package com.google.a.b;

import com.google.api.client.http.ae;
import com.google.api.client.http.ak;
import com.google.api.client.http.k;
import com.google.api.client.http.x;
import com.google.api.client.json.c.a;
import com.google.api.client.json.c.b;
import com.google.api.client.util.GenericData;
import com.google.api.client.util.ag;
import com.google.api.client.util.ah;
import com.google.api.client.util.ai;
import com.google.api.client.util.v;
import java.io.IOException;
import java.io.StringReader;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.sql.Date;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;

/* compiled from: ServiceAccountCredentials.java */
/* loaded from: classes2.dex */
public class h extends e {
    private static final String a = "urn:ietf:params:oauth:grant-type:jwt-bearer";
    private static final String b = "Error parsing token refresh response. ";
    private final String g;
    private final String h;
    private final PrivateKey i;
    private final String j;
    private final ae k;
    private final URI l;
    private final Collection<String> m;

    public h(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection) {
        this(str, str2, privateKey, str3, collection, null, null);
    }

    public h(String str, String str2, PrivateKey privateKey, String str3, Collection<String> collection, ae aeVar, URI uri) {
        this.g = str;
        this.h = (String) ah.checkNotNull(str2);
        this.i = (PrivateKey) ah.checkNotNull(privateKey);
        this.j = str3;
        this.m = collection == null ? Collections.emptyList() : Collections.unmodifiableCollection(collection);
        this.k = aeVar == null ? g.b : aeVar;
        this.l = uri == null ? g.a : uri;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static h a(Map<String, Object> map, ae aeVar) throws IOException {
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_email");
        String str3 = (String) map.get("private_key");
        String str4 = (String) map.get("private_key_id");
        if (str == null || str2 == null || str3 == null || str4 == null) {
            throw new IOException("Error reading service account credential from JSON, expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
        }
        return fromPkcs8(str, str2, str3, str4, null, aeVar, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey a(String str) throws IOException {
        ag.a readFirstSectionAndClose = ag.readFirstSectionAndClose(new StringReader(str), "PRIVATE KEY");
        if (readFirstSectionAndClose == null) {
            throw new IOException("Invalid PKCS#8 data.");
        }
        try {
            return ai.getRsaKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(readFirstSectionAndClose.getBase64DecodedBytes()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw ((IOException) g.a(new IOException("Unexpected exception reading PKCS#8 data"), e));
        }
    }

    public static h fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection) throws IOException {
        return fromPkcs8(str, str2, str3, str4, collection, null, null);
    }

    public static h fromPkcs8(String str, String str2, String str3, String str4, Collection<String> collection, ae aeVar, URI uri) throws IOException {
        return new h(str, str2, a(str3), str4, collection, aeVar, uri);
    }

    @Override // com.google.a.b.e
    public e createScoped(Collection<String> collection) {
        return new h(this.g, this.h, this.i, this.j, collection, this.k, this.l);
    }

    @Override // com.google.a.b.e
    public boolean createScopedRequired() {
        return this.m.isEmpty();
    }

    public final String getClientEmail() {
        return this.h;
    }

    public final String getClientId() {
        return this.g;
    }

    public final PrivateKey getPrivateKey() {
        return this.i;
    }

    public final String getPrivateKeyId() {
        return this.j;
    }

    public final Collection<String> getScopes() {
        return this.m;
    }

    @Override // com.google.a.b.f
    public a refreshAccessToken() throws IOException {
        if (createScopedRequired()) {
            throw new IOException("Scopes not configured for service account. Scoped should be specifed by calling createScoped or passing scopes to constructor.");
        }
        a.C0407a c0407a = new a.C0407a();
        c0407a.setAlgorithm("RS256");
        c0407a.setType("JWT");
        c0407a.setKeyId(this.j);
        b.C0408b c0408b = new b.C0408b();
        long currentTimeMillis = this.e.currentTimeMillis();
        c0408b.setIssuer(this.h);
        c0408b.setAudience(g.a.toString());
        long j = currentTimeMillis / 1000;
        c0408b.setIssuedAtTimeSeconds(Long.valueOf(j));
        c0408b.setExpirationTimeSeconds(Long.valueOf(j + 3600));
        c0408b.setSubject(null);
        c0408b.put("scope", (Object) v.on(' ').join(this.m));
        com.google.api.client.json.d dVar = g.c;
        try {
            String signUsingRsaSha256 = com.google.api.client.json.c.a.signUsingRsaSha256(this.i, dVar, c0407a, c0408b);
            GenericData genericData = new GenericData();
            genericData.set("grant_type", a);
            genericData.set("assertion", signUsingRsaSha256);
            x buildPostRequest = this.k.createRequestFactory().buildPostRequest(new k(this.l), new ak(genericData));
            buildPostRequest.setParser(new com.google.api.client.json.f(dVar));
            try {
                return new a(g.a((GenericData) buildPostRequest.execute().parseAs(GenericData.class), "access_token", b), new Date(this.e.currentTimeMillis() + (g.b(r0, "expires_in", b) * 1000)));
            } catch (IOException e) {
                throw ((IOException) g.a(new IOException("Error getting access token for service account: "), e));
            }
        } catch (GeneralSecurityException e2) {
            throw ((IOException) g.a(new IOException("Error signing service account access token request with private key."), e2));
        }
    }
}
