package com.google.auth.oauth2;

import bz.i;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.n;
import com.google.api.client.util.s;
import com.google.auth.ServiceAccountSigner$SigningException;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.auth.oauth2.JwtClaims;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Executor;
import mf.c;
import mf.h;
import mf.k;
import mf.m;
import mf.q;
import q.d;
import qg.e;
import r6.x;
import uf.j;
import uf.r;

/* loaded from: classes3.dex */
public class ServiceAccountCredentials extends GoogleCredentials implements IdTokenProvider, JwtProvider {
    private static final int DEFAULT_LIFETIME_IN_SECONDS = 3600;
    static final int DEFAULT_NUMBER_OF_RETRIES = 3;
    private static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer";
    private static final int INITIAL_RETRY_INTERVAL_MILLIS = 1000;
    private static final String PARSE_ERROR_PREFIX = "Error parsing token refresh response. ";
    private static final double RETRY_MULTIPLIER = 2.0d;
    private static final double RETRY_RANDOMIZATION_FACTOR = 0.1d;
    private static final int TWELVE_HOURS_IN_SECONDS = 43200;
    private static final long serialVersionUID = 7807543542681217978L;
    private final String clientEmail;
    private final String clientId;
    private final boolean defaultRetriesEnabled;
    private final Collection<String> defaultScopes;
    private final int lifetime;
    private final PrivateKey privateKey;
    private final String privateKeyId;
    private final String projectId;
    private final Collection<String> scopes;
    private transient JwtCredentials selfSignedJwtCredentialsWithScope;
    private final String serviceAccountUser;
    private final URI tokenServerUri;
    private transient rf.b transportFactory;
    private final String transportFactoryClassName;
    private final boolean useJwtAccessWithScope;

    /* loaded from: classes3.dex */
    public static class Builder extends GoogleCredentials.Builder {
        private String clientEmail;
        private String clientId;
        private boolean defaultRetriesEnabled;
        private Collection<String> defaultScopes;
        private int lifetime;
        private PrivateKey privateKey;
        private String privateKeyId;
        private String projectId;
        private Collection<String> scopes;
        private String serviceAccountUser;
        private URI tokenServerUri;
        private rf.b transportFactory;
        private boolean useJwtAccessWithScope;

        public Builder() {
            this.lifetime = ServiceAccountCredentials.DEFAULT_LIFETIME_IN_SECONDS;
            this.useJwtAccessWithScope = false;
            this.defaultRetriesEnabled = true;
        }

        public Builder(ServiceAccountCredentials serviceAccountCredentials) {
            super(serviceAccountCredentials);
            this.lifetime = ServiceAccountCredentials.DEFAULT_LIFETIME_IN_SECONDS;
            this.useJwtAccessWithScope = false;
            this.defaultRetriesEnabled = true;
            this.clientId = serviceAccountCredentials.clientId;
            this.clientEmail = serviceAccountCredentials.clientEmail;
            this.privateKey = serviceAccountCredentials.privateKey;
            this.privateKeyId = serviceAccountCredentials.privateKeyId;
            this.scopes = serviceAccountCredentials.scopes;
            this.defaultScopes = serviceAccountCredentials.defaultScopes;
            this.transportFactory = serviceAccountCredentials.transportFactory;
            this.tokenServerUri = serviceAccountCredentials.tokenServerUri;
            this.serviceAccountUser = serviceAccountCredentials.serviceAccountUser;
            this.projectId = serviceAccountCredentials.projectId;
            this.lifetime = serviceAccountCredentials.lifetime;
            this.useJwtAccessWithScope = serviceAccountCredentials.useJwtAccessWithScope;
            this.defaultRetriesEnabled = serviceAccountCredentials.defaultRetriesEnabled;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder, com.google.auth.oauth2.OAuth2Credentials.Builder
        public ServiceAccountCredentials build() {
            return new ServiceAccountCredentials(this);
        }

        public String getClientEmail() {
            return this.clientEmail;
        }

        public String getClientId() {
            return this.clientId;
        }

        public Collection<String> getDefaultScopes() {
            return this.defaultScopes;
        }

        public rf.b getHttpTransportFactory() {
            return this.transportFactory;
        }

        public int getLifetime() {
            return this.lifetime;
        }

        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }

        public String getPrivateKeyId() {
            return this.privateKeyId;
        }

        public String getProjectId() {
            return this.projectId;
        }

        public Collection<String> getScopes() {
            return this.scopes;
        }

        public String getServiceAccountUser() {
            return this.serviceAccountUser;
        }

        public URI getTokenServerUri() {
            return this.tokenServerUri;
        }

        public boolean getUseJwtAccessWithScope() {
            return this.useJwtAccessWithScope;
        }

        public boolean isDefaultRetriesEnabled() {
            return this.defaultRetriesEnabled;
        }

        public Builder setClientEmail(String str) {
            this.clientEmail = str;
            return this;
        }

        public Builder setClientId(String str) {
            this.clientId = str;
            return this;
        }

        public Builder setDefaultRetriesEnabled(boolean z10) {
            this.defaultRetriesEnabled = z10;
            return this;
        }

        public Builder setHttpTransportFactory(rf.b bVar) {
            this.transportFactory = bVar;
            return this;
        }

        public Builder setLifetime(int i10) {
            if (i10 == 0) {
                i10 = ServiceAccountCredentials.DEFAULT_LIFETIME_IN_SECONDS;
            }
            this.lifetime = i10;
            return this;
        }

        public Builder setPrivateKey(PrivateKey privateKey) {
            this.privateKey = privateKey;
            return this;
        }

        public Builder setPrivateKeyId(String str) {
            this.privateKeyId = str;
            return this;
        }

        public Builder setPrivateKeyString(String str) throws IOException {
            this.privateKey = OAuth2Utils.privateKeyFromPkcs8(str);
            return this;
        }

        public Builder setProjectId(String str) {
            this.projectId = str;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder
        public Builder setQuotaProjectId(String str) {
            super.setQuotaProjectId(str);
            return this;
        }

        public Builder setScopes(Collection<String> collection) {
            this.scopes = collection;
            int i10 = j.f40482c;
            this.defaultScopes = r.f40504j;
            return this;
        }

        public Builder setScopes(Collection<String> collection, Collection<String> collection2) {
            this.scopes = collection;
            this.defaultScopes = collection2;
            return this;
        }

        public Builder setServiceAccountUser(String str) {
            this.serviceAccountUser = str;
            return this;
        }

        public Builder setTokenServerUri(URI uri) {
            this.tokenServerUri = uri;
            return this;
        }

        public Builder setUseJwtAccessWithScope(boolean z10) {
            this.useJwtAccessWithScope = z10;
            return this;
        }
    }

    public ServiceAccountCredentials(Builder builder) {
        super(builder);
        Collection<String> C;
        this.selfSignedJwtCredentialsWithScope = null;
        this.clientId = builder.clientId;
        String str = builder.clientEmail;
        str.getClass();
        this.clientEmail = str;
        PrivateKey privateKey = builder.privateKey;
        privateKey.getClass();
        this.privateKey = privateKey;
        this.privateKeyId = builder.privateKeyId;
        if (builder.scopes == null) {
            int i10 = j.f40482c;
            C = r.f40504j;
        } else {
            C = j.C(builder.scopes);
        }
        this.scopes = C;
        this.defaultScopes = builder.defaultScopes == null ? r.f40504j : j.C(builder.defaultScopes);
        rf.b bVar = (rf.b) e.n(builder.transportFactory, OAuth2Credentials.getFromServiceLoader(rf.b.class, OAuth2Utils.HTTP_TRANSPORT_FACTORY));
        this.transportFactory = bVar;
        this.transportFactoryClassName = bVar.getClass().getName();
        this.tokenServerUri = builder.tokenServerUri == null ? OAuth2Utils.TOKEN_SERVER_URI : builder.tokenServerUri;
        this.serviceAccountUser = builder.serviceAccountUser;
        this.projectId = builder.projectId;
        if (builder.lifetime > TWELVE_HOURS_IN_SECONDS) {
            throw new IllegalStateException("lifetime must be less than or equal to 43200");
        }
        this.lifetime = builder.lifetime;
        this.useJwtAccessWithScope = builder.useJwtAccessWithScope;
        this.defaultRetriesEnabled = builder.defaultRetriesEnabled;
    }

    public static ServiceAccountCredentials fromJson(Map<String, Object> map, rf.b bVar) throws IOException {
        URI uri;
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        String str7 = (String) map.get("quota_project_id");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return fromPkcs8(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setHttpTransportFactory(bVar).setTokenServerUri(uri).setProjectId(str5).setQuotaProjectId(str7));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, Builder builder) throws IOException {
        builder.setPrivateKey(OAuth2Utils.privateKeyFromPkcs8(str));
        return new ServiceAccountCredentials(builder);
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection) throws IOException {
        return fromPkcs8(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2) throws IOException {
        return fromPkcs8(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection, collection2));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2, rf.b bVar, URI uri) throws IOException {
        return fromPkcs8(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection, collection2).setHttpTransportFactory(bVar).setTokenServerUri(uri));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, Collection<String> collection2, rf.b bVar, URI uri, String str5) throws IOException {
        return fromPkcs8(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection, collection2).setHttpTransportFactory(bVar).setTokenServerUri(uri).setServiceAccountUser(str5));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, rf.b bVar, URI uri) throws IOException {
        return fromPkcs8(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection).setHttpTransportFactory(bVar).setTokenServerUri(uri));
    }

    public static ServiceAccountCredentials fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, rf.b bVar, URI uri, String str5) throws IOException {
        return fromPkcs8(str3, newBuilder().setClientId(str).setClientEmail(str2).setPrivateKeyId(str4).setScopes(collection).setHttpTransportFactory(bVar).setTokenServerUri(uri).setServiceAccountUser(str5));
    }

    public static ServiceAccountCredentials fromStream(InputStream inputStream) throws IOException {
        return fromStream(inputStream, OAuth2Utils.HTTP_TRANSPORT_FACTORY);
    }

    public static ServiceAccountCredentials fromStream(InputStream inputStream, rf.b bVar) throws IOException {
        inputStream.getClass();
        bVar.getClass();
        GenericJson genericJson = (GenericJson) new JsonObjectParser(OAuth2Utils.JSON_FACTORY).parseAndClose(inputStream, StandardCharsets.UTF_8, GenericJson.class);
        String str = (String) genericJson.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if ("service_account".equals(str)) {
            return fromJson(genericJson, bVar);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s'.", str, "service_account"));
    }

    private String getIssuer() {
        return this.clientEmail;
    }

    public static URI getUriForSelfSignedJWT(URI uri) {
        if (uri != null && uri.getScheme() != null && uri.getHost() != null) {
            try {
                return new URI(uri.getScheme(), uri.getHost(), "/", null);
            } catch (URISyntaxException unused) {
            }
        }
        return uri;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean lambda$refreshAccessToken$0(k kVar) {
        return OAuth2Utils.TOKEN_ENDPOINT_RETRYABLE_STATUS_CODES.contains(Integer.valueOf(kVar.f31494e));
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.transportFactory = (rf.b) OAuth2Credentials.newInstance(this.transportFactoryClassName);
    }

    public String createAssertion(JsonFactory jsonFactory, long j10) throws IOException {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.privateKeyId);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.setIssuer(getIssuer());
        long j11 = j10 / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(j11));
        payload.setExpirationTimeSeconds(Long.valueOf(j11 + this.lifetime));
        payload.setSubject(this.serviceAccountUser);
        if (this.scopes.isEmpty()) {
            payload.put("scope", (Object) ((d) com.google.android.gms.common.internal.e.g().f10186b).h(this.defaultScopes));
        } else {
            payload.put("scope", (Object) ((d) com.google.android.gms.common.internal.e.g().f10186b).h(this.scopes));
        }
        payload.setAudience(OAuth2Utils.TOKEN_SERVER_URI.toString());
        try {
            return JsonWebSignature.signUsingRsaSha256(this.privateKey, jsonFactory, header, payload);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    public String createAssertionForIdToken(JsonFactory jsonFactory, long j10, String str, String str2) throws IOException {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.privateKeyId);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.setIssuer(getIssuer());
        long j11 = j10 / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(j11));
        payload.setExpirationTimeSeconds(Long.valueOf(j11 + this.lifetime));
        payload.setSubject(this.serviceAccountUser);
        if (str == null) {
            payload.setAudience(OAuth2Utils.TOKEN_SERVER_URI.toString());
        } else {
            payload.setAudience(str);
        }
        try {
            payload.set("target_audience", (Object) str2);
            return JsonWebSignature.signUsingRsaSha256(this.privateKey, jsonFactory, header, payload);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createDelegated(String str) {
        return toBuilder().setServiceAccountUser(str).build();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection) {
        return createScoped(collection, null);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection, Collection<String> collection2) {
        return toBuilder().setScopes(collection, collection2).build();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public boolean createScopedRequired() {
        return this.scopes.isEmpty() && this.defaultScopes.isEmpty();
    }

    public JwtCredentials createSelfSignedJwtCredentials(URI uri) {
        String h10;
        JwtClaims.Builder subject = JwtClaims.newBuilder().setIssuer(this.clientEmail).setSubject(this.clientEmail);
        if (uri == null) {
            if (this.scopes.isEmpty()) {
                com.google.android.gms.common.internal.e g10 = com.google.android.gms.common.internal.e.g();
                h10 = ((d) g10.f10186b).h(this.defaultScopes);
            } else {
                com.google.android.gms.common.internal.e g11 = com.google.android.gms.common.internal.e.g();
                h10 = ((d) g11.f10186b).h(this.scopes);
            }
            subject.setAdditionalClaims(Collections.singletonMap("scope", h10));
        } else {
            subject.setAudience(getUriForSelfSignedJWT(uri).toString());
        }
        return JwtCredentials.newBuilder().setPrivateKey(this.privateKey).setPrivateKeyId(this.privateKeyId).setJwtClaims(subject.build()).setClock(this.clock).build();
    }

    public ServiceAccountCredentials createWithCustomLifetime(int i10) {
        return toBuilder().setLifetime(i10).build();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public ServiceAccountCredentials createWithCustomRetryStrategy(boolean z10) {
        return toBuilder().setDefaultRetriesEnabled(z10).build();
    }

    public ServiceAccountCredentials createWithUseJwtAccessWithScope(boolean z10) {
        return toBuilder().setUseJwtAccessWithScope(z10).build();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.clientId, serviceAccountCredentials.clientId) && Objects.equals(this.clientEmail, serviceAccountCredentials.clientEmail) && Objects.equals(this.privateKey, serviceAccountCredentials.privateKey) && Objects.equals(this.privateKeyId, serviceAccountCredentials.privateKeyId) && Objects.equals(this.transportFactoryClassName, serviceAccountCredentials.transportFactoryClassName) && Objects.equals(this.tokenServerUri, serviceAccountCredentials.tokenServerUri) && Objects.equals(this.scopes, serviceAccountCredentials.scopes) && Objects.equals(this.defaultScopes, serviceAccountCredentials.defaultScopes) && Objects.equals(this.quotaProjectId, serviceAccountCredentials.quotaProjectId) && Objects.equals(Integer.valueOf(this.lifetime), Integer.valueOf(serviceAccountCredentials.lifetime)) && Objects.equals(Boolean.valueOf(this.useJwtAccessWithScope), Boolean.valueOf(serviceAccountCredentials.useJwtAccessWithScope)) && Objects.equals(Boolean.valueOf(this.defaultRetriesEnabled), Boolean.valueOf(serviceAccountCredentials.defaultRetriesEnabled));
    }

    public String getAccount() {
        return getClientEmail();
    }

    public final String getClientEmail() {
        return this.clientEmail;
    }

    public final String getClientId() {
        return this.clientId;
    }

    public final Collection<String> getDefaultScopes() {
        return this.defaultScopes;
    }

    public int getLifetime() {
        return this.lifetime;
    }

    public final PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public final String getPrivateKeyId() {
        return this.privateKeyId;
    }

    public final String getProjectId() {
        return this.projectId;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, qf.a
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        String str;
        JwtCredentials createSelfSignedJwtCredentials;
        if (createScopedRequired() && uri == null) {
            throw new IOException("Scopes and uri are not configured for service account. Specify the scopes by calling createScoped or passing scopes to constructor or providing uri to getRequestMetadata.");
        }
        if ((!createScopedRequired() && !this.useJwtAccessWithScope) || ((str = this.serviceAccountUser) != null && str.length() > 0)) {
            return super.getRequestMetadata(uri);
        }
        if (createScopedRequired() || !this.useJwtAccessWithScope) {
            createSelfSignedJwtCredentials = createSelfSignedJwtCredentials(uri);
        } else {
            if (this.selfSignedJwtCredentialsWithScope == null) {
                this.selfSignedJwtCredentialsWithScope = createSelfSignedJwtCredentials(null);
            }
            createSelfSignedJwtCredentials = this.selfSignedJwtCredentialsWithScope;
        }
        return GoogleCredentials.addQuotaProjectIdToRequestMetadata(this.quotaProjectId, createSelfSignedJwtCredentials.getRequestMetadata(null));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, qf.a
    public void getRequestMetadata(URI uri, Executor executor, qf.b bVar) {
        if (this.useJwtAccessWithScope) {
            blockingGetToCallback(uri, bVar);
        } else {
            super.getRequestMetadata(uri, executor, bVar);
        }
    }

    public final Collection<String> getScopes() {
        return this.scopes;
    }

    public JwtCredentials getSelfSignedJwtCredentialsWithScope() {
        return this.selfSignedJwtCredentialsWithScope;
    }

    public final String getServiceAccountUser() {
        return this.serviceAccountUser;
    }

    public final URI getTokenServerUri() {
        return this.tokenServerUri;
    }

    public boolean getUseJwtAccessWithScope() {
        return this.useJwtAccessWithScope;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.clientId, this.clientEmail, this.privateKey, this.privateKeyId, this.transportFactoryClassName, this.tokenServerUri, this.scopes, this.defaultScopes, this.quotaProjectId, Integer.valueOf(this.lifetime), Boolean.valueOf(this.useJwtAccessWithScope), Boolean.valueOf(this.defaultRetriesEnabled));
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    public IdToken idTokenWithAudience(String str, List<IdTokenProvider.Option> list) throws IOException {
        JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
        ((w7.a) this.clock).getClass();
        String createAssertionForIdToken = createAssertionForIdToken(jsonFactory, System.currentTimeMillis(), this.tokenServerUri.toString(), str);
        s sVar = new s();
        sVar.set("grant_type", GRANT_TYPE);
        sVar.set("assertion", createAssertionForIdToken);
        q qVar = new q(sVar);
        m create = this.transportFactory.create();
        create.getClass();
        c cVar = new c(this.tokenServerUri);
        h hVar = new h(create);
        hVar.f31479j = cVar;
        hVar.c("POST");
        hVar.f31476g = qVar;
        hVar.f31484o = new JsonObjectParser(jsonFactory);
        try {
            return IdToken.create(OAuth2Utils.validateString((s) hVar.a().e(s.class), "id_token", PARSE_ERROR_PREFIX));
        } catch (IOException e10) {
            throw new IOException(String.format("Error getting id token for service account: %s, iss: %s", e10.getMessage(), getIssuer()), e10);
        }
    }

    @Override // com.google.auth.oauth2.JwtProvider
    public JwtCredentials jwtWithClaims(JwtClaims jwtClaims) {
        return JwtCredentials.newBuilder().setPrivateKey(this.privateKey).setPrivateKeyId(this.privateKeyId).setJwtClaims(JwtClaims.newBuilder().setIssuer(getIssuer()).setSubject(this.clientEmail).build().merge(jwtClaims)).setClock(this.clock).build();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() throws IOException {
        JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
        ((w7.a) this.clock).getClass();
        String createAssertion = createAssertion(jsonFactory, System.currentTimeMillis());
        s sVar = new s();
        sVar.set("grant_type", GRANT_TYPE);
        sVar.set("assertion", createAssertion);
        q qVar = new q(sVar);
        m create = this.transportFactory.create();
        create.getClass();
        c cVar = new c(this.tokenServerUri);
        h hVar = new h(create);
        hVar.f31479j = cVar;
        hVar.c("POST");
        hVar.f31476g = qVar;
        if (this.defaultRetriesEnabled) {
            hVar.f31472c = 3;
        } else {
            hVar.f31472c = 0;
        }
        hVar.f31484o = new JsonObjectParser(jsonFactory);
        com.google.api.client.util.m mVar = new com.google.api.client.util.m();
        mVar.f11637a = 1000;
        mVar.f11638b = 0.1d;
        mVar.f11639c = RETRY_MULTIPLIER;
        n nVar = new n(mVar);
        x xVar = new x(nVar);
        xVar.f36758c = new ai.n();
        hVar.f31482m = xVar;
        hVar.f31483n = new i(nVar);
        try {
            s sVar2 = (s) hVar.a().e(s.class);
            String validateString = OAuth2Utils.validateString(sVar2, "access_token", PARSE_ERROR_PREFIX);
            int validateInt32 = OAuth2Utils.validateInt32(sVar2, "expires_in", PARSE_ERROR_PREFIX);
            ((w7.a) this.clock).getClass();
            return new AccessToken(validateString, new Date((validateInt32 * 1000) + System.currentTimeMillis()));
        } catch (HttpResponseException e10) {
            throw GoogleAuthException.createWithTokenEndpointResponseException(e10, String.format("Error getting access token for service account: %s, iss: %s", e10.getMessage(), getIssuer()));
        } catch (IOException e11) {
            throw GoogleAuthException.createWithTokenEndpointIOException(e11, String.format("Error getting access token for service account: %s, iss: %s", e11.getMessage(), getIssuer()));
        }
    }

    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e10) {
            throw new ServiceAccountSigner$SigningException("Failed to sign the provided bytes", e10);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public Builder toBuilder() {
        return new Builder(this);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        sf.j b02 = e.b0(this);
        b02.a(this.clientId, "clientId");
        b02.a(this.clientEmail, "clientEmail");
        b02.a(this.privateKeyId, "privateKeyId");
        b02.a(this.transportFactoryClassName, "transportFactoryClassName");
        b02.a(this.tokenServerUri, "tokenServerUri");
        b02.a(this.scopes, "scopes");
        b02.a(this.defaultScopes, "defaultScopes");
        b02.a(this.serviceAccountUser, "serviceAccountUser");
        b02.a(this.quotaProjectId, "quotaProjectId");
        b02.b(String.valueOf(this.lifetime), "lifetime");
        b02.b(String.valueOf(this.useJwtAccessWithScope), "useJwtAccessWithScope");
        b02.b(String.valueOf(this.defaultRetriesEnabled), "defaultRetriesEnabled");
        return b02.toString();
    }
}
