package com.google.auth.oauth2;

import cn.jpush.android.local.JPushConstants;
import com.google.api.client.http.j;
import com.google.api.client.http.u;
import com.google.api.client.http.x;
import com.google.api.client.util.GenericData;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.common.base.o;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: classes2.dex */
public class ComputeEngineCredentials extends GoogleCredentials implements ServiceAccountSigner, IdTokenProvider {
    public static final int COMPUTE_PING_CONNECTION_TIMEOUT_MS = 500;
    public static final String DEFAULT_METADATA_SERVER_URL = "http://metadata.google.internal";
    public static final int MAX_COMPUTE_PING_TRIES = 3;
    public static final String SIGN_BLOB_URL_FORMAT = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:signBlob";

    /* renamed from: f, reason: collision with root package name */
    private static final Logger f22146f = Logger.getLogger(ComputeEngineCredentials.class.getName());

    /* renamed from: g, reason: collision with root package name */
    private static final String f22147g = "Metadata-Flavor";

    /* renamed from: h, reason: collision with root package name */
    private static final String f22148h = "Google";

    /* renamed from: i, reason: collision with root package name */
    private static final String f22149i = "Error parsing token refresh response. ";

    /* renamed from: j, reason: collision with root package name */
    private static final String f22150j = "Error parsing service account response. ";
    private static final long serialVersionUID = -4113476462526554235L;

    /* renamed from: d, reason: collision with root package name */
    private transient com.google.auth.http.c f22151d;

    /* renamed from: e, reason: collision with root package name */
    private transient String f22152e;
    private final String transportFactoryClassName;

    /* loaded from: classes2.dex */
    public static class b extends GoogleCredentials.a {

        /* renamed from: b, reason: collision with root package name */
        private com.google.auth.http.c f22153b;

        public b() {
        }

        public b(ComputeEngineCredentials computeEngineCredentials) {
            this.f22153b = computeEngineCredentials.f22151d;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.a
        /* renamed from: f, reason: merged with bridge method [inline-methods] */
        public ComputeEngineCredentials d() {
            return new ComputeEngineCredentials(this.f22153b);
        }

        public com.google.auth.http.c g() {
            return this.f22153b;
        }

        public b h(com.google.auth.http.c cVar) {
            this.f22153b = cVar;
            return this;
        }
    }

    private ComputeEngineCredentials(com.google.auth.http.c cVar) {
        com.google.auth.http.c cVar2 = (com.google.auth.http.c) o.a(cVar, OAuth2Credentials.getFromServiceLoader(com.google.auth.http.c.class, f.f22254f));
        this.f22151d = cVar2;
        this.transportFactoryClassName = cVar2.getClass().getName();
    }

    public static ComputeEngineCredentials create() {
        return new ComputeEngineCredentials(null);
    }

    private String d() throws IOException {
        x e10 = e(getServiceAccountsUrl());
        int k10 = e10.k();
        if (k10 == 404) {
            throw new IOException(String.format("Error code %s trying to get service accounts from Compute Engine metadata. This may be because the virtual machine instance does not have permission scopes specified.", Integer.valueOf(k10)));
        }
        if (k10 != 200) {
            throw new IOException(String.format("Unexpected Error code %s trying to get service accounts from Compute Engine metadata: %s", Integer.valueOf(k10), e10.t()));
        }
        if (e10.c() != null) {
            return f.g(f.e((GenericData) e10.r(GenericData.class), "default", f22150j), "email", f22150j);
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    private x e(String str) throws IOException {
        u b10 = this.f22151d.create().c().b(new j(str));
        b10.S(new com.google.api.client.json.f(f.f22255g));
        b10.k().q(f22147g, f22148h);
        b10.b0(false);
        try {
            return b10.b();
        } catch (UnknownHostException e10) {
            throw new IOException("ComputeEngineCredentials cannot find the metadata server. This is likely because code is not running on Google Compute Engine.", e10);
        }
    }

    public static String getIdentityDocumentUrl() {
        return getMetadataServerUrl(com.google.auth.oauth2.b.f22224d) + "/computeMetadata/v1/instance/service-accounts/default/identity";
    }

    public static String getMetadataServerUrl() {
        return getMetadataServerUrl(com.google.auth.oauth2.b.f22224d);
    }

    public static String getMetadataServerUrl(com.google.auth.oauth2.b bVar) {
        String d10 = bVar.d(com.google.auth.oauth2.b.f22237q);
        if (d10 == null) {
            return DEFAULT_METADATA_SERVER_URL;
        }
        return JPushConstants.HTTP_PRE + d10;
    }

    public static String getServiceAccountsUrl() {
        return getMetadataServerUrl(com.google.auth.oauth2.b.f22224d) + "/computeMetadata/v1/instance/service-accounts/?recursive=true";
    }

    public static String getTokenServerEncodedUrl() {
        return getTokenServerEncodedUrl(com.google.auth.oauth2.b.f22224d);
    }

    public static String getTokenServerEncodedUrl(com.google.auth.oauth2.b bVar) {
        return getMetadataServerUrl(bVar) + "/computeMetadata/v1/instance/service-accounts/default/token";
    }

    public static b newBuilder() {
        return new b();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.f22151d = (com.google.auth.http.c) OAuth2Credentials.newInstance(this.transportFactoryClassName);
    }

    public static boolean runningOnComputeEngine(com.google.auth.http.c cVar, com.google.auth.oauth2.b bVar) {
        if (Boolean.parseBoolean(bVar.d(com.google.auth.oauth2.b.f22236p))) {
            return false;
        }
        j jVar = new j(getMetadataServerUrl(bVar));
        for (int i10 = 1; i10 <= 3; i10++) {
            try {
                u b10 = cVar.create().c().b(jVar);
                b10.H(500);
                b10.k().q(f22147g, f22148h);
                x b11 = b10.b();
                try {
                    return f.a(b11.h(), f22147g, f22148h);
                } finally {
                    b11.a();
                }
            } catch (SocketTimeoutException unused) {
            } catch (IOException e10) {
                f22146f.log(Level.FINE, "Encountered an unexpected exception when determining if we are running on Google Compute Engine.", (Throwable) e10);
            }
        }
        f22146f.log(Level.INFO, "Failed to detect whether we are running on Google Compute Engine.");
        return false;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (obj instanceof ComputeEngineCredentials) {
            return Objects.equals(this.transportFactoryClassName, ((ComputeEngineCredentials) obj).transportFactoryClassName);
        }
        return false;
    }

    @Override // com.google.auth.ServiceAccountSigner
    public String getAccount() {
        if (this.f22152e == null) {
            try {
                this.f22152e = d();
            } catch (IOException e10) {
                throw new RuntimeException("Failed to get service account", e10);
            }
        }
        return this.f22152e;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.transportFactoryClassName);
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    @v2.a
    public IdToken idTokenWithAudience(String str, List<IdTokenProvider.Option> list) throws IOException {
        j jVar = new j(getIdentityDocumentUrl());
        if (list != null) {
            if (list.contains(IdTokenProvider.Option.FORMAT_FULL)) {
                jVar.q("format", "full");
            }
            if (list.contains(IdTokenProvider.Option.LICENSES_TRUE)) {
                jVar.q("format", "full");
                jVar.q("license", "TRUE");
            }
        }
        jVar.q("audience", str);
        x e10 = e(jVar.toString());
        if (e10.c() != null) {
            return IdToken.create(e10.t());
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() throws IOException {
        x e10 = e(getTokenServerEncodedUrl());
        int k10 = e10.k();
        if (k10 == 404) {
            throw new IOException(String.format("Error code %s trying to get security access token from Compute Engine metadata for the default service account. This may be because the virtual machine instance does not have permission scopes specified. It is possible to skip checking for Compute Engine metadata by specifying the environment  variable NO_GCE_CHECK=true.", Integer.valueOf(k10)));
        }
        if (k10 != 200) {
            throw new IOException(String.format("Unexpected Error code %s trying to get security access token from Compute Engine metadata for the default service account: %s", Integer.valueOf(k10), e10.t()));
        }
        if (e10.c() == null) {
            throw new IOException("Empty content from metadata token server request.");
        }
        return new AccessToken(f.g((GenericData) e10.r(GenericData.class), "access_token", f22149i), new Date(this.clock.a() + (f.c(r0, "expires_in", f22149i) * 1000)));
    }

    @Override // com.google.auth.ServiceAccountSigner
    public byte[] sign(byte[] bArr) {
        try {
            return c.c(getAccount(), this, this.f22151d.create(), bArr, Collections.emptyMap());
        } catch (ServiceAccountSigner.SigningException e10) {
            throw e10;
        } catch (RuntimeException e11) {
            throw new ServiceAccountSigner.SigningException("Signing failed", e11);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public b toBuilder() {
        return new b(this);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        return o.c(this).f("transportFactoryClassName", this.transportFactoryClassName).toString();
    }
}
