package com.google.auth.oauth2;

import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonGenerator;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.Clock;
import com.google.auth.ServiceAccountSigner;
import com.google.auth.TestUtils;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.GoogleCredentialsTest;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/google/auth/oauth2/ImpersonatedCredentialsTest.class */
class ImpersonatedCredentialsTest extends BaseSerializationTest {
    public static final String SA_CLIENT_EMAIL = "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr@developer.gserviceaccount.com";
    private static final String SA_PRIVATE_KEY_ID = "d84a4fefcf50791d4a90f2d7af17469d6282df9d";
    static final String SA_PRIVATE_KEY_PKCS8 = "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALX0PQoe1igW12ikv1bN/r9lN749y2ijmbc/mFHPyS3hNTyOCjDvBbXYbDhQJzWVUikh4mvGBA07qTj79Xc3yBDfKP2IeyYQIFe0t0zkd7R9Zdn98Y2rIQC47aAbDfubtkU1U72t4zL11kHvoa0/RuFZjncvlr42X7be7lYh4p3NAgMBAAECgYASk5wDw4Az2ZkmeuN6Fk/y9H+Lcb2pskJIXjrL533vrDWGOC48LrsThMQPv8cxBky8HFSEklPpkfTF95tpD43iVwJRB/GrCtGTw65IfJ4/tI09h6zGc4yqvIo1cHX/LQ+SxKLGyir/dQM925rGt/VojxY5ryJR7GLbCzxPnJm/oQJBANwOCO6D2hy1LQYJhXh7O+RLtA/tSnT1xyMQsGT+uUCMiKS2bSKx2wxo9k7h3OegNJIu1q6nZ6AbxDK8H3+d0dUCQQDTrPSXagBxzp8PecbaCHjzNRSQE2in81qYnrAFNB4o3DpHyMMY6s5ALLeHKscEWnqP8Ur6X4PvzZecCWU9BKAZAkAutLPknAuxSCsUOvUfS1i87ex77Ot+w6POp34pEX+UWb+u5iFn2cQacDTHLV1LtE80L8jVLSbrbrlH43H0DjU5AkEAgidhycxS86dxpEljnOMCw8CKoUBd5I880IUahEiUltk7OLJYS/Ts1wbn3kPOVX3wyJs8WBDtBkFrDHW2ezth2QJADj3e1YhMVdjJW5jqwlD/VNddGjgzyunmiZg0uOXsHXbytYmsA545S8KRQFaJKFXYYFo2kOjqOiC1T2cAzMDjCQ==\n-----END PRIVATE KEY-----\n";
    public static final String STANDARD_ID_TOKEN = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImRmMzc1ODkwOGI3OTIyOTNhZDk3N2EwYjk5MWQ5OGE3N2Y0ZWVlY2QiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL2Zvby5iYXIiLCJhenAiOiIxMDIxMDE1NTA4MzQyMDA3MDg1NjgiLCJleHAiOjE1NjQ1MzI5NzIsImlhdCI6MTU2NDUyOTM3MiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTAyMTAxNTUwODM0MjAwNzA4NTY4In0.redacted";
    public static final String TOKEN_WITH_EMAIL = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImRmMzc1ODkwOGI3OTIyOTNhZDk3N2EwYjk5MWQ5OGE3N2Y0ZWVlY2QiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL2Zvby5iYXIiLCJhenAiOiIxMDIxMDE1NTA4MzQyMDA3MDg1NjgiLCJlbWFpbCI6ImltcGVyc29uYXRlZC1hY2NvdW50QGZhYmxlZC1yYXktMTA0MTE3LmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV4cCI6MTU2NDUzMzA0MiwiaWF0IjoxNTY0NTI5NDQyLCJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJzdWIiOiIxMDIxMDE1NTA4MzQyMDA3MDg1NjgifQ.redacted";
    public static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2";
    private static final String PROJECT_ID = "project-id";
    public static final String IMPERSONATED_CLIENT_EMAIL = "impersonated-account@iam.gserviceaccount.com";
    private static final int VALID_LIFETIME = 300;
    private static final int INVALID_LIFETIME = 43210;
    private static final String RFC3339 = "yyyy-MM-dd'T'HH:mm:ss'Z'";
    public static final String IMPERSONATION_URL = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/impersonated-account@iam.gserviceaccount.com:generateAccessToken";
    private static final String USER_ACCOUNT_CLIENT_ID = "76408650-6qr441hur.apps.googleusercontent.com";
    private static final String USER_ACCOUNT_CLIENT_SECRET = "d-F499q74hFpdHD0T5";
    public static final String QUOTA_PROJECT_ID = "quota-project-id";
    private static final String REFRESH_TOKEN = "dasdfasdffa4ffdfadgyjirasdfadsft";
    private GoogleCredentials sourceCredentials;
    private MockIAMCredentialsServiceTransportFactory mockTransportFactory;
    private static final Set<String> IMMUTABLE_SCOPES_SET = ImmutableSet.of("scope1", "scope2");
    private static final List<String> IMMUTABLE_SCOPES_LIST = ImmutableList.of("scope1", "scope2");
    private static JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance();
    public static final List<String> DELEGATES = Arrays.asList("sa1@developer.gserviceaccount.com", "sa2@developer.gserviceaccount.com");

    /* loaded from: input_file:com/google/auth/oauth2/ImpersonatedCredentialsTest$MockIAMCredentialsServiceTransportFactory.class */
    static class MockIAMCredentialsServiceTransportFactory implements HttpTransportFactory {
        MockIAMCredentialsServiceTransport transport = new MockIAMCredentialsServiceTransport();

        public HttpTransport create() {
            return this.transport;
        }
    }

    ImpersonatedCredentialsTest() {
    }

    @BeforeEach
    void setup() throws IOException {
        this.sourceCredentials = getSourceCredentials();
        this.mockTransportFactory = new MockIAMCredentialsServiceTransportFactory();
    }

    private GoogleCredentials getSourceCredentials() throws IOException {
        GoogleCredentialsTest.MockTokenServerTransportFactory mockTokenServerTransportFactory = new GoogleCredentialsTest.MockTokenServerTransportFactory();
        ServiceAccountCredentials build = ServiceAccountCredentials.newBuilder().setClientEmail(SA_CLIENT_EMAIL).setPrivateKey(ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8)).setPrivateKeyId(SA_PRIVATE_KEY_ID).setScopes(IMMUTABLE_SCOPES_LIST).setProjectId(PROJECT_ID).setHttpTransportFactory(mockTokenServerTransportFactory).build();
        mockTokenServerTransportFactory.transport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN);
        return build;
    }

    @Test
    void fromJson_userAsSource_WithQuotaProjectId() throws IOException {
        ImpersonatedCredentials fromJson = ImpersonatedCredentials.fromJson(buildImpersonationCredentialsJson(IMPERSONATION_URL, DELEGATES, QUOTA_PROJECT_ID, USER_ACCOUNT_CLIENT_ID, USER_ACCOUNT_CLIENT_SECRET, REFRESH_TOKEN), this.mockTransportFactory);
        Assertions.assertEquals(IMPERSONATED_CLIENT_EMAIL, fromJson.getAccount());
        Assertions.assertEquals(QUOTA_PROJECT_ID, fromJson.getQuotaProjectId());
        Assertions.assertEquals(DELEGATES, fromJson.getDelegates());
        Assertions.assertEquals(new ArrayList(), fromJson.getScopes());
        Assertions.assertEquals(3600, fromJson.getLifetime());
        Assertions.assertTrue(fromJson.getSourceCredentials() instanceof UserCredentials);
    }

    @Test
    void fromJson_userAsSource_WithoutQuotaProjectId() throws IOException {
        ImpersonatedCredentials fromJson = ImpersonatedCredentials.fromJson(buildImpersonationCredentialsJson(IMPERSONATION_URL, DELEGATES, null, USER_ACCOUNT_CLIENT_ID, USER_ACCOUNT_CLIENT_SECRET, REFRESH_TOKEN), this.mockTransportFactory);
        Assertions.assertEquals(IMPERSONATED_CLIENT_EMAIL, fromJson.getAccount());
        Assertions.assertNull(fromJson.getQuotaProjectId());
        Assertions.assertEquals(DELEGATES, fromJson.getDelegates());
        Assertions.assertEquals(new ArrayList(), fromJson.getScopes());
        Assertions.assertEquals(3600, fromJson.getLifetime());
        Assertions.assertTrue(fromJson.getSourceCredentials() instanceof UserCredentials);
    }

    @Test
    void fromJson_userAsSource_MissingDelegatesField() throws IOException {
        GenericJson buildImpersonationCredentialsJson = buildImpersonationCredentialsJson(IMPERSONATION_URL, DELEGATES, null, USER_ACCOUNT_CLIENT_ID, USER_ACCOUNT_CLIENT_SECRET, REFRESH_TOKEN);
        buildImpersonationCredentialsJson.remove("delegates");
        ImpersonatedCredentials fromJson = ImpersonatedCredentials.fromJson(buildImpersonationCredentialsJson, this.mockTransportFactory);
        Assertions.assertEquals(IMPERSONATED_CLIENT_EMAIL, fromJson.getAccount());
        Assertions.assertNull(fromJson.getQuotaProjectId());
        Assertions.assertEquals(new ArrayList(), fromJson.getDelegates());
        Assertions.assertEquals(new ArrayList(), fromJson.getScopes());
        Assertions.assertEquals(3600, fromJson.getLifetime());
        Assertions.assertTrue(fromJson.getSourceCredentials() instanceof UserCredentials);
    }

    @Test
    void fromJson_ServiceAccountAsSource() throws IOException {
        ImpersonatedCredentials fromJson = ImpersonatedCredentials.fromJson(buildImpersonationCredentialsJson(IMPERSONATION_URL, DELEGATES, QUOTA_PROJECT_ID), this.mockTransportFactory);
        Assertions.assertEquals(IMPERSONATED_CLIENT_EMAIL, fromJson.getAccount());
        Assertions.assertEquals(QUOTA_PROJECT_ID, fromJson.getQuotaProjectId());
        Assertions.assertEquals(DELEGATES, fromJson.getDelegates());
        Assertions.assertEquals(new ArrayList(), fromJson.getScopes());
        Assertions.assertEquals(3600, fromJson.getLifetime());
        Assertions.assertTrue(fromJson.getSourceCredentials() instanceof ServiceAccountCredentials);
    }

    @Test
    void fromJson_InvalidFormat() throws IOException {
        GenericJson buildInvalidCredentialsJson = buildInvalidCredentialsJson();
        Assertions.assertEquals("An invalid input stream was provided.", Assertions.assertThrows(CredentialFormatException.class, () -> {
            ImpersonatedCredentials.fromJson(buildInvalidCredentialsJson, this.mockTransportFactory);
        }, "An exception should be thrown.").getMessage());
    }

    @Test
    void createScopedRequired_True() {
        Assertions.assertTrue(ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, new ArrayList(), VALID_LIFETIME, this.mockTransportFactory).createScopedRequired());
    }

    @Test
    void createScopedRequired_False() {
        Assertions.assertFalse(ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory).createScopedRequired());
    }

    @Test
    void createScoped() {
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, DELEGATES, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory, QUOTA_PROJECT_ID);
        ImpersonatedCredentials createScoped = create.createScoped(IMMUTABLE_SCOPES_LIST);
        Assertions.assertEquals(create.getAccount(), createScoped.getAccount());
        Assertions.assertEquals(create.getDelegates(), createScoped.getDelegates());
        Assertions.assertEquals(create.getLifetime(), createScoped.getLifetime());
        Assertions.assertEquals(create.getSourceCredentials(), createScoped.getSourceCredentials());
        Assertions.assertEquals(create.getQuotaProjectId(), createScoped.getQuotaProjectId());
        Assertions.assertEquals(Arrays.asList("scope1", "scope2"), createScoped.getScopes());
    }

    @Test
    void createScopedWithImmutableScopes() {
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, DELEGATES, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory, QUOTA_PROJECT_ID);
        ImpersonatedCredentials createScoped = create.createScoped(IMMUTABLE_SCOPES_SET);
        Assertions.assertEquals(create.getAccount(), createScoped.getAccount());
        Assertions.assertEquals(create.getDelegates(), createScoped.getDelegates());
        Assertions.assertEquals(create.getLifetime(), createScoped.getLifetime());
        Assertions.assertEquals(create.getSourceCredentials(), createScoped.getSourceCredentials());
        Assertions.assertEquals(create.getQuotaProjectId(), createScoped.getQuotaProjectId());
        Assertions.assertEquals(Arrays.asList("scope1", "scope2"), createScoped.getScopes());
    }

    @Test
    void refreshAccessToken_unauthorized() throws IOException {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setTokenResponseErrorCode(401);
        this.mockTransportFactory.transport.setTokenResponseErrorContent(generateErrorJson(401, "The caller does not have permission", "global", "forbidden"));
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        IOException iOException = (IOException) Assertions.assertThrows(IOException.class, () -> {
            create.refreshAccessToken().getTokenValue();
        }, String.format("Should throw exception with message containing '%s'", "The caller does not have permission"));
        Assertions.assertEquals("Error requesting access token", iOException.getMessage());
        Assertions.assertTrue(iOException.getCause().getMessage().contains("The caller does not have permission"));
    }

    @Test
    void refreshAccessToken_malformedTarget() throws IOException {
        this.mockTransportFactory.transport.setTargetPrincipal("foo");
        this.mockTransportFactory.transport.setTokenResponseErrorCode(400);
        this.mockTransportFactory.transport.setTokenResponseErrorContent(generateErrorJson(400, "Request contains an invalid argument", "global", "badRequest"));
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, "foo", (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        IOException iOException = (IOException) Assertions.assertThrows(IOException.class, () -> {
            create.refreshAccessToken().getTokenValue();
        }, String.format("Should throw exception with message containing '%s'", "Request contains an invalid argument"));
        Assertions.assertEquals("Error requesting access token", iOException.getMessage());
        Assertions.assertTrue(iOException.getCause().getMessage().contains("Request contains an invalid argument"));
    }

    @Test
    void credential_with_zero_lifetime() throws IllegalStateException {
        Assertions.assertEquals(3600, ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, 0).getLifetime());
    }

    @Test
    void credential_with_invalid_lifetime() throws IOException, IllegalStateException {
        Assertions.assertTrue(((IllegalStateException) Assertions.assertThrows(IllegalStateException.class, () -> {
            ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, INVALID_LIFETIME).refreshAccessToken().getTokenValue();
        }, String.format("Should throw exception with message containing '%s'", "lifetime must be less than or equal to 43200"))).getMessage().contains("lifetime must be less than or equal to 43200"));
    }

    @Test
    void credential_with_invalid_scope() throws IOException, IllegalStateException {
        Assertions.assertTrue(((IllegalStateException) Assertions.assertThrows(IllegalStateException.class, () -> {
            ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, (List) null, VALID_LIFETIME).refreshAccessToken().getTokenValue();
        }, String.format("Should throw exception with message containing '%s'", "Scopes cannot be null"))).getMessage().contains("Scopes cannot be null"));
    }

    @Test
    void refreshAccessToken_success() throws IOException, IllegalStateException {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        Assertions.assertEquals(ACCESS_TOKEN, ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory).refreshAccessToken().getTokenValue());
    }

    @Test
    void getRequestMetadata_withQuotaProjectId() throws IOException, IllegalStateException {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        Map requestMetadata = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory, QUOTA_PROJECT_ID).getRequestMetadata();
        Assertions.assertTrue(requestMetadata.containsKey("x-goog-user-project"));
        List list = (List) requestMetadata.get("x-goog-user-project");
        Assertions.assertEquals(1, list.size());
        Assertions.assertEquals(QUOTA_PROJECT_ID, list.get(0));
    }

    @Test
    void getRequestMetadata_withoutQuotaProjectId() throws IOException, IllegalStateException {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        Assertions.assertFalse(ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory).getRequestMetadata().containsKey("x-goog-user-project"));
    }

    @Test
    void refreshAccessToken_delegates_success() throws IOException, IllegalStateException {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        Assertions.assertEquals(ACCESS_TOKEN, ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, Arrays.asList("delegate-account@iam.gserviceaccount.com"), IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory).refreshAccessToken().getTokenValue());
    }

    @Test
    void refreshAccessToken_invalidDate() throws IllegalStateException {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken("foo");
        this.mockTransportFactory.transport.setExpireTime("1973-09-29T15:01:23");
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        Assertions.assertTrue(((IOException) Assertions.assertThrows(IOException.class, () -> {
            create.refreshAccessToken().getTokenValue();
        }, String.format("Should throw exception with message containing '%s'", "Unparseable date"))).getMessage().contains("Unparseable date"));
    }

    @Test
    void getAccount_sameAs() {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        Assertions.assertEquals(IMPERSONATED_CLIENT_EMAIL, ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory).getAccount());
    }

    @Test
    void sign_sameAs() {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        byte[] bArr = {13, 14, 10, 13};
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setSignedBlob(bArr);
        Assertions.assertArrayEquals(bArr, create.sign(bArr));
    }

    @Test
    void sign_requestIncludesDelegates() throws IOException {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, ImmutableList.of("delegate@example.com"), IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        byte[] bArr = {13, 14, 10, 13};
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setSignedBlob(bArr);
        Assertions.assertArrayEquals(bArr, create.sign(bArr));
        GenericJson genericJson = (GenericJson) JSON_FACTORY.createJsonParser(this.mockTransportFactory.transport.getRequest().getContentAsString()).parseAndClose(GenericJson.class);
        ArrayList arrayList = new ArrayList();
        arrayList.add("delegate@example.com");
        Assertions.assertEquals(arrayList, genericJson.get("delegates"));
    }

    @Test
    void sign_usesSourceCredentials() {
        Calendar calendar = Calendar.getInstance();
        calendar.add(5, 1);
        GoogleCredentials build = new GoogleCredentials.Builder().setAccessToken(new AccessToken("source-token", calendar.getTime())).build();
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        ImpersonatedCredentials create = ImpersonatedCredentials.create(build, IMPERSONATED_CLIENT_EMAIL, ImmutableList.of("delegate@example.com"), IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        byte[] bArr = {13, 14, 10, 13};
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setSignedBlob(bArr);
        Assertions.assertArrayEquals(bArr, create.sign(bArr));
        Assertions.assertEquals("Bearer source-token", this.mockTransportFactory.transport.getRequest().getFirstHeaderValue("Authorization"));
    }

    @Test
    void sign_accessDenied_throws() {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setSignedBlob(new byte[]{13, 14, 10, 13});
        this.mockTransportFactory.transport.setErrorResponseCodeAndMessage(403, "Sign Error");
        byte[] bArr = {13, 14, 10, 13};
        ServiceAccountSigner.SigningException assertThrows = Assertions.assertThrows(ServiceAccountSigner.SigningException.class, () -> {
            create.sign(bArr);
        }, "Signing should have failed");
        Assertions.assertEquals("Failed to sign the provided bytes", assertThrows.getMessage());
        Assertions.assertNotNull(assertThrows.getCause());
        Assertions.assertTrue(assertThrows.getCause().getMessage().contains("403"));
    }

    @Test
    void sign_serverError_throws() {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setSignedBlob(new byte[]{13, 14, 10, 13});
        this.mockTransportFactory.transport.setErrorResponseCodeAndMessage(500, "Sign Error");
        byte[] bArr = {13, 14, 10, 13};
        ServiceAccountSigner.SigningException assertThrows = Assertions.assertThrows(ServiceAccountSigner.SigningException.class, () -> {
            create.sign(bArr);
        }, "Signing should have failed");
        Assertions.assertEquals("Failed to sign the provided bytes", assertThrows.getMessage());
        Assertions.assertNotNull(assertThrows.getCause());
        Assertions.assertTrue(assertThrows.getCause().getMessage().contains("500"));
    }

    @Test
    void idTokenWithAudience_sameAs() throws IOException {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        this.mockTransportFactory.transport.setIdToken(STANDARD_ID_TOKEN);
        IdTokenCredentials build = IdTokenCredentials.newBuilder().setIdTokenProvider(create).setTargetAudience("https://foo.bar").build();
        build.refresh();
        Assertions.assertEquals(STANDARD_ID_TOKEN, build.getAccessToken().getTokenValue());
        Assertions.assertEquals(STANDARD_ID_TOKEN, build.getIdToken().getTokenValue());
        Assertions.assertEquals("https://foo.bar", (String) build.getIdToken().getJsonWebSignature().getPayload().getAudience());
    }

    @Test
    void idTokenWithAudience_withEmail() throws IOException {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        this.mockTransportFactory.transport.setIdToken(TOKEN_WITH_EMAIL);
        IdTokenCredentials build = IdTokenCredentials.newBuilder().setIdTokenProvider(create).setTargetAudience("https://foo.bar").setOptions(Arrays.asList(IdTokenProvider.Option.INCLUDE_EMAIL)).build();
        build.refresh();
        Assertions.assertEquals(TOKEN_WITH_EMAIL, build.getAccessToken().getTokenValue());
        Assertions.assertTrue(build.getIdToken().getJsonWebSignature().getPayload().containsKey("email"));
    }

    @Test
    void idToken_withServerError() {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        this.mockTransportFactory.transport.setIdToken(STANDARD_ID_TOKEN);
        this.mockTransportFactory.transport.setErrorResponseCodeAndMessage(500, "Internal Server Error");
        IdTokenCredentials build = IdTokenCredentials.newBuilder().setIdTokenProvider(create).setTargetAudience("https://foo.bar").build();
        build.getClass();
        Assertions.assertTrue(((IOException) Assertions.assertThrows(IOException.class, build::refresh)).getMessage().contains("Error code 500 trying to getIDToken"));
    }

    @Test
    void idToken_withOtherError() {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        this.mockTransportFactory.transport.setIdToken(STANDARD_ID_TOKEN);
        this.mockTransportFactory.transport.setErrorResponseCodeAndMessage(301, "Redirect");
        IdTokenCredentials build = IdTokenCredentials.newBuilder().setIdTokenProvider(create).setTargetAudience("https://foo.bar").build();
        build.getClass();
        Assertions.assertTrue(((IOException) Assertions.assertThrows(IOException.class, build::refresh)).getMessage().contains("Unexpected Error code 301 trying to getIDToken"));
    }

    @Test
    void hashCode_equals() throws IOException {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        Assertions.assertEquals(ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory).hashCode(), ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory).hashCode());
    }

    @Test
    void serialize() throws IOException, ClassNotFoundException {
        this.mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
        this.mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
        this.mockTransportFactory.transport.setExpireTime(getDefaultExpireTime());
        ImpersonatedCredentials create = ImpersonatedCredentials.create(this.sourceCredentials, IMPERSONATED_CLIENT_EMAIL, (List) null, IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, this.mockTransportFactory);
        GoogleCredentials googleCredentials = (GoogleCredentials) serializeAndDeserialize(create);
        Assertions.assertEquals(create, googleCredentials);
        Assertions.assertEquals(create.hashCode(), googleCredentials.hashCode());
        Assertions.assertEquals(create.toString(), googleCredentials.toString());
        Assertions.assertSame(googleCredentials.clock, Clock.SYSTEM);
    }

    public static String getDefaultExpireTime() {
        Calendar calendar = Calendar.getInstance();
        calendar.add(13, VALID_LIFETIME);
        return new SimpleDateFormat(RFC3339).format(calendar.getTime());
    }

    private String generateErrorJson(int i, String str, String str2, String str3) throws IOException {
        GsonFactory gsonFactory = new GsonFactory();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        JsonGenerator createJsonGenerator = gsonFactory.createJsonGenerator(byteArrayOutputStream, Charset.defaultCharset());
        createJsonGenerator.enablePrettyPrint();
        createJsonGenerator.writeStartObject();
        createJsonGenerator.writeFieldName("error");
        createJsonGenerator.writeStartObject();
        createJsonGenerator.writeFieldName("code");
        createJsonGenerator.writeNumber(i);
        createJsonGenerator.writeFieldName("message");
        createJsonGenerator.writeString(str);
        createJsonGenerator.writeFieldName("errors");
        createJsonGenerator.writeStartArray();
        createJsonGenerator.writeStartObject();
        createJsonGenerator.writeFieldName("message");
        createJsonGenerator.writeString(str);
        createJsonGenerator.writeFieldName("domain");
        createJsonGenerator.writeString(str2);
        createJsonGenerator.writeFieldName("reason");
        createJsonGenerator.writeString(str3);
        createJsonGenerator.writeEndObject();
        createJsonGenerator.writeEndArray();
        createJsonGenerator.writeFieldName("status");
        createJsonGenerator.writeString("PERMISSION_DENIED");
        createJsonGenerator.writeEndObject();
        createJsonGenerator.writeEndObject();
        createJsonGenerator.close();
        return byteArrayOutputStream.toString();
    }

    static GenericJson buildImpersonationCredentialsJson(String str, List<String> list, String str2, String str3, String str4, String str5) {
        GenericJson genericJson = new GenericJson();
        genericJson.put("client_id", str3);
        genericJson.put("client_secret", str4);
        genericJson.put("refresh_token", str5);
        genericJson.put("type", "authorized_user");
        GenericJson genericJson2 = new GenericJson();
        genericJson2.put("service_account_impersonation_url", str);
        genericJson2.put("delegates", list);
        if (str2 != null) {
            genericJson2.put("quota_project_id", str2);
        }
        genericJson2.put("source_credentials", genericJson);
        genericJson2.put("type", "impersonated_service_account");
        return genericJson2;
    }

    static GenericJson buildImpersonationCredentialsJson(String str, List<String> list, String str2) {
        GenericJson genericJson = new GenericJson();
        genericJson.put("type", "service_account");
        genericJson.put("project_id", PROJECT_ID);
        genericJson.put("private_key_id", SA_PRIVATE_KEY_ID);
        genericJson.put("private_key", SA_PRIVATE_KEY_PKCS8);
        genericJson.put("client_email", SA_CLIENT_EMAIL);
        genericJson.put("client_id", "10848832332323213");
        genericJson.put("auth_uri", "https://oauth2.googleapis.com/o/oauth2/auth");
        genericJson.put("token_uri", "https://oauth2.googleapis.com/token");
        genericJson.put("auth_provider_x509_cert_url", "https://www.googleapis.com/oauth2/v1/certs");
        genericJson.put("client_x509_cert_url", "https://www.googleapis.com/robot/v1/metadata/x509/chaoren-test-sc%40cloudsdktest.iam.gserviceaccount.com");
        GenericJson genericJson2 = new GenericJson();
        genericJson2.put("source_credentials", genericJson);
        genericJson2.put("service_account_impersonation_url", str);
        genericJson2.put("delegates", list);
        if (str2 != null) {
            genericJson2.put("quota_project_id", str2);
        }
        genericJson2.put("type", "impersonated_service_account");
        return genericJson2;
    }

    static GenericJson buildInvalidCredentialsJson() {
        GenericJson genericJson = new GenericJson();
        genericJson.put("service_account_impersonation_url", "mock_url");
        return genericJson;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static InputStream writeImpersonationCredentialsStream(String str, List<String> list, String str2) throws IOException {
        return TestUtils.jsonToInputStream(buildImpersonationCredentialsJson(str, list, str2));
    }
}
