package org.eclipse.edc.gcp.common;

import com.google.auth.oauth2.AccessToken;
import com.google.auth.oauth2.GoogleCredentials;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Date;
import java.util.Objects;
import org.eclipse.edc.spi.EdcException;
import org.eclipse.edc.spi.monitor.Monitor;
import org.eclipse.edc.spi.security.Vault;
import org.eclipse.edc.spi.types.TypeManager;
import org.eclipse.edc.util.string.StringUtils;

/* loaded from: input_file:org/eclipse/edc/gcp/common/GcpCredentials.class */
public class GcpCredentials {
    private static final String SERVICE_ACCOUNT = "service_account";
    private final Base64.Decoder b64Decoder = Base64.getDecoder();
    private final Vault vault;
    private final TypeManager typeManager;
    private final Monitor monitor;

    /* loaded from: input_file:org/eclipse/edc/gcp/common/GcpCredentials$GcpCredentialType.class */
    public enum GcpCredentialType {
        DEFAULT_APPLICATION,
        GOOGLE_ACCESS_TOKEN,
        GOOGLE_SERVICE_ACCOUNT_KEY_FILE
    }

    public GcpCredentials(Vault vault, TypeManager typeManager, Monitor monitor) {
        this.vault = vault;
        this.typeManager = typeManager;
        this.monitor = monitor;
    }

    public GoogleCredentials resolveGoogleCredentialsFromDataAddress(GcpServiceAccountCredentials gcpServiceAccountCredentials) {
        String vaultTokenKeyName = gcpServiceAccountCredentials.getVaultTokenKeyName();
        String vaultServiceAccountKeyName = gcpServiceAccountCredentials.getVaultServiceAccountKeyName();
        String serviceAccountValue = gcpServiceAccountCredentials.getServiceAccountValue();
        if (!StringUtils.isNullOrBlank(vaultTokenKeyName)) {
            String resolveSecret = this.vault.resolveSecret(vaultTokenKeyName);
            if (StringUtils.isNullOrEmpty(resolveSecret)) {
                throw new GcpException(vaultTokenKeyName + " could not be retrieved from the vault.");
            }
            return createGoogleCredential(resolveSecret, GcpCredentialType.GOOGLE_ACCESS_TOKEN);
        }
        if (!StringUtils.isNullOrBlank(vaultServiceAccountKeyName)) {
            String resolveSecret2 = this.vault.resolveSecret(vaultServiceAccountKeyName);
            if (StringUtils.isNullOrEmpty(resolveSecret2)) {
                throw new GcpException(vaultServiceAccountKeyName + " could not be retrieved from the vault.");
            }
            return createGoogleCredential(resolveSecret2, GcpCredentialType.GOOGLE_SERVICE_ACCOUNT_KEY_FILE);
        }
        if (StringUtils.isNullOrBlank(serviceAccountValue)) {
            return createApplicationDefaultCredentials();
        }
        String str = new String(this.b64Decoder.decode(serviceAccountValue));
        if (str.contains(SERVICE_ACCOUNT)) {
            return createGoogleCredential(str, GcpCredentialType.GOOGLE_SERVICE_ACCOUNT_KEY_FILE);
        }
        throw new GcpException("SERVICE_ACCOUNT_VALUE is not provided as a valid service account key file.");
    }

    public GoogleCredentials createApplicationDefaultCredentials() {
        return createGoogleCredential("", GcpCredentialType.DEFAULT_APPLICATION);
    }

    public GoogleCredentials createGoogleCredential(String str, GcpCredentialType gcpCredentialType) {
        Objects.requireNonNull(str, "key content");
        switch (gcpCredentialType) {
            case GOOGLE_ACCESS_TOKEN:
                return getGoogleCredentialsFromAccessToken(str);
            case GOOGLE_SERVICE_ACCOUNT_KEY_FILE:
                return getGoogleCredentialsFromFile(str);
            case DEFAULT_APPLICATION:
                return getGoogleCredentialsFromApplicationDefault();
            default:
                throw new IncompatibleClassChangeError();
        }
    }

    private GoogleCredentials getGoogleCredentialsFromApplicationDefault() {
        try {
            this.monitor.debug("Gcp: The default Credentials will be used to resolve the google credentials.", new Throwable[0]);
            return GoogleCredentials.getApplicationDefault();
        } catch (IOException e) {
            throw new GcpException("Error while getting the default credentials.", e);
        }
    }

    private GoogleCredentials getGoogleCredentialsFromFile(String str) {
        try {
            this.monitor.debug("Gcp: The provided credentials file will be used to resolve the google credentials.", new Throwable[0]);
            return GoogleCredentials.fromStream(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
        } catch (IOException e) {
            throw new GcpException("Error while getting the credentials from the credentials file.", e);
        }
    }

    private GoogleCredentials getGoogleCredentialsFromAccessToken(String str) {
        if (StringUtils.isNullOrEmpty(str)) {
            throw new GcpException("keyContent is not in a valid GcpAccessToken format.");
        }
        try {
            GcpAccessToken gcpAccessToken = (GcpAccessToken) this.typeManager.readValue(str, GcpAccessToken.class);
            this.monitor.info("Gcp: The provided token will be used to resolve the google credentials.", new Throwable[0]);
            return GoogleCredentials.create(new AccessToken(gcpAccessToken.getToken(), new Date(gcpAccessToken.getExpiration())));
        } catch (EdcException e) {
            throw new GcpException("ACCESS_TOKEN is not in a valid GcpAccessToken format.");
        } catch (Exception e2) {
            throw new GcpException("Error while getting the default credentials.", e2);
        }
    }
}
