package com.google.auth.oauth2;

import com.facebook.ads.AdError;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.util.GenericData;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.common.annotations.Beta;
import com.google.common.base.MoreObjects;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.http.client.config.CookieSpecs;

/* loaded from: classes2.dex */
public class ComputeEngineCredentials extends GoogleCredentials implements ServiceAccountSigner, IdTokenProvider {
    static final int COMPUTE_PING_CONNECTION_TIMEOUT_MS = 500;
    static final String DEFAULT_METADATA_SERVER_URL = "http://metadata.google.internal";
    static final int MAX_COMPUTE_PING_TRIES = 3;
    static final String SIGN_BLOB_URL_FORMAT = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:signBlob";

    /* renamed from: e, reason: collision with root package name */
    private static final Logger f4247e = Logger.getLogger(ComputeEngineCredentials.class.getName());
    private static final long serialVersionUID = -4113476462526554235L;
    private transient HttpTransportFactory c;

    /* renamed from: d, reason: collision with root package name */
    private transient String f4248d;
    private final String transportFactoryClassName;

    /* loaded from: classes2.dex */
    public static class Builder extends GoogleCredentials.Builder {
        private HttpTransportFactory b;

        protected Builder() {
        }

        protected Builder(ComputeEngineCredentials computeEngineCredentials) {
            this.b = computeEngineCredentials.c;
        }

        public Builder a(HttpTransportFactory httpTransportFactory) {
            this.b = httpTransportFactory;
            return this;
        }

        @Override // com.google.auth.oauth2.GoogleCredentials.Builder, com.google.auth.oauth2.OAuth2Credentials.Builder
        public ComputeEngineCredentials a() {
            return new ComputeEngineCredentials(this.b);
        }
    }

    private ComputeEngineCredentials(HttpTransportFactory httpTransportFactory) {
        HttpTransportFactory httpTransportFactory2 = (HttpTransportFactory) MoreObjects.a(httpTransportFactory, OAuth2Credentials.getFromServiceLoader(HttpTransportFactory.class, c.c));
        this.c = httpTransportFactory2;
        this.transportFactoryClassName = httpTransportFactory2.getClass().getName();
    }

    private HttpResponse a(String str) throws IOException {
        HttpRequest a2 = this.c.a().createRequestFactory().a(new GenericUrl(str));
        a2.a(new JsonObjectParser(c.f4271d));
        a2.e().set("Metadata-Flavor", (Object) "Google");
        a2.a(false);
        try {
            return a2.a();
        } catch (UnknownHostException e2) {
            throw new IOException("ComputeEngineCredentials cannot find the metadata server. This is likely because code is not running on Google Compute Engine.", e2);
        }
    }

    private String a() throws IOException {
        HttpResponse a2 = a(getServiceAccountsUrl());
        int g2 = a2.g();
        if (g2 == 404) {
            throw new IOException(String.format("Error code %s trying to get service accounts from Compute Engine metadata. This may be because the virtual machine instance does not have permission scopes specified.", Integer.valueOf(g2)));
        }
        if (g2 != 200) {
            throw new IOException(String.format("Unexpected Error code %s trying to get service accounts from Compute Engine metadata: %s", Integer.valueOf(g2), a2.k()));
        }
        if (a2.b() != null) {
            return c.c(c.b((GenericData) a2.a(GenericData.class), CookieSpecs.DEFAULT, "Error parsing service account response. "), "email", "Error parsing service account response. ");
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    public static ComputeEngineCredentials create() {
        return new ComputeEngineCredentials(null);
    }

    public static String getIdentityDocumentUrl() {
        return getMetadataServerUrl(com.google.auth.oauth2.a.f4266d) + "/computeMetadata/v1/instance/service-accounts/default/identity";
    }

    public static String getMetadataServerUrl() {
        return getMetadataServerUrl(com.google.auth.oauth2.a.f4266d);
    }

    public static String getMetadataServerUrl(com.google.auth.oauth2.a aVar) {
        String b = aVar.b("GCE_METADATA_HOST");
        if (b == null) {
            return DEFAULT_METADATA_SERVER_URL;
        }
        return "http://" + b;
    }

    public static String getServiceAccountsUrl() {
        return getMetadataServerUrl(com.google.auth.oauth2.a.f4266d) + "/computeMetadata/v1/instance/service-accounts/?recursive=true";
    }

    public static String getTokenServerEncodedUrl() {
        return getTokenServerEncodedUrl(com.google.auth.oauth2.a.f4266d);
    }

    public static String getTokenServerEncodedUrl(com.google.auth.oauth2.a aVar) {
        return getMetadataServerUrl(aVar) + "/computeMetadata/v1/instance/service-accounts/default/token";
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.c = (HttpTransportFactory) OAuth2Credentials.newInstance(this.transportFactoryClassName);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean runningOnComputeEngine(HttpTransportFactory httpTransportFactory, com.google.auth.oauth2.a aVar) {
        if (Boolean.parseBoolean(aVar.b("NO_GCE_CHECK"))) {
            return false;
        }
        GenericUrl genericUrl = new GenericUrl(getMetadataServerUrl(aVar));
        for (int i2 = 1; i2 <= 3; i2++) {
            try {
                HttpRequest a2 = httpTransportFactory.a().createRequestFactory().a(genericUrl);
                a2.a(500);
                a2.e().set("Metadata-Flavor", "Google");
                HttpResponse a3 = a2.a();
                try {
                    return c.a(a3.e(), "Metadata-Flavor", "Google");
                } finally {
                    a3.a();
                }
            } catch (SocketTimeoutException unused) {
            } catch (IOException e2) {
                f4247e.log(Level.FINE, "Encountered an unexpected exception when determining if we are running on Google Compute Engine.", (Throwable) e2);
            }
        }
        f4247e.log(Level.INFO, "Failed to detect whether we are running on Google Compute Engine.");
        return false;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public boolean equals(Object obj) {
        if (obj instanceof ComputeEngineCredentials) {
            return Objects.equals(this.transportFactoryClassName, ((ComputeEngineCredentials) obj).transportFactoryClassName);
        }
        return false;
    }

    public String getAccount() {
        if (this.f4248d == null) {
            try {
                this.f4248d = a();
            } catch (IOException e2) {
                throw new RuntimeException("Failed to get service account", e2);
            }
        }
        return this.f4248d;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public int hashCode() {
        return Objects.hash(this.transportFactoryClassName);
    }

    @Override // com.google.auth.oauth2.IdTokenProvider
    @Beta
    public IdToken idTokenWithAudience(String str, List<IdTokenProvider.Option> list) throws IOException {
        GenericUrl genericUrl = new GenericUrl(getIdentityDocumentUrl());
        if (list != null) {
            if (list.contains(IdTokenProvider.Option.FORMAT_FULL)) {
                genericUrl.set("format", (Object) "full");
            }
            if (list.contains(IdTokenProvider.Option.LICENSES_TRUE)) {
                genericUrl.set("format", (Object) "full");
                genericUrl.set("license", (Object) "TRUE");
            }
        }
        genericUrl.set("audience", (Object) str);
        HttpResponse a2 = a(genericUrl.toString());
        if (a2.b() != null) {
            return IdToken.create(a2.k());
        }
        throw new IOException("Empty content from metadata token server request.");
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() throws IOException {
        HttpResponse a2 = a(getTokenServerEncodedUrl());
        int g2 = a2.g();
        if (g2 == 404) {
            throw new IOException(String.format("Error code %s trying to get security access token from Compute Engine metadata for the default service account. This may be because the virtual machine instance does not have permission scopes specified. It is possible to skip checking for Compute Engine metadata by specifying the environment  variable NO_GCE_CHECK=true.", Integer.valueOf(g2)));
        }
        if (g2 != 200) {
            throw new IOException(String.format("Unexpected Error code %s trying to get security access token from Compute Engine metadata for the default service account: %s", Integer.valueOf(g2), a2.k()));
        }
        if (a2.b() == null) {
            throw new IOException("Empty content from metadata token server request.");
        }
        return new AccessToken(c.c((GenericData) a2.a(GenericData.class), "access_token", "Error parsing token refresh response. "), new Date(this.clock.b() + (c.a(r0, "expires_in", "Error parsing token refresh response. ") * AdError.NETWORK_ERROR_CODE)));
    }

    public byte[] sign(byte[] bArr) {
        try {
            return b.a(getAccount(), this, this.c.a(), bArr, (Map<String, ?>) Collections.emptyMap());
        } catch (ServiceAccountSigner.SigningException e2) {
            throw e2;
        } catch (RuntimeException e3) {
            throw new ServiceAccountSigner.SigningException("Signing failed", e3);
        }
    }

    @Override // com.google.auth.oauth2.GoogleCredentials, com.google.auth.oauth2.OAuth2Credentials
    public Builder toBuilder() {
        return new Builder(this);
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public String toString() {
        MoreObjects.ToStringHelper a2 = MoreObjects.a(this);
        a2.a("transportFactoryClassName", this.transportFactoryClassName);
        return a2.toString();
    }
}
