package com.google.scp.shared.clients.configclient.gcp;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.scp.shared.mapper.GuavaObjectMapper;
import java.io.ByteArrayInputStream;
import java.io.IOException;

/* loaded from: input_file:com/google/scp/shared/clients/configclient/gcp/CredentialsHelper.class */
public final class CredentialsHelper {
    private static final ObjectMapper mapper = new GuavaObjectMapper();

    public static GoogleCredentials getAttestedCredentials(String str, String str2) throws IOException {
        return GoogleCredentials.fromStream(new ByteArrayInputStream(getCredentialConfig(str, str2).getBytes()));
    }

    private static String getCredentialConfig(String str, String str2) throws JsonProcessingException {
        return mapper.writeValueAsString(CredentialConfig.builder().type("external_account").audience(String.format("//iam.googleapis.com/%s", str)).credentialSource(CredentialSource.builder().file("/run/container_launcher/attestation_verifier_claims_token").build()).serviceAccountImpersonationUrl(String.format("https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:generateAccessToken", str2)).subjectTokenType("urn:ietf:params:oauth:token-type:jwt").tokenUrl("https://sts.googleapis.com/v1/token").build());
    }
}
