package com.google.auth.oauth2;

import a6.a;
import a6.b;
import b6.j;
import b6.w;
import b6.x;
import b6.y;
import com.google.api.client.util.GenericData;
import com.google.common.collect.ImmutableSet;
import e6.g;
import java.io.IOException;
import java.io.StringReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.Map;
import java.util.Objects;
import org.apache.http.message.TokenParser;
import w5.d;
import w5.e;
import w5.m;
import w5.p;
import y5.c;

/* loaded from: classes2.dex */
public class ServiceAccountCredentials extends GoogleCredentials {

    /* renamed from: n, reason: collision with root package name */
    private final String f6382n;

    /* renamed from: o, reason: collision with root package name */
    private final String f6383o;

    /* renamed from: p, reason: collision with root package name */
    private final PrivateKey f6384p;

    /* renamed from: q, reason: collision with root package name */
    private final String f6385q;

    /* renamed from: r, reason: collision with root package name */
    private final String f6386r;

    /* renamed from: s, reason: collision with root package name */
    private final String f6387s;

    /* renamed from: t, reason: collision with root package name */
    private final String f6388t;

    /* renamed from: u, reason: collision with root package name */
    private final URI f6389u;

    /* renamed from: v, reason: collision with root package name */
    private final Collection<String> f6390v;

    /* renamed from: w, reason: collision with root package name */
    private transient d6.a f6391w;

    /* loaded from: classes2.dex */
    class a implements e.a {
        a() {
        }

        @Override // w5.e.a
        public boolean a(p pVar) {
            int f10 = pVar.f();
            return f10 / 100 == 5 || f10 == 403;
        }
    }

    ServiceAccountCredentials(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, d6.a aVar, URI uri, String str4, String str5) {
        this.f6382n = str;
        this.f6383o = (String) x.d(str2);
        this.f6384p = (PrivateKey) x.d(privateKey);
        this.f6385q = str3;
        this.f6390v = collection == null ? ImmutableSet.n() : ImmutableSet.j(collection);
        d6.a aVar2 = (d6.a) g.a(aVar, OAuth2Credentials.d(d6.a.class, b.f6416e));
        this.f6391w = aVar2;
        this.f6388t = aVar2.getClass().getName();
        this.f6389u = uri == null ? b.f6412a : uri;
        this.f6386r = str4;
        this.f6387s = str5;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ServiceAccountCredentials o(Map<String, Object> map, d6.a aVar) throws IOException {
        URI uri;
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        String str5 = (String) map.get("project_id");
        String str6 = (String) map.get("token_uri");
        if (str6 != null) {
            try {
                uri = new URI(str6);
            } catch (URISyntaxException unused) {
                throw new IOException("Token server URI specified in 'token_uri' could not be parsed.");
            }
        } else {
            uri = null;
        }
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return p(str, str2, str3, str4, null, aVar, uri, null, str5);
    }

    static ServiceAccountCredentials p(String str, String str2, String str3, String str4, Collection<String> collection, d6.a aVar, URI uri, String str5, String str6) throws IOException {
        return new ServiceAccountCredentials(str, str2, q(str3), str4, collection, aVar, uri, str5, str6);
    }

    static PrivateKey q(String str) throws IOException {
        w.a b10 = w.b(new StringReader(str), "PRIVATE KEY");
        if (b10 == null) {
            throw new IOException("Invalid PKCS#8 data.");
        }
        try {
            return y.a().generatePrivate(new PKCS8EncodedKeySpec(b10.a()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e10) {
            throw new IOException("Unexpected exception reading PKCS#8 data", e10);
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (!(obj instanceof ServiceAccountCredentials)) {
            return false;
        }
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) obj;
        return Objects.equals(this.f6382n, serviceAccountCredentials.f6382n) && Objects.equals(this.f6383o, serviceAccountCredentials.f6383o) && Objects.equals(this.f6384p, serviceAccountCredentials.f6384p) && Objects.equals(this.f6385q, serviceAccountCredentials.f6385q) && Objects.equals(this.f6388t, serviceAccountCredentials.f6388t) && Objects.equals(this.f6389u, serviceAccountCredentials.f6389u) && Objects.equals(this.f6390v, serviceAccountCredentials.f6390v);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken g() throws IOException {
        if (n()) {
            throw new IOException("Scopes not configured for service account. Scoped should be specified by calling createScoped or passing scopes to constructor.");
        }
        c cVar = b.f6417f;
        String m10 = m(cVar, this.f6380l.currentTimeMillis(), this.f6389u.toString());
        GenericData genericData = new GenericData();
        genericData.e("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        genericData.e("assertion", m10);
        m a10 = this.f6391w.a().c().a(new w5.c(this.f6389u), new w5.x(genericData));
        a10.n(new y5.e(cVar));
        a10.m(new d(new j()));
        a10.p(new e(new j()).b(new a()));
        try {
            return new AccessToken(b.b((GenericData) a10.b().k(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.f6380l.currentTimeMillis() + (b.a(r0, "expires_in", "Error parsing token refresh response. ") * 1000)));
        } catch (IOException e10) {
            throw new IOException(String.format("Error getting access token for service account: %s", e10.getMessage()), e10);
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.f6382n, this.f6383o, this.f6384p, this.f6385q, this.f6388t, this.f6389u, this.f6390v);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials j(Collection<String> collection) {
        return new ServiceAccountCredentials(this.f6382n, this.f6383o, this.f6384p, this.f6385q, collection, this.f6391w, this.f6389u, this.f6386r, this.f6387s);
    }

    String m(c cVar, long j10, String str) throws IOException {
        a.C0007a c0007a = new a.C0007a();
        c0007a.n("RS256");
        c0007a.p("JWT");
        c0007a.o(this.f6385q);
        b.C0008b c0008b = new b.C0008b();
        c0008b.n(this.f6383o);
        long j11 = j10 / 1000;
        c0008b.m(Long.valueOf(j11));
        c0008b.l(Long.valueOf(j11 + 3600));
        c0008b.o(this.f6386r);
        c0008b.put("scope", b6.m.b(TokenParser.SP).a(this.f6390v));
        if (str == null) {
            c0008b.k(b.f6412a.toString());
        } else {
            c0008b.k(str);
        }
        try {
            return a6.a.a(this.f6384p, cVar, c0007a, c0008b);
        } catch (GeneralSecurityException e10) {
            throw new IOException("Error signing service account access token request with private key.", e10);
        }
    }

    public boolean n() {
        return this.f6390v.isEmpty();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return g.c(this).d("clientId", this.f6382n).d("clientEmail", this.f6383o).d("privateKeyId", this.f6385q).d("transportFactoryClassName", this.f6388t).d("tokenServerUri", this.f6389u).d("scopes", this.f6390v).d("serviceAccountUser", this.f6386r).toString();
    }
}
