package b9;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpBackOffIOExceptionHandler;
import com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.ExponentialBackOff;
import com.google.api.client.util.GenericData;
import com.google.api.client.util.Joiner;
import com.google.api.client.util.PemReader;
import com.google.api.client.util.Preconditions;
import com.google.api.client.util.SecurityUtils;
import com.google.common.collect.y0;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.StringReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.apache.http.conn.ssl.TokenParser;

/* compiled from: ServiceAccountCredentials.java */
/* loaded from: classes5.dex */
public class m extends g implements l {
    private static final long serialVersionUID = 7807543542681217978L;
    private final String D;
    private final String E;
    private final PrivateKey F;
    private final String G;
    private final String H;
    private final String I;
    private final String J;
    private final URI K;
    private final Collection<String> L;
    private final String M;
    private transient a9.b N;

    /* compiled from: ServiceAccountCredentials.java */
    /* loaded from: classes4.dex */
    class a implements HttpBackOffUnsuccessfulResponseHandler.BackOffRequired {
        a() {
        }

        @Override // com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler.BackOffRequired
        public boolean isRequired(HttpResponse httpResponse) {
            int statusCode = httpResponse.getStatusCode();
            return statusCode / 100 == 5 || statusCode == 403;
        }
    }

    m(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, a9.b bVar, URI uri, String str4, String str5, String str6) {
        this.D = str;
        this.E = (String) Preconditions.checkNotNull(str2);
        this.F = (PrivateKey) Preconditions.checkNotNull(privateKey);
        this.G = str3;
        this.L = collection == null ? y0.L() : y0.C(collection);
        a9.b bVar2 = (a9.b) l9.m.a(bVar, j.i(a9.b.class, k.f5156e));
        this.N = bVar2;
        this.J = bVar2.getClass().getName();
        this.K = uri == null ? k.f5152a : uri;
        this.H = str4;
        this.I = str5;
        this.M = str6;
    }

    static PrivateKey C(String str) {
        PemReader.Section readFirstSectionAndClose = PemReader.readFirstSectionAndClose(new StringReader(str), "PRIVATE KEY");
        if (readFirstSectionAndClose == null) {
            throw new IOException("Invalid PKCS#8 data.");
        }
        try {
            return SecurityUtils.getRsaKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(readFirstSectionAndClose.getBase64DecodedBytes()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e10) {
            throw new IOException("Unexpected exception reading PKCS#8 data", e10);
        }
    }

    private void readObject(ObjectInputStream objectInputStream) {
        objectInputStream.defaultReadObject();
        this.N = (a9.b) j.k(this.J);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static m w(Map<String, Object> map, a9.b bVar) {
        URI uri;
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        String str7 = (String) map.get("quota_project_id");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        URI uri2 = uri;
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return x(str, str2, str3, str4, null, bVar, uri2, null, str5, str7);
    }

    static m x(String str, String str2, String str3, String str4, Collection<String> collection, a9.b bVar, URI uri, String str5, String str6, String str7) {
        return new m(str, str2, C(str3), str4, collection, bVar, uri, str5, str6, str7);
    }

    public final PrivateKey A() {
        return this.F;
    }

    public final String B() {
        return this.G;
    }

    @Override // b9.l
    public String a() {
        return this.M;
    }

    @Override // b9.j, z8.a
    public Map<String, List<String>> c(URI uri) {
        return g.o(this.M, super.c(uri));
    }

    @Override // b9.j
    public boolean equals(Object obj) {
        if (!(obj instanceof m)) {
            return false;
        }
        m mVar = (m) obj;
        return Objects.equals(this.D, mVar.D) && Objects.equals(this.E, mVar.E) && Objects.equals(this.F, mVar.F) && Objects.equals(this.G, mVar.G) && Objects.equals(this.J, mVar.J) && Objects.equals(this.K, mVar.K) && Objects.equals(this.L, mVar.L) && Objects.equals(this.M, mVar.M);
    }

    @Override // b9.j
    public int hashCode() {
        return Objects.hash(this.D, this.E, this.F, this.G, this.J, this.K, this.L, this.M);
    }

    @Override // b9.j
    public b9.a l() {
        if (q()) {
            throw new IOException("Scopes not configured for service account. Scoped should be specified by calling createScoped or passing scopes to constructor.");
        }
        JsonFactory jsonFactory = k.f5157f;
        String v10 = v(jsonFactory, this.B.currentTimeMillis(), this.K.toString());
        GenericData genericData = new GenericData();
        genericData.set("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        genericData.set("assertion", v10);
        HttpRequest buildPostRequest = this.N.create().createRequestFactory().buildPostRequest(new GenericUrl(this.K), new UrlEncodedContent(genericData));
        buildPostRequest.setParser(new JsonObjectParser(jsonFactory));
        buildPostRequest.setIOExceptionHandler(new HttpBackOffIOExceptionHandler(new ExponentialBackOff()));
        buildPostRequest.setUnsuccessfulResponseHandler(new HttpBackOffUnsuccessfulResponseHandler(new ExponentialBackOff()).setBackOffRequired(new a()));
        try {
            return new b9.a(k.c((GenericData) buildPostRequest.execute().parseAs(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.B.currentTimeMillis() + (k.b(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
        } catch (IOException e10) {
            throw new IOException(String.format("Error getting access token for service account: %s", e10.getMessage()), e10);
        }
    }

    @Override // b9.g
    public g p(Collection<String> collection) {
        return new m(this.D, this.E, this.F, this.G, collection, this.N, this.K, this.H, this.I, this.M);
    }

    @Override // b9.g
    public boolean q() {
        return this.L.isEmpty();
    }

    @Override // b9.j
    public String toString() {
        return l9.m.c(this).d("clientId", this.D).d("clientEmail", this.E).d("privateKeyId", this.G).d("transportFactoryClassName", this.J).d("tokenServerUri", this.K).d("scopes", this.L).d("serviceAccountUser", this.H).d("quotaProjectId", this.M).toString();
    }

    String v(JsonFactory jsonFactory, long j10, String str) {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.G);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.setIssuer(this.E);
        long j11 = j10 / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(j11));
        payload.setExpirationTimeSeconds(Long.valueOf(j11 + 3600));
        payload.setSubject(this.H);
        payload.put("scope", (Object) Joiner.on(TokenParser.SP).join(this.L));
        if (str == null) {
            payload.setAudience(k.f5152a.toString());
        } else {
            payload.setAudience(str);
        }
        try {
            return JsonWebSignature.signUsingRsaSha256(this.F, jsonFactory, header, payload);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    public final String y() {
        return this.E;
    }

    public final String z() {
        return this.D;
    }
}
