package org.embulk.input.gcs;

import com.google.api.client.util.SecurityUtils;
import com.google.api.services.storage.StorageScopes;
import com.google.auth.Credentials;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.cloud.storage.Storage;
import com.google.cloud.storage.StorageException;
import com.google.cloud.storage.StorageOptions;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Optional;
import org.embulk.config.ConfigException;
import org.embulk.util.config.Config;
import org.embulk.util.config.ConfigDefault;
import org.embulk.util.config.units.LocalFile;

/* loaded from: input_file:org/embulk/input/gcs/AuthUtils.class */
class AuthUtils {

    /* loaded from: input_file:org/embulk/input/gcs/AuthUtils$AuthMethod.class */
    public enum AuthMethod {
        private_key,
        compute_engine,
        json_key
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/embulk/input/gcs/AuthUtils$Task.class */
    public interface Task {
        @ConfigDefault("\"private_key\"")
        @Config("auth_method")
        AuthMethod getAuthMethod();

        @ConfigDefault("null")
        @Config("service_account_email")
        Optional<String> getServiceAccountEmail();

        @ConfigDefault("null")
        @Config("p12_keyfile_fullpath")
        Optional<String> getP12KeyfileFullpath();

        @ConfigDefault("null")
        @Config("p12_keyfile")
        Optional<LocalFile> getP12Keyfile();

        void setP12Keyfile(Optional<LocalFile> optional);

        @ConfigDefault("null")
        @Config("json_keyfile")
        Optional<LocalFile> getJsonKeyfile();
    }

    private AuthUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Storage newClient(PluginTask pluginTask) {
        try {
            StorageOptions.Builder newBuilder = StorageOptions.newBuilder();
            switch (pluginTask.getAuthMethod()) {
                case json_key:
                    newBuilder.setCredentials(fromJson(pluginTask));
                    break;
                case private_key:
                    newBuilder.setCredentials(fromP12(pluginTask));
                    break;
            }
            Storage service = newBuilder.build2().getService();
            service.list(pluginTask.getBucket(), Storage.BlobListOption.pageSize(1L));
            return service;
        } catch (StorageException | IOException | GeneralSecurityException e) {
            throw new ConfigException(e);
        }
    }

    static Credentials fromP12(Task task) throws IOException, GeneralSecurityException {
        FileInputStream fileInputStream = new FileInputStream(task.getP12Keyfile().get().getPath().toString());
        Throwable th = null;
        try {
            try {
                PrivateKey loadPrivateKeyFromKeyStore = SecurityUtils.loadPrivateKeyFromKeyStore(SecurityUtils.getPkcs12KeyStore(), fileInputStream, "notasecret", "privatekey", "notasecret");
                ArrayList arrayList = new ArrayList();
                arrayList.add(StorageScopes.DEVSTORAGE_READ_ONLY);
                ServiceAccountCredentials build = ServiceAccountCredentials.newBuilder().setClientEmail(task.getServiceAccountEmail().orElse(null)).setPrivateKey(loadPrivateKeyFromKeyStore).setScopes(Collections.unmodifiableList(arrayList)).build();
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return build;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    static Credentials fromJson(Task task) throws IOException {
        return ServiceAccountCredentials.fromStream((InputStream) new FileInputStream((String) task.getJsonKeyfile().map(localFile -> {
            return localFile.getPath().toString();
        }).get()));
    }
}
