package io.grpc.auth;

import com.google.auth.Credentials;
import com.google.auth.RequestMetadataCallback;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.io.BaseEncoding;
import com.google.firebase.sessions.settings.RemoteSettings;
import io.grpc.CallCredentials;
import io.grpc.InternalMayRequireSpecificExecutor;
import io.grpc.Metadata;
import io.grpc.MethodDescriptor;
import io.grpc.SecurityLevel;
import io.grpc.Status;
import io.grpc.StatusException;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Executor;
import java.util.logging.Level;
import java.util.logging.Logger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public final class GoogleAuthLibraryCallCredentials extends CallCredentials implements InternalMayRequireSpecificExecutor {

    @VisibleForTesting
    final Credentials creds;
    private Metadata lastHeaders;
    private Map<String, List<String>> lastMetadata;
    private final boolean requirePrivacy;
    private final boolean requiresSpecificExecutor;
    private static final Logger log = Logger.getLogger(GoogleAuthLibraryCallCredentials.class.getName());
    private static final JwtHelper jwtHelper = createJwtHelperOrNull(GoogleAuthLibraryCallCredentials.class.getClassLoader());
    private static final Class<? extends Credentials> GOOGLE_CREDENTIALS_CLASS = loadGoogleCredentialsClass();
    private static final Class<?> APP_ENGINE_CREDENTIALS_CLASS = loadAppEngineCredentials();

    @VisibleForTesting
    /* loaded from: classes5.dex */
    public static class JwtHelper {
        private final Method build;
        private final Method getScopes;
        private final List<MethodPair> methodPairs;
        private final Method newJwtBuilder;
        private final Class<? extends Credentials> serviceAccountClass;

        public JwtHelper(Class<?> cls, ClassLoader classLoader) throws ClassNotFoundException, NoSuchMethodException {
            Class asSubclass = cls.asSubclass(Credentials.class);
            this.serviceAccountClass = asSubclass;
            this.getScopes = asSubclass.getMethod("getScopes", new Class[0]);
            Method declaredMethod = Class.forName("com.google.auth.oauth2.ServiceAccountJwtAccessCredentials", false, classLoader).asSubclass(Credentials.class).getDeclaredMethod("newBuilder", new Class[0]);
            this.newJwtBuilder = declaredMethod;
            Class<?> returnType = declaredMethod.getReturnType();
            this.build = returnType.getMethod("build", new Class[0]);
            ArrayList arrayList = new ArrayList();
            this.methodPairs = arrayList;
            Method method = asSubclass.getMethod("getClientId", new Class[0]);
            arrayList.add(new MethodPair(method, returnType.getMethod("setClientId", method.getReturnType())));
            Method method2 = asSubclass.getMethod("getClientEmail", new Class[0]);
            arrayList.add(new MethodPair(method2, returnType.getMethod("setClientEmail", method2.getReturnType())));
            Method method3 = asSubclass.getMethod("getPrivateKey", new Class[0]);
            arrayList.add(new MethodPair(method3, returnType.getMethod("setPrivateKey", method3.getReturnType())));
            Method method4 = asSubclass.getMethod("getPrivateKeyId", new Class[0]);
            arrayList.add(new MethodPair(method4, returnType.getMethod("setPrivateKeyId", method4.getReturnType())));
            Method method5 = asSubclass.getMethod("getQuotaProjectId", new Class[0]);
            arrayList.add(new MethodPair(method5, returnType.getMethod("setQuotaProjectId", method5.getReturnType())));
        }

        public Credentials tryServiceAccountToJwt(Credentials credentials) {
            Credentials credentials2;
            Throwable e7;
            if (!this.serviceAccountClass.isInstance(credentials)) {
                return credentials;
            }
            try {
                credentials2 = this.serviceAccountClass.cast(credentials);
                try {
                    if (((Collection) this.getScopes.invoke(credentials2, new Object[0])).size() != 0) {
                        return credentials2;
                    }
                    Object invoke = this.newJwtBuilder.invoke(null, new Object[0]);
                    Iterator<MethodPair> it = this.methodPairs.iterator();
                    while (it.hasNext()) {
                        it.next().apply(credentials2, invoke);
                    }
                    return (Credentials) this.build.invoke(invoke, new Object[0]);
                } catch (IllegalAccessException e8) {
                    e7 = e8;
                    GoogleAuthLibraryCallCredentials.log.log(Level.WARNING, "Failed converting service account credential to JWT. This is unexpected", e7);
                    return credentials2;
                } catch (InvocationTargetException e9) {
                    e7 = e9;
                    GoogleAuthLibraryCallCredentials.log.log(Level.WARNING, "Failed converting service account credential to JWT. This is unexpected", e7);
                    return credentials2;
                }
            } catch (IllegalAccessException | InvocationTargetException e10) {
                credentials2 = credentials;
                e7 = e10;
            }
        }
    }

    /* loaded from: classes5.dex */
    public static class MethodPair {
        private final Method builderSetter;
        private final Method getter;

        private MethodPair(Method method, Method method2) {
            this.getter = method;
            this.builderSetter = method2;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void apply(Credentials credentials, Object obj) throws InvocationTargetException, IllegalAccessException {
            this.builderSetter.invoke(obj, this.getter.invoke(credentials, new Object[0]));
        }
    }

    public GoogleAuthLibraryCallCredentials(Credentials credentials) {
        this(credentials, jwtHelper);
    }

    @VisibleForTesting
    public GoogleAuthLibraryCallCredentials(Credentials credentials, JwtHelper jwtHelper2) {
        Preconditions.checkNotNull(credentials, "creds");
        Class<? extends Credentials> cls = GOOGLE_CREDENTIALS_CLASS;
        boolean isInstance = cls != null ? cls.isInstance(credentials) : false;
        credentials = jwtHelper2 != null ? jwtHelper2.tryServiceAccountToJwt(credentials) : credentials;
        this.requirePrivacy = isInstance;
        this.creds = credentials;
        Class<?> cls2 = APP_ENGINE_CREDENTIALS_CLASS;
        if (cls2 == null) {
            this.requiresSpecificExecutor = false;
        } else {
            this.requiresSpecificExecutor = cls2.isInstance(credentials);
        }
    }

    @VisibleForTesting
    public static JwtHelper createJwtHelperOrNull(ClassLoader classLoader) {
        try {
            return new JwtHelper(Class.forName("com.google.auth.oauth2.ServiceAccountCredentials", false, classLoader), classLoader);
        } catch (ClassNotFoundException | NoSuchMethodException e7) {
            log.log(Level.WARNING, "Failed to create JWT helper. This is unexpected", e7);
            return null;
        }
    }

    private static Class<?> loadAppEngineCredentials() {
        try {
            return Class.forName("com.google.auth.appengine.AppEngineCredentials");
        } catch (ClassNotFoundException e7) {
            log.log(Level.FINE, "AppEngineCredentials not available in classloader", (Throwable) e7);
            return null;
        }
    }

    private static Class<? extends Credentials> loadGoogleCredentialsClass() {
        try {
            int i7 = GoogleCredentials.f14152b;
            return GoogleCredentials.class.asSubclass(Credentials.class);
        } catch (ClassNotFoundException e7) {
            log.log(Level.FINE, "Failed to load GoogleCredentials", (Throwable) e7);
            return null;
        }
    }

    private static URI removePort(URI uri) throws StatusException {
        try {
            return new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(), -1, uri.getPath(), uri.getQuery(), uri.getFragment());
        } catch (URISyntaxException e7) {
            throw Status.UNAUTHENTICATED.withDescription("Unable to construct service URI after removing port").withCause(e7).asException();
        }
    }

    private static URI serviceUri(String str, MethodDescriptor<?, ?> methodDescriptor) throws StatusException {
        try {
            URI uri = new URI("https", str, RemoteSettings.FORWARD_SLASH_STRING + methodDescriptor.getServiceName(), null, null);
            return uri.getPort() == 443 ? removePort(uri) : uri;
        } catch (URISyntaxException e7) {
            throw Status.UNAUTHENTICATED.withDescription("Unable to construct service URI for auth").withCause(e7).asException();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Metadata toHeaders(Map<String, List<String>> map) {
        Metadata metadata = new Metadata();
        if (map != null) {
            for (String str : map.keySet()) {
                if (str.endsWith(Metadata.BINARY_HEADER_SUFFIX)) {
                    Metadata.Key of = Metadata.Key.of(str, Metadata.BINARY_BYTE_MARSHALLER);
                    Iterator<String> it = map.get(str).iterator();
                    while (it.hasNext()) {
                        metadata.put(of, BaseEncoding.base64().decode(it.next()));
                    }
                } else {
                    Metadata.Key of2 = Metadata.Key.of(str, Metadata.ASCII_STRING_MARSHALLER);
                    Iterator<String> it2 = map.get(str).iterator();
                    while (it2.hasNext()) {
                        metadata.put(of2, it2.next());
                    }
                }
            }
        }
        return metadata;
    }

    @Override // io.grpc.CallCredentials
    public void applyRequestMetadata(CallCredentials.RequestInfo requestInfo, Executor executor, final CallCredentials.MetadataApplier metadataApplier) {
        SecurityLevel securityLevel = requestInfo.getSecurityLevel();
        if (this.requirePrivacy && securityLevel != SecurityLevel.PRIVACY_AND_INTEGRITY) {
            metadataApplier.fail(Status.UNAUTHENTICATED.withDescription("Credentials require channel with PRIVACY_AND_INTEGRITY security level. Observed security level: " + securityLevel));
            return;
        }
        try {
            this.creds.getRequestMetadata(serviceUri((String) Preconditions.checkNotNull(requestInfo.getAuthority(), "authority"), requestInfo.getMethodDescriptor()), executor, new RequestMetadataCallback() { // from class: io.grpc.auth.GoogleAuthLibraryCallCredentials.1
                @Override // com.google.auth.RequestMetadataCallback
                public void onFailure(Throwable th) {
                    if (th instanceof IOException) {
                        metadataApplier.fail(Status.UNAVAILABLE.withDescription("Credentials failed to obtain metadata").withCause(th));
                    } else {
                        metadataApplier.fail(Status.UNAUTHENTICATED.withDescription("Failed computing credential metadata").withCause(th));
                    }
                }

                @Override // com.google.auth.RequestMetadataCallback
                public void onSuccess(Map<String, List<String>> map) {
                    Metadata metadata;
                    try {
                        synchronized (GoogleAuthLibraryCallCredentials.this) {
                            try {
                                if (GoogleAuthLibraryCallCredentials.this.lastMetadata != null) {
                                    if (GoogleAuthLibraryCallCredentials.this.lastMetadata != map) {
                                    }
                                    metadata = GoogleAuthLibraryCallCredentials.this.lastHeaders;
                                }
                                GoogleAuthLibraryCallCredentials.this.lastHeaders = GoogleAuthLibraryCallCredentials.toHeaders(map);
                                GoogleAuthLibraryCallCredentials.this.lastMetadata = map;
                                metadata = GoogleAuthLibraryCallCredentials.this.lastHeaders;
                            } catch (Throwable th) {
                                throw th;
                            }
                        }
                        metadataApplier.apply(metadata);
                    } catch (Throwable th2) {
                        metadataApplier.fail(Status.UNAUTHENTICATED.withDescription("Failed to convert credential metadata").withCause(th2));
                    }
                }
            });
        } catch (StatusException e7) {
            metadataApplier.fail(e7.getStatus());
        }
    }

    @Override // io.grpc.InternalMayRequireSpecificExecutor
    public boolean isSpecificExecutorRequired() {
        return this.requiresSpecificExecutor;
    }
}
