package com.google.auth.oauth2;

import com.box.androidsdk.content.requests.BoxRequestsMetadata$UpdateItemMetadata;
import com.google.api.client.json.GenericJson;
import com.google.auth.oauth2.ExternalAccountCredentials;
import com.google.auth.oauth2.p;
import com.microsoft.identity.common.java.telemetry.observers.qsO.kjgiR;
import j$.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import tt.E7;
import tt.InterfaceC3903zF;

/* loaded from: classes3.dex */
public class AwsCredentials extends ExternalAccountCredentials {
    static final String AWS_METRICS_HEADER_VALUE = "aws";
    static final String DEFAULT_REGIONAL_CREDENTIAL_VERIFICATION_URL = "https://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15";
    private static final long serialVersionUID = -3670131891574618105L;
    private final AwsSecurityCredentialsSupplier awsSecurityCredentialsSupplier;
    private final String metricsHeaderValue;
    private final String regionalCredentialVerificationUrl;
    private final String regionalCredentialVerificationUrlOverride;
    private final ExternalAccountSupplierContext supplierContext;

    /* loaded from: classes2.dex */
    public static class a extends ExternalAccountCredentials.b {
        private AwsSecurityCredentialsSupplier t;
        private String u;

        a() {
        }

        a(AwsCredentials awsCredentials) {
            super(awsCredentials);
            if (this.j == null) {
                this.t = awsCredentials.awsSecurityCredentialsSupplier;
            }
            this.u = awsCredentials.regionalCredentialVerificationUrlOverride;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: D, reason: merged with bridge method [inline-methods] */
        public AwsCredentials h() {
            return new AwsCredentials(this);
        }

        public a E(String str) {
            super.n(str);
            return this;
        }

        public a F(String str) {
            super.o(str);
            return this;
        }

        public a G(String str) {
            super.p(str);
            return this;
        }

        public a H(AwsCredentialSource awsCredentialSource) {
            super.q(awsCredentialSource);
            return this;
        }

        public a I(InterfaceC3903zF interfaceC3903zF) {
            super.r(interfaceC3903zF);
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: J, reason: merged with bridge method [inline-methods] */
        public a l(String str) {
            super.s(str);
            return this;
        }

        public a K(Collection collection) {
            super.t(collection);
            return this;
        }

        public a L(Map map) {
            super.u(map);
            return this;
        }

        public a M(String str) {
            super.v(str);
            return this;
        }

        public a N(String str) {
            super.w(str);
            return this;
        }

        public a O(String str) {
            super.x(str);
            return this;
        }

        public a P(String str) {
            super.y(str);
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: Q, reason: merged with bridge method [inline-methods] */
        public a m(String str) {
            super.z(str);
            return this;
        }
    }

    AwsCredentials(a aVar) {
        super(aVar);
        this.supplierContext = ExternalAccountSupplierContext.newBuilder().b(getAudience()).c(getSubjectTokenType()).a();
        if (aVar.t != null && aVar.j != null) {
            throw new IllegalArgumentException("AwsCredentials cannot have both an awsSecurityCredentialsSupplier and a credentialSource.");
        }
        if (aVar.t == null && aVar.j == null) {
            throw new IllegalArgumentException("An awsSecurityCredentialsSupplier or a credentialSource must be provided.");
        }
        AwsCredentialSource awsCredentialSource = (AwsCredentialSource) aVar.j;
        String str = aVar.u;
        this.regionalCredentialVerificationUrlOverride = str;
        if (str != null) {
            this.regionalCredentialVerificationUrl = str;
        } else if (awsCredentialSource != null) {
            this.regionalCredentialVerificationUrl = awsCredentialSource.regionalCredentialVerificationUrl;
        } else {
            this.regionalCredentialVerificationUrl = DEFAULT_REGIONAL_CREDENTIAL_VERIFICATION_URL;
        }
        if (aVar.t != null) {
            this.awsSecurityCredentialsSupplier = aVar.t;
            this.metricsHeaderValue = "programmatic";
        } else {
            this.awsSecurityCredentialsSupplier = new InternalAwsSecurityCredentialsSupplier(awsCredentialSource, getEnvironmentProvider(), this.transportFactory);
            this.metricsHeaderValue = AWS_METRICS_HEADER_VALUE;
        }
    }

    private String buildSubjectToken(c cVar) {
        Map b = cVar.b();
        ArrayList arrayList = new ArrayList();
        for (String str : b.keySet()) {
            arrayList.add(formatTokenHeaderForSts(str, (String) b.get(str)));
        }
        arrayList.add(formatTokenHeaderForSts("Authorization", cVar.a()));
        arrayList.add(formatTokenHeaderForSts("x-goog-cloud-target-resource", getAudience()));
        GenericJson genericJson = new GenericJson();
        genericJson.setFactory(l.f);
        genericJson.put("headers", (Object) arrayList);
        genericJson.put(kjgiR.YDMprWwsz, (Object) cVar.c());
        genericJson.put("url", (Object) this.regionalCredentialVerificationUrl.replace("{region}", cVar.d()));
        return URLEncoder.encode(genericJson.toString(), "UTF-8");
    }

    private static GenericJson formatTokenHeaderForSts(String str, String str2) {
        GenericJson genericJson = new GenericJson();
        genericJson.setFactory(l.f);
        genericJson.put("key", (Object) str);
        genericJson.put(BoxRequestsMetadata$UpdateItemMetadata.BoxMetadataUpdateTask.VALUE, (Object) str2);
        return genericJson;
    }

    public static a newBuilder() {
        return new a();
    }

    public static a newBuilder(AwsCredentials awsCredentials) {
        return new a(awsCredentials);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection) {
        return new AwsCredentials(newBuilder(this).K(collection));
    }

    AwsSecurityCredentialsSupplier getAwsSecurityCredentialsSupplier() {
        return this.awsSecurityCredentialsSupplier;
    }

    @Override // com.google.auth.oauth2.ExternalAccountCredentials
    String getCredentialSourceType() {
        return this.metricsHeaderValue;
    }

    String getEnv(String str) {
        return System.getenv(str);
    }

    String getRegionalCredentialVerificationUrl() {
        return this.regionalCredentialVerificationUrl;
    }

    public String getRegionalCredentialVerificationUrlOverride() {
        return this.regionalCredentialVerificationUrlOverride;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() {
        p.b b = p.n(retrieveSubjectToken(), getSubjectTokenType()).b(getAudience());
        Collection<String> scopes = getScopes();
        if (scopes != null && !scopes.isEmpty()) {
            b.d(new ArrayList(scopes));
        }
        return exchangeExternalCredentialForAccessToken(b.a());
    }

    @Override // com.google.auth.oauth2.ExternalAccountCredentials
    public String retrieveSubjectToken() {
        String region = this.awsSecurityCredentialsSupplier.getRegion(this.supplierContext);
        E7 credentials = this.awsSecurityCredentialsSupplier.getCredentials(this.supplierContext);
        HashMap hashMap = new HashMap();
        hashMap.put("x-goog-cloud-target-resource", getAudience());
        return buildSubjectToken(d.g(credentials, "POST", this.regionalCredentialVerificationUrl.replace("{region}", region), region).b(hashMap).a().h());
    }
}
