI uri, a aVar) {
        this(str, str2, privateKey, str3, uri);
    }

    private com.google.common.cache.h<JwtClaims, JwtCredentials> a() {
        return CacheBuilder.D().B(100L).g(LIFE_SPAN_SECS - f21680b, TimeUnit.SECONDS).K(new b()).b(new a());
    }

    public static ServiceAccountJwtAccessCredentials fromJson(Map<String, Object> map) throws IOException {
        return fromJson(map, null);
    }

    public static ServiceAccountJwtAccessCredentials fromJson(Map<String, Object> map, URI uri) throws IOException {
        String str = (String) map.get(Constants.PARAM_CLIENT_ID);
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return fromPkcs8(str, str2, str3, str4, uri);
    }

    public static ServiceAccountJwtAccessCredentials fromPkcs8(String str, String str2, String str3, String str4) throws IOException {
        return fromPkcs8(str, str2, str3, str4, null);
    }

    public static ServiceAccountJwtAccessCredentials fromPkcs8(String str, String str2, String str3, String str4, URI uri) throws IOException {
        return new ServiceAccountJwtAccessCredentials(str, str2, ServiceAccountCredentials.privateKeyFromPkcs8(str3), str4, uri);
    }

    public static ServiceAccountJwtAccessCredentials fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, null);
    }

    public static ServiceAccountJwtAccessCredentials fromStream(InputStream inputStream, URI uri) throws IOException {
        f0.d(inputStream);
        com.google.api.client.json.b bVar = (com.google.api.client.json.b) new com.google.api.client.json.f(f.f21737g).a(inputStream, f.f21738h, com.google.api.client.json.b.class);
        String str = (String) bVar.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if (GoogleCredentials.SERVICE_ACCOUNT_FILE_TYPE.equals(str)) {
            return fromJson(bVar, uri);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, GoogleCredentials.SERVICE_ACCOUNT_FILE_TYPE));
    }

    public static c newBuilder() {
        return new c();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.clock = l.f21497a;
        this.f21681a = a();
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountJwtAccessCredentials)) {
            return false;
        }
        ServiceAccountJwtAccessCredentials serviceAccountJwtAccessCredentials = (ServiceAccountJwtAccessCredentials) obj;
        return Objects.equals(this.clientId, serviceAccountJwtAccessCredentials.clientId) && Objects.equals(this.clientEmail, serviceAccountJwtAccessCredentials.clientEmail) && Objects.equals(this.privateKey, serviceAccountJwtAccessCredentials.privateKey) && Objects.equals(this.privateKeyId, serviceAccountJwtAccessCredentials.privateKeyId) && Objects.equals(this.defaultAudience, serviceAccountJwtAccessCredentials.defaultAudience);
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        return getClientEmail();
    }

    @Override // com.google.auth.Credentials
    public String getAuthenticationType() {
        return "JWTAccess";
    }

    public final String getClientEmail() {
        return this.clientEmail;
    }

    public final String getClientId() {
        return this.clientId;
    }

    public final PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public final String getPrivateKeyId() {
        return this.privateKeyId;
    }

    @Override // com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        if (uri == null && (uri = this.defaultAudience) == null) {
            throw new IOException("JwtAccess requires Audience uri to be passed in or the defaultAudience to be specified");
        }
        try {
            return this.f21681a.get(JwtClaims.newBuilder().c(uri.toString()).d(this.clientEmail).e(this.clientEmail).a()).getRequestMetadata(uri);
        } catch (UncheckedExecutionException e10) {
            z.w(e10);
            throw new IllegalStateException("generateJwtAccess threw an unchecked exception that couldn't be rethrown", e10);
        } catch (ExecutionException e11) {
            z.t(e11.getCause(), IOException.class);
            throw new IllegalStateException("generateJwtAccess threw an unexpected checked exception", e11.getCause());
        }
    }

    @Override // com.google.auth.Credentials
    public void getRequestMetadata(URI uri, Executor executor, com.google.auth.a aVar) {
        blockingGetToCallback(uri, aVar);
    }

    @Override // com.google.auth.Credentials
    public boolean hasRequestMetadata() {
        return true;
    }

    @Override // com.google.auth.Credentials
    public boolean hasRequestMetadataOnly() {
        return true;
    }

    public int hashCode() {
        return Objects.hash(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, this.defaultAudience);
    }

    @Override // com.google.auth.oauth2.d
    public JwtCredentials jwtWithClaims(JwtClaims jwtClaims) {
        JwtClaims.a e10 = JwtClaims.newBuilder().d(this.clientEmail).e(this.clientEmail);
        URI uri = this.defaultAudience;
        if (uri != null) {
            e10.c(uri.toString());
        }
        return JwtCredentials.newBuilder().j(this.privateKey).k(this.privateKeyId).h(e10.a().merge(jwtClaims)).i(Long.valueOf(LIFE_SPAN_SECS)).g(this.clock).a();
    }

    @Override // com.google.auth.Credentials
    public void refresh() {
        this.f21681a.invalidateAll();
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance(f.f21731a);
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e10) {
            throw new ServiceAccountSigner.SigningException("Failed to sign the provided bytes", e10);
        }
    }

    public c toBuilder() {
        return new c(this);
    }

    public String toString() {
        return o.c(this).f("clientId", this.clientId).f("clientEmail", this.clientEmail).f("privateKeyId", this.privateKeyId).f("defaultAudience", this.defaultAudience).toString();
    }
}
