package com.adobe.cq.assetcompute.impl.bulkimport.gcp.auth;

import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;

/* loaded from: input_file:com/adobe/cq/assetcompute/impl/bulkimport/gcp/auth/ServiceAccountCredential.class */
public class ServiceAccountCredential {
    public static final URI TOKEN_SERVER_URI = URI.create("https://oauth2.googleapis.com/token");
    public static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer";
    public static final String SCOPE_STORAGE_READ_WRITE = "https://www.googleapis.com/auth/devstorage.read_write";
    private static final int DEFAULT_LIFETIME_IN_SECONDS = 3600;
    private final String clientEmail;
    private final PrivateKey privateKey;
    private final List<String> scopes = Arrays.asList(SCOPE_STORAGE_READ_WRITE);
    private final int lifetime = DEFAULT_LIFETIME_IN_SECONDS;

    public ServiceAccountCredential(String str, String str2) {
        this.clientEmail = str;
        this.privateKey = SignHelper.getPrivateKey(str2);
    }

    public String generateAssertion() throws GeneralSecurityException, JSONException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("alg", "RS256");
        jSONObject.put("typ", "JWT");
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("aud", TOKEN_SERVER_URI.toString());
        long time = new Date().getTime();
        jSONObject2.put("exp", (time / 1000) + this.lifetime);
        jSONObject2.put("iat", time / 1000);
        jSONObject2.put("iss", this.clientEmail);
        jSONObject2.put("scope", String.join(" ", this.scopes));
        Base64 base64 = new Base64(0, null, true);
        String str = base64.encodeToString(jSONObject.toString().getBytes(StandardCharsets.UTF_8)) + "." + base64.encodeToString(jSONObject2.toString().getBytes(StandardCharsets.UTF_8));
        return str + "." + base64.encodeToString(SignHelper.sign(str.getBytes(StandardCharsets.UTF_8), this.privateKey));
    }
}
