package com.google.cloud.hadoop.repackaged.gcs.com.google.cloud.hadoop.util;

import com.google.cloud.hadoop.repackaged.gcs.com.google.api.client.auth.oauth2.Credential;
import com.google.cloud.hadoop.repackaged.gcs.com.google.api.client.http.HttpTransport;
import com.google.cloud.hadoop.repackaged.gcs.com.google.cloud.hadoop.util.HttpTransportFactory;
import com.google.cloud.hadoop.repackaged.gcs.com.google.common.annotations.VisibleForTesting;
import com.google.cloud.hadoop.repackaged.gcs.com.google.common.base.Preconditions;
import com.google.cloud.hadoop.repackaged.gcs.com.google.common.base.Strings;
import com.google.cloud.hadoop.repackaged.gcs.com.google.common.flogger.GoogleLogger;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.List;

/* loaded from: input_file:com/google/cloud/hadoop/repackaged/gcs/com/google/cloud/hadoop/util/CredentialConfiguration.class */
public class CredentialConfiguration {
    private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();
    private boolean serviceAccountEnabled = true;
    private String serviceAccountPrivateKeyId = null;
    private String serviceAccountPrivateKey = null;
    private String serviceAccountEmail = null;
    private String serviceAccountKeyFile = null;
    private String serviceAccountJsonKeyFile = null;
    private String clientId = null;
    private String clientSecret = null;
    private String oAuthCredentialFile = null;
    private boolean nullCredentialEnabled = false;
    private CredentialFactory credentialFactory = new CredentialFactory();
    private HttpTransportFactory.HttpTransportType transportType = HttpTransportFactory.HttpTransportType.JAVA_NET;
    private String proxyAddress = null;
    private HttpTransport transport;

    public Credential getCredential(List<String> list) throws IOException, GeneralSecurityException {
        if (isServiceAccountEnabled()) {
            logger.atFine().log("Using service account credentials");
            if (shouldUseMetadataService()) {
                logger.atFine().log("Getting service account credentials from meta data service.");
                return this.credentialFactory.getCredentialFromMetadataServiceAccount();
            }
            if (!Strings.isNullOrEmpty(this.serviceAccountPrivateKeyId)) {
                logger.atFine().log("Attempting to get credentials from Configuration");
                Preconditions.checkState(!Strings.isNullOrEmpty(this.serviceAccountPrivateKey), "privateKeyId must be set if using credentials configured directly in configuration");
                Preconditions.checkState(!Strings.isNullOrEmpty(this.serviceAccountEmail), "clientEmail must be set if using credentials configured directly in configuration");
                Preconditions.checkArgument(Strings.isNullOrEmpty(this.serviceAccountKeyFile), "A P12 key file may not be specified at the same time as credentials via configuration.");
                Preconditions.checkArgument(Strings.isNullOrEmpty(this.serviceAccountJsonKeyFile), "A JSON key file may not be specified at the same time as credentials via configuration.");
                return this.credentialFactory.getCredentialsFromSAParameters(this.serviceAccountPrivateKeyId, this.serviceAccountPrivateKey, this.serviceAccountEmail, list, getTransport());
            }
            if (!Strings.isNullOrEmpty(this.serviceAccountJsonKeyFile)) {
                logger.atFine().log("Using JSON keyfile %s", this.serviceAccountJsonKeyFile);
                Preconditions.checkArgument(Strings.isNullOrEmpty(this.serviceAccountKeyFile), "A P12 key file may not be specified at the same time as a JSON key file.");
                Preconditions.checkArgument(Strings.isNullOrEmpty(this.serviceAccountEmail), "Service account email may not be specified at the same time as a JSON key file.");
                return this.credentialFactory.getCredentialFromJsonKeyFile(this.serviceAccountJsonKeyFile, list, getTransport());
            }
            if (!Strings.isNullOrEmpty(this.serviceAccountKeyFile)) {
                Preconditions.checkState(!Strings.isNullOrEmpty(this.serviceAccountEmail), "Email must be set if using service account auth and a key file is specified.");
                logger.atFine().log("Using service account email %s and private key file %s", this.serviceAccountEmail, this.serviceAccountKeyFile);
                return this.credentialFactory.getCredentialFromPrivateKeyServiceAccount(this.serviceAccountEmail, this.serviceAccountKeyFile, list, getTransport());
            }
            if (shouldUseApplicationDefaultCredentials()) {
                logger.atFine().log("Getting Application Default Credentials");
                return this.credentialFactory.getApplicationDefaultCredentials(list, getTransport());
            }
        } else {
            if (this.oAuthCredentialFile != null && this.clientId != null && this.clientSecret != null) {
                logger.atFine().log("Using installed app credentials in file %s", this.oAuthCredentialFile);
                return this.credentialFactory.getCredentialFromFileCredentialStoreForInstalledApp(this.clientId, this.clientSecret, this.oAuthCredentialFile, list, getTransport());
            }
            if (this.nullCredentialEnabled) {
                logger.atWarning().log("Allowing null credentials for unit testing. This should not be used in production");
                return null;
            }
        }
        logger.atSevere().log("Credential configuration is not valid. Configuration: %s", this);
        throw new IllegalStateException("No valid credential configuration discovered.");
    }

    private boolean shouldUseApplicationDefaultCredentials() {
        return this.credentialFactory.hasApplicationDefaultCredentialsConfigured();
    }

    public boolean shouldUseMetadataService() {
        return Strings.isNullOrEmpty(this.serviceAccountKeyFile) && Strings.isNullOrEmpty(this.serviceAccountJsonKeyFile) && Strings.isNullOrEmpty(this.serviceAccountPrivateKey) && !shouldUseApplicationDefaultCredentials();
    }

    public String getOAuthCredentialFile() {
        return this.oAuthCredentialFile;
    }

    public void setOAuthCredentialFile(String str) {
        this.oAuthCredentialFile = str;
    }

    public boolean isNullCredentialEnabled() {
        return this.nullCredentialEnabled;
    }

    public void setNullCredentialEnabled(boolean z) {
        this.nullCredentialEnabled = z;
    }

    public boolean isServiceAccountEnabled() {
        return this.serviceAccountEnabled;
    }

    public String getServiceAccountPrivateKeyId() {
        return this.serviceAccountPrivateKeyId;
    }

    public void setServiceAccountPrivateKeyId(String str) {
        this.serviceAccountPrivateKeyId = str;
    }

    public String getServiceAccountPrivateKey() {
        return this.serviceAccountPrivateKey;
    }

    public void setServiceAccountPrivateKey(String str) {
        this.serviceAccountPrivateKey = str.replace("\\n", System.lineSeparator());
    }

    public void setEnableServiceAccounts(boolean z) {
        this.serviceAccountEnabled = z;
    }

    public String getServiceAccountEmail() {
        return this.serviceAccountEmail;
    }

    public void setServiceAccountEmail(String str) {
        this.serviceAccountEmail = str;
    }

    public String getServiceAccountKeyFile() {
        return this.serviceAccountKeyFile;
    }

    public void setServiceAccountKeyFile(String str) {
        this.serviceAccountKeyFile = str;
    }

    public String getServiceAccountJsonKeyFile() {
        return this.serviceAccountJsonKeyFile;
    }

    public void setServiceAccountJsonKeyFile(String str) {
        this.serviceAccountJsonKeyFile = str;
    }

    public String getClientId() {
        return this.clientId;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    public HttpTransportFactory.HttpTransportType getTransportType() {
        return this.transportType;
    }

    public void setTransportType(HttpTransportFactory.HttpTransportType httpTransportType) {
        this.transportType = httpTransportType;
    }

    public String getProxyAddress() {
        return this.proxyAddress;
    }

    public void setProxyAddress(String str) {
        this.proxyAddress = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public void setCredentialFactory(CredentialFactory credentialFactory) {
        this.credentialFactory = credentialFactory;
    }

    public String toString() {
        return "CredentialConfiguration{serviceAccountEnabled: " + isServiceAccountEnabled() + "\nserviceAccountPrivateKeyId: " + (Strings.isNullOrEmpty(getServiceAccountPrivateKeyId()) ? "Not Provided" : "Provided, but not displayed") + "\nserviceAccountPrivateKey: " + (Strings.isNullOrEmpty(getServiceAccountPrivateKey()) ? "Not Provided" : "Provided, but not displayed") + "\nserviceAccountEmail: " + getServiceAccountEmail() + "\nserviceAccountKeyfile: " + getServiceAccountKeyFile() + "\nserviceAccountJsonKeyFile: " + getServiceAccountJsonKeyFile() + "\nclientId: " + getClientId() + "\nclientSecret: " + (Strings.isNullOrEmpty(getClientSecret()) ? "Not provided" : "Provided, but not displayed") + "\noAuthCredentialFile: " + getOAuthCredentialFile() + "\nisNullCredentialEnabled: " + isNullCredentialEnabled() + "\ntransportType: " + getTransportType() + "\nproxyAddress: " + getProxyAddress() + "}";
    }

    private HttpTransport getTransport() throws IOException {
        if (this.transport == null) {
            this.transport = HttpTransportFactory.createHttpTransport(getTransportType(), getProxyAddress());
        }
        return this.transport;
    }

    @VisibleForTesting
    void setTransport(HttpTransport httpTransport) {
        this.transport = httpTransport;
    }
}
