package io.grpc.auth;

import io.grpc.Attributes;
import io.grpc.CallCredentials;
import io.grpc.Metadata;
import io.grpc.MethodDescriptor;
import io.grpc.Status;
import io.grpc.StatusException;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Executor;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nullable;
import org.apache.pulsar.shade.com.google.auth.Credentials;
import org.apache.pulsar.shade.com.google.common.annotations.VisibleForTesting;
import org.apache.pulsar.shade.com.google.common.base.Preconditions;
import org.apache.pulsar.shade.com.google.common.io.BaseEncoding;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/grpc/auth/GoogleAuthLibraryCallCredentials.class */
public final class GoogleAuthLibraryCallCredentials implements CallCredentials {
    private static final Logger log = Logger.getLogger(GoogleAuthLibraryCallCredentials.class.getName());
    private static final JwtHelper jwtHelper = createJwtHelperOrNull(GoogleAuthLibraryCallCredentials.class.getClassLoader());

    @VisibleForTesting
    final Credentials creds;
    private Metadata lastHeaders;
    private Map<String, List<String>> lastMetadata;

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:io/grpc/auth/GoogleAuthLibraryCallCredentials$JwtHelper.class */
    public static class JwtHelper {
        private final Class<? extends Credentials> serviceAccountClass;
        private final Constructor<? extends Credentials> jwtConstructor;
        private final Method getScopes;
        private final Method getClientId;
        private final Method getClientEmail;
        private final Method getPrivateKey;
        private final Method getPrivateKeyId;

        public JwtHelper(Class<?> cls, ClassLoader classLoader) throws ReflectiveOperationException {
            this.serviceAccountClass = cls.asSubclass(Credentials.class);
            this.getScopes = this.serviceAccountClass.getMethod("getScopes", new Class[0]);
            this.getClientId = this.serviceAccountClass.getMethod("getClientId", new Class[0]);
            this.getClientEmail = this.serviceAccountClass.getMethod("getClientEmail", new Class[0]);
            this.getPrivateKey = this.serviceAccountClass.getMethod("getPrivateKey", new Class[0]);
            this.getPrivateKeyId = this.serviceAccountClass.getMethod("getPrivateKeyId", new Class[0]);
            this.jwtConstructor = Class.forName("org.apache.pulsar.shade.com.google.auth.oauth2.ServiceAccountJwtAccessCredentials", false, classLoader).asSubclass(Credentials.class).getConstructor(String.class, String.class, PrivateKey.class, String.class);
        }

        public Credentials tryServiceAccountToJwt(Credentials credentials) {
            if (!this.serviceAccountClass.isInstance(credentials)) {
                return credentials;
            }
            try {
                credentials = this.serviceAccountClass.cast(credentials);
                return ((Collection) this.getScopes.invoke(credentials, new Object[0])).size() != 0 ? credentials : this.jwtConstructor.newInstance(this.getClientId.invoke(credentials, new Object[0]), this.getClientEmail.invoke(credentials, new Object[0]), this.getPrivateKey.invoke(credentials, new Object[0]), this.getPrivateKeyId.invoke(credentials, new Object[0]));
            } catch (ReflectiveOperationException e) {
                GoogleAuthLibraryCallCredentials.log.log(Level.WARNING, "Failed converting service account credential to JWT. This is unexpected", (Throwable) e);
                return credentials;
            }
        }
    }

    public GoogleAuthLibraryCallCredentials(Credentials credentials) {
        this(credentials, jwtHelper);
    }

    @VisibleForTesting
    GoogleAuthLibraryCallCredentials(Credentials credentials, JwtHelper jwtHelper2) {
        Preconditions.checkNotNull(credentials, "creds");
        this.creds = jwtHelper2 != null ? jwtHelper2.tryServiceAccountToJwt(credentials) : credentials;
    }

    @Override // io.grpc.CallCredentials
    public void applyRequestMetadata(MethodDescriptor<?, ?> methodDescriptor, Attributes attributes, Executor executor, final CallCredentials.MetadataApplier metadataApplier) {
        try {
            final URI serviceUri = serviceUri((String) Preconditions.checkNotNull(attributes.get(ATTR_AUTHORITY), "authority"), methodDescriptor);
            executor.execute(new Runnable() { // from class: io.grpc.auth.GoogleAuthLibraryCallCredentials.1
                @Override // java.lang.Runnable
                public void run() {
                    Metadata metadata;
                    try {
                        Map<String, List<String>> requestMetadata = GoogleAuthLibraryCallCredentials.this.creds.getRequestMetadata(serviceUri);
                        synchronized (GoogleAuthLibraryCallCredentials.this) {
                            if (GoogleAuthLibraryCallCredentials.this.lastMetadata == null || GoogleAuthLibraryCallCredentials.this.lastMetadata != requestMetadata) {
                                GoogleAuthLibraryCallCredentials.this.lastMetadata = requestMetadata;
                                GoogleAuthLibraryCallCredentials.this.lastHeaders = GoogleAuthLibraryCallCredentials.toHeaders(requestMetadata);
                            }
                            metadata = GoogleAuthLibraryCallCredentials.this.lastHeaders;
                        }
                        metadataApplier.apply(metadata);
                    } catch (Throwable th) {
                        metadataApplier.fail(Status.UNAUTHENTICATED.withCause(th));
                    }
                }
            });
        } catch (StatusException e) {
            metadataApplier.fail(e.getStatus());
        }
    }

    private static URI serviceUri(String str, MethodDescriptor<?, ?> methodDescriptor) throws StatusException {
        if (str == null) {
            throw Status.UNAUTHENTICATED.withDescription("Channel has no authority").asException();
        }
        try {
            URI uri = new URI("https", str, "/" + MethodDescriptor.extractFullServiceName(methodDescriptor.getFullMethodName()), null, null);
            if (uri.getPort() == 443) {
                uri = removePort(uri);
            }
            return uri;
        } catch (URISyntaxException e) {
            throw Status.UNAUTHENTICATED.withDescription("Unable to construct service URI for auth").withCause(e).asException();
        }
    }

    private static URI removePort(URI uri) throws StatusException {
        try {
            return new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(), -1, uri.getPath(), uri.getQuery(), uri.getFragment());
        } catch (URISyntaxException e) {
            throw Status.UNAUTHENTICATED.withDescription("Unable to construct service URI after removing port").withCause(e).asException();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Metadata toHeaders(@Nullable Map<String, List<String>> map) {
        Metadata metadata = new Metadata();
        if (map != null) {
            for (String str : map.keySet()) {
                if (str.endsWith(Metadata.BINARY_HEADER_SUFFIX)) {
                    Metadata.Key of = Metadata.Key.of(str, Metadata.BINARY_BYTE_MARSHALLER);
                    Iterator<String> it = map.get(str).iterator();
                    while (it.hasNext()) {
                        metadata.put(of, BaseEncoding.base64().decode(it.next()));
                    }
                } else {
                    Metadata.Key of2 = Metadata.Key.of(str, Metadata.ASCII_STRING_MARSHALLER);
                    Iterator<String> it2 = map.get(str).iterator();
                    while (it2.hasNext()) {
                        metadata.put(of2, it2.next());
                    }
                }
            }
        }
        return metadata;
    }

    @VisibleForTesting
    @Nullable
    static JwtHelper createJwtHelperOrNull(ClassLoader classLoader) {
        try {
            try {
                return new JwtHelper(Class.forName("org.apache.pulsar.shade.com.google.auth.oauth2.ServiceAccountCredentials", false, classLoader), classLoader);
            } catch (ReflectiveOperationException e) {
                log.log(Level.WARNING, "Failed to create JWT helper. This is unexpected", (Throwable) e);
                return null;
            }
        } catch (ClassNotFoundException e2) {
            return null;
        }
    }
}
