package com.spotify.styx.api;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.googleapis.util.Utils;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.services.cloudresourcemanager.CloudResourceManager;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.IamScopes;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.function.Function;

/* loaded from: input_file:com/spotify/styx/api/AuthenticatorFactory.class */
public interface AuthenticatorFactory extends Function<AuthenticatorConfiguration, Authenticator> {
    public static final AuthenticatorFactory DEFAULT = new DefaultAuthenticatorFactory();

    /* loaded from: input_file:com/spotify/styx/api/AuthenticatorFactory$DefaultAuthenticatorFactory.class */
    public static class DefaultAuthenticatorFactory implements AuthenticatorFactory {
        @VisibleForTesting
        GoogleIdTokenVerifier buildGoogleIdTokenVerifier(HttpTransport httpTransport, JsonFactory jsonFactory) {
            return new GoogleIdTokenVerifier(httpTransport, jsonFactory);
        }

        @VisibleForTesting
        GoogleCredential loadCredential() {
            try {
                return GoogleCredential.getApplicationDefault().createScoped(IamScopes.all());
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }

        @VisibleForTesting
        Iam buildIam(HttpTransport httpTransport, JsonFactory jsonFactory, GoogleCredential googleCredential, String str) {
            return new Iam.Builder(httpTransport, jsonFactory, googleCredential).setApplicationName(str).build();
        }

        @VisibleForTesting
        CloudResourceManager buildCloudResourceManager(HttpTransport httpTransport, JsonFactory jsonFactory, GoogleCredential googleCredential, String str) {
            return new CloudResourceManager.Builder(httpTransport, jsonFactory, googleCredential).setApplicationName(str).build();
        }

        @Override // java.util.function.Function
        public Authenticator apply(AuthenticatorConfiguration authenticatorConfiguration) {
            try {
                NetHttpTransport newTrustedTransport = GoogleNetHttpTransport.newTrustedTransport();
                JsonFactory defaultJsonFactory = Utils.getDefaultJsonFactory();
                GoogleIdTokenVerifier buildGoogleIdTokenVerifier = buildGoogleIdTokenVerifier(newTrustedTransport, defaultJsonFactory);
                GoogleCredential loadCredential = loadCredential();
                Authenticator authenticator = new Authenticator(buildGoogleIdTokenVerifier, buildCloudResourceManager(newTrustedTransport, defaultJsonFactory, loadCredential, authenticatorConfiguration.service()), buildIam(newTrustedTransport, defaultJsonFactory, loadCredential, authenticatorConfiguration.service()), authenticatorConfiguration);
                try {
                    authenticator.cacheResources();
                    return authenticator;
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            } catch (IOException | GeneralSecurityException e2) {
                throw new RuntimeException(e2);
            }
        }
    }
}
