package com.google.auth.oauth2;

import com.google.api.client.util.GenericData;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.common.collect.ImmutableMap;
import com.hierynomus.smbj.common.PQ.QCNvLH;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import tt.AbstractC1991h20;
import tt.C1806fF;
import tt.C3908zJ;
import tt.CJ;
import tt.InterfaceC3903zF;

/* loaded from: classes2.dex */
public class ImpersonatedCredentials extends GoogleCredentials implements IdTokenProvider {
    private static final String CLOUD_PLATFORM_SCOPE = "https://www.googleapis.com/auth/cloud-platform";
    private static final int DEFAULT_LIFETIME_IN_SECONDS = 3600;
    private static final String IAM_ACCESS_TOKEN_ENDPOINT = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:generateAccessToken";
    static final String IMPERSONATED_CREDENTIALS_FILE_TYPE = "impersonated_service_account";
    private static final String RFC3339 = "yyyy-MM-dd'T'HH:mm:ssX";
    private static final int TWELVE_HOURS_IN_SECONDS = 43200;
    private static final long serialVersionUID = -2133257318957488431L;
    private transient Calendar calendar;
    private List<String> delegates;
    private String iamEndpointOverride;
    private int lifetime;
    private List<String> scopes;
    private GoogleCredentials sourceCredentials;
    private String targetPrincipal;
    private transient InterfaceC3903zF transportFactory;
    private final String transportFactoryClassName;

    /* loaded from: classes.dex */
    public static class b extends GoogleCredentials.a {
        private GoogleCredentials f;
        private String g;
        private List h;
        private List i;
        private InterfaceC3903zF k;
        private String l;
        private int j = 3600;
        private Calendar m = Calendar.getInstance();

        protected b() {
        }

        protected b(GoogleCredentials googleCredentials, String str) {
            this.f = googleCredentials;
            this.g = str;
        }

        public b A(int i) {
            if (i == 0) {
                i = 3600;
            }
            this.j = i;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: B, reason: merged with bridge method [inline-methods] */
        public b l(String str) {
            super.l(str);
            return this;
        }

        public b C(List list) {
            this.i = list;
            return this;
        }

        public b D(GoogleCredentials googleCredentials) {
            this.f = googleCredentials;
            return this;
        }

        public b E(String str) {
            this.g = str;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: o, reason: merged with bridge method [inline-methods] */
        public ImpersonatedCredentials h() {
            return new ImpersonatedCredentials(this);
        }

        public Calendar p() {
            return this.m;
        }

        public List q() {
            return this.h;
        }

        public InterfaceC3903zF r() {
            return this.k;
        }

        public int s() {
            return this.j;
        }

        public List t() {
            return this.i;
        }

        public GoogleCredentials u() {
            return this.f;
        }

        public String v() {
            return this.g;
        }

        public b w(Calendar calendar) {
            this.m = calendar;
            return this;
        }

        public b x(List list) {
            this.h = list;
            return this;
        }

        public b y(InterfaceC3903zF interfaceC3903zF) {
            this.k = interfaceC3903zF;
            return this;
        }

        public b z(String str) {
            this.l = str;
            return this;
        }
    }

    private ImpersonatedCredentials(b bVar) {
        super(bVar);
        this.sourceCredentials = bVar.u();
        this.targetPrincipal = bVar.v();
        this.delegates = bVar.q();
        this.scopes = bVar.t();
        this.lifetime = bVar.s();
        this.transportFactory = (InterfaceC3903zF) com.google.common.base.d.a(bVar.r(), OAuth2Credentials.getFromServiceLoader(InterfaceC3903zF.class, l.e));
        this.iamEndpointOverride = bVar.l;
        this.transportFactoryClassName = this.transportFactory.getClass().getName();
        this.calendar = bVar.p();
        if (this.delegates == null) {
            this.delegates = new ArrayList();
        }
        if (this.scopes == null) {
            throw new IllegalStateException("Scopes cannot be null");
        }
        if (this.lifetime > TWELVE_HOURS_IN_SECONDS) {
            throw new IllegalStateException("lifetime must be less than or equal to 43200");
        }
    }

    public static ImpersonatedCredentials create(GoogleCredentials googleCredentials, String str, List<String> list, List<String> list2, int i) {
        return newBuilder().D(googleCredentials).E(str).x(list).C(list2).A(i).h();
    }

    public static ImpersonatedCredentials create(GoogleCredentials googleCredentials, String str, List<String> list, List<String> list2, int i, InterfaceC3903zF interfaceC3903zF) {
        return newBuilder().D(googleCredentials).E(str).x(list).C(list2).A(i).y(interfaceC3903zF).h();
    }

    public static ImpersonatedCredentials create(GoogleCredentials googleCredentials, String str, List<String> list, List<String> list2, int i, InterfaceC3903zF interfaceC3903zF, String str2) {
        return newBuilder().D(googleCredentials).E(str).x(list).C(list2).A(i).y(interfaceC3903zF).l(str2).h();
    }

    public static ImpersonatedCredentials create(GoogleCredentials googleCredentials, String str, List<String> list, List<String> list2, int i, InterfaceC3903zF interfaceC3903zF, String str2, String str3) {
        return newBuilder().D(googleCredentials).E(str).x(list).C(list2).A(i).y(interfaceC3903zF).l(str2).z(str3).h();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String extractTargetPrincipal(String str) {
        int lastIndexOf = str.lastIndexOf(47);
        int indexOf = str.indexOf(":generateAccessToken");
        if (lastIndexOf == -1 || indexOf == -1 || lastIndexOf >= indexOf) {
            throw new IllegalArgumentException("Unable to determine target principal from service account impersonation URL.");
        }
        return str.substring(lastIndexOf + 1, indexOf);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ImpersonatedCredentials fromJson(Map<String, Object> map, InterfaceC3903zF interfaceC3903zF) {
        GoogleCredentials fromJson;
        AbstractC1991h20.s(map);
        AbstractC1991h20.s(interfaceC3903zF);
        try {
            String str = (String) map.get("service_account_impersonation_url");
            List list = map.containsKey("delegates") ? (List) map.get("delegates") : null;
            Map map2 = (Map) map.get("source_credentials");
            String str2 = (String) map2.get("type");
            String str3 = (String) map.get("quota_project_id");
            String extractTargetPrincipal = extractTargetPrincipal(str);
            if ("authorized_user".equals(str2)) {
                fromJson = UserCredentials.fromJson(map2, interfaceC3903zF);
            } else {
                if (!"service_account".equals(str2)) {
                    throw new IOException(String.format(QCNvLH.gKSUsOkJaYLahO, str2));
                }
                fromJson = ServiceAccountCredentials.fromJson(map2, interfaceC3903zF);
            }
            return newBuilder().D(fromJson).E(extractTargetPrincipal).x(list).C(new ArrayList()).A(3600).y(interfaceC3903zF).l(str3).z(str).h();
        } catch (ClassCastException e) {
            e = e;
            throw new CredentialFormatException("An invalid input stream was provided.", e);
        } catch (IllegalArgumentException e2) {
            e = e2;
            throw new CredentialFormatException("An invalid input stream was provided.", e);
        } catch (NullPointerException e3) {
            e = e3;
            throw new CredentialFormatException("An invalid input stream was provided.", e);
        }
    }

    public static b newBuilder() {
        return new b();
    }

    private void readObject(ObjectInputStream objectInputStream) {
        objectInputStream.defaultReadObject();
        this.transportFactory = (InterfaceC3903zF) OAuth2Credentials.newInstance(this.transportFactoryClassName);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection) {
        return toBuilder().C(new ArrayList(collection)).A(this.lifetime).x(this.delegates).y(this.transportFactory).l(this.quotaProjectId).z(this.iamEndpointOverride).h();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public boolean createScopedRequired() {
        List<String> list = this.scopes;
        return list == null || list.isEmpty();
    }

    public ImpersonatedCredentials createWithCustomCalendar(Calendar calendar) {
        return toBuilder().C(this.scopes).A(this.lifetime).x(this.delegates).y(this.transportFactory).l(this.quotaProjectId).z(this.iamEndpointOverride).w(calendar).h();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ImpersonatedCredentials)) {
            return false;
        }
        ImpersonatedCredentials impersonatedCredentials = (ImpersonatedCredentials) obj;
        return Objects.equals(this.sourceCredentials, impersonatedCredentials.sourceCredentials) && Objects.equals(this.targetPrincipal, impersonatedCredentials.targetPrincipal) && Objects.equals(this.delegates, impersonatedCredentials.delegates) && Objects.equals(this.scopes, impersonatedCredentials.scopes) && Integer.valueOf(this.lifetime).equals(Integer.valueOf(impersonatedCredentials.lifetime)) && Objects.equals(this.transportFactoryClassName, impersonatedCredentials.transportFactoryClassName) && Objects.equals(this.quotaProjectId, impersonatedCredentials.quotaProjectId) && Objects.equals(this.iamEndpointOverride, impersonatedCredentials.iamEndpointOverride);
    }

    public String getAccount() {
        return this.targetPrincipal;
    }

    List<String> getDelegates() {
        return this.delegates;
    }

    String getIamEndpointOverride() {
        return this.iamEndpointOverride;
    }

    int getLifetime() {
        return this.lifetime;
    }

    List<String> getScopes() {
        return this.scopes;
    }

    public GoogleCredentials getSourceCredentials() {
        return this.sourceCredentials;
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.sourceCredentials, this.targetPrincipal, this.delegates, this.scopes, Integer.valueOf(this.lifetime), this.quotaProjectId, this.iamEndpointOverride);
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken idTokenWithAudience(String str, List<IdTokenProvider.Option> list) {
        return j.a(getAccount(), this.sourceCredentials, this.transportFactory.create(), str, list != null && list.contains(IdTokenProvider.Option.INCLUDE_EMAIL), ImmutableMap.of("delegates", this.delegates));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() {
        if (this.sourceCredentials.getAccessToken() == null) {
            this.sourceCredentials = this.sourceCredentials.createScoped(Arrays.asList(CLOUD_PLATFORM_SCOPE));
        }
        try {
            this.sourceCredentials.refreshIfExpired();
            com.google.api.client.http.i create = this.transportFactory.create();
            CJ cj = new CJ(l.f);
            C1806fF c1806fF = new C1806fF(this.sourceCredentials);
            com.google.api.client.http.g c = create.c();
            String str = this.iamEndpointOverride;
            if (str == null) {
                str = String.format(IAM_ACCESS_TOKEN_ENDPOINT, this.targetPrincipal);
            }
            com.google.api.client.http.f b2 = c.b(new com.google.api.client.http.b(str), new C3908zJ(cj.b(), ImmutableMap.of("delegates", (String) this.delegates, "scope", (String) this.scopes, "lifetime", this.lifetime + "s")));
            c1806fF.c(b2);
            b2.A(cj);
            try {
                com.google.api.client.http.h b3 = b2.b();
                GenericData genericData = (GenericData) b3.m(GenericData.class);
                b3.a();
                String g = l.g(genericData, "accessToken", "Expected to find an accessToken");
                String g2 = l.g(genericData, "expireTime", "Expected to find an expireTime");
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat(RFC3339);
                simpleDateFormat.setCalendar(this.calendar);
                try {
                    return new AccessToken(g, simpleDateFormat.parse(g2));
                } catch (ParseException e) {
                    throw new IOException("Error parsing expireTime: " + e.getMessage());
                }
            } catch (IOException e2) {
                throw new IOException("Error requesting access token", e2);
            }
        } catch (IOException e3) {
            throw new IOException("Unable to refresh sourceCredentials", e3);
        }
    }

    public void setTransportFactory(InterfaceC3903zF interfaceC3903zF) {
        this.transportFactory = interfaceC3903zF;
    }

    public byte[] sign(byte[] bArr) {
        return j.c(getAccount(), this.sourceCredentials, this.transportFactory.create(), bArr, ImmutableMap.of("delegates", this.delegates));
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public b toBuilder() {
        return new b(this.sourceCredentials, this.targetPrincipal);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return com.google.common.base.d.b(this).d("sourceCredentials", this.sourceCredentials).d("targetPrincipal", this.targetPrincipal).d("delegates", this.delegates).d("scopes", this.scopes).b("lifetime", this.lifetime).d("transportFactoryClassName", this.transportFactoryClassName).d("quotaProjectId", this.quotaProjectId).d("iamEndpointOverride", this.iamEndpointOverride).toString();
    }
}
