package com.google.api.client.googleapis.auth.oauth2;

import com.google.api.client.auth.oauth2.a;
import com.google.api.client.auth.oauth2.b;
import com.google.api.client.auth.oauth2.c;
import com.google.api.client.auth.oauth2.g;
import com.google.api.client.auth.oauth2.h;
import com.google.api.client.http.k;
import com.google.api.client.http.u;
import com.google.api.client.json.b.a;
import com.google.api.client.json.b.b;
import com.google.api.client.json.e;
import com.google.api.client.util.Clock;
import com.google.api.client.util.Joiner;
import com.google.api.client.util.PemReader;
import com.google.api.client.util.Preconditions;
import com.google.api.client.util.SecurityUtils;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Collections;

/* loaded from: classes.dex */
public class GoogleCredential extends c {
    private static DefaultCredentialProvider defaultCredentialProvider = new DefaultCredentialProvider();
    private String serviceAccountId;
    private PrivateKey serviceAccountPrivateKey;
    private String serviceAccountPrivateKeyId;
    private String serviceAccountProjectId;
    private Collection<String> serviceAccountScopes;
    private String serviceAccountUser;

    /* loaded from: classes.dex */
    public static class Builder extends c.b {
        String serviceAccountId;
        PrivateKey serviceAccountPrivateKey;
        String serviceAccountPrivateKeyId;
        String serviceAccountProjectId;
        Collection<String> serviceAccountScopes;
        String serviceAccountUser;

        public Builder() {
            super(a.a());
            setTokenServerEncodedUrl("https://accounts.google.com/o/oauth2/token");
        }

        public GoogleCredential build() {
            return new GoogleCredential(this);
        }

        @Override // com.google.api.client.auth.oauth2.c.b
        public Builder setClientAuthentication(k kVar) {
            return (Builder) super.setClientAuthentication(kVar);
        }

        public Builder setClientSecrets(String str, String str2) {
            setClientAuthentication((k) new b(str, str2));
            return this;
        }

        @Override // com.google.api.client.auth.oauth2.c.b
        public Builder setClock(Clock clock) {
            return (Builder) super.setClock(clock);
        }

        @Override // com.google.api.client.auth.oauth2.c.b
        public Builder setJsonFactory(com.google.api.client.json.c cVar) {
            return (Builder) super.setJsonFactory(cVar);
        }

        public Builder setServiceAccountId(String str) {
            this.serviceAccountId = str;
            return this;
        }

        public Builder setServiceAccountPrivateKey(PrivateKey privateKey) {
            this.serviceAccountPrivateKey = privateKey;
            return this;
        }

        public Builder setServiceAccountPrivateKeyId(String str) {
            this.serviceAccountPrivateKeyId = str;
            return this;
        }

        public Builder setServiceAccountProjectId(String str) {
            this.serviceAccountProjectId = str;
            return this;
        }

        public Builder setServiceAccountScopes(Collection<String> collection) {
            this.serviceAccountScopes = collection;
            return this;
        }

        public Builder setServiceAccountUser(String str) {
            this.serviceAccountUser = str;
            return this;
        }

        @Override // com.google.api.client.auth.oauth2.c.b
        public Builder setTokenServerEncodedUrl(String str) {
            return (Builder) super.setTokenServerEncodedUrl(str);
        }

        @Override // com.google.api.client.auth.oauth2.c.b
        public Builder setTransport(u uVar) {
            return (Builder) super.setTransport(uVar);
        }
    }

    public GoogleCredential() {
        this(new Builder());
    }

    protected GoogleCredential(Builder builder) {
        super(builder);
        if (builder.serviceAccountPrivateKey == null) {
            Preconditions.checkArgument(builder.serviceAccountId == null && builder.serviceAccountScopes == null && builder.serviceAccountUser == null);
            return;
        }
        this.serviceAccountId = (String) Preconditions.checkNotNull(builder.serviceAccountId);
        this.serviceAccountProjectId = builder.serviceAccountProjectId;
        this.serviceAccountScopes = builder.serviceAccountScopes == null ? Collections.emptyList() : Collections.unmodifiableCollection(builder.serviceAccountScopes);
        this.serviceAccountPrivateKey = builder.serviceAccountPrivateKey;
        this.serviceAccountPrivateKeyId = builder.serviceAccountPrivateKeyId;
        this.serviceAccountUser = builder.serviceAccountUser;
    }

    public static GoogleCredential fromStream(InputStream inputStream, u uVar, com.google.api.client.json.c cVar) {
        Preconditions.checkNotNull(inputStream);
        Preconditions.checkNotNull(uVar);
        Preconditions.checkNotNull(cVar);
        com.google.api.client.json.b bVar = (com.google.api.client.json.b) new e(cVar).parseAndClose(inputStream, OAuth2Utils.UTF_8, com.google.api.client.json.b.class);
        String str = (String) bVar.get("type");
        if (str == null) {
            throw new IOException("Error reading credentials from stream, 'type' field not specified.");
        }
        if ("authorized_user".equals(str)) {
            return fromStreamUser(bVar, uVar, cVar);
        }
        if ("service_account".equals(str)) {
            return fromStreamServiceAccount(bVar, uVar, cVar);
        }
        throw new IOException(String.format("Error reading credentials from stream, 'type' value '%s' not recognized. Expecting '%s' or '%s'.", str, "authorized_user", "service_account"));
    }

    private static GoogleCredential fromStreamServiceAccount(com.google.api.client.json.b bVar, u uVar, com.google.api.client.json.c cVar) {
        String str = (String) bVar.get("client_id");
        String str2 = (String) bVar.get("client_email");
        String str3 = (String) bVar.get("private_key");
        String str4 = (String) bVar.get("private_key_id");
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from stream, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        Builder serviceAccountPrivateKeyId = new Builder().setTransport(uVar).setJsonFactory(cVar).setServiceAccountId(str2).setServiceAccountScopes(Collections.emptyList()).setServiceAccountPrivateKey(privateKeyFromPkcs8(str3)).setServiceAccountPrivateKeyId(str4);
        String str5 = (String) bVar.get("token_uri");
        if (str5 != null) {
            serviceAccountPrivateKeyId.setTokenServerEncodedUrl(str5);
        }
        String str6 = (String) bVar.get("project_id");
        if (str6 != null) {
            serviceAccountPrivateKeyId.setServiceAccountProjectId(str6);
        }
        return serviceAccountPrivateKeyId.build();
    }

    private static GoogleCredential fromStreamUser(com.google.api.client.json.b bVar, u uVar, com.google.api.client.json.c cVar) {
        String str = (String) bVar.get("client_id");
        String str2 = (String) bVar.get("client_secret");
        String str3 = (String) bVar.get("refresh_token");
        if (str == null || str2 == null || str3 == null) {
            throw new IOException("Error reading user credential from stream,  expecting 'client_id', 'client_secret' and 'refresh_token'.");
        }
        GoogleCredential build = new Builder().setClientSecrets(str, str2).setTransport(uVar).setJsonFactory(cVar).build();
        build.setRefreshToken(str3);
        build.refreshToken();
        return build;
    }

    private static PrivateKey privateKeyFromPkcs8(String str) {
        PemReader.Section readFirstSectionAndClose = PemReader.readFirstSectionAndClose(new StringReader(str), "PRIVATE KEY");
        if (readFirstSectionAndClose == null) {
            throw new IOException("Invalid PKCS8 data.");
        }
        try {
            return SecurityUtils.getRsaKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(readFirstSectionAndClose.getBase64DecodedBytes()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw ((IOException) OAuth2Utils.exceptionWithCause(new IOException("Unexpected exception reading PKCS data"), e));
        }
    }

    public GoogleCredential createScoped(Collection<String> collection) {
        return this.serviceAccountPrivateKey == null ? this : new Builder().setServiceAccountPrivateKey(this.serviceAccountPrivateKey).setServiceAccountPrivateKeyId(this.serviceAccountPrivateKeyId).setServiceAccountId(this.serviceAccountId).setServiceAccountProjectId(this.serviceAccountProjectId).setServiceAccountUser(this.serviceAccountUser).setServiceAccountScopes(collection).setTokenServerEncodedUrl(getTokenServerEncodedUrl()).setTransport(getTransport()).setJsonFactory(getJsonFactory()).setClock(getClock()).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.google.api.client.auth.oauth2.c
    public h executeRefreshToken() {
        if (this.serviceAccountPrivateKey == null) {
            return super.executeRefreshToken();
        }
        a.C0110a c0110a = new a.C0110a();
        c0110a.b("RS256");
        c0110a.d("JWT");
        c0110a.c(this.serviceAccountPrivateKeyId);
        b.C0111b c0111b = new b.C0111b();
        long currentTimeMillis = getClock().currentTimeMillis();
        c0111b.a(this.serviceAccountId);
        c0111b.a((Object) getTokenServerEncodedUrl());
        c0111b.b(Long.valueOf(currentTimeMillis / 1000));
        c0111b.a(Long.valueOf((currentTimeMillis / 1000) + 3600));
        c0111b.b(this.serviceAccountUser);
        c0111b.put("scope", (Object) Joiner.on(' ').join(this.serviceAccountScopes));
        try {
            String a2 = com.google.api.client.json.b.a.a(this.serviceAccountPrivateKey, getJsonFactory(), c0110a, c0111b);
            g gVar = new g(getTransport(), getJsonFactory(), new com.google.api.client.http.g(getTokenServerEncodedUrl()), "urn:ietf:params:oauth:grant-type:jwt-bearer");
            gVar.put("assertion", (Object) a2);
            return gVar.b();
        } catch (GeneralSecurityException e) {
            IOException iOException = new IOException();
            iOException.initCause(e);
            throw iOException;
        }
    }

    @Override // com.google.api.client.auth.oauth2.c
    public GoogleCredential setAccessToken(String str) {
        return (GoogleCredential) super.setAccessToken(str);
    }

    @Override // com.google.api.client.auth.oauth2.c
    public GoogleCredential setExpirationTimeMilliseconds(Long l) {
        return (GoogleCredential) super.setExpirationTimeMilliseconds(l);
    }

    @Override // com.google.api.client.auth.oauth2.c
    public GoogleCredential setExpiresInSeconds(Long l) {
        return (GoogleCredential) super.setExpiresInSeconds(l);
    }

    @Override // com.google.api.client.auth.oauth2.c
    public GoogleCredential setFromTokenResponse(h hVar) {
        return (GoogleCredential) super.setFromTokenResponse(hVar);
    }

    @Override // com.google.api.client.auth.oauth2.c
    public GoogleCredential setRefreshToken(String str) {
        if (str != null) {
            Preconditions.checkArgument((getJsonFactory() == null || getTransport() == null || getClientAuthentication() == null) ? false : true, "Please use the Builder and call setJsonFactory, setTransport and setClientSecrets");
        }
        return (GoogleCredential) super.setRefreshToken(str);
    }
}
