package com.google.auth.oauth2;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.auth.oauth2.v;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Date;
import java.util.Map;
import java.util.Objects;
import wb.e;

/* compiled from: GdchCredentials.java */
/* loaded from: classes.dex */
public class t extends v {
    private final URI A;
    private final URI B;
    private final int C;
    private final String D;
    private final String E;
    private transient ec.b F;

    /* renamed from: w, reason: collision with root package name */
    private final PrivateKey f15388w;

    /* renamed from: x, reason: collision with root package name */
    private final String f15389x;

    /* renamed from: y, reason: collision with root package name */
    private final String f15390y;

    /* renamed from: z, reason: collision with root package name */
    private final String f15391z;

    /* compiled from: GdchCredentials.java */
    /* loaded from: classes.dex */
    public static class a extends v.a {

        /* renamed from: e, reason: collision with root package name */
        private String f15392e;

        /* renamed from: f, reason: collision with root package name */
        private String f15393f;

        /* renamed from: g, reason: collision with root package name */
        private PrivateKey f15394g;

        /* renamed from: h, reason: collision with root package name */
        private String f15395h;

        /* renamed from: i, reason: collision with root package name */
        private URI f15396i;

        /* renamed from: j, reason: collision with root package name */
        private URI f15397j;

        /* renamed from: k, reason: collision with root package name */
        private ec.b f15398k;

        /* renamed from: l, reason: collision with root package name */
        private String f15399l;

        /* renamed from: m, reason: collision with root package name */
        private int f15400m = 3600;

        protected a() {
        }

        public a o(String str) {
            this.f15399l = str;
            return this;
        }

        public a p(ec.b bVar) {
            this.f15398k = bVar;
            return this;
        }

        public a q(PrivateKey privateKey) {
            this.f15394g = privateKey;
            return this;
        }

        public a r(String str) {
            this.f15393f = str;
            return this;
        }

        public a s(String str) {
            this.f15392e = str;
            return this;
        }

        public a t(String str) {
            this.f15395h = str;
            return this;
        }

        public a u(URI uri) {
            this.f15396i = uri;
            return this;
        }
    }

    /* compiled from: GdchCredentials.java */
    /* loaded from: classes.dex */
    static class b implements ec.b {

        /* renamed from: a, reason: collision with root package name */
        vb.z f15401a;

        public b(String str) throws IOException {
            b(str);
        }

        private void b(String str) throws IOException {
            if (str == null || str.isEmpty()) {
                this.f15401a = new wb.e();
                return;
            }
            try {
                this.f15401a = new e.a().e(t.E(new File(str))).a();
            } catch (IOException e10) {
                throw new IOException(String.format("Error reading certificate file from CA cert path, value '%s': %s", str, e10.getMessage()), e10);
            } catch (GeneralSecurityException e11) {
                throw new IOException("Error initiating transport with certificate stream.", e11);
            }
        }

        @Override // ec.b
        public vb.z a() {
            return this.f15401a;
        }
    }

    t(a aVar) {
        this.f15390y = (String) fc.n.m(aVar.f15392e);
        this.f15389x = (String) fc.n.m(aVar.f15393f);
        this.f15388w = (PrivateKey) fc.n.m(aVar.f15394g);
        this.f15391z = (String) fc.n.m(aVar.f15395h);
        this.A = (URI) fc.n.m(aVar.f15396i);
        ec.b bVar = (ec.b) fc.n.m(aVar.f15398k);
        this.F = bVar;
        this.D = bVar.getClass().getName();
        this.E = aVar.f15399l;
        this.B = aVar.f15397j;
        this.C = aVar.f15400m;
    }

    static String A(String str, String str2) {
        return String.format("system:serviceaccount:%s:%s", str, str2);
    }

    public static a D() {
        return new a();
    }

    static InputStream E(File file) throws FileNotFoundException {
        return new FileInputStream(file);
    }

    private static String F(String str, String str2) throws IOException {
        if (str == null || str.isEmpty()) {
            throw new IOException(String.format("Error reading GDCH service account credential from JSON, %s is misconfigured.", str2));
        }
        return str;
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.F = (ec.b) k0.m(this.D);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static t w(Map<String, Object> map) throws IOException {
        return x(map, new b((String) map.get("ca_cert_path")));
    }

    static t x(Map<String, Object> map, ec.b bVar) throws IOException {
        String F = F((String) map.get("format_version"), "format_version");
        String F2 = F((String) map.get("project"), "project");
        String F3 = F((String) map.get("private_key_id"), "private_key_id");
        String F4 = F((String) map.get("private_key"), "private_key");
        String F5 = F((String) map.get("name"), "name");
        String F6 = F((String) map.get("token_uri"), "token_uri");
        String str = (String) map.get("ca_cert_path");
        if (!"1".equals(F)) {
            throw new IOException(String.format("Only format version %s is supported.", "1"));
        }
        try {
            return y(F4, D().s(F2).r(F3).u(new URI(F6)).t(F5).o(str).p(bVar));
        } catch (URISyntaxException unused) {
            throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
        }
    }

    static t y(String str, a aVar) throws IOException {
        aVar.q(l0.a(str));
        return new t(aVar);
    }

    public final String B() {
        return this.f15391z;
    }

    public final URI C() {
        return this.A;
    }

    @Override // com.google.auth.oauth2.k0
    public boolean equals(Object obj) {
        if (!(obj instanceof t)) {
            return false;
        }
        t tVar = (t) obj;
        return Objects.equals(this.f15390y, tVar.f15390y) && Objects.equals(this.f15389x, tVar.f15389x) && Objects.equals(this.f15388w, tVar.f15388w) && Objects.equals(this.f15391z, tVar.f15391z) && Objects.equals(this.A, tVar.A) && Objects.equals(this.D, tVar.D) && Objects.equals(this.B, tVar.B) && Objects.equals(this.E, tVar.E) && Objects.equals(Integer.valueOf(this.C), Integer.valueOf(tVar.C));
    }

    @Override // com.google.auth.oauth2.k0
    public int hashCode() {
        return Objects.hash(this.f15390y, this.f15389x, this.f15388w, this.f15391z, this.A, this.D, this.B, this.E, Integer.valueOf(this.C));
    }

    @Override // com.google.auth.oauth2.k0
    public com.google.auth.oauth2.a n() throws IOException {
        fc.n.n(this.B, "Audience are not configured for GDCH service account. Specify the audience by calling createWithGDCHAudience.");
        yb.c cVar = l0.f15325f;
        String v10 = v(cVar, this.f15300g.a(), z());
        com.google.api.client.util.o oVar = new com.google.api.client.util.o();
        oVar.set("grant_type", "urn:ietf:params:oauth:token-type:token-exchange");
        oVar.set("assertion", v10);
        vb.s b10 = this.F.a().c().b(new vb.h(this.A), new vb.h0(oVar));
        b10.z(new yb.e(cVar));
        try {
            return new com.google.auth.oauth2.a(l0.e((com.google.api.client.util.o) b10.b().m(com.google.api.client.util.o.class), "access_token", "Error parsing token refresh response. "), new Date(this.f15300g.a() + (l0.b(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
        } catch (vb.w e10) {
            throw u.d(e10, String.format("Error getting access token for GDCH service account: %s, iss: %s", e10.getMessage(), B()));
        } catch (IOException e11) {
            throw u.b(e11, String.format("Error getting access token for GDCH service account: %s, iss: %s", e11.getMessage(), B()));
        }
    }

    @Override // com.google.auth.oauth2.k0
    public String toString() {
        return fc.h.b(this).b("projectId", this.f15390y).b("privateKeyId", this.f15389x).b("serviceIdentityName", this.f15391z).b("tokenServerUri", this.A).b("transportFactoryClassName", this.D).b("caCertPath", this.E).b("apiAudience", this.B).a("lifetime", this.C).toString();
    }

    String v(yb.c cVar, long j10, URI uri) throws IOException {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.f15389x);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.setIssuer(A(this.f15390y, this.f15391z));
        payload.setSubject(A(this.f15390y, this.f15391z));
        long j11 = j10 / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(j11));
        payload.setExpirationTimeSeconds(Long.valueOf(j11 + this.C));
        payload.setAudience(C().toString());
        try {
            payload.set("api_audience", (Object) uri.toString());
            return JsonWebSignature.g(this.f15388w, cVar, header, payload);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    public final URI z() {
        return this.B;
    }
}
