package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpHeaders;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.auth.oauth2.ExternalAccountCredentials;
import com.google.auth.oauth2.StsTokenExchangeRequest;
import com.google.common.io.CharStreams;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import mobi.drupe.app.DbHelper;

/* loaded from: classes2.dex */
public class IdentityPoolCredentials extends ExternalAccountCredentials {

    /* renamed from: x, reason: collision with root package name */
    private final a f16306x;

    /* renamed from: y, reason: collision with root package name */
    @Nullable
    private String f16307y;

    /* loaded from: classes2.dex */
    public static class Builder extends ExternalAccountCredentials.Builder {

        /* renamed from: d, reason: collision with root package name */
        @Nullable
        private String f16308d;

        public Builder() {
        }

        public Builder(IdentityPoolCredentials identityPoolCredentials) {
            super(identityPoolCredentials);
            setWorkforcePoolUserProject(identityPoolCredentials.getWorkforcePoolUserProject());
        }

        @Override // com.google.auth.oauth2.ExternalAccountCredentials.Builder, com.google.auth.oauth2.GoogleCredentials.Builder, com.google.auth.oauth2.OAuth2Credentials.Builder
        public IdentityPoolCredentials build() {
            return new IdentityPoolCredentials(this);
        }

        public Builder setWorkforcePoolUserProject(String str) {
            this.f16308d = str;
            return this;
        }
    }

    /* loaded from: classes2.dex */
    public static class a extends ExternalAccountCredentials.b {

        /* renamed from: a, reason: collision with root package name */
        private b f16309a;

        /* renamed from: b, reason: collision with root package name */
        private EnumC0106a f16310b;

        /* renamed from: c, reason: collision with root package name */
        private String f16311c;

        /* renamed from: d, reason: collision with root package name */
        @Nullable
        private String f16312d;

        /* renamed from: e, reason: collision with root package name */
        @Nullable
        private Map<String, String> f16313e;

        /* renamed from: com.google.auth.oauth2.IdentityPoolCredentials$a$a, reason: collision with other inner class name */
        /* loaded from: classes2.dex */
        public enum EnumC0106a {
            TEXT,
            JSON
        }

        /* loaded from: classes2.dex */
        public enum b {
            FILE,
            URL
        }

        public a(Map<String, Object> map) {
            super(map);
            if (map.containsKey("file") && map.containsKey("url")) {
                throw new IllegalArgumentException("Only one credential source type can be set, either file or url.");
            }
            if (map.containsKey("file")) {
                this.f16311c = (String) map.get("file");
                this.f16309a = b.FILE;
            } else {
                if (!map.containsKey("url")) {
                    throw new IllegalArgumentException("Missing credential source file location or URL. At least one must be specified.");
                }
                this.f16311c = (String) map.get("url");
                this.f16309a = b.URL;
            }
            Map map2 = (Map) map.get("headers");
            if (map2 != null && !map2.isEmpty()) {
                HashMap hashMap = new HashMap();
                this.f16313e = hashMap;
                hashMap.putAll(map2);
            }
            EnumC0106a enumC0106a = EnumC0106a.TEXT;
            this.f16310b = enumC0106a;
            Map map3 = (Map) map.get("format");
            if (map3 == null || !map3.containsKey(DbHelper.Contract.ReminderActionColumns.COLUMN_NAME_TYPE)) {
                return;
            }
            String str = (String) map3.get(DbHelper.Contract.ReminderActionColumns.COLUMN_NAME_TYPE);
            if (!"text".equals(str) && !"json".equals(str)) {
                throw new IllegalArgumentException(String.format("Invalid credential source format type: %s.", str));
            }
            this.f16310b = str.equals("text") ? enumC0106a : EnumC0106a.JSON;
            if (!map3.containsKey("subject_token_field_name")) {
                throw new IllegalArgumentException("When specifying a JSON credential type, the subject_token_field_name must be set.");
            }
            this.f16312d = (String) map3.get("subject_token_field_name");
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean g() {
            Map<String, String> map = this.f16313e;
            return (map == null || map.isEmpty()) ? false : true;
        }
    }

    public IdentityPoolCredentials(Builder builder) {
        super(builder.transportFactory, builder.audience, builder.subjectTokenType, builder.tokenUrl, builder.credentialSource, builder.tokenInfoUrl, builder.serviceAccountImpersonationUrl, builder.quotaProjectId, builder.clientId, builder.clientSecret, builder.scopes, builder.environmentProvider);
        this.f16306x = (a) builder.credentialSource;
        String str = builder.f16308d;
        this.f16307y = str;
        if (str != null && !isWorkforcePoolConfiguration()) {
            throw new IllegalArgumentException("The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.");
        }
    }

    private String B() {
        HttpRequest buildGetRequest = this.transportFactory.create().createRequestFactory().buildGetRequest(new GenericUrl(this.f16306x.f16311c));
        buildGetRequest.setParser(new JsonObjectParser(l.f16568f));
        if (this.f16306x.g()) {
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.putAll(this.f16306x.f16313e);
            buildGetRequest.setHeaders(httpHeaders);
        }
        try {
            return C(buildGetRequest.execute().getContent());
        } catch (IOException e2) {
            throw new IOException(String.format("Error getting subject token from metadata server: %s", e2.getMessage()), e2);
        }
    }

    private String C(InputStream inputStream) {
        if (this.f16306x.f16310b == a.EnumC0106a.TEXT) {
            return CharStreams.toString(new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8)));
        }
        GenericJson genericJson = (GenericJson) new JsonObjectParser(l.f16568f).parseAndClose(inputStream, StandardCharsets.UTF_8, GenericJson.class);
        if (genericJson.containsKey(this.f16306x.f16312d)) {
            return (String) genericJson.get(this.f16306x.f16312d);
        }
        throw new IOException("Invalid subject token field name. No subject token was found.");
    }

    private String D() {
        String str = this.f16306x.f16311c;
        if (!Files.exists(Paths.get(str, new String[0]), LinkOption.NOFOLLOW_LINKS)) {
            throw new IOException(String.format("Invalid credential location. The file at %s does not exist.", str));
        }
        try {
            return C(new FileInputStream(new File(str)));
        } catch (IOException e2) {
            throw new IOException("Error when attempting to read the subject token from the credential file.", e2);
        }
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    public static Builder newBuilder(IdentityPoolCredentials identityPoolCredentials) {
        return new Builder(identityPoolCredentials);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public /* bridge */ /* synthetic */ GoogleCredentials createScoped(Collection collection) {
        return createScoped((Collection<String>) collection);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public IdentityPoolCredentials createScoped(Collection<String> collection) {
        return new IdentityPoolCredentials((Builder) newBuilder(this).setScopes(collection));
    }

    @Nullable
    public String getWorkforcePoolUserProject() {
        return this.f16307y;
    }

    public boolean isWorkforcePoolConfiguration() {
        return this.f16307y != null && Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$").matcher(getAudience()).matches();
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() {
        StsTokenExchangeRequest.Builder audience = StsTokenExchangeRequest.n(retrieveSubjectToken(), getSubjectTokenType()).setAudience(getAudience());
        Collection<String> scopes = getScopes();
        if (scopes != null && !scopes.isEmpty()) {
            audience.setScopes(new ArrayList(scopes));
        }
        if (isWorkforcePoolConfiguration()) {
            GenericJson genericJson = new GenericJson();
            genericJson.setFactory(l.f16568f);
            genericJson.put("userProject", (Object) this.f16307y);
            audience.setInternalOptions(genericJson.toString());
        }
        return exchangeExternalCredentialForAccessToken(audience.build());
    }

    @Override // com.google.auth.oauth2.ExternalAccountCredentials
    public String retrieveSubjectToken() {
        return this.f16306x.f16309a == a.b.FILE ? D() : B();
    }
}
