package io.grpc.xds.internal.sts;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpRequestFactory;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.http.json.JsonHttpContent;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.util.GenericData;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.AccessToken;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.io.Files;
import java.io.File;
import java.io.IOException;
import java.math.BigDecimal;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.HashMap;

/* loaded from: input_file:io/grpc/xds/internal/sts/StsCredentials.class */
public final class StsCredentials extends GoogleCredentials {
    private static final long serialVersionUID = 6647041424685484932L;

    @VisibleForTesting
    static final HttpTransportFactory defaultHttpTransportFactory = new DefaultHttpTransportFactory();
    private static final String CLOUD_PLATFORM_SCOPE = "https://www.googleapis.com/auth/cloud-platform";

    @VisibleForTesting
    final String sourceCredentialsFileLocation;

    @VisibleForTesting
    final String identityTokenEndpoint;

    @VisibleForTesting
    final String audience;

    @VisibleForTesting
    transient HttpTransportFactory transportFactory;

    /* loaded from: input_file:io/grpc/xds/internal/sts/StsCredentials$DefaultHttpTransportFactory.class */
    private static class DefaultHttpTransportFactory implements HttpTransportFactory {
        private static final HttpTransport netHttpTransport = new NetHttpTransport();

        private DefaultHttpTransportFactory() {
        }

        public HttpTransport create() {
            return netHttpTransport;
        }
    }

    /* loaded from: input_file:io/grpc/xds/internal/sts/StsCredentials$Factory.class */
    public static abstract class Factory {
        private static final Factory DEFAULT_INSTANCE = new Factory() { // from class: io.grpc.xds.internal.sts.StsCredentials.Factory.1
            @Override // io.grpc.xds.internal.sts.StsCredentials.Factory
            public StsCredentials create(String str, String str2, String str3) {
                return create(str, str2, str3, (HttpTransportFactory) StsCredentials.getFromServiceLoader(HttpTransportFactory.class, StsCredentials.defaultHttpTransportFactory));
            }
        };

        public static Factory getInstance() {
            return DEFAULT_INSTANCE;
        }

        public abstract StsCredentials create(String str, String str2, String str3);

        @VisibleForTesting
        static StsCredentials create(String str, String str2, String str3, HttpTransportFactory httpTransportFactory) {
            return new StsCredentials(str, str2, str3, httpTransportFactory);
        }
    }

    private StsCredentials(String str, String str2, String str3, HttpTransportFactory httpTransportFactory) {
        this.identityTokenEndpoint = str;
        this.audience = str2;
        this.sourceCredentialsFileLocation = str3;
        this.transportFactory = httpTransportFactory;
    }

    public AccessToken refreshAccessToken() throws IOException {
        AccessToken sourceAccessTokenFromFileLocation = getSourceAccessTokenFromFileLocation();
        HttpTransport create = this.transportFactory.create();
        JsonObjectParser jsonObjectParser = new JsonObjectParser(JacksonFactory.getDefaultInstance());
        HttpRequestFactory createRequestFactory = create.createRequestFactory();
        GenericUrl genericUrl = new GenericUrl(this.identityTokenEndpoint);
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange");
        hashMap.put("subject_token_type", "urn:ietf:params:oauth:token-type:jwt");
        hashMap.put("requested_token_type", "urn:ietf:params:oauth:token-type:access_token");
        hashMap.put("subject_token", sourceAccessTokenFromFileLocation.getTokenValue());
        hashMap.put("scope", CLOUD_PLATFORM_SCOPE);
        hashMap.put("audience", this.audience);
        HttpRequest buildPostRequest = createRequestFactory.buildPostRequest(genericUrl, new JsonHttpContent(jsonObjectParser.getJsonFactory(), hashMap));
        buildPostRequest.setParser(jsonObjectParser);
        try {
            HttpResponse execute = buildPostRequest.execute();
            if (execute.getStatusCode() != 200) {
                throw new IOException("Error getting access token: " + getStatusString(execute));
            }
            try {
                GenericData genericData = (GenericData) execute.parseAs(GenericData.class);
                execute.disconnect();
                String str = (String) genericData.get("access_token");
                Date date = null;
                if (genericData.containsKey("expires_in")) {
                    date = new Date(System.currentTimeMillis() + (((BigDecimal) genericData.get("expires_in")).longValue() * 1000));
                }
                return new AccessToken(str, date);
            } catch (Throwable th) {
                execute.disconnect();
                throw th;
            }
        } catch (IOException e) {
            throw new IOException("Error requesting access token", e);
        }
    }

    private AccessToken getSourceAccessTokenFromFileLocation() throws IOException {
        return new AccessToken(Files.asCharSource(new File(this.sourceCredentialsFileLocation), StandardCharsets.UTF_8).read(), (Date) null);
    }

    private static String getStatusString(HttpResponse httpResponse) {
        return httpResponse.getStatusCode() + " : " + httpResponse.getStatusMessage();
    }

    /* renamed from: toBuilder, reason: merged with bridge method [inline-methods] */
    public GoogleCredentials.Builder m76toBuilder() {
        throw new UnsupportedOperationException("toBuilder not supported");
    }
}
