package com.google.auth.oauth2;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.Clock;
import com.google.auth.Credentials;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import defpackage.c;
import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;

/* loaded from: classes.dex */
public class JwtCredentials extends Credentials implements JwtProvider {
    public static final long CLOCK_SKEW = TimeUnit.MINUTES.toSeconds(5);
    public static final String JWT_ACCESS_PREFIX = "Bearer ";
    public static final String JWT_INCOMPLETE_ERROR_MESSAGE = "JWT claims must contain audience, issuer, and subject.";

    @VisibleForTesting
    public transient Clock clock;
    public transient Long expiryInSeconds;
    public transient String jwt;
    public final JwtClaims jwtClaims;
    public final Long lifeSpanSeconds;
    public final Object lock;
    public final PrivateKey privateKey;
    public final String privateKeyId;

    /* loaded from: classes.dex */
    public static class Builder {
        public JwtClaims jwtClaims;
        public PrivateKey privateKey;
        public String privateKeyId;
        public Clock clock = Clock.a;
        public Long lifeSpanSeconds = Long.valueOf(TimeUnit.HOURS.toSeconds(1));

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public JwtCredentials build() {
            return new JwtCredentials(this);
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Clock getClock() {
            return this.clock;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public JwtClaims getJwtClaims() {
            return this.jwtClaims;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Long getLifeSpanSeconds() {
            return this.lifeSpanSeconds;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public String getPrivateKeyId() {
            return this.privateKeyId;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Builder setClock(Clock clock) {
            if (clock == null) {
                throw null;
            }
            this.clock = clock;
            return this;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Builder setJwtClaims(JwtClaims jwtClaims) {
            if (jwtClaims == null) {
                throw null;
            }
            this.jwtClaims = jwtClaims;
            return this;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Builder setLifeSpanSeconds(Long l) {
            if (l == null) {
                throw null;
            }
            this.lifeSpanSeconds = l;
            return this;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Builder setPrivateKey(PrivateKey privateKey) {
            if (privateKey == null) {
                throw null;
            }
            this.privateKey = privateKey;
            return this;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        public Builder setPrivateKeyId(String str) {
            this.privateKeyId = str;
            return this;
        }
    }

    public JwtCredentials(Builder builder) {
        this.lock = new byte[0];
        PrivateKey privateKey = builder.getPrivateKey();
        Preconditions.n(privateKey);
        this.privateKey = privateKey;
        this.privateKeyId = builder.getPrivateKeyId();
        JwtClaims jwtClaims = builder.getJwtClaims();
        Preconditions.n(jwtClaims);
        JwtClaims jwtClaims2 = jwtClaims;
        this.jwtClaims = jwtClaims2;
        Preconditions.t(jwtClaims2.isComplete(), JWT_INCOMPLETE_ERROR_MESSAGE);
        Long lifeSpanSeconds = builder.getLifeSpanSeconds();
        Preconditions.n(lifeSpanSeconds);
        this.lifeSpanSeconds = lifeSpanSeconds;
        Clock clock = builder.getClock();
        Preconditions.n(clock);
        this.clock = clock;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static Builder newBuilder() {
        return new Builder();
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    private boolean shouldRefresh() {
        boolean z;
        if (this.expiryInSeconds != null && getClock().a() / 1000 <= this.expiryInSeconds.longValue() - CLOCK_SKEW) {
            z = false;
            return z;
        }
        z = true;
        return z;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public boolean equals(Object obj) {
        boolean z = false;
        if (!(obj instanceof JwtCredentials)) {
            return false;
        }
        JwtCredentials jwtCredentials = (JwtCredentials) obj;
        if (c.a(this.privateKey, jwtCredentials.privateKey) && c.a(this.privateKeyId, jwtCredentials.privateKeyId) && c.a(this.jwtClaims, jwtCredentials.jwtClaims) && c.a(this.lifeSpanSeconds, jwtCredentials.lifeSpanSeconds)) {
            z = true;
        }
        return z;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.google.auth.Credentials
    public String getAuthenticationType() {
        return "JWT";
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public Clock getClock() {
        if (this.clock == null) {
            this.clock = Clock.a;
        }
        return this.clock;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) {
        Map<String, List<String>> singletonMap;
        synchronized (this.lock) {
            if (shouldRefresh()) {
                refresh();
            }
            singletonMap = Collections.singletonMap("Authorization", Collections.singletonList("Bearer " + this.jwt));
        }
        return singletonMap;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.google.auth.Credentials
    public boolean hasRequestMetadata() {
        return true;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.google.auth.Credentials
    public boolean hasRequestMetadataOnly() {
        return true;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public int hashCode() {
        return Arrays.hashCode(new Object[]{this.privateKey, this.privateKeyId, this.jwtClaims, this.lifeSpanSeconds});
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.google.auth.oauth2.JwtProvider
    public JwtCredentials jwtWithClaims(JwtClaims jwtClaims) {
        return newBuilder().setPrivateKey(this.privateKey).setPrivateKeyId(this.privateKeyId).setJwtClaims(this.jwtClaims.merge(jwtClaims)).build();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.google.auth.Credentials
    public void refresh() {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.g = "RS256";
        header.h = this.privateKeyId;
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.i = this.jwtClaims.getAudience();
        payload.h = this.jwtClaims.getIssuer();
        this.jwtClaims.getSubject();
        payload.g = Long.valueOf(this.lifeSpanSeconds.longValue() + (this.clock.a() / 1000));
        payload.putAll(this.jwtClaims.getAdditionalClaims());
        synchronized (this.lock) {
            this.expiryInSeconds = payload.g;
            try {
                this.jwt = JsonWebSignature.b(this.privateKey, OAuth2Utils.JSON_FACTORY, header, payload);
            } catch (GeneralSecurityException e) {
                throw new IOException("Error signing service account JWT access header with private key.", e);
            }
        }
    }
}
