package com.google.auth.oauth2;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.Clock;
import com.google.auth.Credentials;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.TimeUnit;

/* loaded from: classes17.dex */
public class JwtCredentials extends Credentials implements JwtProvider {

    /* renamed from: d, reason: collision with root package name */
    private static final long f53949d = TimeUnit.MINUTES.toSeconds(5);

    /* renamed from: a, reason: collision with root package name */
    @VisibleForTesting
    transient Clock f53950a;

    /* renamed from: b, reason: collision with root package name */
    private transient String f53951b;

    /* renamed from: c, reason: collision with root package name */
    private transient Long f53952c;
    private final JwtClaims jwtClaims;
    private final Long lifeSpanSeconds;
    private final Object lock;
    private final PrivateKey privateKey;
    private final String privateKeyId;

    /* loaded from: classes17.dex */
    public static class Builder {

        /* renamed from: a, reason: collision with root package name */
        private PrivateKey f53953a;

        /* renamed from: b, reason: collision with root package name */
        private String f53954b;

        /* renamed from: c, reason: collision with root package name */
        private JwtClaims f53955c;

        /* renamed from: d, reason: collision with root package name */
        private Clock f53956d = Clock.SYSTEM;

        /* renamed from: e, reason: collision with root package name */
        private Long f53957e = Long.valueOf(TimeUnit.HOURS.toSeconds(1));

        protected Builder() {
        }

        Clock a() {
            return this.f53956d;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder b(Clock clock) {
            this.f53956d = (Clock) Preconditions.checkNotNull(clock);
            return this;
        }

        public JwtCredentials build() {
            return new JwtCredentials(this);
        }

        public JwtClaims getJwtClaims() {
            return this.f53955c;
        }

        public Long getLifeSpanSeconds() {
            return this.f53957e;
        }

        public PrivateKey getPrivateKey() {
            return this.f53953a;
        }

        public String getPrivateKeyId() {
            return this.f53954b;
        }

        public Builder setJwtClaims(JwtClaims jwtClaims) {
            this.f53955c = (JwtClaims) Preconditions.checkNotNull(jwtClaims);
            return this;
        }

        public Builder setLifeSpanSeconds(Long l5) {
            this.f53957e = (Long) Preconditions.checkNotNull(l5);
            return this;
        }

        public Builder setPrivateKey(PrivateKey privateKey) {
            this.f53953a = (PrivateKey) Preconditions.checkNotNull(privateKey);
            return this;
        }

        public Builder setPrivateKeyId(String str) {
            this.f53954b = str;
            return this;
        }
    }

    private JwtCredentials(Builder builder) {
        this.lock = new byte[0];
        this.privateKey = (PrivateKey) Preconditions.checkNotNull(builder.getPrivateKey());
        this.privateKeyId = builder.getPrivateKeyId();
        JwtClaims jwtClaims = (JwtClaims) Preconditions.checkNotNull(builder.getJwtClaims());
        this.jwtClaims = jwtClaims;
        Preconditions.checkState(jwtClaims.isComplete(), "JWT claims must contain audience, issuer, and subject.");
        this.lifeSpanSeconds = (Long) Preconditions.checkNotNull(builder.getLifeSpanSeconds());
        this.f53950a = (Clock) Preconditions.checkNotNull(builder.a());
    }

    private boolean b() {
        return this.f53952c == null || a().currentTimeMillis() / 1000 > this.f53952c.longValue() - f53949d;
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    Clock a() {
        if (this.f53950a == null) {
            this.f53950a = Clock.SYSTEM;
        }
        return this.f53950a;
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof JwtCredentials)) {
            return false;
        }
        JwtCredentials jwtCredentials = (JwtCredentials) obj;
        return Objects.equals(this.privateKey, jwtCredentials.privateKey) && Objects.equals(this.privateKeyId, jwtCredentials.privateKeyId) && Objects.equals(this.jwtClaims, jwtCredentials.jwtClaims) && Objects.equals(this.lifeSpanSeconds, jwtCredentials.lifeSpanSeconds);
    }

    @Override // com.google.auth.Credentials
    public String getAuthenticationType() {
        return "JWT";
    }

    @Override // com.google.auth.Credentials
    public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
        Map<String, List<String>> singletonMap;
        synchronized (this.lock) {
            if (b()) {
                refresh();
            }
            singletonMap = Collections.singletonMap("Authorization", Collections.singletonList("Bearer " + this.f53951b));
        }
        return singletonMap;
    }

    @Override // com.google.auth.Credentials
    public boolean hasRequestMetadata() {
        return true;
    }

    @Override // com.google.auth.Credentials
    public boolean hasRequestMetadataOnly() {
        return true;
    }

    public int hashCode() {
        return Objects.hash(this.privateKey, this.privateKeyId, this.jwtClaims, this.lifeSpanSeconds);
    }

    @Override // com.google.auth.oauth2.JwtProvider
    public JwtCredentials jwtWithClaims(JwtClaims jwtClaims) {
        return newBuilder().setPrivateKey(this.privateKey).setPrivateKeyId(this.privateKeyId).setJwtClaims(this.jwtClaims.merge(jwtClaims)).build();
    }

    @Override // com.google.auth.Credentials
    public void refresh() throws IOException {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        header.setKeyId(this.privateKeyId);
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.setAudience(this.jwtClaims.b());
        payload.setIssuer(this.jwtClaims.c());
        payload.setSubject(this.jwtClaims.d());
        long currentTimeMillis = this.f53950a.currentTimeMillis() / 1000;
        payload.setIssuedAtTimeSeconds(Long.valueOf(currentTimeMillis));
        payload.setExpirationTimeSeconds(Long.valueOf(currentTimeMillis + this.lifeSpanSeconds.longValue()));
        payload.putAll(this.jwtClaims.a());
        synchronized (this.lock) {
            this.f53952c = payload.getExpirationTimeSeconds();
            try {
                this.f53951b = JsonWebSignature.signUsingRsaSha256(this.privateKey, i.f54136f, header, payload);
            } catch (GeneralSecurityException e5) {
                throw new IOException("Error signing service account JWT access header with private key.", e5);
            }
        }
    }
}
