package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpHeaders;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.util.GenericData;
import com.google.auth.RequestMetadataCallback;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.AwsCredentials;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdentityPoolCredentials;
import com.google.auth.oauth2.ImpersonatedCredentials;
import com.google.common.base.Joiner;
import com.google.common.base.MoreObjects;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;

/* loaded from: classes.dex */
public abstract class ExternalAccountCredentials extends GoogleCredentials implements QuotaProjectIdProvider {
    public final String m;
    public final String n;
    public final String o;
    public final CredentialSource p;
    public final Collection<String> q;
    public final String r;
    public final String s;
    public final String t;
    public final String u;
    public final String v;
    public transient HttpTransportFactory w;
    public final ImpersonatedCredentials x;
    public EnvironmentProvider y;

    /* renamed from: com.google.auth.oauth2.ExternalAccountCredentials$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public class AnonymousClass1 implements RequestMetadataCallback {
    }

    /* loaded from: classes.dex */
    public static abstract class Builder extends GoogleCredentials.Builder {
        public String a;
        public String b;

        /* renamed from: c, reason: collision with root package name */
        public String f1071c;
        public String d;
        public CredentialSource e;
        public EnvironmentProvider f;
        public HttpTransportFactory g;
        public String h;
        public String i;
        public String j;
        public String k;
        public Collection<String> l;

        public Builder() {
        }

        public Builder(ExternalAccountCredentials externalAccountCredentials) {
            this.g = externalAccountCredentials.w;
            this.a = externalAccountCredentials.m;
            this.b = externalAccountCredentials.n;
            this.f1071c = externalAccountCredentials.o;
            this.d = externalAccountCredentials.r;
            this.h = externalAccountCredentials.s;
            this.e = externalAccountCredentials.p;
            this.i = externalAccountCredentials.t;
            this.j = externalAccountCredentials.u;
            this.k = externalAccountCredentials.v;
            this.l = externalAccountCredentials.q;
            this.f = externalAccountCredentials.y;
        }
    }

    /* loaded from: classes.dex */
    public static abstract class CredentialSource {
    }

    public ExternalAccountCredentials(HttpTransportFactory httpTransportFactory, String str, String str2, String str3, CredentialSource credentialSource, String str4, String str5, String str6, String str7, String str8, Collection<String> collection, EnvironmentProvider environmentProvider) {
        ExternalAccountCredentials a;
        HttpTransportFactory httpTransportFactory2 = (HttpTransportFactory) MoreObjects.a(httpTransportFactory, OAuth2Credentials.g(HttpTransportFactory.class, OAuth2Utils.f1074c));
        this.w = httpTransportFactory2;
        httpTransportFactory2.getClass().getName();
        Objects.requireNonNull(str);
        this.m = str;
        Objects.requireNonNull(str2);
        this.n = str2;
        Objects.requireNonNull(str3);
        this.o = str3;
        Objects.requireNonNull(credentialSource);
        this.p = credentialSource;
        this.r = str4;
        this.s = str5;
        this.t = str6;
        this.u = str7;
        this.v = str8;
        collection = (collection == null || collection.isEmpty()) ? Arrays.asList("https://www.googleapis.com/auth/cloud-platform") : collection;
        this.q = collection;
        this.y = environmentProvider == null ? SystemEnvironmentProvider.a : environmentProvider;
        ImpersonatedCredentials impersonatedCredentials = null;
        if (str5 != null) {
            if (this instanceof AwsCredentials) {
                AwsCredentials.Builder builder = new AwsCredentials.Builder((AwsCredentials) this);
                builder.h = null;
                a = builder.a();
            } else {
                IdentityPoolCredentials.Builder builder2 = new IdentityPoolCredentials.Builder((IdentityPoolCredentials) this);
                builder2.h = null;
                a = builder2.a();
            }
            int lastIndexOf = str5.lastIndexOf(47);
            int indexOf = str5.indexOf(":generateAccessToken");
            if (lastIndexOf == -1 || indexOf == -1 || lastIndexOf >= indexOf) {
                throw new IllegalArgumentException("Unable to determine target principal from service account impersonation URL.");
            }
            String substring = str5.substring(lastIndexOf + 1, indexOf);
            ImpersonatedCredentials.Builder builder3 = new ImpersonatedCredentials.Builder();
            builder3.a = a;
            builder3.e = this.w;
            builder3.b = substring;
            builder3.f1072c = new ArrayList(collection);
            builder3.d = 3600;
            impersonatedCredentials = new ImpersonatedCredentials(builder3, null);
        }
        this.x = impersonatedCredentials;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials, com.google.auth.Credentials
    public Map<String, List<String>> a(URI uri) {
        return GoogleCredentials.n(this.t, super.a(uri));
    }

    public AccessToken p(StsTokenExchangeRequest stsTokenExchangeRequest) {
        ImpersonatedCredentials impersonatedCredentials = this.x;
        if (impersonatedCredentials != null) {
            return impersonatedCredentials.k();
        }
        StsRequestHandler stsRequestHandler = new StsRequestHandler(this.o, stsTokenExchangeRequest, this.w.a().b(), null, null, null);
        GenericData genericData = new GenericData();
        genericData.f("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange");
        genericData.f("subject_token_type", stsRequestHandler.b.b);
        genericData.f("subject_token", stsRequestHandler.b.a);
        ArrayList arrayList = new ArrayList();
        List<String> list = stsRequestHandler.b.d;
        if ((list == null || list.isEmpty()) ? false : true) {
            arrayList.addAll(stsRequestHandler.b.d);
            genericData.f("scope", Joiner.c(' ').b(arrayList));
        }
        String str = stsRequestHandler.b.g;
        genericData.f("requested_token_type", str != null && !str.isEmpty() ? stsRequestHandler.b.g : "urn:ietf:params:oauth:token-type:access_token");
        String str2 = stsRequestHandler.b.e;
        if ((str2 == null || str2.isEmpty()) ? false : true) {
            genericData.f("resource", stsRequestHandler.b.e);
        }
        String str3 = stsRequestHandler.b.f;
        if ((str3 == null || str3.isEmpty()) ? false : true) {
            genericData.f("audience", stsRequestHandler.b.f);
        }
        ActingParty actingParty = stsRequestHandler.b.f1077c;
        if (actingParty != null) {
            Objects.requireNonNull(actingParty);
            genericData.f("actor_token", null);
            Objects.requireNonNull(stsRequestHandler.b.f1077c);
            genericData.f("actor_token_type", null);
        }
        String str4 = stsRequestHandler.e;
        if (str4 != null && !str4.isEmpty()) {
            genericData.f("options", stsRequestHandler.e);
        }
        HttpRequest a = stsRequestHandler.f1076c.a("POST", new GenericUrl(stsRequestHandler.a), new UrlEncodedContent(genericData));
        a.p = new JsonObjectParser(OAuth2Utils.d);
        HttpHeaders httpHeaders = stsRequestHandler.d;
        if (httpHeaders != null) {
            a.b = httpHeaders;
        }
        try {
            return stsRequestHandler.a((GenericData) a.b().e(GenericData.class)).a;
        } catch (HttpResponseException e) {
            GenericJson genericJson = (GenericJson) OAuth2Utils.d.e(e.f).x(GenericJson.class);
            throw new OAuthException((String) genericJson.get("error"), genericJson.containsKey("error_description") ? (String) genericJson.get("error_description") : null, genericJson.containsKey("error_uri") ? (String) genericJson.get("error_uri") : null);
        }
    }
}
