package com.google.auth.oauth2;

import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.webtoken.JsonWebSignature$Header;
import com.google.api.client.json.webtoken.JsonWebToken$Payload;
import eo.AbstractC9851w0;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Date;
import java.util.Map;
import java.util.Objects;

/* loaded from: classes8.dex */
public class GdchCredentials extends GoogleCredentials {
    static final String SUPPORTED_FORMAT_VERSION = "1";
    private final URI apiAudience;
    private final String caCertPath;

    /* renamed from: d, reason: collision with root package name */
    public transient J7.b f46960d;
    private final int lifetime;
    private final PrivateKey privateKey;
    private final String privateKeyId;
    private final String projectId;
    private final String serviceIdentityName;
    private final URI tokenServerUri;
    private final String transportFactoryClassName;

    public GdchCredentials(s sVar) {
        String str = sVar.f47053e;
        str.getClass();
        this.projectId = str;
        String str2 = sVar.f47054f;
        str2.getClass();
        this.privateKeyId = str2;
        PrivateKey privateKey = sVar.f47055g;
        privateKey.getClass();
        this.privateKey = privateKey;
        String str3 = sVar.f47056h;
        str3.getClass();
        this.serviceIdentityName = str3;
        URI uri = sVar.f47057i;
        uri.getClass();
        this.tokenServerUri = uri;
        J7.b bVar = sVar.f47058k;
        bVar.getClass();
        this.f46960d = bVar;
        this.transportFactoryClassName = bVar.getClass().getName();
        this.caCertPath = sVar.f47059l;
        this.apiAudience = sVar.j;
        this.lifetime = sVar.f47060m;
    }

    public static void e(String str, String str2) {
        if (str == null || str.isEmpty()) {
            throw new IOException(Ef.a.t("Error reading GDCH service account credential from JSON, ", str2, " is misconfigured."));
        }
    }

    /* JADX WARN: Type inference failed for: r1v0, types: [J7.b, java.lang.Object, com.google.auth.oauth2.t] */
    public static GdchCredentials fromJson(Map<String, Object> map) {
        String str = (String) map.get("ca_cert_path");
        ?? obj = new Object();
        if (str == null || str.isEmpty()) {
            obj.f47061a = new B7.d();
        } else {
            try {
                InputStream readStream = readStream(new File(str));
                Z3.d dVar = new Z3.d(2);
                dVar.H(readStream);
                obj.f47061a = dVar.q();
            } catch (IOException e10) {
                throw new IOException(AbstractC9851w0.e("Error reading certificate file from CA cert path, value '", str, "': ", e10.getMessage()), e10);
            } catch (GeneralSecurityException e11) {
                throw new IOException("Error initiating transport with certificate stream.", e11);
            }
        }
        return fromJson(map, obj);
    }

    public static GdchCredentials fromJson(Map<String, Object> map, J7.b bVar) {
        String str = (String) map.get("format_version");
        e(str, "format_version");
        String str2 = (String) map.get("project");
        e(str2, "project");
        String str3 = (String) map.get("private_key_id");
        e(str3, "private_key_id");
        String str4 = (String) map.get("private_key");
        e(str4, "private_key");
        String str5 = (String) map.get("name");
        e(str5, "name");
        String str6 = (String) map.get("token_uri");
        e(str6, "token_uri");
        String str7 = (String) map.get("ca_cert_path");
        if (!SUPPORTED_FORMAT_VERSION.equals(str)) {
            throw new IOException("Only format version 1 is supported.");
        }
        try {
            URI uri = new URI(str6);
            s newBuilder = newBuilder();
            newBuilder.f47053e = str2;
            newBuilder.f47054f = str3;
            newBuilder.f47057i = uri;
            newBuilder.f47056h = str5;
            newBuilder.f47059l = str7;
            newBuilder.f47058k = bVar;
            return fromPkcs8(str4, newBuilder);
        } catch (URISyntaxException unused) {
            throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
        }
    }

    public static GdchCredentials fromPkcs8(String str, s sVar) {
        sVar.f47055g = J.a(str);
        return new GdchCredentials(sVar);
    }

    public static String getIssuerSubjectValue(String str, String str2) {
        return AbstractC9851w0.e("system:serviceaccount:", str, ":", str2);
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.google.auth.oauth2.C, com.google.auth.oauth2.s] */
    public static s newBuilder() {
        ?? c10 = new C();
        c10.f47060m = 3600;
        return c10;
    }

    private void readObject(ObjectInputStream objectInputStream) {
        objectInputStream.defaultReadObject();
        this.f46960d = (J7.b) OAuth2Credentials.newInstance(this.transportFactoryClassName);
    }

    public static InputStream readStream(File file) {
        return new FileInputStream(file);
    }

    public String createAssertion(D7.b bVar, long j, URI uri) {
        JsonWebSignature$Header jsonWebSignature$Header = new JsonWebSignature$Header();
        jsonWebSignature$Header.setAlgorithm("RS256");
        jsonWebSignature$Header.setType("JWT");
        jsonWebSignature$Header.setKeyId(this.privateKeyId);
        JsonWebToken$Payload jsonWebToken$Payload = new JsonWebToken$Payload();
        jsonWebToken$Payload.setIssuer(getIssuerSubjectValue(this.projectId, this.serviceIdentityName));
        jsonWebToken$Payload.setSubject(getIssuerSubjectValue(this.projectId, this.serviceIdentityName));
        long j10 = j / 1000;
        jsonWebToken$Payload.setIssuedAtTimeSeconds(Long.valueOf(j10));
        jsonWebToken$Payload.setExpirationTimeSeconds(Long.valueOf(j10 + this.lifetime));
        jsonWebToken$Payload.setAudience(getTokenServerUri().toString());
        try {
            jsonWebToken$Payload.set("api_audience", (Object) uri.toString());
            return F7.a.a(this.privateKey, bVar, jsonWebSignature$Header, jsonWebToken$Payload);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    public GdchCredentials createWithGdchAudience(URI uri) {
        com.google.common.base.u.i(uri, "Audience are not configured for GDCH service account credentials.");
        s builder = toBuilder();
        builder.j = uri;
        return new GdchCredentials(builder);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof GdchCredentials)) {
            return false;
        }
        GdchCredentials gdchCredentials = (GdchCredentials) obj;
        return Objects.equals(this.projectId, gdchCredentials.projectId) && Objects.equals(this.privateKeyId, gdchCredentials.privateKeyId) && Objects.equals(this.privateKey, gdchCredentials.privateKey) && Objects.equals(this.serviceIdentityName, gdchCredentials.serviceIdentityName) && Objects.equals(this.tokenServerUri, gdchCredentials.tokenServerUri) && Objects.equals(this.transportFactoryClassName, gdchCredentials.transportFactoryClassName) && Objects.equals(this.apiAudience, gdchCredentials.apiAudience) && Objects.equals(this.caCertPath, gdchCredentials.caCertPath) && Integer.valueOf(this.lifetime).equals(Integer.valueOf(gdchCredentials.lifetime));
    }

    public final URI getApiAudience() {
        return this.apiAudience;
    }

    public final String getCaCertPath() {
        return this.caCertPath;
    }

    public final PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public final String getPrivateKeyId() {
        return this.privateKeyId;
    }

    public final String getProjectId() {
        return this.projectId;
    }

    public final String getServiceIdentityName() {
        return this.serviceIdentityName;
    }

    public final URI getTokenServerUri() {
        return this.tokenServerUri;
    }

    public final J7.b getTransportFactory() {
        return this.f46960d;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.projectId, this.privateKeyId, this.privateKey, this.serviceIdentityName, this.tokenServerUri, this.transportFactoryClassName, this.apiAudience, this.caCertPath, Integer.valueOf(this.lifetime));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() {
        com.google.common.base.u.i(this.apiAudience, "Audience are not configured for GDCH service account. Specify the audience by calling createWithGDCHAudience.");
        E7.b bVar = J.f46970d;
        ((com.google.api.client.util.x) this.clock).getClass();
        String createAssertion = createAssertion(bVar, System.currentTimeMillis(), getApiAudience());
        com.google.api.client.util.s sVar = new com.google.api.client.util.s();
        sVar.set("grant_type", "urn:ietf:params:oauth:token-type:token-exchange");
        sVar.set("assertion", createAssertion);
        A7.q h5 = this.f46960d.b().a().h("POST", new A7.h(this.tokenServerUri), new A7.y(sVar));
        h5.f263q = new Z3.b(bVar);
        try {
            com.google.api.client.util.s sVar2 = (com.google.api.client.util.s) h5.b().e(com.google.api.client.util.s.class);
            String e10 = J.e("access_token", "Error parsing token refresh response. ", sVar2);
            int b3 = J.b(sVar2);
            ((com.google.api.client.util.x) this.clock).getClass();
            return new AccessToken(e10, new Date((b3 * 1000) + System.currentTimeMillis()));
        } catch (HttpResponseException e11) {
            throw GoogleAuthException.createWithTokenEndpointResponseException(e11, AbstractC9851w0.e("Error getting access token for GDCH service account: ", e11.getMessage(), ", iss: ", getServiceIdentityName()));
        } catch (IOException e12) {
            throw GoogleAuthException.createWithTokenEndpointIOException(e12, AbstractC9851w0.e("Error getting access token for GDCH service account: ", e12.getMessage(), ", iss: ", getServiceIdentityName()));
        }
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.google.auth.oauth2.C, com.google.auth.oauth2.s] */
    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public s toBuilder() {
        ?? c10 = new C();
        c10.f47060m = 3600;
        c10.f47053e = this.projectId;
        c10.f47054f = this.privateKeyId;
        c10.f47055g = this.privateKey;
        c10.f47056h = this.serviceIdentityName;
        c10.f47057i = this.tokenServerUri;
        c10.f47058k = this.f46960d;
        c10.f47059l = this.caCertPath;
        c10.f47060m = this.lifetime;
        return c10;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        B2.n x10 = com.google.common.base.u.x(this);
        x10.d(this.projectId, "projectId");
        x10.d(this.privateKeyId, "privateKeyId");
        x10.d(this.serviceIdentityName, "serviceIdentityName");
        x10.d(this.tokenServerUri, "tokenServerUri");
        x10.d(this.transportFactoryClassName, "transportFactoryClassName");
        x10.d(this.caCertPath, "caCertPath");
        x10.d(this.apiAudience, "apiAudience");
        x10.b(this.lifetime, "lifetime");
        return x10.toString();
    }
}
