package io.grpc.util;

import io.grpc.d0;
import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;

@d0("https://github.com/grpc/grpc-java/issues/8024")
@p7.a
/* loaded from: classes4.dex */
public final class h extends X509ExtendedTrustManager {

    /* renamed from: d, reason: collision with root package name */
    private static final Logger f42824d = Logger.getLogger(h.class.getName());

    /* renamed from: a, reason: collision with root package name */
    private final f f42825a;

    /* renamed from: b, reason: collision with root package name */
    private final e f42826b;

    /* renamed from: c, reason: collision with root package name */
    private volatile X509ExtendedTrustManager f42827c;

    /* loaded from: classes4.dex */
    class a implements c {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ ScheduledFuture f42828a;

        a(ScheduledFuture scheduledFuture) {
            this.f42828a = scheduledFuture;
        }

        @Override // io.grpc.util.h.c, java.io.Closeable, java.lang.AutoCloseable
        public void close() {
            this.f42828a.cancel(false);
        }
    }

    /* loaded from: classes4.dex */
    public static final class b {

        /* renamed from: a, reason: collision with root package name */
        private f f42830a;

        /* renamed from: b, reason: collision with root package name */
        private e f42831b;

        private b() {
            this.f42830a = f.CERTIFICATE_AND_HOST_NAME_VERIFICATION;
        }

        /* synthetic */ b(a aVar) {
            this();
        }

        public h a() throws CertificateException {
            return new h(this.f42830a, this.f42831b, null);
        }

        public b b(e eVar) {
            this.f42831b = eVar;
            return this;
        }

        public b c(f fVar) {
            this.f42830a = fVar;
            return this;
        }
    }

    /* loaded from: classes4.dex */
    public interface c extends Closeable {
        @Override // java.io.Closeable, java.lang.AutoCloseable
        void close();
    }

    /* loaded from: classes4.dex */
    private class d implements Runnable {

        /* renamed from: a, reason: collision with root package name */
        File f42832a;

        /* renamed from: b, reason: collision with root package name */
        long f42833b = 0;

        public d(File file) {
            this.f42832a = file;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                this.f42833b = h.this.f(this.f42832a, this.f42833b);
            } catch (IOException | GeneralSecurityException e9) {
                h.f42824d.log(Level.SEVERE, "Failed refreshing trust CAs from file. Using previous CAs", e9);
            }
        }
    }

    /* loaded from: classes4.dex */
    public interface e {
        void a(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException;

        void b(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException;
    }

    /* loaded from: classes4.dex */
    public enum f {
        CERTIFICATE_AND_HOST_NAME_VERIFICATION,
        CERTIFICATE_ONLY_VERIFICATION,
        INSECURELY_SKIP_ALL_VERIFICATION
    }

    private h(f fVar, e eVar) throws CertificateException {
        this.f42827c = null;
        this.f42825a = fVar;
        this.f42826b = eVar;
    }

    /* synthetic */ h(f fVar, e eVar, a aVar) throws CertificateException {
        this(fVar, eVar);
    }

    private void c(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine, Socket socket, boolean z8) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("Want certificate verification but got null or empty certificates");
        }
        if (sSLEngine == null && socket == null) {
            throw new CertificateException("Not enough information to validate peer. SSLEngine or Socket required.");
        }
        if (this.f42825a != f.INSECURELY_SKIP_ALL_VERIFICATION) {
            X509ExtendedTrustManager x509ExtendedTrustManager = this.f42827c;
            if (x509ExtendedTrustManager == null) {
                throw new CertificateException("No trust roots configured");
            }
            if (z8) {
                String str2 = this.f42825a == f.CERTIFICATE_AND_HOST_NAME_VERIFICATION ? "HTTPS" : "";
                if (sSLEngine != null) {
                    SSLParameters sSLParameters = sSLEngine.getSSLParameters();
                    sSLParameters.setEndpointIdentificationAlgorithm(str2);
                    sSLEngine.setSSLParameters(sSLParameters);
                    x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
                } else {
                    if (!(socket instanceof SSLSocket)) {
                        throw new CertificateException("socket is not a type of SSLSocket");
                    }
                    SSLSocket sSLSocket = (SSLSocket) socket;
                    SSLParameters sSLParameters2 = sSLSocket.getSSLParameters();
                    sSLParameters2.setEndpointIdentificationAlgorithm(str2);
                    sSLSocket.setSSLParameters(sSLParameters2);
                    x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str, sSLSocket);
                }
            } else {
                x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str, sSLEngine);
            }
        }
        e eVar = this.f42826b;
        if (eVar != null) {
            if (sSLEngine != null) {
                eVar.a(x509CertificateArr, str, sSLEngine);
            } else {
                eVar.b(x509CertificateArr, str, socket);
            }
        }
    }

    private static X509ExtendedTrustManager d(KeyStore keyStore) throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
        X509ExtendedTrustManager x509ExtendedTrustManager;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        int i9 = 0;
        while (true) {
            if (i9 >= trustManagers.length) {
                x509ExtendedTrustManager = null;
                break;
            }
            if (io.grpc.util.b.a(trustManagers[i9])) {
                x509ExtendedTrustManager = io.grpc.util.c.a(trustManagers[i9]);
                break;
            }
            i9++;
        }
        if (x509ExtendedTrustManager != null) {
            return x509ExtendedTrustManager;
        }
        throw new CertificateException("Failed to find X509ExtendedTrustManager with default TrustManager algorithm " + TrustManagerFactory.getDefaultAlgorithm());
    }

    public static b e() {
        return new b(null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public long f(File file, long j9) throws IOException, GeneralSecurityException {
        long lastModified = file.lastModified();
        if (lastModified == j9) {
            return j9;
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            g(i.b(fileInputStream));
            return lastModified;
        } finally {
            fileInputStream.close();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("Not enough information to validate peer. SSLEngine or Socket required.");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        c(x509CertificateArr, str, null, socket, false);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        c(x509CertificateArr, str, sSLEngine, null, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("Not enough information to validate peer. SSLEngine or Socket required.");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        c(x509CertificateArr, str, null, socket, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        c(x509CertificateArr, str, sSLEngine, null, true);
    }

    public void g(X509Certificate[] x509CertificateArr) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        int i9 = 1;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            keyStore.setCertificateEntry(Integer.toString(i9), x509Certificate);
            i9++;
        }
        this.f42827c = d(keyStore);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.f42827c == null ? new X509Certificate[0] : this.f42827c.getAcceptedIssuers();
    }

    public c h(File file, long j9, TimeUnit timeUnit, ScheduledExecutorService scheduledExecutorService) throws IOException, GeneralSecurityException {
        if (f(file, 0L) != 0) {
            return new a(scheduledExecutorService.scheduleWithFixedDelay(new d(file), j9, j9, timeUnit));
        }
        throw new GeneralSecurityException("Files were unmodified before their initial update. Probably a bug.");
    }

    public void i(File file) throws IOException, GeneralSecurityException {
        if (f(file, 0L) == 0) {
            throw new GeneralSecurityException("Files were unmodified before their initial update. Probably a bug.");
        }
    }

    public void j() throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
        this.f42827c = d(null);
    }
}
