package com.google.appengine.api.appidentity;

import com.google.appengine.api.appidentity.AppIdentityService;
import com.google.appengine.api.appidentity.AppIdentityServicePb;
import com.google.appengine.api.memcache.Expiration;
import com.google.appengine.api.memcache.MemcacheService;
import com.google.appengine.api.memcache.MemcacheServiceFactory;
import com.google.appengine.api.utils.SystemProperty;
import com.google.appengine.repackaged.com.google.common.collect.Lists;
import com.google.appengine.repackaged.com.google.protobuf.ByteString;
import com.google.appengine.repackaged.com.google.protobuf.InvalidProtocolBufferException;
import com.google.apphosting.api.ApiProxy;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:WEB-INF/lib/appengine-api-1.0-sdk-1.9.0.jar:com/google/appengine/api/appidentity/AppIdentityServiceImpl.class */
class AppIdentityServiceImpl implements AppIdentityService {
    public static final String PACKAGE_NAME = "app_identity_service";
    public static final String SIGN_FOR_APP_METHOD_NAME = "SignForApp";
    public static final String GET_SERVICE_ACCOUNT_NAME_METHOD_NAME = "GetServiceAccountName";
    public static final String GET_DEFAULT_GCS_BUCKET_NAME = "GetDefaultGcsBucketName";
    public static final String GET_CERTS_METHOD_NAME = "GetPublicCertificatesForApp";
    public static final String GET_ACCESS_TOKEN_METHOD_NAME = "GetAccessToken";
    public static final String MEMCACHE_NAMESPACE = "_ah_";
    public static final String MEMCACHE_KEY_PREFIX = "_ah_app_identity_";
    private static final char APP_PARTITION_SEPARATOR = '~';
    private static final char APP_DOMAIN_SEPARATOR = ':';

    private void handleApplicationError(ApiProxy.ApplicationException applicationException) {
        AppIdentityServicePb.AppIdentityServiceError.ErrorCode valueOf = AppIdentityServicePb.AppIdentityServiceError.ErrorCode.valueOf(applicationException.getApplicationError());
        if (valueOf == null) {
            throw new AppIdentityServiceFailureException("The AppIdentity service threw an unexpected error. Details: " + applicationException.getErrorDetail());
        }
        switch (valueOf) {
            case BLOB_TOO_LARGE:
                throw new AppIdentityServiceFailureException("The supplied blob was too long.");
            case NOT_A_VALID_APP:
                throw new AppIdentityServiceFailureException("The application is not valid.");
            case DEADLINE_EXCEEDED:
                throw new AppIdentityServiceFailureException("The deadline for the call was exceeded.");
            case UNKNOWN_ERROR:
                throw new AppIdentityServiceFailureException("There was an unknown error using the AppIdentity service.");
            case UNKNOWN_SCOPE:
                throw new AppIdentityServiceFailureException("An unknown scope was supplied.");
            default:
                throw new AppIdentityServiceFailureException("The AppIdentity service threw an unexpected error. Details: " + applicationException.getErrorDetail());
        }
    }

    @Override // com.google.appengine.api.appidentity.AppIdentityService
    public List<PublicCertificate> getPublicCertificatesForApp() {
        AppIdentityServicePb.GetPublicCertificateForAppRequest.Builder newBuilder = AppIdentityServicePb.GetPublicCertificateForAppRequest.newBuilder();
        AppIdentityServicePb.GetPublicCertificateForAppResponse.Builder newBuilder2 = AppIdentityServicePb.GetPublicCertificateForAppResponse.newBuilder();
        try {
            newBuilder2.mergeFrom(ApiProxy.makeSyncCall(PACKAGE_NAME, GET_CERTS_METHOD_NAME, newBuilder.build().toByteArray()));
        } catch (InvalidProtocolBufferException e) {
            throw new AppIdentityServiceFailureException(e.getMessage());
        } catch (ApiProxy.ApplicationException e2) {
            handleApplicationError(e2);
        }
        AppIdentityServicePb.GetPublicCertificateForAppResponse build = newBuilder2.build();
        ArrayList newArrayList = Lists.newArrayList();
        for (AppIdentityServicePb.PublicCertificate publicCertificate : build.getPublicCertificateListList()) {
            newArrayList.add(new PublicCertificate(publicCertificate.getKeyName(), publicCertificate.getX509CertificatePem()));
        }
        return newArrayList;
    }

    @Override // com.google.appengine.api.appidentity.AppIdentityService
    public AppIdentityService.SigningResult signForApp(byte[] bArr) {
        AppIdentityServicePb.SignForAppRequest.Builder newBuilder = AppIdentityServicePb.SignForAppRequest.newBuilder();
        newBuilder.setBytesToSign(ByteString.copyFrom(bArr));
        AppIdentityServicePb.SignForAppResponse.Builder newBuilder2 = AppIdentityServicePb.SignForAppResponse.newBuilder();
        try {
            newBuilder2.mergeFrom(ApiProxy.makeSyncCall(PACKAGE_NAME, SIGN_FOR_APP_METHOD_NAME, newBuilder.build().toByteArray()));
        } catch (InvalidProtocolBufferException e) {
            throw new AppIdentityServiceFailureException(e.getMessage());
        } catch (ApiProxy.ApplicationException e2) {
            handleApplicationError(e2);
        }
        AppIdentityServicePb.SignForAppResponse build = newBuilder2.build();
        return new AppIdentityService.SigningResult(build.getKeyName(), build.getSignatureBytes().toByteArray());
    }

    @Override // com.google.appengine.api.appidentity.AppIdentityService
    public String getServiceAccountName() {
        AppIdentityServicePb.GetServiceAccountNameRequest.Builder newBuilder = AppIdentityServicePb.GetServiceAccountNameRequest.newBuilder();
        AppIdentityServicePb.GetServiceAccountNameResponse.Builder newBuilder2 = AppIdentityServicePb.GetServiceAccountNameResponse.newBuilder();
        try {
            newBuilder2.mergeFrom(ApiProxy.makeSyncCall(getAccessTokenPackageName(), GET_SERVICE_ACCOUNT_NAME_METHOD_NAME, newBuilder.build().toByteArray()));
        } catch (InvalidProtocolBufferException e) {
            throw new AppIdentityServiceFailureException(e.getMessage());
        } catch (ApiProxy.ApplicationException e2) {
            handleApplicationError(e2);
        }
        return newBuilder2.build().getServiceAccountName();
    }

    @Override // com.google.appengine.api.appidentity.AppIdentityService
    public String getDefaultGcsBucketName() {
        AppIdentityServicePb.GetDefaultGcsBucketNameRequest.Builder newBuilder = AppIdentityServicePb.GetDefaultGcsBucketNameRequest.newBuilder();
        AppIdentityServicePb.GetDefaultGcsBucketNameResponse.Builder newBuilder2 = AppIdentityServicePb.GetDefaultGcsBucketNameResponse.newBuilder();
        try {
            newBuilder2.mergeFrom(ApiProxy.makeSyncCall(PACKAGE_NAME, GET_DEFAULT_GCS_BUCKET_NAME, newBuilder.build().toByteArray()));
        } catch (InvalidProtocolBufferException e) {
            throw new AppIdentityServiceFailureException(e.getMessage());
        } catch (ApiProxy.ApplicationException e2) {
            handleApplicationError(e2);
        }
        AppIdentityServicePb.GetDefaultGcsBucketNameResponse build = newBuilder2.build();
        if (build.hasDefaultGcsBucketName()) {
            return build.getDefaultGcsBucketName();
        }
        throw new AppIdentityServiceFailureException("getDefaultGcsBucketNameResponse contained no data");
    }

    @Override // com.google.appengine.api.appidentity.AppIdentityService
    public AppIdentityService.GetAccessTokenResult getAccessTokenUncached(Iterable<String> iterable) {
        AppIdentityServicePb.GetAccessTokenRequest.Builder newBuilder = AppIdentityServicePb.GetAccessTokenRequest.newBuilder();
        Iterator<String> it = iterable.iterator();
        while (it.hasNext()) {
            newBuilder.addScope(it.next());
        }
        if (newBuilder.getScopeCount() == 0) {
            throw new AppIdentityServiceFailureException("No scopes specified.");
        }
        AppIdentityServicePb.GetAccessTokenResponse.Builder newBuilder2 = AppIdentityServicePb.GetAccessTokenResponse.newBuilder();
        try {
            newBuilder2.mergeFrom(ApiProxy.makeSyncCall(getAccessTokenPackageName(), GET_ACCESS_TOKEN_METHOD_NAME, newBuilder.build().toByteArray()));
        } catch (InvalidProtocolBufferException e) {
            throw new AppIdentityServiceFailureException(e.getMessage());
        } catch (ApiProxy.ApplicationException e2) {
            handleApplicationError(e2);
        }
        AppIdentityServicePb.GetAccessTokenResponse build = newBuilder2.build();
        return new AppIdentityService.GetAccessTokenResult(build.getAccessToken(), new Date(build.getExpirationTime() * 1000));
    }

    private String getAccessTokenPackageName() {
        return (!Boolean.getBoolean("appengine.app_identity.use_robot") || SystemProperty.environment.value() == SystemProperty.Environment.Value.Production) ? PACKAGE_NAME : "robot_enabled_app_identity_service";
    }

    private String memcacheKeyForScopes(Iterable<String> iterable) {
        StringBuilder sb = new StringBuilder();
        sb.append(MEMCACHE_KEY_PREFIX);
        sb.append("[");
        boolean z = true;
        for (String str : iterable) {
            if (z) {
                z = false;
            } else {
                sb.append(",");
            }
            sb.append("'");
            sb.append(str);
            sb.append("'");
        }
        sb.append("]");
        return sb.toString();
    }

    @Override // com.google.appengine.api.appidentity.AppIdentityService
    public AppIdentityService.GetAccessTokenResult getAccessToken(Iterable<String> iterable) {
        AppIdentityService.GetAccessTokenResult accessTokenUncached;
        MemcacheService memcacheService = MemcacheServiceFactory.getMemcacheService(MEMCACHE_NAMESPACE);
        String memcacheKeyForScopes = memcacheKeyForScopes(iterable);
        Object obj = memcacheService.get(memcacheKeyForScopes);
        if (obj != null) {
            accessTokenUncached = (AppIdentityService.GetAccessTokenResult) obj;
        } else {
            accessTokenUncached = getAccessTokenUncached(iterable);
            memcacheService.put(memcacheKeyForScopes, accessTokenUncached, Expiration.onDate(new Date(accessTokenUncached.getExpirationTime().getTime() - 300000)));
        }
        return accessTokenUncached;
    }

    @Override // com.google.appengine.api.appidentity.AppIdentityService
    public AppIdentityService.ParsedAppId parseFullAppId(String str) {
        String str2;
        String str3;
        int indexOf = str.indexOf(126);
        if (indexOf > 0) {
            str2 = str.substring(0, indexOf);
            str = str.substring(indexOf + 1);
        } else {
            str2 = "";
        }
        int indexOf2 = str.indexOf(58);
        if (indexOf2 > 0) {
            str3 = str.substring(0, indexOf2);
            str = str.substring(indexOf2 + 1);
        } else {
            str3 = "";
        }
        return new AppIdentityService.ParsedAppId(str2, str3, str);
    }
}
