package com.shopify.pos.customerview.common.internal.server;

import com.oblador.keychain.cipherStorage.CipherStorageKeystoreRsaEcb;
import com.shopify.pos.customerview.common.internal.util.TimeProvider;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;

/* loaded from: classes3.dex */
public final class SslContextBundleImpl implements SslContextBundle {

    @NotNull
    private final Lazy certificate$delegate;

    @NotNull
    private final CertificateGenerator certificateGenerator;

    @NotNull
    private final Lazy serverKeyStore$delegate;

    @NotNull
    private final Lazy sslContext$delegate;

    @NotNull
    private final TimeProvider timeProvider;

    /* JADX WARN: Multi-variable type inference failed */
    public SslContextBundleImpl() {
        this(null, 0 == true ? 1 : 0, 3, 0 == true ? 1 : 0);
    }

    public SslContextBundleImpl(@NotNull CertificateGenerator certificateGenerator, @NotNull TimeProvider timeProvider) {
        Lazy lazy;
        Lazy lazy2;
        Lazy lazy3;
        Intrinsics.checkNotNullParameter(certificateGenerator, "certificateGenerator");
        Intrinsics.checkNotNullParameter(timeProvider, "timeProvider");
        this.certificateGenerator = certificateGenerator;
        this.timeProvider = timeProvider;
        lazy = LazyKt__LazyJVMKt.lazy(new Function0<KeyStore>() { // from class: com.shopify.pos.customerview.common.internal.server.SslContextBundleImpl$serverKeyStore$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            @NotNull
            public final KeyStore invoke() {
                KeyStore keyStore;
                keyStore = SslContextBundleImpl.this.getKeyStore();
                return keyStore;
            }
        });
        this.serverKeyStore$delegate = lazy;
        lazy2 = LazyKt__LazyJVMKt.lazy(new Function0<SSLContext>() { // from class: com.shopify.pos.customerview.common.internal.server.SslContextBundleImpl$sslContext$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            @NotNull
            public final SSLContext invoke() {
                KeyStore serverKeyStore;
                SSLContext generateServerSslContext;
                SslContextBundleImpl sslContextBundleImpl = SslContextBundleImpl.this;
                serverKeyStore = sslContextBundleImpl.getServerKeyStore();
                generateServerSslContext = sslContextBundleImpl.generateServerSslContext(serverKeyStore);
                return generateServerSslContext;
            }
        });
        this.sslContext$delegate = lazy2;
        lazy3 = LazyKt__LazyJVMKt.lazy(new Function0<X509Certificate>() { // from class: com.shopify.pos.customerview.common.internal.server.SslContextBundleImpl$certificate$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            @NotNull
            public final X509Certificate invoke() {
                KeyStore serverKeyStore;
                serverKeyStore = SslContextBundleImpl.this.getServerKeyStore();
                Certificate certificate = serverKeyStore.getCertificate("cv-certificate");
                Intrinsics.checkNotNull(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
                return (X509Certificate) certificate;
            }
        });
        this.certificate$delegate = lazy3;
    }

    public /* synthetic */ SslContextBundleImpl(CertificateGenerator certificateGenerator, TimeProvider timeProvider, int i2, DefaultConstructorMarker defaultConstructorMarker) {
        this((i2 & 1) != 0 ? new CertificateGenerator() : certificateGenerator, (i2 & 2) != 0 ? new TimeProvider.Default() : timeProvider);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final SSLContext generateServerSslContext(KeyStore keyStore) {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
        keyManagerFactory.init(keyStore, null);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        Intrinsics.checkNotNullExpressionValue(sSLContext, "apply(...)");
        return sSLContext;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final KeyStore getKeyStore() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Certificate certificate = keyStore.getCertificate("cv-certificate");
        X509Certificate x509Certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
        if (!((x509Certificate == null || X509CertificateExtKt.isExpired(x509Certificate, this.timeProvider)) ? false : true)) {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(CipherStorageKeystoreRsaEcb.ALGORITHM_RSA);
            keyPairGenerator.initialize(2048);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            Intrinsics.checkNotNullExpressionValue(genKeyPair, "genKeyPair(...)");
            long now = this.timeProvider.now();
            X509Certificate generateSelfSignedCertificate = this.certificateGenerator.generateSelfSignedCertificate(genKeyPair, now, now + TimeUnit.DAYS.toMillis(365L));
            keyStore.setKeyEntry("cv-key", genKeyPair.getPrivate(), null, new X509Certificate[]{generateSelfSignedCertificate});
            keyStore.setCertificateEntry("cv-certificate", generateSelfSignedCertificate);
        }
        Intrinsics.checkNotNullExpressionValue(keyStore, "apply(...)");
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final KeyStore getServerKeyStore() {
        return (KeyStore) this.serverKeyStore$delegate.getValue();
    }

    @Override // com.shopify.pos.customerview.common.internal.server.SslContextBundle
    @NotNull
    public X509Certificate getCertificate() {
        return (X509Certificate) this.certificate$delegate.getValue();
    }

    @Override // com.shopify.pos.customerview.common.internal.server.SslContextBundle
    @NotNull
    public SSLContext getSslContext() {
        return (SSLContext) this.sslContext$delegate.getValue();
    }
}
