package gobblin.source.extractor.extract.google;

import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.googleapis.GoogleUtils;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.attribute.PosixFilePermissions;
import java.security.GeneralSecurityException;
import java.util.Collection;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/google-ingestion-0.11.0.jar:gobblin/source/extractor/extract/google/GoogleCommon.class */
public class GoogleCommon {
    private static final String JSON_FILE_EXTENSION = ".json";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) GoogleCommon.class);
    private static final JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance();
    private static final FsPermission USER_READ_PERMISSION_ONLY = new FsPermission(FsAction.READ, FsAction.NONE, FsAction.NONE);

    /* loaded from: input_file:WEB-INF/lib/google-ingestion-0.11.0.jar:gobblin/source/extractor/extract/google/GoogleCommon$CredentialBuilder.class */
    public static class CredentialBuilder {
        private final String privateKeyPath;
        private final Collection<String> serviceAccountScopes;
        private String fileSystemUri;
        private String serviceAccountId;
        private String proxyUrl;
        private String portStr;

        public CredentialBuilder(String str, Collection<String> collection) {
            Preconditions.checkArgument(!StringUtils.isEmpty(str), "privateKeyPath is required.");
            Preconditions.checkArgument((collection == null || collection.isEmpty()) ? false : true, "serviceAccountScopes is required.");
            this.privateKeyPath = str;
            this.serviceAccountScopes = ImmutableList.copyOf((Collection) collection);
        }

        public CredentialBuilder fileSystemUri(String str) {
            this.fileSystemUri = str;
            return this;
        }

        public CredentialBuilder serviceAccountId(String str) {
            this.serviceAccountId = str;
            return this;
        }

        public CredentialBuilder proxyUrl(String str) {
            this.proxyUrl = str;
            return this;
        }

        public CredentialBuilder port(int i) {
            this.portStr = Integer.toString(i);
            return this;
        }

        public CredentialBuilder port(String str) {
            this.portStr = str;
            return this;
        }

        public Credential build() {
            try {
                HttpTransport newTransport = GoogleCommon.newTransport(this.proxyUrl, this.portStr);
                if (this.privateKeyPath.trim().toLowerCase().endsWith(GoogleCommon.JSON_FILE_EXTENSION)) {
                    GoogleCommon.LOG.info("Getting Google service account credential from JSON");
                    return GoogleCommon.buildCredentialFromJson(this.privateKeyPath, Optional.fromNullable(this.fileSystemUri), newTransport, this.serviceAccountScopes);
                }
                GoogleCommon.LOG.info("Getting Google service account credential from P12");
                return GoogleCommon.buildCredentialFromP12(this.privateKeyPath, Optional.fromNullable(this.fileSystemUri), Optional.fromNullable(this.serviceAccountId), newTransport, this.serviceAccountScopes);
            } catch (IOException | GeneralSecurityException e) {
                throw new RuntimeException("Failed to create credential", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Credential buildCredentialFromP12(String str, Optional<String> optional, Optional<String> optional2, HttpTransport httpTransport, Collection<String> collection) throws IOException, GeneralSecurityException {
        Preconditions.checkArgument(optional2.isPresent(), "user id is required.");
        FileSystem fileSystem = getFileSystem(optional);
        File copyToLocal = copyToLocal(fileSystem, getPrivateKey(fileSystem, str));
        copyToLocal.deleteOnExit();
        try {
            GoogleCredential build = new GoogleCredential.Builder().setTransport(httpTransport).setJsonFactory(JSON_FACTORY).setServiceAccountId(optional2.get()).setServiceAccountPrivateKeyFromP12File(copyToLocal).setServiceAccountScopes(collection).build();
            if (copyToLocal.delete()) {
                return build;
            }
            throw new RuntimeException(copyToLocal.getAbsolutePath() + " has not been deleted.");
        } catch (Throwable th) {
            if (copyToLocal.delete()) {
                throw th;
            }
            throw new RuntimeException(copyToLocal.getAbsolutePath() + " has not been deleted.");
        }
    }

    private static Path getPrivateKey(FileSystem fileSystem, String str) throws IOException {
        Path path = new Path(str);
        Preconditions.checkArgument(USER_READ_PERMISSION_ONLY.equals(fileSystem.getFileStatus(path).getPermission()), "Private key file should only have read only permission only on user. " + path);
        return path;
    }

    private static FileSystem getFileSystem(Optional<String> optional) throws IOException {
        return optional.isPresent() ? FileSystem.get(URI.create(optional.get()), new Configuration()) : FileSystem.get(new Configuration());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Credential buildCredentialFromJson(String str, Optional<String> optional, HttpTransport httpTransport, Collection<String> collection) throws IOException {
        FileSystem fileSystem = getFileSystem(optional);
        return GoogleCredential.fromStream(fileSystem.open(getPrivateKey(fileSystem, str)), httpTransport, JSON_FACTORY).createScoped(collection);
    }

    public static HttpTransport newTransport(String str, String str2) throws NumberFormatException, GeneralSecurityException, IOException {
        return (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2)) ? GoogleNetHttpTransport.newTrustedTransport() : new NetHttpTransport.Builder().trustCertificates(GoogleUtils.getCertificateTrustStore()).setProxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(str, Integer.parseInt(str2)))).build();
    }

    private static File copyToLocal(FileSystem fileSystem, Path path) throws IOException {
        File file = Files.createTempFile(GoogleCommon.class.getSimpleName(), "tmp", PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("rwx------"))).toFile();
        file.deleteOnExit();
        fileSystem.copyToLocalFile(path, new Path(file.getAbsolutePath()));
        return file;
    }

    public static JsonFactory getJsonFactory() {
        return JSON_FACTORY;
    }
}
