package com.google.api.client.googleapis.auth.oauth2;

import com.google.api.client.auth.oauth2.BearerToken;
import com.google.api.client.auth.oauth2.ClientParametersAuthentication;
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.auth.oauth2.TokenRequest;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.googleapis.util.Utils;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpExecuteInterceptor;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.Beta;
import com.google.api.client.util.Clock;
import com.google.api.client.util.Joiner;
import com.google.api.client.util.PemReader;
import com.google.api.client.util.Preconditions;
import com.google.api.client.util.SecurityUtils;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.List;

/* loaded from: classes.dex */
public class GoogleCredential extends Credential {
    static final String SERVICE_ACCOUNT_FILE_TYPE = "service_account";
    static final String USER_FILE_TYPE = "authorized_user";

    @Beta
    private static DefaultCredentialProvider defaultCredentialProvider = new DefaultCredentialProvider();
    private String serviceAccountId;
    private PrivateKey serviceAccountPrivateKey;
    private String serviceAccountPrivateKeyId;
    private Collection<String> serviceAccountScopes;
    private String serviceAccountUser;

    /* loaded from: classes.dex */
    public static class Builder extends Credential.Builder {
        String serviceAccountId;
        PrivateKey serviceAccountPrivateKey;
        String serviceAccountPrivateKeyId;
        Collection<String> serviceAccountScopes;
        String serviceAccountUser;

        public Builder() {
            super(BearerToken.a());
            s(GoogleOAuthConstants.TOKEN_SERVER_URL);
        }

        public GoogleCredential i() {
            return new GoogleCredential(this);
        }

        public Builder j(HttpExecuteInterceptor httpExecuteInterceptor) {
            super.d(httpExecuteInterceptor);
            return this;
        }

        public Builder k(String str, String str2) {
            j(new ClientParametersAuthentication(str, str2));
            return this;
        }

        public Builder l(Clock clock) {
            super.e(clock);
            return this;
        }

        public Builder m(JsonFactory jsonFactory) {
            super.f(jsonFactory);
            return this;
        }

        public Builder n(String str) {
            this.serviceAccountId = str;
            return this;
        }

        public Builder o(PrivateKey privateKey) {
            this.serviceAccountPrivateKey = privateKey;
            return this;
        }

        @Beta
        public Builder p(String str) {
            this.serviceAccountPrivateKeyId = str;
            return this;
        }

        public Builder q(Collection<String> collection) {
            this.serviceAccountScopes = collection;
            return this;
        }

        public Builder r(String str) {
            this.serviceAccountUser = str;
            return this;
        }

        public Builder s(String str) {
            super.g(str);
            return this;
        }

        public Builder t(HttpTransport httpTransport) {
            super.h(httpTransport);
            return this;
        }
    }

    public GoogleCredential() {
        this(new Builder());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public GoogleCredential(Builder builder) {
        super(builder);
        if (builder.serviceAccountPrivateKey == null) {
            Preconditions.a(builder.serviceAccountId == null && builder.serviceAccountScopes == null && builder.serviceAccountUser == null);
            return;
        }
        String str = builder.serviceAccountId;
        Preconditions.d(str);
        this.serviceAccountId = str;
        this.serviceAccountScopes = Collections.unmodifiableCollection(builder.serviceAccountScopes);
        this.serviceAccountPrivateKey = builder.serviceAccountPrivateKey;
        this.serviceAccountPrivateKeyId = builder.serviceAccountPrivateKeyId;
        this.serviceAccountUser = builder.serviceAccountUser;
    }

    @Beta
    public static GoogleCredential u(InputStream inputStream) {
        return v(inputStream, Utils.b(), Utils.a());
    }

    @Beta
    public static GoogleCredential v(InputStream inputStream, HttpTransport httpTransport, JsonFactory jsonFactory) {
        Preconditions.d(inputStream);
        Preconditions.d(httpTransport);
        Preconditions.d(jsonFactory);
        GenericJson genericJson = (GenericJson) new JsonObjectParser(jsonFactory).a(inputStream, OAuth2Utils.UTF_8, GenericJson.class);
        String str = (String) genericJson.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if (USER_FILE_TYPE.equals(str)) {
            return x(genericJson, httpTransport, jsonFactory);
        }
        if (SERVICE_ACCOUNT_FILE_TYPE.equals(str)) {
            return w(genericJson, httpTransport, jsonFactory);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s' or '%s'.", str, USER_FILE_TYPE, SERVICE_ACCOUNT_FILE_TYPE));
    }

    @Beta
    private static GoogleCredential w(GenericJson genericJson, HttpTransport httpTransport, JsonFactory jsonFactory) {
        String str = (String) genericJson.get("client_id");
        String str2 = (String) genericJson.get("client_email");
        String str3 = (String) genericJson.get("private_key");
        String str4 = (String) genericJson.get("private_key_id");
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from stream, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        PrivateKey y = y(str3);
        List emptyList = Collections.emptyList();
        Builder m2 = new Builder().t(httpTransport).m(jsonFactory);
        m2.n(str2);
        m2.q(emptyList);
        m2.o(y);
        m2.p(str4);
        String str5 = (String) genericJson.get("token_uri");
        if (str5 != null) {
            m2.s(str5);
        }
        return m2.i();
    }

    @Beta
    private static GoogleCredential x(GenericJson genericJson, HttpTransport httpTransport, JsonFactory jsonFactory) {
        String str = (String) genericJson.get("client_id");
        String str2 = (String) genericJson.get("client_secret");
        String str3 = (String) genericJson.get("refresh_token");
        if (str == null || str2 == null || str3 == null) {
            throw new IOException("Error reading user credential from stream,  expecting 'client_id', 'client_secret' and 'refresh_token'.");
        }
        Builder builder = new Builder();
        builder.k(str, str2);
        GoogleCredential i2 = builder.t(httpTransport).m(jsonFactory).i();
        i2.s(str3);
        i2.n();
        return i2;
    }

    @Beta
    private static PrivateKey y(String str) {
        PemReader.Section b = PemReader.b(new StringReader(str), "PRIVATE KEY");
        if (b == null) {
            throw new IOException("Invalid PKCS8 data.");
        }
        try {
            return SecurityUtils.a().generatePrivate(new PKCS8EncodedKeySpec(b.a()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
            IOException iOException = new IOException("Unexpected exception reading PKCS data");
            OAuth2Utils.a(iOException, e2);
            throw iOException;
        }
    }

    @Override // com.google.api.client.auth.oauth2.Credential
    /* renamed from: A, reason: merged with bridge method [inline-methods] */
    public GoogleCredential p(Long l2) {
        super.p(l2);
        return this;
    }

    @Override // com.google.api.client.auth.oauth2.Credential
    /* renamed from: B, reason: merged with bridge method [inline-methods] */
    public GoogleCredential q(Long l2) {
        return (GoogleCredential) super.q(l2);
    }

    @Override // com.google.api.client.auth.oauth2.Credential
    /* renamed from: C, reason: merged with bridge method [inline-methods] */
    public GoogleCredential r(TokenResponse tokenResponse) {
        super.r(tokenResponse);
        return this;
    }

    @Override // com.google.api.client.auth.oauth2.Credential
    /* renamed from: D, reason: merged with bridge method [inline-methods] */
    public GoogleCredential s(String str) {
        if (str != null) {
            Preconditions.b((j() == null || m() == null || f() == null) ? false : true, "Please use the Builder and call setJsonFactory, setTransport and setClientSecrets");
        }
        super.s(str);
        return this;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.google.api.client.auth.oauth2.Credential
    @Beta
    public TokenResponse d() {
        if (this.serviceAccountPrivateKey == null) {
            return super.d();
        }
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.v("RS256");
        header.x("JWT");
        header.w(this.serviceAccountPrivateKeyId);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        long a = g().a();
        payload.v(this.serviceAccountId);
        payload.s(l());
        long j2 = a / 1000;
        payload.u(Long.valueOf(j2));
        payload.t(Long.valueOf(j2 + 3600));
        payload.w(this.serviceAccountUser);
        payload.put("scope", Joiner.b(' ').a(this.serviceAccountScopes));
        try {
            String d2 = JsonWebSignature.d(this.serviceAccountPrivateKey, j(), header, payload);
            TokenRequest tokenRequest = new TokenRequest(m(), j(), new GenericUrl(l()), "urn:ietf:params:oauth:grant-type:jwt-bearer");
            tokenRequest.put("assertion", d2);
            return tokenRequest.g();
        } catch (GeneralSecurityException e2) {
            IOException iOException = new IOException();
            iOException.initCause(e2);
            throw iOException;
        }
    }

    @Beta
    public GoogleCredential t(Collection<String> collection) {
        if (this.serviceAccountPrivateKey == null) {
            return this;
        }
        Builder builder = new Builder();
        builder.o(this.serviceAccountPrivateKey);
        builder.p(this.serviceAccountPrivateKeyId);
        builder.n(this.serviceAccountId);
        builder.r(this.serviceAccountUser);
        builder.q(collection);
        return builder.s(l()).t(m()).m(j()).l(g()).i();
    }

    @Override // com.google.api.client.auth.oauth2.Credential
    /* renamed from: z, reason: merged with bridge method [inline-methods] */
    public GoogleCredential o(String str) {
        super.o(str);
        return this;
    }
}
