package io.grpc.xds.internal.security.certprovider;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import io.grpc.Status;
import io.grpc.internal.TimeProvider;
import io.grpc.xds.internal.security.certprovider.CertificateProvider;
import io.grpc.xds.internal.security.trust.CertificateUtils;
import java.io.ByteArrayInputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileTime;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: classes6.dex */
final class FileWatcherCertificateProvider extends CertificateProvider implements Runnable {
    private static final Logger logger = Logger.getLogger(FileWatcherCertificateProvider.class.getName());
    private final Path certFile;
    private final Path keyFile;
    private FileTime lastModifiedTimeCert;
    private FileTime lastModifiedTimeKey;
    private FileTime lastModifiedTimeRoot;
    private final long refreshIntervalInSeconds;
    private final ScheduledExecutorService scheduledExecutorService;

    @VisibleForTesting
    ScheduledFuture<?> scheduledFuture;
    private boolean shutdown;
    private final TimeProvider timeProvider;
    private final Path trustFile;

    /* loaded from: classes6.dex */
    public static abstract class Factory {
        private static final Factory DEFAULT_INSTANCE = new Factory() { // from class: io.grpc.xds.internal.security.certprovider.FileWatcherCertificateProvider.Factory.1
            @Override // io.grpc.xds.internal.security.certprovider.FileWatcherCertificateProvider.Factory
            public FileWatcherCertificateProvider create(CertificateProvider.DistributorWatcher distributorWatcher, boolean z8, String str, String str2, String str3, long j, ScheduledExecutorService scheduledExecutorService, TimeProvider timeProvider) {
                return new FileWatcherCertificateProvider(distributorWatcher, z8, str, str2, str3, j, scheduledExecutorService, timeProvider);
            }
        };

        public static Factory getInstance() {
            return DEFAULT_INSTANCE;
        }

        public abstract FileWatcherCertificateProvider create(CertificateProvider.DistributorWatcher distributorWatcher, boolean z8, String str, String str2, String str3, long j, ScheduledExecutorService scheduledExecutorService, TimeProvider timeProvider);
    }

    public FileWatcherCertificateProvider(CertificateProvider.DistributorWatcher distributorWatcher, boolean z8, String str, String str2, String str3, long j, ScheduledExecutorService scheduledExecutorService, TimeProvider timeProvider) {
        super(distributorWatcher, z8);
        Path path;
        Path path2;
        Path path3;
        this.scheduledExecutorService = (ScheduledExecutorService) Preconditions.checkNotNull(scheduledExecutorService, "scheduledExecutorService");
        this.timeProvider = (TimeProvider) Preconditions.checkNotNull(timeProvider, "timeProvider");
        path = Paths.get((String) Preconditions.checkNotNull(str, "certFile"), new String[0]);
        this.certFile = path;
        path2 = Paths.get((String) Preconditions.checkNotNull(str2, "keyFile"), new String[0]);
        this.keyFile = path2;
        path3 = Paths.get((String) Preconditions.checkNotNull(str3, "trustFile"), new String[0]);
        this.trustFile = path3;
        this.refreshIntervalInSeconds = j;
    }

    private long computeDelaySecondsToCertExpiry(X509Certificate x509Certificate) {
        Preconditions.checkNotNull(x509Certificate, "lastCert");
        return TimeUnit.NANOSECONDS.toSeconds(TimeUnit.MILLISECONDS.toNanos(x509Certificate.getNotAfter().getTime()) - this.timeProvider.currentTimeNanos());
    }

    private void generateErrorIfCurrentCertExpired(Throwable th) {
        X509Certificate lastIdentityCert = getWatcher().getLastIdentityCert();
        if (lastIdentityCert != null) {
            if (computeDelaySecondsToCertExpiry(lastIdentityCert) > this.refreshIntervalInSeconds) {
                logger.log(Level.FINER, "reload certificate error", th);
                return;
            }
            getWatcher().clearValues();
        }
        getWatcher().onError(Status.fromThrowable(th));
    }

    private synchronized void scheduleNextRefreshCertificate(long j) {
        if (!this.shutdown) {
            this.scheduledFuture = this.scheduledExecutorService.schedule(this, j, TimeUnit.SECONDS);
        }
    }

    @VisibleForTesting
    public void checkAndReloadCertificates() {
        FileTime lastModifiedTime;
        boolean equals;
        byte[] readAllBytes;
        FileTime lastModifiedTime2;
        boolean equals2;
        ByteArrayInputStream byteArrayInputStream;
        FileTime lastModifiedTime3;
        FileTime lastModifiedTime4;
        boolean equals3;
        boolean equals4;
        byte[] readAllBytes2;
        byte[] readAllBytes3;
        FileTime lastModifiedTime5;
        FileTime lastModifiedTime6;
        boolean equals5;
        boolean equals6;
        try {
            try {
                lastModifiedTime3 = Files.getLastModifiedTime(this.certFile, new LinkOption[0]);
                lastModifiedTime4 = Files.getLastModifiedTime(this.keyFile, new LinkOption[0]);
                equals3 = lastModifiedTime3.equals(this.lastModifiedTimeCert);
            } catch (Throwable th) {
                generateErrorIfCurrentCertExpired(th);
            }
            try {
                if (!equals3) {
                    equals4 = lastModifiedTime4.equals(this.lastModifiedTimeKey);
                    if (!equals4) {
                        readAllBytes2 = Files.readAllBytes(this.certFile);
                        readAllBytes3 = Files.readAllBytes(this.keyFile);
                        lastModifiedTime5 = Files.getLastModifiedTime(this.certFile, new LinkOption[0]);
                        lastModifiedTime6 = Files.getLastModifiedTime(this.keyFile, new LinkOption[0]);
                        equals5 = lastModifiedTime5.equals(lastModifiedTime3);
                        if (equals5) {
                            equals6 = lastModifiedTime6.equals(lastModifiedTime4);
                            if (equals6) {
                                byteArrayInputStream = new ByteArrayInputStream(readAllBytes2);
                                try {
                                    ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(readAllBytes3);
                                    try {
                                        getWatcher().updateCertificate(CertificateUtils.getPrivateKey(byteArrayInputStream2), Arrays.asList(CertificateUtils.toX509Certificates(byteArrayInputStream)));
                                        byteArrayInputStream2.close();
                                        byteArrayInputStream.close();
                                        this.lastModifiedTimeCert = lastModifiedTime3;
                                        this.lastModifiedTimeKey = lastModifiedTime4;
                                    } finally {
                                    }
                                } catch (Throwable th2) {
                                    throw th2;
                                }
                            }
                        }
                        scheduleNextRefreshCertificate(this.refreshIntervalInSeconds);
                    }
                }
                lastModifiedTime = Files.getLastModifiedTime(this.trustFile, new LinkOption[0]);
                equals = lastModifiedTime.equals(this.lastModifiedTimeRoot);
            } catch (Throwable th3) {
                getWatcher().onError(Status.fromThrowable(th3));
            }
            if (!equals) {
                readAllBytes = Files.readAllBytes(this.trustFile);
                lastModifiedTime2 = Files.getLastModifiedTime(this.trustFile, new LinkOption[0]);
                equals2 = lastModifiedTime2.equals(lastModifiedTime);
                if (equals2) {
                    byteArrayInputStream = new ByteArrayInputStream(readAllBytes);
                    try {
                        getWatcher().updateTrustedRoots(Arrays.asList(CertificateUtils.toX509Certificates(byteArrayInputStream)));
                        byteArrayInputStream.close();
                        this.lastModifiedTimeRoot = lastModifiedTime;
                        scheduleNextRefreshCertificate(this.refreshIntervalInSeconds);
                        return;
                    } finally {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th4) {
                            th2.addSuppressed(th4);
                        }
                    }
                }
            }
            scheduleNextRefreshCertificate(this.refreshIntervalInSeconds);
        } catch (Throwable th5) {
            scheduleNextRefreshCertificate(this.refreshIntervalInSeconds);
            throw th5;
        }
    }

    @Override // io.grpc.xds.internal.security.certprovider.CertificateProvider, io.grpc.xds.internal.security.Closeable, java.io.Closeable, java.lang.AutoCloseable
    public synchronized void close() {
        try {
            this.shutdown = true;
            this.scheduledExecutorService.shutdownNow();
            ScheduledFuture<?> scheduledFuture = this.scheduledFuture;
            if (scheduledFuture != null) {
                scheduledFuture.cancel(true);
                this.scheduledFuture = null;
            }
            getWatcher().close();
        } catch (Throwable th) {
            throw th;
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        if (this.shutdown) {
            return;
        }
        try {
            checkAndReloadCertificates();
        } catch (Throwable th) {
            logger.log(Level.SEVERE, "Uncaught exception!", th);
            if (th instanceof InterruptedException) {
                Thread.currentThread().interrupt();
            }
        }
    }

    @Override // io.grpc.xds.internal.security.certprovider.CertificateProvider
    public void start() {
        scheduleNextRefreshCertificate(0L);
    }
}
