package com.google.firebase.auth.internal;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpRequestFactory;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.HttpResponseInterceptor;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.util.StringUtils;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableMap;
import com.google.common.io.BaseEncoding;
import com.google.common.io.ByteStreams;
import com.google.firebase.FirebaseApp;
import com.google.firebase.FirebaseException;
import com.google.firebase.ImplFirebaseTrampolines;
import com.google.firebase.auth.FirebaseAuthException;
import com.google.firebase.internal.AbstractPlatformErrorHandler;
import com.google.firebase.internal.ApiClientUtils;
import com.google.firebase.internal.ErrorHandlingHttpClient;
import com.google.firebase.internal.HttpRequestInfo;
import com.google.firebase.internal.NonNull;
import java.io.IOException;

/* loaded from: input_file:com/google/firebase/auth/internal/CryptoSigners.class */
public class CryptoSigners {
    private static final String METADATA_SERVICE_URL = "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/google/firebase/auth/internal/CryptoSigners$IAMCryptoSigner.class */
    public static class IAMCryptoSigner implements CryptoSigner {
        private static final String IAM_SIGN_BLOB_URL = "https://iam.googleapis.com/v1/projects/-/serviceAccounts/%s:signBlob";
        private final String serviceAccount;
        private final ErrorHandlingHttpClient<FirebaseAuthException> httpClient;

        IAMCryptoSigner(@NonNull HttpRequestFactory httpRequestFactory, @NonNull JsonFactory jsonFactory, @NonNull String str) {
            Preconditions.checkArgument(!Strings.isNullOrEmpty(str));
            this.serviceAccount = str;
            this.httpClient = new ErrorHandlingHttpClient<>(httpRequestFactory, jsonFactory, new IAMErrorHandler(jsonFactory));
        }

        void setInterceptor(HttpResponseInterceptor httpResponseInterceptor) {
            this.httpClient.setInterceptor(httpResponseInterceptor);
        }

        @Override // com.google.firebase.auth.internal.CryptoSigner
        public byte[] sign(byte[] bArr) throws FirebaseAuthException {
            return BaseEncoding.base64().decode((String) ((GenericJson) this.httpClient.sendAndParse(HttpRequestInfo.buildJsonPostRequest(String.format(IAM_SIGN_BLOB_URL, this.serviceAccount), ImmutableMap.of("bytesToSign", BaseEncoding.base64().encode(bArr))), GenericJson.class)).get("signature"));
        }

        @Override // com.google.firebase.auth.internal.CryptoSigner
        public String getAccount() {
            return this.serviceAccount;
        }
    }

    /* loaded from: input_file:com/google/firebase/auth/internal/CryptoSigners$IAMErrorHandler.class */
    private static class IAMErrorHandler extends AbstractPlatformErrorHandler<FirebaseAuthException> {
        IAMErrorHandler(JsonFactory jsonFactory) {
            super(jsonFactory);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.google.firebase.internal.AbstractHttpErrorHandler
        public FirebaseAuthException createException(FirebaseException firebaseException) {
            return new FirebaseAuthException(firebaseException);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/google/firebase/auth/internal/CryptoSigners$ServiceAccountCryptoSigner.class */
    public static class ServiceAccountCryptoSigner implements CryptoSigner {
        private final ServiceAccountSigner signer;

        ServiceAccountCryptoSigner(@NonNull ServiceAccountSigner serviceAccountSigner) {
            this.signer = (ServiceAccountSigner) Preconditions.checkNotNull(serviceAccountSigner);
        }

        @Override // com.google.firebase.auth.internal.CryptoSigner
        public byte[] sign(byte[] bArr) {
            return this.signer.sign(bArr);
        }

        @Override // com.google.firebase.auth.internal.CryptoSigner
        public String getAccount() {
            return this.signer.getAccount();
        }
    }

    private CryptoSigners() {
    }

    public static CryptoSigner getCryptoSigner(FirebaseApp firebaseApp) throws IOException {
        Object credentials = ImplFirebaseTrampolines.getCredentials(firebaseApp);
        if (credentials instanceof ServiceAccountCredentials) {
            return new ServiceAccountCryptoSigner((ServiceAccountCredentials) credentials);
        }
        HttpRequestFactory newAuthorizedRequestFactory = ApiClientUtils.newAuthorizedRequestFactory(firebaseApp);
        JsonFactory jsonFactory = firebaseApp.getOptions().getJsonFactory();
        String serviceAccountId = firebaseApp.getOptions().getServiceAccountId();
        return !Strings.isNullOrEmpty(serviceAccountId) ? new IAMCryptoSigner(newAuthorizedRequestFactory, jsonFactory, serviceAccountId) : credentials instanceof ServiceAccountSigner ? new ServiceAccountCryptoSigner((ServiceAccountSigner) credentials) : new IAMCryptoSigner(newAuthorizedRequestFactory, jsonFactory, discoverServiceAccountId(firebaseApp));
    }

    private static String discoverServiceAccountId(FirebaseApp firebaseApp) throws IOException {
        HttpRequest buildGetRequest = ApiClientUtils.newUnauthorizedRequestFactory(firebaseApp).buildGetRequest(new GenericUrl(METADATA_SERVICE_URL));
        buildGetRequest.getHeaders().set("Metadata-Flavor", (Object) "Google");
        HttpResponse execute = buildGetRequest.execute();
        try {
            String trim = StringUtils.newStringUtf8(ByteStreams.toByteArray(execute.getContent())).trim();
            ApiClientUtils.disconnectQuietly(execute);
            return trim;
        } catch (Throwable th) {
            ApiClientUtils.disconnectQuietly(execute);
            throw th;
        }
    }
}
