module Google::Auth::ExternalAccount::ExternalAccountUtils

def normalize_timestamp time
  case time
  when NilClass
    nil
  when Time
    time
  when String
    Time.parse time
  else
    raise "Invalid time value #{time}"
  end
end

def project_id
  return @project_id unless @project_id.nil?
  project_number = self.project_number || @workforce_pool_user_project
  # if we missing either project number or scope, we won't retrieve project_id
  return nil if project_number.nil? || @scope.nil?
  url = "#{CLOUD_RESOURCE_MANAGER}#{project_number}"
  response = connection.get url do |req|
    req.headers["Authorization"] = "Bearer #{@access_token}"
    req.headers["Content-Type"] = "application/json"
  end
  if response.status == 200
    response_data = MultiJson.load response.body, symbolize_names: true
    @project_id = response_data[:projectId]
  end
  @project_id
end

def project_number
  segments = @audience.split "/"
  idx = segments.index "projects"
  return nil if idx.nil? || idx + 1 == segments.size
  segments[idx + 1]
end

def service_account_email
  return nil if @service_account_impersonation_url.nil?
  start_idx = @service_account_impersonation_url.rindex "/"
  end_idx = @service_account_impersonation_url.index ":generateAccessToken"
  if start_idx != -1 && end_idx != -1 && start_idx < end_idx
    start_idx += 1
    return @service_account_impersonation_url[start_idx..end_idx]
  end
  nil
end