package com.google.appengine.api.appidentity.dev;

import com.google.appengine.api.appidentity.AppIdentityServicePb;
import com.google.appengine.repackaged.com.google.common.base.CharMatcher;
import com.google.appengine.repackaged.com.google.common.io.BaseEncoding;
import com.google.appengine.repackaged.com.google.protobuf.ByteString;
import com.google.appengine.tools.development.AbstractLocalRpcService;
import com.google.appengine.tools.development.Clock;
import com.google.appengine.tools.development.LocalRpcService;
import com.google.appengine.tools.development.LocalServiceContext;
import com.google.appengine.tools.development.ServiceProvider;
import com.google.apphosting.api.ApiProxy;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Map;
import org.hsqldb.persist.LockFile;

@ServiceProvider(LocalRpcService.class)
/* loaded from: input_file:com/google/appengine/api/appidentity/dev/LocalAppIdentityService.class */
public class LocalAppIdentityService extends AbstractLocalRpcService {
    public static final String PACKAGE = "app_identity_service";
    public static final String PRIVATE_KEY_PATH = "/com/google/appengine/api/appidentity/dev/testkey/private";
    public static final String PUBLIC_CERT_PATH = "/com/google/appengine/api/appidentity/dev/testkey/public-pem";
    private static final String KEY_NAME = "key";
    private RSAPrivateKey privateKey;
    private String publicCert;
    private Clock clock;
    private String defaultGcsBucketName;

    public String getPackage() {
        return PACKAGE;
    }

    public void init(LocalServiceContext localServiceContext, Map<String, String> map) {
        try {
            InputStream resourceAsStream = LocalAppIdentityService.class.getResourceAsStream(PRIVATE_KEY_PATH);
            byte[] bArr = new byte[resourceAsStream.available()];
            resourceAsStream.read(bArr);
            String str = new String(bArr);
            InputStream resourceAsStream2 = LocalAppIdentityService.class.getResourceAsStream(PUBLIC_CERT_PATH);
            byte[] bArr2 = new byte[resourceAsStream2.available()];
            resourceAsStream2.read(bArr2);
            this.publicCert = new String(bArr2);
            this.privateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(BaseEncoding.base64().decode(CharMatcher.WHITESPACE.removeFrom(str))));
            this.defaultGcsBucketName = map.get("appengine.default.gcs.bucket.name");
            if (this.defaultGcsBucketName == null) {
                this.defaultGcsBucketName = "app_default_bucket";
            }
            this.clock = localServiceContext.getClock();
        } catch (IOException e) {
            throw new RuntimeException("Can not initialize app identity service.");
        } catch (IllegalArgumentException e2) {
            throw new RuntimeException("Can not initialize app identity service.");
        } catch (GeneralSecurityException e3) {
            throw new RuntimeException("Can not initialize app identity service.");
        }
    }

    public void start() {
    }

    public void stop() {
    }

    public AppIdentityServicePb.SignForAppResponse signForApp(LocalRpcService.Status status, AppIdentityServicePb.SignForAppRequest signForAppRequest) throws Exception {
        AppIdentityServicePb.SignForAppResponse.Builder newBuilder = AppIdentityServicePb.SignForAppResponse.newBuilder();
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(this.privateKey);
        signature.update(signForAppRequest.getBytesToSign().toByteArray());
        newBuilder.setSignatureBytes(ByteString.copyFrom(signature.sign()));
        newBuilder.setKeyName(KEY_NAME);
        return newBuilder.build();
    }

    public AppIdentityServicePb.GetPublicCertificateForAppResponse getPublicCertificatesForApp(LocalRpcService.Status status, AppIdentityServicePb.GetPublicCertificateForAppRequest getPublicCertificateForAppRequest) {
        AppIdentityServicePb.GetPublicCertificateForAppResponse.Builder newBuilder = AppIdentityServicePb.GetPublicCertificateForAppResponse.newBuilder();
        newBuilder.addPublicCertificateList(AppIdentityServicePb.PublicCertificate.newBuilder().setKeyName(KEY_NAME).setX509CertificatePem(this.publicCert));
        return newBuilder.build();
    }

    public AppIdentityServicePb.GetServiceAccountNameResponse getServiceAccountName(LocalRpcService.Status status, AppIdentityServicePb.GetServiceAccountNameRequest getServiceAccountNameRequest) {
        ApiProxy.Environment currentEnvironment = ApiProxy.getCurrentEnvironment();
        AppIdentityServicePb.GetServiceAccountNameResponse.Builder newBuilder = AppIdentityServicePb.GetServiceAccountNameResponse.newBuilder();
        newBuilder.setServiceAccountName(String.valueOf(currentEnvironment.getAppId()).concat("@localhost"));
        return newBuilder.build();
    }

    public AppIdentityServicePb.GetDefaultGcsBucketNameResponse getDefaultGcsBucketName(LocalRpcService.Status status, AppIdentityServicePb.GetDefaultGcsBucketNameRequest getDefaultGcsBucketNameRequest) {
        AppIdentityServicePb.GetDefaultGcsBucketNameResponse.Builder newBuilder = AppIdentityServicePb.GetDefaultGcsBucketNameResponse.newBuilder();
        newBuilder.setDefaultGcsBucketName(this.defaultGcsBucketName);
        return newBuilder.build();
    }

    public AppIdentityServicePb.GetAccessTokenResponse getAccessToken(LocalRpcService.Status status, AppIdentityServicePb.GetAccessTokenRequest getAccessTokenRequest) {
        AppIdentityServicePb.GetAccessTokenResponse.Builder newBuilder = AppIdentityServicePb.GetAccessTokenResponse.newBuilder();
        StringBuilder sb = new StringBuilder();
        sb.append("InvalidToken");
        for (String str : getAccessTokenRequest.getScopeList()) {
            sb.append(":");
            sb.append(str);
        }
        sb.append(":");
        sb.append(this.clock.getCurrentTime() % LockFile.HEARTBEAT_INTERVAL);
        newBuilder.setAccessToken(sb.toString());
        newBuilder.setExpirationTime((this.clock.getCurrentTime() / 1000) + 1800);
        return newBuilder.build();
    }
}
