package com.google.cloud.dataflow.sdk.util;

import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.extensions.java6.auth.oauth2.AbstractPromptReceiver;
import com.google.api.client.extensions.java6.auth.oauth2.AuthorizationCodeInstalledApp;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.util.store.FileDataStoreFactory;
import com.google.cloud.dataflow.sdk.options.GcpOptions;
import com.google.cloud.dataflow.sdk.repackaged.com.google.common.base.Preconditions;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/google/cloud/dataflow/sdk/util/Credentials.class */
public class Credentials {
    private static final Logger LOG = LoggerFactory.getLogger(Credentials.class);
    private static final List<String> SCOPES = Arrays.asList("https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/devstorage.full_control", "https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/datastore");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/cloud/dataflow/sdk/util/Credentials$PromptReceiver.class */
    public static class PromptReceiver extends AbstractPromptReceiver {
        private PromptReceiver() {
        }

        public String getRedirectUri() {
            return "urn:ietf:wg:oauth:2.0:oob";
        }
    }

    public static Credential getCredential(GcpOptions gcpOptions) throws IOException, GeneralSecurityException {
        String serviceAccountKeyfile = gcpOptions.getServiceAccountKeyfile();
        String serviceAccountName = gcpOptions.getServiceAccountName();
        if (serviceAccountKeyfile != null && serviceAccountName != null) {
            try {
                return getCredentialFromFile(serviceAccountKeyfile, serviceAccountName, SCOPES);
            } catch (GeneralSecurityException e) {
                throw new IOException("Unable to obtain credentials from file", e);
            }
        }
        if (gcpOptions.getSecretsFile() != null) {
            return getCredentialFromClientSecrets(gcpOptions, SCOPES);
        }
        try {
            return GoogleCredential.getApplicationDefault().createScoped(SCOPES);
        } catch (IOException e2) {
            throw new RuntimeException("Unable to get application default credentials. Please see https://developers.google.com/accounts/docs/application-default-credentials for details on how to specify credentials. This version of the SDK is dependent on the gcloud core component version 2015.02.05 or newer to be able to get credentials from the currently authorized user via gcloud auth.", e2);
        }
    }

    private static Credential getCredentialFromFile(String str, String str2, Collection<String> collection) throws IOException, GeneralSecurityException {
        GoogleCredential build = new GoogleCredential.Builder().setTransport(Transport.getTransport()).setJsonFactory(Transport.getJsonFactory()).setServiceAccountId(str2).setServiceAccountScopes(collection).setServiceAccountPrivateKeyFromP12File(new File(str)).build();
        LOG.info("Created credential from file {}", str);
        return build;
    }

    private static Credential getCredentialFromClientSecrets(GcpOptions gcpOptions, Collection<String> collection) throws IOException, GeneralSecurityException {
        String str;
        String secretsFile = gcpOptions.getSecretsFile();
        Preconditions.checkArgument(secretsFile != null);
        NetHttpTransport newTrustedTransport = GoogleNetHttpTransport.newTrustedTransport();
        JacksonFactory defaultInstance = JacksonFactory.getDefaultInstance();
        try {
            Credential authorize = new AuthorizationCodeInstalledApp(new GoogleAuthorizationCodeFlow.Builder(newTrustedTransport, defaultInstance, GoogleClientSecrets.load(defaultInstance, new FileReader(secretsFile)), collection).setDataStoreFactory(new FileDataStoreFactory(new File(gcpOptions.getCredentialDir()))).setTokenServerUrl(new GenericUrl(gcpOptions.getTokenServerUrl())).setAuthorizationServerEncodedUrl(gcpOptions.getAuthorizationServerEncodedUrl()).build(), new PromptReceiver()).authorize(gcpOptions.getCredentialId());
            LOG.info("Got credential from client secret");
            return authorize;
        } catch (IOException e) {
            String valueOf = String.valueOf(secretsFile);
            if (valueOf.length() != 0) {
                str = "Could not read the client secrets from file: ".concat(valueOf);
            } else {
                str = r3;
                String str2 = new String("Could not read the client secrets from file: ");
            }
            throw new RuntimeException(str, e);
        }
    }
}
