package com.spotify.styx.client.auth;

import com.google.api.client.auth.oauth2.RefreshTokenRequest;
import com.google.api.client.auth.oauth2.TokenRequest;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.util.Utils;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Objects;
import java.util.Optional;

/* loaded from: input_file:com/spotify/styx/client/auth/GoogleIdTokenAuth.class */
public class GoogleIdTokenAuth {
    private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
    private final HttpTransport httpTransport;
    private final Optional<GoogleCredential> credential;

    GoogleIdTokenAuth(HttpTransport httpTransport, Optional<GoogleCredential> optional) {
        this.httpTransport = (HttpTransport) Objects.requireNonNull(httpTransport, "httpTransport");
        this.credential = (Optional) Objects.requireNonNull(optional, "credential");
    }

    public Optional<String> getToken(String str) throws IOException, GeneralSecurityException {
        return this.credential.isPresent() ? Optional.of(getToken(str, this.credential.get())) : Optional.empty();
    }

    private String getToken(String str, GoogleCredential googleCredential) throws IOException, GeneralSecurityException {
        return googleCredential.getServiceAccountId() != null ? getServiceAccountToken(googleCredential, str) : getUserToken(googleCredential);
    }

    private String getServiceAccountToken(GoogleCredential googleCredential, String str) throws IOException, GeneralSecurityException {
        TokenRequest tokenRequest = new TokenRequest(this.httpTransport, JSON_FACTORY, new GenericUrl(googleCredential.getTokenServerEncodedUrl()), "urn:ietf:params:oauth:grant-type:jwt-bearer");
        tokenRequest.put("assertion", JsonWebSignature.signUsingRsaSha256(googleCredential.getServiceAccountPrivateKey(), JSON_FACTORY, jwtHeader(), jwtPayload(str, googleCredential.getServiceAccountId(), googleCredential.getTokenServerEncodedUrl())));
        return (String) tokenRequest.execute().get("id_token");
    }

    private static JsonWebToken.Payload jwtPayload(String str, String str2, String str3) {
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        long currentTimeMillis = System.currentTimeMillis();
        payload.put("target_audience", str);
        payload.setIssuer(str2);
        payload.setAudience(str3);
        payload.setIssuedAtTimeSeconds(Long.valueOf(currentTimeMillis / 1000));
        payload.setExpirationTimeSeconds(Long.valueOf((currentTimeMillis / 1000) + 3600));
        return payload;
    }

    private static JsonWebSignature.Header jwtHeader() {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        return header;
    }

    private String getUserToken(GoogleCredential googleCredential) throws IOException {
        return (String) new RefreshTokenRequest(this.httpTransport, JSON_FACTORY, new GenericUrl(googleCredential.getTokenServerEncodedUrl()), googleCredential.getRefreshToken()).setClientAuthentication(googleCredential.getClientAuthentication()).setRequestInitializer(googleCredential).execute().get("id_token");
    }

    public static GoogleIdTokenAuth ofDefaultCredential() {
        try {
            return of((Optional<GoogleCredential>) Optional.of(GoogleCredential.getApplicationDefault()));
        } catch (IOException e) {
            return of((Optional<GoogleCredential>) Optional.empty());
        }
    }

    public static GoogleIdTokenAuth of(Optional<GoogleCredential> optional) {
        return of(Utils.getDefaultTransport(), optional);
    }

    public static GoogleIdTokenAuth of(GoogleCredential googleCredential) {
        return of(Utils.getDefaultTransport(), Optional.of(googleCredential));
    }

    private static GoogleIdTokenAuth of(HttpTransport httpTransport, Optional<GoogleCredential> optional) {
        return new GoogleIdTokenAuth(httpTransport, optional);
    }
}
