package com.google.auth.oauth2;

import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.testing.http.FixedClock;
import com.google.api.client.testing.http.MockLowLevelHttpResponse;
import com.google.api.client.util.Clock;
import com.google.api.client.util.Joiner;
import com.google.auth.TestUtils;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentialsTest;
import com.google.common.collect.ImmutableSet;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

@RunWith(JUnit4.class)
/* loaded from: input_file:com/google/auth/oauth2/ServiceAccountCredentialsTest.class */
public class ServiceAccountCredentialsTest extends BaseSerializationTest {
    private static final String SA_CLIENT_EMAIL = "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr@developer.gserviceaccount.com";
    private static final String SA_CLIENT_ID = "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr.apps.googleusercontent.com";
    private static final String SA_PRIVATE_KEY_ID = "d84a4fefcf50791d4a90f2d7af17469d6282df9d";
    static final String SA_PRIVATE_KEY_PKCS8 = "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALX0PQoe1igW12ikv1bN/r9lN749y2ijmbc/mFHPyS3hNTyOCjDvBbXYbDhQJzWVUikh4mvGBA07qTj79Xc3yBDfKP2IeyYQIFe0t0zkd7R9Zdn98Y2rIQC47aAbDfubtkU1U72t4zL11kHvoa0/RuFZjncvlr42X7be7lYh4p3NAgMBAAECgYASk5wDw4Az2ZkmeuN6Fk/y9H+Lcb2pskJIXjrL533vrDWGOC48LrsThMQPv8cxBky8HFSEklPpkfTF95tpD43iVwJRB/GrCtGTw65IfJ4/tI09h6zGc4yqvIo1cHX/LQ+SxKLGyir/dQM925rGt/VojxY5ryJR7GLbCzxPnJm/oQJBANwOCO6D2hy1LQYJhXh7O+RLtA/tSnT1xyMQsGT+uUCMiKS2bSKx2wxo9k7h3OegNJIu1q6nZ6AbxDK8H3+d0dUCQQDTrPSXagBxzp8PecbaCHjzNRSQE2in81qYnrAFNB4o3DpHyMMY6s5ALLeHKscEWnqP8Ur6X4PvzZecCWU9BKAZAkAutLPknAuxSCsUOvUfS1i87ex77Ot+w6POp34pEX+UWb+u5iFn2cQacDTHLV1LtE80L8jVLSbrbrlH43H0DjU5AkEAgidhycxS86dxpEljnOMCw8CKoUBd5I880IUahEiUltk7OLJYS/Ts1wbn3kPOVX3wyJs8WBDtBkFrDHW2ezth2QJADj3e1YhMVdjJW5jqwlD/VNddGjgzyunmiZg0uOXsHXbytYmsA545S8KRQFaJKFXYYFo2kOjqOiC1T2cAzMDjCQ==\n-----END PRIVATE KEY-----\n";
    private static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2";
    private static final String SERVICE_ACCOUNT_USER = "user@example.com";
    private static final String PROJECT_ID = "project-id";
    public static final String DEFAULT_ID_TOKEN = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImRmMzc1ODkwOGI3OTIyOTNhZDk3N2EwYjk5MWQ5OGE3N2Y0ZWVlY2QiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL2Zvby5iYXIiLCJhenAiOiIxMDIxMDE1NTA4MzQyMDA3MDg1NjgiLCJleHAiOjE1NjQ0NzUwNTEsImlhdCI6MTU2NDQ3MTQ1MSwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTAyMTAxNTUwODM0MjAwNzA4NTY4In0.redacted";
    private static final Collection<String> SCOPES = Collections.singletonList("dummy.scope");
    private static final Collection<String> EMPTY_SCOPES = Collections.emptyList();
    private static final URI CALL_URI = URI.create("http://googleapis.com/testapi/v1/foo");
    private static final HttpTransportFactory DUMMY_TRANSPORT_FACTORY = new GoogleCredentialsTest.MockTokenServerTransportFactory();

    @Test
    public void createdScoped_clones() throws IOException {
        PrivateKey privateKeyFromPkcs8 = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8);
        ServiceAccountCredentials build = ServiceAccountCredentials.newBuilder().setClientId(SA_CLIENT_ID).setClientEmail(SA_CLIENT_EMAIL).setPrivateKey(privateKeyFromPkcs8).setPrivateKeyId(SA_PRIVATE_KEY_ID).setScopes(SCOPES).setServiceAccountUser(SERVICE_ACCOUNT_USER).setProjectId(PROJECT_ID).build();
        List asList = Arrays.asList("scope1", "scope2");
        ServiceAccountCredentials createScoped = build.createScoped(asList);
        Assert.assertEquals(SA_CLIENT_ID, createScoped.getClientId());
        Assert.assertEquals(SA_CLIENT_EMAIL, createScoped.getClientEmail());
        Assert.assertEquals(privateKeyFromPkcs8, createScoped.getPrivateKey());
        Assert.assertEquals(SA_PRIVATE_KEY_ID, createScoped.getPrivateKeyId());
        Assert.assertArrayEquals(asList.toArray(), createScoped.getScopes().toArray());
        Assert.assertEquals(SERVICE_ACCOUNT_USER, createScoped.getServiceAccountUser());
        Assert.assertEquals(PROJECT_ID, createScoped.getProjectId());
        Assert.assertArrayEquals(SCOPES.toArray(), build.getScopes().toArray());
    }

    @Test
    public void createdDelegated_clones() throws IOException {
        PrivateKey privateKeyFromPkcs8 = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8);
        ServiceAccountCredentials build = ServiceAccountCredentials.newBuilder().setClientId(SA_CLIENT_ID).setClientEmail(SA_CLIENT_EMAIL).setPrivateKey(privateKeyFromPkcs8).setPrivateKeyId(SA_PRIVATE_KEY_ID).setScopes(SCOPES).setServiceAccountUser(SERVICE_ACCOUNT_USER).setProjectId(PROJECT_ID).build();
        ServiceAccountCredentials createDelegated = build.createDelegated("stranger@other.org");
        Assert.assertEquals(SA_CLIENT_ID, createDelegated.getClientId());
        Assert.assertEquals(SA_CLIENT_EMAIL, createDelegated.getClientEmail());
        Assert.assertEquals(privateKeyFromPkcs8, createDelegated.getPrivateKey());
        Assert.assertEquals(SA_PRIVATE_KEY_ID, createDelegated.getPrivateKeyId());
        Assert.assertArrayEquals(SCOPES.toArray(), createDelegated.getScopes().toArray());
        Assert.assertEquals("stranger@other.org", createDelegated.getServiceAccountUser());
        Assert.assertEquals(PROJECT_ID, createDelegated.getProjectId());
        Assert.assertEquals(SERVICE_ACCOUNT_USER, build.getServiceAccountUser());
    }

    @Test
    public void createAssertion_correct() throws IOException {
        PrivateKey privateKeyFromPkcs8 = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8);
        List asList = Arrays.asList("scope1", "scope2");
        ServiceAccountCredentials build = ServiceAccountCredentials.newBuilder().setClientId(SA_CLIENT_ID).setClientEmail(SA_CLIENT_EMAIL).setPrivateKey(privateKeyFromPkcs8).setPrivateKeyId(SA_PRIVATE_KEY_ID).setScopes(asList).setServiceAccountUser(SERVICE_ACCOUNT_USER).setProjectId(PROJECT_ID).build();
        JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
        long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
        JsonWebToken.Payload payload = JsonWebSignature.parse(jsonFactory, build.createAssertion(jsonFactory, currentTimeMillis, (String) null)).getPayload();
        Assert.assertEquals(SA_CLIENT_EMAIL, payload.getIssuer());
        Assert.assertEquals(OAuth2Utils.TOKEN_SERVER_URI.toString(), payload.getAudience());
        Assert.assertEquals(currentTimeMillis / 1000, payload.getIssuedAtTimeSeconds().longValue());
        Assert.assertEquals((currentTimeMillis / 1000) + 3600, payload.getExpirationTimeSeconds().longValue());
        Assert.assertEquals(SERVICE_ACCOUNT_USER, payload.getSubject());
        Assert.assertEquals(Joiner.on(' ').join(asList), payload.get("scope"));
    }

    @Test
    public void createAssertionForIdToken_correct() throws IOException {
        ServiceAccountCredentials build = ServiceAccountCredentials.newBuilder().setClientId(SA_CLIENT_ID).setClientEmail(SA_CLIENT_EMAIL).setPrivateKey(ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8)).setPrivateKeyId(SA_PRIVATE_KEY_ID).setServiceAccountUser(SERVICE_ACCOUNT_USER).setProjectId(PROJECT_ID).build();
        JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
        long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
        JsonWebToken.Payload payload = JsonWebSignature.parse(jsonFactory, build.createAssertionForIdToken(jsonFactory, currentTimeMillis, (String) null, "https://foo.com/bar")).getPayload();
        Assert.assertEquals(SA_CLIENT_EMAIL, payload.getIssuer());
        Assert.assertEquals("https://foo.com/bar", (String) payload.getUnknownKeys().get("target_audience"));
        Assert.assertEquals(currentTimeMillis / 1000, payload.getIssuedAtTimeSeconds().longValue());
        Assert.assertEquals((currentTimeMillis / 1000) + 3600, payload.getExpirationTimeSeconds().longValue());
        Assert.assertEquals(SERVICE_ACCOUNT_USER, payload.getSubject());
    }

    @Test
    public void createAssertionForIdToken_incorrect() throws IOException {
        ServiceAccountCredentials build = ServiceAccountCredentials.newBuilder().setClientId(SA_CLIENT_ID).setClientEmail(SA_CLIENT_EMAIL).setPrivateKey(ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8)).setPrivateKeyId(SA_PRIVATE_KEY_ID).setServiceAccountUser(SERVICE_ACCOUNT_USER).setProjectId(PROJECT_ID).build();
        JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
        long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
        JsonWebToken.Payload payload = JsonWebSignature.parse(jsonFactory, build.createAssertionForIdToken(jsonFactory, currentTimeMillis, (String) null, "https://foo.com/bar")).getPayload();
        Assert.assertEquals(SA_CLIENT_EMAIL, payload.getIssuer());
        Assert.assertNotEquals("https://bar.com/foo", (String) payload.getUnknownKeys().get("target_audience"));
        Assert.assertEquals(currentTimeMillis / 1000, payload.getIssuedAtTimeSeconds().longValue());
        Assert.assertEquals((currentTimeMillis / 1000) + 3600, payload.getExpirationTimeSeconds().longValue());
        Assert.assertEquals(SERVICE_ACCOUNT_USER, payload.getSubject());
    }

    @Test
    public void createAssertion_withTokenUri_correct() throws IOException {
        PrivateKey privateKeyFromPkcs8 = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8);
        List asList = Arrays.asList("scope1", "scope2");
        ServiceAccountCredentials build = ServiceAccountCredentials.newBuilder().setClientId(SA_CLIENT_ID).setClientEmail(SA_CLIENT_EMAIL).setPrivateKey(privateKeyFromPkcs8).setPrivateKeyId(SA_PRIVATE_KEY_ID).setScopes(asList).setServiceAccountUser(SERVICE_ACCOUNT_USER).setProjectId(PROJECT_ID).build();
        JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
        long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
        JsonWebToken.Payload payload = JsonWebSignature.parse(jsonFactory, build.createAssertion(jsonFactory, currentTimeMillis, "https://foo.com/bar")).getPayload();
        Assert.assertEquals(SA_CLIENT_EMAIL, payload.getIssuer());
        Assert.assertEquals("https://foo.com/bar", payload.getAudience());
        Assert.assertEquals(currentTimeMillis / 1000, payload.getIssuedAtTimeSeconds().longValue());
        Assert.assertEquals((currentTimeMillis / 1000) + 3600, payload.getExpirationTimeSeconds().longValue());
        Assert.assertEquals(SERVICE_ACCOUNT_USER, payload.getSubject());
        Assert.assertEquals(Joiner.on(' ').join(asList), payload.get("scope"));
    }

    @Test
    public void createdScoped_enablesAccessTokens() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        mockTokenServerTransportFactory.transport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, (Collection) null, mockTokenServerTransportFactory, (URI) null);
        try {
            fromPkcs8.getRequestMetadata(CALL_URI);
            Assert.fail("Should not be able to get token without scopes");
        } catch (Exception e) {
        }
        TestUtils.assertContainsBearerToken(fromPkcs8.createScoped(SCOPES).getRequestMetadata(CALL_URI), ACCESS_TOKEN);
    }

    @Test
    public void createScopedRequired_emptyScopes_true() throws IOException {
        Assert.assertTrue(ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, EMPTY_SCOPES).createScopedRequired());
    }

    @Test
    public void createScopedRequired_nonEmptyScopes_false() throws IOException {
        Assert.assertFalse(ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES).createScopedRequired());
    }

    @Test
    public void fromJSON_getProjectId() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        mockTokenServerTransportFactory.transport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        Assert.assertEquals(PROJECT_ID, ServiceAccountCredentials.fromJson(writeServiceAccountJson(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, PROJECT_ID), mockTokenServerTransportFactory).getProjectId());
    }

    @Test
    public void fromJSON_getProjectIdNull() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        mockTokenServerTransportFactory.transport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        Assert.assertNull(ServiceAccountCredentials.fromJson(writeServiceAccountJson(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, null), mockTokenServerTransportFactory).getProjectId());
    }

    @Test
    public void fromJSON_hasAccessToken() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        mockTokenServerTransportFactory.transport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        TestUtils.assertContainsBearerToken(ServiceAccountCredentials.fromJson(writeServiceAccountJson(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, PROJECT_ID), mockTokenServerTransportFactory).createScoped(SCOPES).getRequestMetadata(CALL_URI), ACCESS_TOKEN);
    }

    @Test
    public void fromJSON_tokenServerUri() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        mockTokenServerTransportFactory.transport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        GenericJson writeServiceAccountJson = writeServiceAccountJson(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, PROJECT_ID);
        writeServiceAccountJson.put("token_uri", "https://foo.com/bar");
        Assert.assertEquals(URI.create("https://foo.com/bar"), ServiceAccountCredentials.fromJson(writeServiceAccountJson, mockTokenServerTransportFactory).getTokenServerUri());
    }

    @Test
    public void getRequestMetadata_hasAccessToken() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        mockTokenServerTransportFactory.transport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        TestUtils.assertContainsBearerToken(ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, (URI) null).getRequestMetadata(CALL_URI), ACCESS_TOKEN);
    }

    @Test
    public void getRequestMetadata_customTokenServer_hasAccessToken() throws IOException {
        URI create = URI.create("https://foo.com/bar");
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        mockTokenServerTransportFactory.transport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        mockTokenServerTransportFactory.transport.setTokenServerUri(create);
        TestUtils.assertContainsBearerToken(ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create).getRequestMetadata(CALL_URI), ACCESS_TOKEN);
    }

    @Test
    public void refreshAccessToken_refreshesToken() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        MockTokenServerTransport mockTokenServerTransport = mockTokenServerTransportFactory.transport;
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, (URI) null);
        mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        TestUtils.assertContainsBearerToken(fromPkcs8.getRequestMetadata(CALL_URI), ACCESS_TOKEN);
        mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, "2/MkSJoj1xsli0AccessToken_NKPY2");
        fromPkcs8.refresh();
        TestUtils.assertContainsBearerToken(fromPkcs8.getRequestMetadata(CALL_URI), "2/MkSJoj1xsli0AccessToken_NKPY2");
    }

    @Test
    public void refreshAccessToken_tokenExpiry() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        MockTokenServerTransport mockTokenServerTransport = mockTokenServerTransportFactory.transport;
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, (URI) null);
        fromPkcs8.clock = new FixedClock(0L);
        mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        AccessToken refreshAccessToken = fromPkcs8.refreshAccessToken();
        Assert.assertEquals(ACCESS_TOKEN, refreshAccessToken.getTokenValue());
        Assert.assertEquals(3600000L, refreshAccessToken.getExpirationTimeMillis().longValue());
        mockTokenServerTransport.setExpiresInSeconds(3600000);
        AccessToken refreshAccessToken2 = fromPkcs8.refreshAccessToken();
        Assert.assertEquals(ACCESS_TOKEN, refreshAccessToken2.getTokenValue());
        Assert.assertEquals(3600000000L, refreshAccessToken2.getExpirationTimeMillis().longValue());
    }

    @Test
    public void refreshAccessToken_retriesIOException() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        MockTokenServerTransport mockTokenServerTransport = mockTokenServerTransportFactory.transport;
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, (URI) null);
        mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        TestUtils.assertContainsBearerToken(fromPkcs8.getRequestMetadata(CALL_URI), ACCESS_TOKEN);
        mockTokenServerTransport.addResponseErrorSequence(new IOException());
        mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, "2/MkSJoj1xsli0AccessToken_NKPY2");
        fromPkcs8.refresh();
        TestUtils.assertContainsBearerToken(fromPkcs8.getRequestMetadata(CALL_URI), "2/MkSJoj1xsli0AccessToken_NKPY2");
    }

    @Test
    public void refreshAccessToken_retriesForbiddenError() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        MockTokenServerTransport mockTokenServerTransport = mockTokenServerTransportFactory.transport;
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, (URI) null);
        mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        TestUtils.assertContainsBearerToken(fromPkcs8.getRequestMetadata(CALL_URI), ACCESS_TOKEN);
        mockTokenServerTransport.addResponseSequence(new MockLowLevelHttpResponse().setStatusCode(403));
        mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, "2/MkSJoj1xsli0AccessToken_NKPY2");
        fromPkcs8.refresh();
        TestUtils.assertContainsBearerToken(fromPkcs8.getRequestMetadata(CALL_URI), "2/MkSJoj1xsli0AccessToken_NKPY2");
    }

    @Test
    public void refreshAccessToken_retriesServerError() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        MockTokenServerTransport mockTokenServerTransport = mockTokenServerTransportFactory.transport;
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, (URI) null);
        mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        TestUtils.assertContainsBearerToken(fromPkcs8.getRequestMetadata(CALL_URI), ACCESS_TOKEN);
        mockTokenServerTransport.addResponseSequence(new MockLowLevelHttpResponse().setStatusCode(500));
        mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, "2/MkSJoj1xsli0AccessToken_NKPY2");
        fromPkcs8.refresh();
        TestUtils.assertContainsBearerToken(fromPkcs8.getRequestMetadata(CALL_URI), "2/MkSJoj1xsli0AccessToken_NKPY2");
    }

    @Test
    public void refreshAccessToken_failsNotFoundError() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        MockTokenServerTransport mockTokenServerTransport = mockTokenServerTransportFactory.transport;
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, (URI) null);
        mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        TestUtils.assertContainsBearerToken(fromPkcs8.getRequestMetadata(CALL_URI), ACCESS_TOKEN);
        try {
            mockTokenServerTransport.addResponseSequence(new MockLowLevelHttpResponse().setStatusCode(404));
            mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, "2/MkSJoj1xsli0AccessToken_NKPY2");
            fromPkcs8.refresh();
            Assert.fail("Should not retry on Not Found");
        } catch (IOException e) {
        }
    }

    @Test
    public void idTokenWithAudience_correct() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        MockTokenServerTransport mockTokenServerTransport = mockTokenServerTransportFactory.transport;
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, (URI) null);
        mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        TestUtils.assertContainsBearerToken(fromPkcs8.getRequestMetadata(CALL_URI), ACCESS_TOKEN);
        IdTokenCredentials build = IdTokenCredentials.newBuilder().setIdTokenProvider(fromPkcs8).setTargetAudience("https://foo.bar").build();
        build.refresh();
        Assert.assertEquals("eyJhbGciOiJSUzI1NiIsImtpZCI6ImRmMzc1ODkwOGI3OTIyOTNhZDk3N2EwYjk5MWQ5OGE3N2Y0ZWVlY2QiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL2Zvby5iYXIiLCJhenAiOiIxMDIxMDE1NTA4MzQyMDA3MDg1NjgiLCJleHAiOjE1NjQ0NzUwNTEsImlhdCI6MTU2NDQ3MTQ1MSwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTAyMTAxNTUwODM0MjAwNzA4NTY4In0.redacted", build.getAccessToken().getTokenValue());
        Assert.assertEquals("eyJhbGciOiJSUzI1NiIsImtpZCI6ImRmMzc1ODkwOGI3OTIyOTNhZDk3N2EwYjk5MWQ5OGE3N2Y0ZWVlY2QiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL2Zvby5iYXIiLCJhenAiOiIxMDIxMDE1NTA4MzQyMDA3MDg1NjgiLCJleHAiOjE1NjQ0NzUwNTEsImlhdCI6MTU2NDQ3MTQ1MSwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTAyMTAxNTUwODM0MjAwNzA4NTY4In0.redacted", build.getIdToken().getTokenValue());
        Assert.assertEquals("https://foo.bar", (String) build.getIdToken().getJsonWebSignature().getPayload().getAudience());
    }

    @Test
    public void idTokenWithAudience_incorrect() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        MockTokenServerTransport mockTokenServerTransport = mockTokenServerTransportFactory.transport;
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, (URI) null);
        mockTokenServerTransport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        TestUtils.assertContainsBearerToken(fromPkcs8.getRequestMetadata(CALL_URI), ACCESS_TOKEN);
        IdTokenCredentials build = IdTokenCredentials.newBuilder().setIdTokenProvider(fromPkcs8).setTargetAudience("https://bar").build();
        build.refresh();
        Assert.assertNotEquals("https://bar", (String) build.getIdToken().getJsonWebSignature().getPayload().getAudience());
    }

    @Test
    public void getScopes_nullReturnsEmpty() throws IOException {
        Collection scopes = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, (Collection) null).getScopes();
        Assert.assertNotNull(scopes);
        Assert.assertTrue(scopes.isEmpty());
    }

    @Test
    public void getAccount_sameAs() throws IOException {
        Assert.assertEquals(SA_CLIENT_EMAIL, ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, (Collection) null).getAccount());
    }

    @Test
    public void sign_sameAs() throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        byte[] bArr = {13, 14, 10, 13};
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, (Collection) null);
        byte[] sign = fromPkcs8.sign(bArr);
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(fromPkcs8.getPrivateKey());
        signature.update(bArr);
        Assert.assertArrayEquals(signature.sign(), sign);
    }

    @Test
    public void equals_true() throws IOException {
        URI create = URI.create("https://foo.com/bar");
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create);
        ServiceAccountCredentials fromPkcs82 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create);
        Assert.assertTrue(fromPkcs8.equals(fromPkcs82));
        Assert.assertTrue(fromPkcs82.equals(fromPkcs8));
    }

    @Test
    public void equals_false_clientId() throws IOException {
        URI create = URI.create("https://foo1.com/bar");
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create);
        ServiceAccountCredentials fromPkcs82 = ServiceAccountCredentials.fromPkcs8("otherClientId", SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create);
        Assert.assertFalse(fromPkcs8.equals(fromPkcs82));
        Assert.assertFalse(fromPkcs82.equals(fromPkcs8));
    }

    @Test
    public void equals_false_email() throws IOException {
        URI create = URI.create("https://foo1.com/bar");
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create);
        ServiceAccountCredentials fromPkcs82 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, "otherEmail", SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create);
        Assert.assertFalse(fromPkcs8.equals(fromPkcs82));
        Assert.assertFalse(fromPkcs82.equals(fromPkcs8));
    }

    @Test
    public void equals_false_keyId() throws IOException {
        URI create = URI.create("https://foo1.com/bar");
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create);
        ServiceAccountCredentials fromPkcs82 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, "otherId", SCOPES, mockTokenServerTransportFactory, create);
        Assert.assertFalse(fromPkcs8.equals(fromPkcs82));
        Assert.assertFalse(fromPkcs82.equals(fromPkcs8));
    }

    @Test
    public void equals_false_scopes() throws IOException {
        URI create = URI.create("https://foo1.com/bar");
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create);
        ServiceAccountCredentials fromPkcs82 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, ImmutableSet.of(), mockTokenServerTransportFactory, create);
        Assert.assertFalse(fromPkcs8.equals(fromPkcs82));
        Assert.assertFalse(fromPkcs82.equals(fromPkcs8));
    }

    @Test
    public void equals_false_transportFactory() throws IOException {
        URI create = URI.create("https://foo1.com/bar");
        GoogleCredentialsTest.MockHttpTransportFactory mockHttpTransportFactory = new GoogleCredentialsTest.MockHttpTransportFactory();
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, new GoogleCredentialsTest.MockTokenServerTransportFactory(), create);
        ServiceAccountCredentials fromPkcs82 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockHttpTransportFactory, create);
        Assert.assertFalse(fromPkcs8.equals(fromPkcs82));
        Assert.assertFalse(fromPkcs82.equals(fromPkcs8));
    }

    @Test
    public void equals_false_tokenServer() throws IOException {
        URI create = URI.create("https://foo1.com/bar");
        URI create2 = URI.create("https://foo2.com/bar");
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create);
        ServiceAccountCredentials fromPkcs82 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create2);
        Assert.assertFalse(fromPkcs8.equals(fromPkcs82));
        Assert.assertFalse(fromPkcs82.equals(fromPkcs8));
    }

    @Test
    public void toString_containsFields() throws IOException {
        URI create = URI.create("https://foo.com/bar");
        Assert.assertEquals(String.format("ServiceAccountCredentials{clientId=%s, clientEmail=%s, privateKeyId=%s, transportFactoryClassName=%s, tokenServerUri=%s, scopes=%s, serviceAccountUser=%s}", SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_ID, GoogleCredentialsTest.MockTokenServerTransportFactory.class.getName(), create, SCOPES, SERVICE_ACCOUNT_USER), ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, new GoogleCredentialsTest.MockTokenServerTransportFactory(), create, SERVICE_ACCOUNT_USER).toString());
    }

    @Test
    public void hashCode_equals() throws IOException {
        URI create = URI.create("https://foo.com/bar");
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        Assert.assertEquals(ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create).hashCode(), ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, mockTokenServerTransportFactory, create).hashCode());
    }

    @Test
    public void serialize() throws IOException, ClassNotFoundException {
        ServiceAccountCredentials fromPkcs8 = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, new GoogleCredentialsTest.MockTokenServerTransportFactory(), URI.create("https://foo.com/bar"));
        ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) serializeAndDeserialize(fromPkcs8);
        Assert.assertEquals(fromPkcs8, serviceAccountCredentials);
        Assert.assertEquals(fromPkcs8.hashCode(), serviceAccountCredentials.hashCode());
        Assert.assertEquals(fromPkcs8.toString(), serviceAccountCredentials.toString());
        Assert.assertSame(serviceAccountCredentials.clock, Clock.SYSTEM);
        Assert.assertEquals(GoogleCredentialsTest.MockTokenServerTransportFactory.class, serviceAccountCredentials.toBuilder().getHttpTransportFactory().getClass());
    }

    @Test
    public void fromStream_nullTransport_throws() throws IOException {
        try {
            ServiceAccountCredentials.fromStream(new ByteArrayInputStream("foo".getBytes()), (HttpTransportFactory) null);
            Assert.fail("Should throw if HttpTransportFactory is null");
        } catch (NullPointerException e) {
        }
    }

    @Test
    public void fromStream_nullStream_throws() throws IOException {
        try {
            ServiceAccountCredentials.fromStream((InputStream) null, new GoogleCredentialsTest.MockHttpTransportFactory());
            Assert.fail("Should throw if InputStream is null");
        } catch (NullPointerException e) {
        }
    }

    @Test
    public void fromStream_providesToken() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        mockTokenServerTransportFactory.transport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        ServiceAccountCredentials fromStream = ServiceAccountCredentials.fromStream(writeServiceAccountStream(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID), mockTokenServerTransportFactory);
        Assert.assertNotNull(fromStream);
        TestUtils.assertContainsBearerToken(fromStream.createScoped(SCOPES).getRequestMetadata(CALL_URI), ACCESS_TOKEN);
    }

    @Test
    public void fromStream_noClientId_throws() throws IOException {
        testFromStreamException(writeServiceAccountStream(null, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID), "client_id");
    }

    @Test
    public void fromStream_noClientEmail_throws() throws IOException {
        testFromStreamException(writeServiceAccountStream(SA_CLIENT_ID, null, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID), "client_email");
    }

    @Test
    public void fromStream_noPrivateKey_throws() throws IOException {
        testFromStreamException(writeServiceAccountStream(SA_CLIENT_ID, SA_CLIENT_EMAIL, null, SA_PRIVATE_KEY_ID), "private_key");
    }

    @Test
    public void fromStream_noPrivateKeyId_throws() throws IOException {
        testFromStreamException(writeServiceAccountStream(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, null), "private_key_id");
    }

    static GenericJson writeServiceAccountJson(String str, String str2, String str3, String str4, String str5) {
        GenericJson genericJson = new GenericJson();
        if (str != null) {
            genericJson.put("client_id", str);
        }
        if (str2 != null) {
            genericJson.put("client_email", str2);
        }
        if (str3 != null) {
            genericJson.put("private_key", str3);
        }
        if (str4 != null) {
            genericJson.put("private_key_id", str4);
        }
        if (str5 != null) {
            genericJson.put("project_id", str5);
        }
        genericJson.put("type", "service_account");
        return genericJson;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static InputStream writeServiceAccountStream(String str, String str2, String str3, String str4) throws IOException {
        return TestUtils.jsonToInputStream(writeServiceAccountJson(str, str2, str3, str4, null));
    }

    private static void testFromStreamException(InputStream inputStream, String str) {
        try {
            ServiceAccountCredentials.fromStream(inputStream, DUMMY_TRANSPORT_FACTORY);
            Assert.fail(String.format("Should throw exception with message containing '%s'", str));
        } catch (IOException e) {
            Assert.assertTrue(e.getMessage().contains(str));
        }
    }
}
