package com.google.api.gax.rpc.mtls;

import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.SecurityUtils;
import com.google.api.core.BetaApi;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;

@BetaApi
/* loaded from: classes3.dex */
public class MtlsProvider {
    private static final String DEFAULT_CONTEXT_AWARE_METADATA_PATH = System.getProperty("user.home") + "/.secureConnect/context_aware_metadata.json";
    private EnvironmentProvider envProvider;
    private String metadataPath;
    private ProcessProvider processProvider;

    /* loaded from: classes3.dex */
    public static class DefaultProcessProvider implements ProcessProvider {
        @Override // com.google.api.gax.rpc.mtls.MtlsProvider.ProcessProvider
        public Process createProcess(InputStream inputStream) throws IOException {
            if (inputStream == null) {
                return null;
            }
            return new ProcessBuilder(MtlsProvider.extractCertificateProviderCommand(inputStream)).start();
        }
    }

    /* loaded from: classes3.dex */
    public interface EnvironmentProvider {
        String getenv(String str);
    }

    /* loaded from: classes3.dex */
    public enum MtlsEndpointUsagePolicy {
        NEVER,
        AUTO,
        ALWAYS
    }

    /* loaded from: classes3.dex */
    public interface ProcessProvider {
        Process createProcess(InputStream inputStream) throws IOException;
    }

    /* loaded from: classes3.dex */
    public static class SystemEnvironmentProvider implements EnvironmentProvider {
        @Override // com.google.api.gax.rpc.mtls.MtlsProvider.EnvironmentProvider
        public String getenv(String str) {
            return System.getenv(str);
        }
    }

    public MtlsProvider() {
        this(new SystemEnvironmentProvider(), new DefaultProcessProvider(), DEFAULT_CONTEXT_AWARE_METADATA_PATH);
    }

    @VisibleForTesting
    public MtlsProvider(EnvironmentProvider environmentProvider, ProcessProvider processProvider, String str) {
        this.envProvider = environmentProvider;
        this.processProvider = processProvider;
        this.metadataPath = str;
    }

    @VisibleForTesting
    public static ImmutableList<String> extractCertificateProviderCommand(InputStream inputStream) throws IOException {
        return ((ContextAwareMetadataJson) new GsonFactory().createJsonParser(inputStream).parse(ContextAwareMetadataJson.class)).getCommands();
    }

    @VisibleForTesting
    public static KeyStore getKeyStore(InputStream inputStream, ProcessProvider processProvider) throws IOException, InterruptedException, GeneralSecurityException {
        Process createProcess = processProvider.createProcess(inputStream);
        int runCertificateProviderCommand = runCertificateProviderCommand(createProcess, 1000L);
        if (runCertificateProviderCommand == 0) {
            return SecurityUtils.createMtlsKeyStore(createProcess.getInputStream());
        }
        throw new IOException("Cert provider command failed with exit code: " + runCertificateProviderCommand);
    }

    @VisibleForTesting
    public static int runCertificateProviderCommand(Process process, long j2) throws IOException, InterruptedException {
        long currentTimeMillis = System.currentTimeMillis();
        while (j2 > 0) {
            Thread.sleep(Math.min(1 + j2, 100L));
            j2 -= System.currentTimeMillis() - currentTimeMillis;
            try {
                return process.exitValue();
            } catch (IllegalThreadStateException unused) {
            }
        }
        process.destroy();
        throw new IOException("cert provider command timed out");
    }

    public KeyStore getKeyStore() throws IOException {
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(this.metadataPath);
                try {
                    KeyStore keyStore = getKeyStore(fileInputStream, this.processProvider);
                    fileInputStream.close();
                    return keyStore;
                } catch (Throwable th) {
                    try {
                        throw th;
                    } catch (Throwable th2) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                        throw th2;
                    }
                }
            } catch (FileNotFoundException | GeneralSecurityException unused) {
                return null;
            }
        } catch (InterruptedException e) {
            throw new IOException("Interrupted executing certificate provider command", e);
        }
    }

    public MtlsEndpointUsagePolicy getMtlsEndpointUsagePolicy() {
        String str = this.envProvider.getenv("GOOGLE_API_USE_MTLS_ENDPOINT");
        return "never".equals(str) ? MtlsEndpointUsagePolicy.NEVER : "always".equals(str) ? MtlsEndpointUsagePolicy.ALWAYS : MtlsEndpointUsagePolicy.AUTO;
    }

    public boolean useMtlsClientCertificate() {
        return "true".equals(this.envProvider.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE"));
    }
}
