package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.GenericData;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.base.MoreObjects;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Date;
import java.util.Objects;

/* loaded from: classes3.dex */
public class GdchCredentials extends GoogleCredentials {

    /* renamed from: v, reason: collision with root package name */
    public static final /* synthetic */ int f22406v = 0;

    /* renamed from: l, reason: collision with root package name */
    public final PrivateKey f22407l;

    /* renamed from: m, reason: collision with root package name */
    public final String f22408m;

    /* renamed from: n, reason: collision with root package name */
    public final String f22409n;

    /* renamed from: o, reason: collision with root package name */
    public final String f22410o;

    /* renamed from: p, reason: collision with root package name */
    public final URI f22411p;

    /* renamed from: q, reason: collision with root package name */
    public final URI f22412q;
    public final int r;

    /* renamed from: s, reason: collision with root package name */
    public final String f22413s;

    /* renamed from: t, reason: collision with root package name */
    public final String f22414t;

    /* renamed from: u, reason: collision with root package name */
    public transient HttpTransportFactory f22415u;

    /* loaded from: classes3.dex */
    public static class Builder extends GoogleCredentials.Builder {

        /* renamed from: d, reason: collision with root package name */
        public String f22416d;

        /* renamed from: e, reason: collision with root package name */
        public String f22417e;

        /* renamed from: f, reason: collision with root package name */
        public PrivateKey f22418f;

        /* renamed from: g, reason: collision with root package name */
        public String f22419g;
        public URI h;

        /* renamed from: i, reason: collision with root package name */
        public URI f22420i;

        /* renamed from: j, reason: collision with root package name */
        public HttpTransportFactory f22421j;

        /* renamed from: k, reason: collision with root package name */
        public String f22422k;

        /* renamed from: l, reason: collision with root package name */
        public final int f22423l;

        public Builder() {
            this.f22423l = 3600;
        }

        public Builder(GdchCredentials gdchCredentials) {
            this.f22423l = 3600;
            this.f22416d = gdchCredentials.f22409n;
            this.f22417e = gdchCredentials.f22408m;
            this.f22418f = gdchCredentials.f22407l;
            this.f22419g = gdchCredentials.f22410o;
            this.h = gdchCredentials.f22411p;
            this.f22421j = gdchCredentials.f22415u;
            this.f22422k = gdchCredentials.f22414t;
            this.f22423l = gdchCredentials.r;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder, com.google.auth.oauth2.OAuth2Credentials.Builder
        public GdchCredentials build() {
            return new GdchCredentials(this);
        }

        public String getCaCertPath() {
            return this.f22422k;
        }

        public HttpTransportFactory getHttpTransportFactory() {
            return this.f22421j;
        }

        public int getLifetime() {
            return this.f22423l;
        }

        public PrivateKey getPrivateKey() {
            return this.f22418f;
        }

        public String getPrivateKeyId() {
            return this.f22417e;
        }

        public String getProjectId() {
            return this.f22416d;
        }

        public String getServiceIdentityName() {
            return this.f22419g;
        }

        public URI getTokenServerUri() {
            return this.h;
        }

        public Builder setCaCertPath(String str) {
            this.f22422k = str;
            return this;
        }

        public Builder setGdchAudience(URI uri) {
            this.f22420i = uri;
            return this;
        }

        public Builder setHttpTransportFactory(HttpTransportFactory httpTransportFactory) {
            this.f22421j = httpTransportFactory;
            return this;
        }

        public Builder setPrivateKey(PrivateKey privateKey) {
            this.f22418f = privateKey;
            return this;
        }

        public Builder setPrivateKeyId(String str) {
            this.f22417e = str;
            return this;
        }

        public Builder setProjectId(String str) {
            this.f22416d = str;
            return this;
        }

        public Builder setServiceIdentityName(String str) {
            this.f22419g = str;
            return this;
        }

        public Builder setTokenServerUri(URI uri) {
            this.h = uri;
            return this;
        }
    }

    public GdchCredentials(Builder builder) {
        this.f22409n = (String) Preconditions.checkNotNull(builder.f22416d);
        this.f22408m = (String) Preconditions.checkNotNull(builder.f22417e);
        this.f22407l = (PrivateKey) Preconditions.checkNotNull(builder.f22418f);
        this.f22410o = (String) Preconditions.checkNotNull(builder.f22419g);
        this.f22411p = (URI) Preconditions.checkNotNull(builder.h);
        HttpTransportFactory httpTransportFactory = (HttpTransportFactory) Preconditions.checkNotNull(builder.f22421j);
        this.f22415u = httpTransportFactory;
        this.f22413s = httpTransportFactory.getClass().getName();
        this.f22414t = builder.f22422k;
        this.f22412q = builder.f22420i;
        this.r = builder.f22423l;
    }

    public static void g(String str, String str2) {
        if (str == null || str.isEmpty()) {
            throw new IOException(String.format("Error reading GDCH service account credential from JSON, %s is misconfigured.", str2));
        }
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.f22415u = (HttpTransportFactory) OAuth2Credentials.newInstance(this.f22413s);
    }

    public GdchCredentials createWithGdchAudience(URI uri) throws IOException {
        Preconditions.checkNotNull(uri, "Audience are not configured for GDCH service account credentials.");
        return toBuilder().setGdchAudience(uri).build();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof GdchCredentials)) {
            return false;
        }
        GdchCredentials gdchCredentials = (GdchCredentials) obj;
        return Objects.equals(this.f22409n, gdchCredentials.f22409n) && Objects.equals(this.f22408m, gdchCredentials.f22408m) && Objects.equals(this.f22407l, gdchCredentials.f22407l) && Objects.equals(this.f22410o, gdchCredentials.f22410o) && Objects.equals(this.f22411p, gdchCredentials.f22411p) && Objects.equals(this.f22413s, gdchCredentials.f22413s) && Objects.equals(this.f22412q, gdchCredentials.f22412q) && Objects.equals(this.f22414t, gdchCredentials.f22414t) && Objects.equals(Integer.valueOf(this.r), Integer.valueOf(gdchCredentials.r));
    }

    public final URI getApiAudience() {
        return this.f22412q;
    }

    public final String getCaCertPath() {
        return this.f22414t;
    }

    public final PrivateKey getPrivateKey() {
        return this.f22407l;
    }

    public final String getPrivateKeyId() {
        return this.f22408m;
    }

    public final String getProjectId() {
        return this.f22409n;
    }

    public final String getServiceIdentityName() {
        return this.f22410o;
    }

    public final URI getTokenServerUri() {
        return this.f22411p;
    }

    public final HttpTransportFactory getTransportFactory() {
        return this.f22415u;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.f22409n, this.f22408m, this.f22407l, this.f22410o, this.f22411p, this.f22413s, this.f22412q, this.f22414t, Integer.valueOf(this.r));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() throws IOException {
        Preconditions.checkNotNull(this.f22412q, "Audience are not configured for GDCH service account. Specify the audience by calling createWithGDCHAudience.");
        GsonFactory gsonFactory = y.f22629f;
        long currentTimeMillis = this.f22468g.currentTimeMillis();
        URI apiAudience = getApiAudience();
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.f22408m);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        String str = this.f22409n;
        String str2 = this.f22410o;
        payload.setIssuer(String.format("system:serviceaccount:%s:%s", str, str2));
        payload.setSubject(String.format("system:serviceaccount:%s:%s", str, str2));
        long j9 = currentTimeMillis / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(j9));
        payload.setExpirationTimeSeconds(Long.valueOf(j9 + this.r));
        payload.setAudience(getTokenServerUri().toString());
        try {
            payload.set("api_audience", (Object) apiAudience.toString());
            String signUsingRsaSha256 = JsonWebSignature.signUsingRsaSha256(this.f22407l, gsonFactory, header, payload);
            GenericData genericData = new GenericData();
            genericData.set("grant_type", "urn:ietf:params:oauth:token-type:token-exchange");
            genericData.set("assertion", signUsingRsaSha256);
            HttpRequest buildPostRequest = this.f22415u.create().createRequestFactory().buildPostRequest(new GenericUrl(this.f22411p), new UrlEncodedContent(genericData));
            buildPostRequest.setParser(new JsonObjectParser(gsonFactory));
            try {
                return new AccessToken(y.g("access_token", "Error parsing token refresh response. ", (GenericData) buildPostRequest.execute().parseAs(GenericData.class)), new Date((y.c("Error parsing token refresh response. ", r0) * 1000) + this.f22468g.currentTimeMillis()));
            } catch (HttpResponseException e5) {
                throw r.a(e5, String.format("Error getting access token for GDCH service account: %s, iss: %s", e5.getMessage(), getServiceIdentityName()));
            } catch (IOException e10) {
                String format = String.format("Error getting access token for GDCH service account: %s, iss: %s", e10.getMessage(), getServiceIdentityName());
                if (format == null) {
                    throw new r(true, 3, e10);
                }
                throw new r(format, e10, true, 3);
            }
        } catch (GeneralSecurityException e11) {
            throw new IOException("Error signing service account access token request with private key.", e11);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public Builder toBuilder() {
        return new Builder(this);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return MoreObjects.toStringHelper(this).add("projectId", this.f22409n).add("privateKeyId", this.f22408m).add("serviceIdentityName", this.f22410o).add("tokenServerUri", this.f22411p).add("transportFactoryClassName", this.f22413s).add("caCertPath", this.f22414t).add("apiAudience", this.f22412q).add("lifetime", this.r).toString();
    }
}
