package com.google.api.client.googleapis.auth.oauth2;

import com.google.api.client.auth.oauth2.d;
import com.google.api.client.auth.oauth2.i;
import com.google.api.client.googleapis.auth.oauth2.d;
import com.google.api.client.http.h;
import com.google.api.client.http.m;
import com.google.api.client.http.s;
import com.google.api.client.http.x;
import com.google.api.client.util.B;
import com.google.api.client.util.C;
import com.google.api.client.util.D;
import com.google.api.client.util.InterfaceC1153h;
import com.google.api.client.util.q;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Collections;
import u1.AbstractC2930a;
import x3.b;
import x3.c;

/* loaded from: classes2.dex */
public class e extends com.google.api.client.auth.oauth2.d {
    static final String SERVICE_ACCOUNT_FILE_TYPE = "service_account";
    static final String USER_FILE_TYPE = "authorized_user";
    private static c defaultCredentialProvider = new c();
    private String serviceAccountId;
    private PrivateKey serviceAccountPrivateKey;
    private String serviceAccountPrivateKeyId;
    private String serviceAccountProjectId;
    private Collection<String> serviceAccountScopes;
    private String serviceAccountUser;

    /* loaded from: classes2.dex */
    public static class a extends d.a {
        String serviceAccountId;
        PrivateKey serviceAccountPrivateKey;
        String serviceAccountPrivateKeyId;
        String serviceAccountProjectId;
        Collection<String> serviceAccountScopes;
        String serviceAccountUser;

        public a() {
            super(com.google.api.client.auth.oauth2.a.authorizationHeaderAccessMethod());
            setTokenServerEncodedUrl("https://oauth2.googleapis.com/token");
        }

        @Override // com.google.api.client.auth.oauth2.d.a
        public a addRefreshListener(com.google.api.client.auth.oauth2.e eVar) {
            return (a) super.addRefreshListener(eVar);
        }

        @Override // com.google.api.client.auth.oauth2.d.a
        public e build() {
            return new e(this);
        }

        public final String getServiceAccountId() {
            return this.serviceAccountId;
        }

        public final PrivateKey getServiceAccountPrivateKey() {
            return this.serviceAccountPrivateKey;
        }

        public final String getServiceAccountPrivateKeyId() {
            return this.serviceAccountPrivateKeyId;
        }

        public final String getServiceAccountProjectId() {
            return this.serviceAccountProjectId;
        }

        public final Collection<String> getServiceAccountScopes() {
            return this.serviceAccountScopes;
        }

        public final String getServiceAccountUser() {
            return this.serviceAccountUser;
        }

        @Override // com.google.api.client.auth.oauth2.d.a
        public a setClientAuthentication(m mVar) {
            return (a) super.setClientAuthentication(mVar);
        }

        public a setClientSecrets(d dVar) {
            d.a details = dVar.getDetails();
            setClientAuthentication((m) new com.google.api.client.auth.oauth2.b(details.getClientId(), details.getClientSecret()));
            return this;
        }

        public a setClientSecrets(String str, String str2) {
            setClientAuthentication((m) new com.google.api.client.auth.oauth2.b(str, str2));
            return this;
        }

        @Override // com.google.api.client.auth.oauth2.d.a
        public a setClock(InterfaceC1153h interfaceC1153h) {
            return (a) super.setClock(interfaceC1153h);
        }

        @Override // com.google.api.client.auth.oauth2.d.a
        public a setJsonFactory(com.google.api.client.json.c cVar) {
            return (a) super.setJsonFactory(cVar);
        }

        @Override // com.google.api.client.auth.oauth2.d.a
        public /* bridge */ /* synthetic */ d.a setRefreshListeners(Collection collection) {
            return setRefreshListeners((Collection<com.google.api.client.auth.oauth2.e>) collection);
        }

        @Override // com.google.api.client.auth.oauth2.d.a
        public a setRefreshListeners(Collection<com.google.api.client.auth.oauth2.e> collection) {
            return (a) super.setRefreshListeners(collection);
        }

        @Override // com.google.api.client.auth.oauth2.d.a
        public a setRequestInitializer(s sVar) {
            return (a) super.setRequestInitializer(sVar);
        }

        public a setServiceAccountId(String str) {
            this.serviceAccountId = str;
            return this;
        }

        public a setServiceAccountPrivateKey(PrivateKey privateKey) {
            this.serviceAccountPrivateKey = privateKey;
            return this;
        }

        public a setServiceAccountPrivateKeyFromP12File(File file) throws GeneralSecurityException, IOException {
            setServiceAccountPrivateKeyFromP12File(new FileInputStream(file));
            return this;
        }

        public a setServiceAccountPrivateKeyFromP12File(InputStream inputStream) throws GeneralSecurityException, IOException {
            this.serviceAccountPrivateKey = D.loadPrivateKeyFromKeyStore(D.getPkcs12KeyStore(), inputStream, "notasecret", "privatekey", "notasecret");
            return this;
        }

        public a setServiceAccountPrivateKeyFromPemFile(File file) throws GeneralSecurityException, IOException {
            this.serviceAccountPrivateKey = D.getRsaKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(B.readFirstSectionAndClose(new FileReader(file), "PRIVATE KEY").getBase64DecodedBytes()));
            return this;
        }

        public a setServiceAccountPrivateKeyId(String str) {
            this.serviceAccountPrivateKeyId = str;
            return this;
        }

        public a setServiceAccountProjectId(String str) {
            this.serviceAccountProjectId = str;
            return this;
        }

        public a setServiceAccountScopes(Collection<String> collection) {
            this.serviceAccountScopes = collection;
            return this;
        }

        public a setServiceAccountUser(String str) {
            this.serviceAccountUser = str;
            return this;
        }

        @Override // com.google.api.client.auth.oauth2.d.a
        public a setTokenServerEncodedUrl(String str) {
            return (a) super.setTokenServerEncodedUrl(str);
        }

        @Override // com.google.api.client.auth.oauth2.d.a
        public a setTokenServerUrl(h hVar) {
            return (a) super.setTokenServerUrl(hVar);
        }

        @Override // com.google.api.client.auth.oauth2.d.a
        public a setTransport(x xVar) {
            return (a) super.setTransport(xVar);
        }
    }

    public e() {
        this(new a());
    }

    public e(a aVar) {
        super(aVar);
        if (aVar.serviceAccountPrivateKey == null) {
            C.checkArgument(aVar.serviceAccountId == null && aVar.serviceAccountScopes == null && aVar.serviceAccountUser == null);
            return;
        }
        this.serviceAccountId = (String) C.checkNotNull(aVar.serviceAccountId);
        this.serviceAccountProjectId = aVar.serviceAccountProjectId;
        Collection<String> collection = aVar.serviceAccountScopes;
        this.serviceAccountScopes = collection == null ? Collections.emptyList() : Collections.unmodifiableCollection(collection);
        this.serviceAccountPrivateKey = aVar.serviceAccountPrivateKey;
        this.serviceAccountPrivateKeyId = aVar.serviceAccountPrivateKeyId;
        this.serviceAccountUser = aVar.serviceAccountUser;
    }

    public static e fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, com.google.api.client.googleapis.util.a.getDefaultTransport(), com.google.api.client.googleapis.util.a.getDefaultJsonFactory());
    }

    public static e fromStream(InputStream inputStream, x xVar, com.google.api.client.json.c cVar) throws IOException {
        C.checkNotNull(inputStream);
        C.checkNotNull(xVar);
        C.checkNotNull(cVar);
        com.google.api.client.json.b bVar = (com.google.api.client.json.b) new com.google.api.client.json.e(cVar).parseAndClose(inputStream, f.UTF_8, com.google.api.client.json.b.class);
        String str = (String) bVar.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if (USER_FILE_TYPE.equals(str)) {
            return fromStreamUser(bVar, xVar, cVar);
        }
        if (SERVICE_ACCOUNT_FILE_TYPE.equals(str)) {
            return fromStreamServiceAccount(bVar, xVar, cVar);
        }
        throw new IOException(AbstractC2930a.l("Error reading credentials from stream, 'type' value '", str, "' not recognized. Expecting 'authorized_user' or 'service_account'."));
    }

    private static e fromStreamServiceAccount(com.google.api.client.json.b bVar, x xVar, com.google.api.client.json.c cVar) throws IOException {
        String str = (String) bVar.get("client_id");
        String str2 = (String) bVar.get("client_email");
        String str3 = (String) bVar.get("private_key");
        String str4 = (String) bVar.get("private_key_id");
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from stream, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        a serviceAccountPrivateKeyId = new a().setTransport(xVar).setJsonFactory(cVar).setServiceAccountId(str2).setServiceAccountScopes(Collections.emptyList()).setServiceAccountPrivateKey(privateKeyFromPkcs8(str3)).setServiceAccountPrivateKeyId(str4);
        String str5 = (String) bVar.get("token_uri");
        if (str5 != null) {
            serviceAccountPrivateKeyId.setTokenServerEncodedUrl(str5);
        }
        String str6 = (String) bVar.get("project_id");
        if (str6 != null) {
            serviceAccountPrivateKeyId.setServiceAccountProjectId(str6);
        }
        return serviceAccountPrivateKeyId.build();
    }

    private static e fromStreamUser(com.google.api.client.json.b bVar, x xVar, com.google.api.client.json.c cVar) throws IOException {
        String str = (String) bVar.get("client_id");
        String str2 = (String) bVar.get("client_secret");
        String str3 = (String) bVar.get("refresh_token");
        if (str == null || str2 == null || str3 == null) {
            throw new IOException("Error reading user credential from stream,  expecting 'client_id', 'client_secret' and 'refresh_token'.");
        }
        e build = new a().setClientSecrets(str, str2).setTransport(xVar).setJsonFactory(cVar).build();
        build.setRefreshToken(str3);
        build.refreshToken();
        return build;
    }

    public static e getApplicationDefault() throws IOException {
        return getApplicationDefault(com.google.api.client.googleapis.util.a.getDefaultTransport(), com.google.api.client.googleapis.util.a.getDefaultJsonFactory());
    }

    public static e getApplicationDefault(x xVar, com.google.api.client.json.c cVar) throws IOException {
        C.checkNotNull(xVar);
        C.checkNotNull(cVar);
        return defaultCredentialProvider.getDefaultCredential(xVar, cVar);
    }

    private static PrivateKey privateKeyFromPkcs8(String str) throws IOException {
        B.a readFirstSectionAndClose = B.readFirstSectionAndClose(new StringReader(str), "PRIVATE KEY");
        if (readFirstSectionAndClose == null) {
            throw new IOException("Invalid PKCS8 data.");
        }
        try {
            return D.getRsaKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(readFirstSectionAndClose.getBase64DecodedBytes()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e10) {
            throw ((IOException) f.exceptionWithCause(new IOException("Unexpected exception reading PKCS data"), e10));
        }
    }

    public e createDelegated(String str) {
        return this.serviceAccountPrivateKey == null ? this : toBuilder().setServiceAccountUser(str).build();
    }

    public e createScoped(Collection<String> collection) {
        return this.serviceAccountPrivateKey == null ? this : toBuilder().setServiceAccountScopes(collection).build();
    }

    public boolean createScopedRequired() {
        if (this.serviceAccountPrivateKey == null) {
            return false;
        }
        Collection<String> collection = this.serviceAccountScopes;
        return collection == null || collection.isEmpty();
    }

    @Override // com.google.api.client.auth.oauth2.d
    public i executeRefreshToken() throws IOException {
        if (this.serviceAccountPrivateKey == null) {
            return super.executeRefreshToken();
        }
        b.a aVar = new b.a();
        aVar.setAlgorithm("RS256");
        aVar.setType("JWT");
        aVar.setKeyId(this.serviceAccountPrivateKeyId);
        c.b bVar = new c.b();
        long currentTimeMillis = getClock().currentTimeMillis();
        bVar.setIssuer(this.serviceAccountId);
        bVar.setAudience(getTokenServerEncodedUrl());
        long j10 = currentTimeMillis / 1000;
        bVar.setIssuedAtTimeSeconds(Long.valueOf(j10));
        bVar.setExpirationTimeSeconds(Long.valueOf(j10 + 3600));
        bVar.setSubject(this.serviceAccountUser);
        bVar.put("scope", (Object) q.on(' ').join(this.serviceAccountScopes));
        try {
            String signUsingRsaSha256 = x3.b.signUsingRsaSha256(this.serviceAccountPrivateKey, getJsonFactory(), aVar, bVar);
            com.google.api.client.auth.oauth2.h hVar = new com.google.api.client.auth.oauth2.h(getTransport(), getJsonFactory(), new h(getTokenServerEncodedUrl()), "urn:ietf:params:oauth:grant-type:jwt-bearer");
            hVar.put("assertion", (Object) signUsingRsaSha256);
            return hVar.execute();
        } catch (GeneralSecurityException e10) {
            IOException iOException = new IOException();
            iOException.initCause(e10);
            throw iOException;
        }
    }

    public final String getServiceAccountId() {
        return this.serviceAccountId;
    }

    public final PrivateKey getServiceAccountPrivateKey() {
        return this.serviceAccountPrivateKey;
    }

    public final String getServiceAccountPrivateKeyId() {
        return this.serviceAccountPrivateKeyId;
    }

    public final String getServiceAccountProjectId() {
        return this.serviceAccountProjectId;
    }

    public final Collection<String> getServiceAccountScopes() {
        return this.serviceAccountScopes;
    }

    public final String getServiceAccountScopesAsString() {
        if (this.serviceAccountScopes == null) {
            return null;
        }
        return q.on(' ').join(this.serviceAccountScopes);
    }

    public final String getServiceAccountUser() {
        return this.serviceAccountUser;
    }

    @Override // com.google.api.client.auth.oauth2.d
    public e setAccessToken(String str) {
        return (e) super.setAccessToken(str);
    }

    @Override // com.google.api.client.auth.oauth2.d
    public e setExpirationTimeMilliseconds(Long l10) {
        return (e) super.setExpirationTimeMilliseconds(l10);
    }

    @Override // com.google.api.client.auth.oauth2.d
    public e setExpiresInSeconds(Long l10) {
        return (e) super.setExpiresInSeconds(l10);
    }

    @Override // com.google.api.client.auth.oauth2.d
    public e setFromTokenResponse(i iVar) {
        return (e) super.setFromTokenResponse(iVar);
    }

    @Override // com.google.api.client.auth.oauth2.d
    public e setRefreshToken(String str) {
        if (str != null) {
            C.checkArgument((getJsonFactory() == null || getTransport() == null || getClientAuthentication() == null) ? false : true, "Please use the Builder and call setJsonFactory, setTransport and setClientSecrets");
        }
        return (e) super.setRefreshToken(str);
    }

    public a toBuilder() {
        a clock = new a().setServiceAccountPrivateKey(this.serviceAccountPrivateKey).setServiceAccountPrivateKeyId(this.serviceAccountPrivateKeyId).setServiceAccountId(this.serviceAccountId).setServiceAccountProjectId(this.serviceAccountProjectId).setServiceAccountUser(this.serviceAccountUser).setServiceAccountScopes(this.serviceAccountScopes).setTokenServerEncodedUrl(getTokenServerEncodedUrl()).setTransport(getTransport()).setJsonFactory(getJsonFactory()).setClock(getClock());
        clock.setClientAuthentication(getClientAuthentication());
        return clock;
    }
}
