package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpBackOffIOExceptionHandler;
import com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.Clock;
import com.google.api.client.util.ExponentialBackOff;
import com.google.api.client.util.GenericData;
import com.google.api.client.util.Joiner;
import com.google.api.client.util.Preconditions;
import com.google.auth.RequestMetadataCallback;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.auth.oauth2.JwtClaims;
import com.google.auth.oauth2.JwtCredentials;
import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Executor;
import org.apache.http.message.TokenParser;

/* loaded from: classes3.dex */
public class ServiceAccountCredentials extends GoogleCredentials implements ServiceAccountSigner, IdTokenProvider, JwtProvider {
    public static final /* synthetic */ int A = 0;
    private static final long serialVersionUID = 7807543542681217978L;

    /* renamed from: l, reason: collision with root package name */
    public final String f22475l;

    /* renamed from: m, reason: collision with root package name */
    public final String f22476m;

    /* renamed from: n, reason: collision with root package name */
    public final PrivateKey f22477n;

    /* renamed from: o, reason: collision with root package name */
    public final String f22478o;

    /* renamed from: p, reason: collision with root package name */
    public final String f22479p;

    /* renamed from: q, reason: collision with root package name */
    public final String f22480q;
    public final String r;

    /* renamed from: s, reason: collision with root package name */
    public final URI f22481s;

    /* renamed from: t, reason: collision with root package name */
    public final ImmutableSet f22482t;

    /* renamed from: u, reason: collision with root package name */
    public final ImmutableSet f22483u;

    /* renamed from: v, reason: collision with root package name */
    public final int f22484v;

    /* renamed from: w, reason: collision with root package name */
    public final boolean f22485w;

    /* renamed from: x, reason: collision with root package name */
    public final boolean f22486x;

    /* renamed from: y, reason: collision with root package name */
    public transient HttpTransportFactory f22487y;

    /* renamed from: z, reason: collision with root package name */
    public transient JwtCredentials f22488z;

    /* loaded from: classes3.dex */
    public static class Builder extends GoogleCredentials.Builder {

        /* renamed from: d, reason: collision with root package name */
        public String f22489d;

        /* renamed from: e, reason: collision with root package name */
        public String f22490e;

        /* renamed from: f, reason: collision with root package name */
        public PrivateKey f22491f;

        /* renamed from: g, reason: collision with root package name */
        public String f22492g;
        public String h;

        /* renamed from: i, reason: collision with root package name */
        public String f22493i;

        /* renamed from: j, reason: collision with root package name */
        public URI f22494j;

        /* renamed from: k, reason: collision with root package name */
        public Collection f22495k;

        /* renamed from: l, reason: collision with root package name */
        public Collection f22496l;

        /* renamed from: m, reason: collision with root package name */
        public HttpTransportFactory f22497m;

        /* renamed from: n, reason: collision with root package name */
        public int f22498n;

        /* renamed from: o, reason: collision with root package name */
        public boolean f22499o;

        /* renamed from: p, reason: collision with root package name */
        public boolean f22500p;

        public Builder() {
            this.f22498n = 3600;
            this.f22499o = false;
            this.f22500p = true;
        }

        public Builder(ServiceAccountCredentials serviceAccountCredentials) {
            super(serviceAccountCredentials);
            this.f22498n = 3600;
            this.f22499o = false;
            this.f22500p = true;
            this.f22489d = serviceAccountCredentials.f22475l;
            this.f22490e = serviceAccountCredentials.f22476m;
            this.f22491f = serviceAccountCredentials.f22477n;
            this.f22492g = serviceAccountCredentials.f22478o;
            this.f22495k = serviceAccountCredentials.f22482t;
            this.f22496l = serviceAccountCredentials.f22483u;
            this.f22497m = serviceAccountCredentials.f22487y;
            this.f22494j = serviceAccountCredentials.f22481s;
            this.h = serviceAccountCredentials.f22479p;
            this.f22493i = serviceAccountCredentials.f22480q;
            this.f22498n = serviceAccountCredentials.f22484v;
            this.f22499o = serviceAccountCredentials.f22485w;
            this.f22500p = serviceAccountCredentials.f22486x;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder, com.google.auth.oauth2.OAuth2Credentials.Builder
        public ServiceAccountCredentials build() {
            return new ServiceAccountCredentials(this);
        }

        public String getClientEmail() {
            return this.f22490e;
        }

        public String getClientId() {
            return this.f22489d;
        }

        public Collection<String> getDefaultScopes() {
            return this.f22496l;
        }

        public HttpTransportFactory getHttpTransportFactory() {
            return this.f22497m;
        }

        public int getLifetime() {
            return this.f22498n;
        }

        public PrivateKey getPrivateKey() {
            return this.f22491f;
        }

        public String getPrivateKeyId() {
            return this.f22492g;
        }

        public String getProjectId() {
            return this.f22493i;
        }

        public Collection<String> getScopes() {
            return this.f22495k;
        }

        public String getServiceAccountUser() {
            return this.h;
        }

        public URI getTokenServerUri() {
            return this.f22494j;
        }

        public boolean getUseJwtAccessWithScope() {
            return this.f22499o;
        }

        public boolean isDefaultRetriesEnabled() {
            return this.f22500p;
        }

        public Builder setClientEmail(String str) {
            this.f22490e = str;
            return this;
        }

        public Builder setClientId(String str) {
            this.f22489d = str;
            return this;
        }

        public Builder setDefaultRetriesEnabled(boolean z10) {
            this.f22500p = z10;
            return this;
        }

        public Builder setHttpTransportFactory(HttpTransportFactory httpTransportFactory) {
            this.f22497m = httpTransportFactory;
            return this;
        }

        public Builder setLifetime(int i10) {
            if (i10 == 0) {
                i10 = 3600;
            }
            this.f22498n = i10;
            return this;
        }

        public Builder setPrivateKey(PrivateKey privateKey) {
            this.f22491f = privateKey;
            return this;
        }

        public Builder setPrivateKeyId(String str) {
            this.f22492g = str;
            return this;
        }

        public Builder setPrivateKeyString(String str) throws IOException {
            this.f22491f = y.b(str);
            return this;
        }

        public Builder setProjectId(String str) {
            this.f22493i = str;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder
        public Builder setQuotaProjectId(String str) {
            super.setQuotaProjectId(str);
            return this;
        }

        public Builder setScopes(Collection<String> collection) {
            this.f22495k = collection;
            this.f22496l = ImmutableSet.of();
            return this;
        }

        public Builder setScopes(Collection<String> collection, Collection<String> collection2) {
            this.f22495k = collection;
            this.f22496l = collection2;
            return this;
        }

        public Builder setServiceAccountUser(String str) {
            this.h = str;
            return this;
        }

        public Builder setTokenServerUri(URI uri) {
            this.f22494j = uri;
            return this;
        }

        public Builder setUseJwtAccessWithScope(boolean z10) {
            this.f22499o = z10;
            return this;
        }
    }

    public ServiceAccountCredentials(Builder builder) {
        super(builder);
        this.f22488z = null;
        this.f22475l = builder.f22489d;
        this.f22476m = (String) Preconditions.checkNotNull(builder.f22490e);
        this.f22477n = (PrivateKey) Preconditions.checkNotNull(builder.f22491f);
        this.f22478o = builder.f22492g;
        Collection collection = builder.f22495k;
        this.f22482t = collection == null ? ImmutableSet.of() : ImmutableSet.copyOf(collection);
        Collection collection2 = builder.f22496l;
        this.f22483u = collection2 == null ? ImmutableSet.of() : ImmutableSet.copyOf(collection2);
        HttpTransportFactory httpTransportFactory = (HttpTransportFactory) MoreObjects.firstNonNull(builder.f22497m, OAuth2Credentials.getFromServiceLoader(HttpTransportFactory.class, y.f22628e));
        this.f22487y = httpTransportFactory;
        this.r = httpTransportFactory.getClass().getName();
        URI uri = builder.f22494j;
        this.f22481s = uri == null ? y.f22625a : uri;
        this.f22479p = builder.h;
        this.f22480q = builder.f22493i;
        int i10 = builder.f22498n;
        if (i10 > 43200) {
            throw new IllegalStateException("lifetime must be less than or equal to 43200");
        }
        this.f22484v = i10;
        this.f22485w = builder.f22499o;
        this.f22486x = builder.f22500p;
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection) throws IOException {
        return i(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, HttpTransportFactory httpTransportFactory, URI uri) throws IOException {
        return i(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection).setHttpTransportFactory(httpTransportFactory).setTokenServerUri(uri));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, HttpTransportFactory httpTransportFactory, URI uri, String str5) throws IOException {
        return i(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection).setHttpTransportFactory(httpTransportFactory).setTokenServerUri(uri).setServiceAccountUser(str5));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2) throws IOException {
        return i(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection, collection2));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2, HttpTransportFactory httpTransportFactory, URI uri) throws IOException {
        return i(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection, collection2).setHttpTransportFactory(httpTransportFactory).setTokenServerUri(uri));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2, HttpTransportFactory httpTransportFactory, URI uri, String str5) throws IOException {
        return i(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection, collection2).setHttpTransportFactory(httpTransportFactory).setTokenServerUri(uri).setServiceAccountUser(str5));
    }

    public static ServiceAccountCredentials fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, (HttpTransportFactory) y.f22628e);
    }

    public static ServiceAccountCredentials fromStream(InputStream inputStream, HttpTransportFactory httpTransportFactory) throws IOException {
        Preconditions.checkNotNull(inputStream);
        Preconditions.checkNotNull(httpTransportFactory);
        GenericJson genericJson = (GenericJson) new JsonObjectParser(y.f22629f).parseAndClose(inputStream, StandardCharsets.UTF_8, GenericJson.class);
        String str = (String) genericJson.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if ("service_account".equals(str)) {
            return h(genericJson, httpTransportFactory);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, "service_account"));
    }

    public static ServiceAccountCredentials h(Map map, HttpTransportFactory httpTransportFactory) {
        URI uri;
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        String str7 = (String) map.get("quota_project_id");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return i(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setHttpTransportFactory(httpTransportFactory).setTokenServerUri(uri).setProjectId(str5).setQuotaProjectId(str7));
    }

    public static ServiceAccountCredentials i(String str, Builder builder) {
        builder.setPrivateKey(y.b(str));
        return new ServiceAccountCredentials(builder);
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.f22487y = (HttpTransportFactory) OAuth2Credentials.newInstance(this.r);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createDelegated(String str) {
        return toBuilder().setServiceAccountUser(str).build();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection) {
        return createScoped(collection, null);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection, Collection<String> collection2) {
        return toBuilder().setScopes(collection, collection2).build();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public boolean createScopedRequired() {
        return this.f22482t.isEmpty() && this.f22483u.isEmpty();
    }

    public ServiceAccountCredentials createWithCustomLifetime(int i10) {
        return toBuilder().setLifetime(i10).build();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public ServiceAccountCredentials createWithCustomRetryStrategy(boolean z10) {
        return toBuilder().setDefaultRetriesEnabled(z10).build();
    }

    public ServiceAccountCredentials createWithUseJwtAccessWithScope(boolean z10) {
        return toBuilder().setUseJwtAccessWithScope(z10).build();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.f22475l, serviceAccountCredentials.f22475l) && Objects.equals(this.f22476m, serviceAccountCredentials.f22476m) && Objects.equals(this.f22477n, serviceAccountCredentials.f22477n) && Objects.equals(this.f22478o, serviceAccountCredentials.f22478o) && Objects.equals(this.r, serviceAccountCredentials.r) && Objects.equals(this.f22481s, serviceAccountCredentials.f22481s) && Objects.equals(this.f22482t, serviceAccountCredentials.f22482t) && Objects.equals(this.f22483u, serviceAccountCredentials.f22483u) && Objects.equals(this.quotaProjectId, serviceAccountCredentials.quotaProjectId) && Objects.equals(Integer.valueOf(this.f22484v), Integer.valueOf(serviceAccountCredentials.f22484v)) && Objects.equals(Boolean.valueOf(this.f22485w), Boolean.valueOf(serviceAccountCredentials.f22485w)) && Objects.equals(Boolean.valueOf(this.f22486x), Boolean.valueOf(serviceAccountCredentials.f22486x));
    }

    public final JwtCredentials g(URI uri) {
        JwtClaims.Builder newBuilder = JwtClaims.newBuilder();
        String str = this.f22476m;
        JwtClaims.Builder subject = newBuilder.setIssuer(str).setSubject(str);
        if (uri == null) {
            ImmutableSet immutableSet = this.f22482t;
            subject.setAdditionalClaims(Collections.singletonMap("scope", !immutableSet.isEmpty() ? Joiner.on(TokenParser.SP).join(immutableSet) : Joiner.on(TokenParser.SP).join(this.f22483u)));
        } else {
            if (uri.getScheme() != null && uri.getHost() != null) {
                try {
                    uri = new URI(uri.getScheme(), uri.getHost(), "/", null);
                } catch (URISyntaxException unused) {
                }
            }
            subject.setAudience(uri.toString());
        }
        JwtCredentials.Builder jwtClaims = JwtCredentials.newBuilder().setPrivateKey(this.f22477n).setPrivateKeyId(this.f22478o).setJwtClaims(subject.build());
        Clock clock = this.f22468g;
        jwtClaims.getClass();
        jwtClaims.f22458d = (Clock) com.google.common.base.Preconditions.checkNotNull(clock);
        return jwtClaims.build();
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        return getClientEmail();
    }

    public final String getClientEmail() {
        return this.f22476m;
    }

    public final String getClientId() {
        return this.f22475l;
    }

    public final Collection<String> getDefaultScopes() {
        return this.f22483u;
    }

    public final PrivateKey getPrivateKey() {
        return this.f22477n;
    }

    public final String getPrivateKeyId() {
        return this.f22478o;
    }

    public final String getProjectId() {
        return this.f22480q;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        String str;
        JwtCredentials g10;
        if (createScopedRequired() && uri == null) {
            throw new IOException("Scopes and uri are not configured for service account. Specify the scopes by calling createScoped or passing scopes to constructor or providing uri to getRequestMetadata.");
        }
        boolean createScopedRequired = createScopedRequired();
        boolean z10 = this.f22485w;
        if ((!createScopedRequired && !z10) || ((str = this.f22479p) != null && str.length() > 0)) {
            return super.getRequestMetadata(uri);
        }
        if (createScopedRequired() || !z10) {
            g10 = g(uri);
        } else {
            if (this.f22488z == null) {
                this.f22488z = g(null);
            }
            g10 = this.f22488z;
        }
        return GoogleCredentials.e(this.quotaProjectId, g10.getRequestMetadata(null));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public void getRequestMetadata(URI uri, Executor executor, RequestMetadataCallback requestMetadataCallback) {
        if (this.f22485w) {
            blockingGetToCallback(uri, requestMetadataCallback);
        } else {
            super.getRequestMetadata(uri, executor, requestMetadataCallback);
        }
    }

    public final Collection<String> getScopes() {
        return this.f22482t;
    }

    public final String getServiceAccountUser() {
        return this.f22479p;
    }

    public final URI getTokenServerUri() {
        return this.f22481s;
    }

    public boolean getUseJwtAccessWithScope() {
        return this.f22485w;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.f22475l, this.f22476m, this.f22477n, this.f22478o, this.r, this.f22481s, this.f22482t, this.f22483u, this.quotaProjectId, Integer.valueOf(this.f22484v), Boolean.valueOf(this.f22485w), Boolean.valueOf(this.f22486x));
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken idTokenWithAudience(String str, List<IdTokenProvider.Option> list) throws IOException {
        GsonFactory gsonFactory = y.f22629f;
        long currentTimeMillis = this.f22468g.currentTimeMillis();
        URI uri = this.f22481s;
        String uri2 = uri.toString();
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.f22478o);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        String str2 = this.f22476m;
        payload.setIssuer(str2);
        long j9 = currentTimeMillis / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(j9));
        payload.setExpirationTimeSeconds(Long.valueOf(j9 + this.f22484v));
        payload.setSubject(this.f22479p);
        if (uri2 == null) {
            payload.setAudience(y.f22625a.toString());
        } else {
            payload.setAudience(uri2);
        }
        try {
            payload.set("target_audience", (Object) str);
            String signUsingRsaSha256 = JsonWebSignature.signUsingRsaSha256(this.f22477n, gsonFactory, header, payload);
            GenericData genericData = new GenericData();
            genericData.set("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
            genericData.set("assertion", signUsingRsaSha256);
            HttpRequest buildPostRequest = this.f22487y.create().createRequestFactory().buildPostRequest(new GenericUrl(uri), new UrlEncodedContent(genericData));
            buildPostRequest.setParser(new JsonObjectParser(gsonFactory));
            try {
                return IdToken.create(y.g("id_token", "Error parsing token refresh response. ", (GenericData) buildPostRequest.execute().parseAs(GenericData.class)));
            } catch (IOException e5) {
                throw new IOException(String.format("Error getting id token for service account: %s, iss: %s", e5.getMessage(), str2), e5);
            }
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    @Override // com.google.auth.oauth2.JwtProvider
    public JwtCredentials jwtWithClaims(JwtClaims jwtClaims) {
        JwtClaims.Builder newBuilder = JwtClaims.newBuilder();
        String str = this.f22476m;
        JwtCredentials.Builder jwtClaims2 = JwtCredentials.newBuilder().setPrivateKey(this.f22477n).setPrivateKeyId(this.f22478o).setJwtClaims(newBuilder.setIssuer(str).setSubject(str).build().merge(jwtClaims));
        Clock clock = this.f22468g;
        jwtClaims2.getClass();
        jwtClaims2.f22458d = (Clock) com.google.common.base.Preconditions.checkNotNull(clock);
        return jwtClaims2.build();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() throws IOException {
        GsonFactory gsonFactory = y.f22629f;
        long currentTimeMillis = this.f22468g.currentTimeMillis();
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.f22478o);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        String str = this.f22476m;
        payload.setIssuer(str);
        long j9 = currentTimeMillis / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(j9));
        payload.setExpirationTimeSeconds(Long.valueOf(j9 + this.f22484v));
        payload.setSubject(this.f22479p);
        ImmutableSet immutableSet = this.f22482t;
        if (immutableSet.isEmpty()) {
            payload.put("scope", (Object) Joiner.on(TokenParser.SP).join(this.f22483u));
        } else {
            payload.put("scope", (Object) Joiner.on(TokenParser.SP).join(immutableSet));
        }
        payload.setAudience(y.f22625a.toString());
        try {
            String signUsingRsaSha256 = JsonWebSignature.signUsingRsaSha256(this.f22477n, gsonFactory, header, payload);
            GenericData genericData = new GenericData();
            genericData.set("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
            genericData.set("assertion", signUsingRsaSha256);
            HttpRequest buildPostRequest = this.f22487y.create().createRequestFactory().buildPostRequest(new GenericUrl(this.f22481s), new UrlEncodedContent(genericData));
            if (this.f22486x) {
                buildPostRequest.setNumberOfRetries(3);
            } else {
                buildPostRequest.setNumberOfRetries(0);
            }
            buildPostRequest.setParser(new JsonObjectParser(gsonFactory));
            ExponentialBackOff build = new ExponentialBackOff.Builder().setInitialIntervalMillis(1000).setRandomizationFactor(0.1d).setMultiplier(2.0d).build();
            buildPostRequest.setUnsuccessfulResponseHandler(new HttpBackOffUnsuccessfulResponseHandler(build).setBackOffRequired(new HttpBackOffUnsuccessfulResponseHandler.BackOffRequired() { // from class: com.google.auth.oauth2.c0
                @Override // com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler.BackOffRequired
                public final boolean isRequired(HttpResponse httpResponse) {
                    int i10 = ServiceAccountCredentials.A;
                    return y.f22631i.contains(Integer.valueOf(httpResponse.getStatusCode()));
                }
            }));
            buildPostRequest.setIOExceptionHandler(new HttpBackOffIOExceptionHandler(build));
            try {
                return new AccessToken(y.g("access_token", "Error parsing token refresh response. ", (GenericData) buildPostRequest.execute().parseAs(GenericData.class)), new Date((y.c("Error parsing token refresh response. ", r0) * 1000) + this.f22468g.currentTimeMillis()));
            } catch (HttpResponseException e5) {
                throw r.a(e5, String.format("Error getting access token for service account: %s, iss: %s", e5.getMessage(), str));
            } catch (IOException e10) {
                String format = String.format("Error getting access token for service account: %s, iss: %s", e10.getMessage(), str);
                if (format == null) {
                    throw new r(true, 3, e10);
                }
                throw new r(format, e10, true, 3);
            }
        } catch (GeneralSecurityException e11) {
            throw new IOException("Error signing service account access token request with private key.", e11);
        }
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e5) {
            throw new ServiceAccountSigner.SigningException("Failed to sign the provided bytes", e5);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public Builder toBuilder() {
        return new Builder(this);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return MoreObjects.toStringHelper(this).add("clientId", this.f22475l).add("clientEmail", this.f22476m).add("privateKeyId", this.f22478o).add("transportFactoryClassName", this.r).add("tokenServerUri", this.f22481s).add("scopes", this.f22482t).add("defaultScopes", this.f22483u).add("serviceAccountUser", this.f22479p).add("quotaProjectId", this.quotaProjectId).add("lifetime", this.f22484v).add("useJwtAccessWithScope", this.f22485w).add("defaultRetriesEnabled", this.f22486x).toString();
    }
}
