package com.amazonaws.ivs.broadcast;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.concurrent.TimeUnit;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;

/* loaded from: classes2.dex */
class CertValidator {
    private static final String CACHE_FILE_NAME = "amazon-ivs-broadcast-sdk-trusted-roots-cache.pem.gz";
    private static final long CACHE_UPDATE_INTERVAL_MS;
    private static final int CERT_COUNT_DEFAULT = 30;
    private static final int CERT_COUNT_SYSTEM = 100;
    private static final Charset CHARSET = StandardCharsets.US_ASCII;
    private static final long LOOP_INTERVAL_MS;
    private final File mCacheFile;
    private final Context mContext;
    private final long mHandle;
    private final SharedPreferences mSharedPrefs;

    static {
        TimeUnit timeUnit = TimeUnit.HOURS;
        CACHE_UPDATE_INTERVAL_MS = timeUnit.toMillis(24L);
        LOOP_INTERVAL_MS = timeUnit.toMillis(1L);
        Platform.loadBroadcastLibrary();
    }

    CertValidator(Context context, long j10) {
        Context applicationContext = context.getApplicationContext();
        this.mContext = applicationContext;
        this.mHandle = j10;
        this.mCacheFile = new File(applicationContext.getCacheDir(), CACHE_FILE_NAME);
        this.mSharedPrefs = SDKSharedPrefs.getSharedPrefs(applicationContext);
        if (j10 != 0) {
            Thread thread = new Thread(new Runnable() { // from class: com.amazonaws.ivs.broadcast.s
                @Override // java.lang.Runnable
                public final void run() {
                    CertValidator.this.threadRunnable();
                }
            });
            thread.setName("IVS Stages certificate worker");
            thread.start();
        }
    }

    private boolean isTimeToUpdateFromSystem() {
        return System.currentTimeMillis() - this.mSharedPrefs.getLong("last_trusted_roots_cache_updated", 0L) >= CACHE_UPDATE_INTERVAL_MS;
    }

    @Nullable
    private String loadCacheRoots() {
        if (!this.mCacheFile.exists()) {
            return null;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(this.mCacheFile);
            try {
                GZIPInputStream gZIPInputStream = new GZIPInputStream(fileInputStream);
                try {
                    StringBuilder sb2 = new StringBuilder();
                    byte[] bArr = new byte[65536];
                    while (true) {
                        int read = gZIPInputStream.read(bArr);
                        if (read <= 0) {
                            String sb3 = sb2.toString();
                            gZIPInputStream.close();
                            fileInputStream.close();
                            return sb3;
                        }
                        sb2.append(new String(bArr, 0, read, CHARSET));
                    }
                } catch (Throwable th) {
                    try {
                        gZIPInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                try {
                    fileInputStream.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
                throw th3;
            }
        } catch (Exception e10) {
            Logging.w("Error loading trusted roots cache", e10);
            return null;
        }
    }

    private void loadInitialRoots() {
        String loadCacheRoots = loadCacheRoots();
        if (loadCacheRoots == null || !setLoadedRootsImpl(this.mHandle, loadCacheRoots, "cached", 100)) {
            String loadDefaultRoots = loadDefaultRoots();
            if (loadDefaultRoots == null || !setLoadedRootsImpl(this.mHandle, loadDefaultRoots, "default", 30)) {
                setFailedToLoadRootsImpl(this.mHandle);
            }
        }
    }

    @SuppressLint({"ApplySharedPref"})
    private void saveCacheRoots(@NonNull String str) {
        long currentTimeMillis = System.currentTimeMillis();
        File file = new File(this.mContext.getCacheDir(), "ivs-stages-trusted-roots-cache-temp-" + currentTimeMillis + ".pem.gz");
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                GZIPOutputStream gZIPOutputStream = new GZIPOutputStream(fileOutputStream);
                try {
                    gZIPOutputStream.write(str.getBytes(CHARSET));
                    gZIPOutputStream.close();
                    fileOutputStream.close();
                    if (file.renameTo(this.mCacheFile)) {
                        SharedPreferences.Editor edit = this.mSharedPrefs.edit();
                        edit.putLong("last_trusted_roots_cache_updated", currentTimeMillis);
                        edit.commit();
                    }
                } finally {
                }
            } catch (Throwable th) {
                try {
                    fileOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (Exception unused) {
            Logging.w("Error saving trusted roots cache");
        }
    }

    private native void setFailedToLoadRootsImpl(long j10);

    private native boolean setLoadedRootsImpl(long j10, @NonNull String str, @NonNull String str2, int i10);

    /* JADX INFO: Access modifiers changed from: private */
    public void threadRunnable() {
        String loadSystemRoots;
        loadInitialRoots();
        while (true) {
            if ((!this.mCacheFile.exists() || isTimeToUpdateFromSystem()) && (loadSystemRoots = loadSystemRoots()) != null && setLoadedRootsImpl(this.mHandle, loadSystemRoots, "system", 100)) {
                saveCacheRoots(loadSystemRoots);
            }
            try {
                Thread.sleep(LOOP_INTERVAL_MS);
            } catch (InterruptedException e10) {
                Logging.w("Interrupted", e10);
            }
        }
    }

    @Nullable
    String loadDefaultRoots() {
        try {
            InputStream openRawResource = this.mContext.getResources().openRawResource(R.raw.ivs_default_trusted_ssl_root_list);
            try {
                StringBuilder sb2 = new StringBuilder();
                byte[] bArr = new byte[65536];
                while (true) {
                    int read = openRawResource.read(bArr, 0, 65536);
                    if (read <= 0) {
                        String sb3 = sb2.toString();
                        openRawResource.close();
                        return sb3;
                    }
                    sb2.append(new String(bArr, 0, read, CHARSET));
                }
            } finally {
            }
        } catch (Exception e10) {
            Logging.e("Error loading default certificates", e10);
            return null;
        }
    }

    @Nullable
    String loadSystemRoots() {
        try {
            StringBuilder sb2 = new StringBuilder();
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            if (keyStore != null) {
                keyStore.load(null, null);
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    byte[] encoded = ((X509Certificate) keyStore.getCertificate(aliases.nextElement())).getEncoded();
                    sb2.append("-----BEGIN CERTIFICATE-----\n");
                    sb2.append(Base64.encodeToString(encoded, 0));
                    if (sb2.charAt(sb2.length() - 1) != '\n') {
                        sb2.append('\n');
                    }
                    sb2.append("-----END CERTIFICATE-----\n");
                }
            }
            return sb2.toString();
        } catch (Exception e10) {
            Logging.e("Error loading system certificates", e10);
            return null;
        }
    }
}
