package com.google.identitytoolkit.internal;

import android.util.Base64;
import android.util.Log;
import com.google.identitytoolkit.api.ApiClient;
import com.google.identitytoolkit.api.GetPublicKeys;
import com.google.identitytoolkit.util.Preconditions;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class CertificateManager {
    private static final String CERTIFICATE_TYPE = "X509";
    private static final String TAG = "CertificateManager";
    private final ApiClient apiClient;
    private final CertificateFactory certificateFactory;
    private Map<String, X509Certificate> certificates;
    private final ReentrantReadWriteLock lock;
    private final Storage storage;

    public CertificateManager(ApiClient apiClient, Storage storage) {
        try {
            this.certificateFactory = CertificateFactory.getInstance(CERTIFICATE_TYPE);
            this.apiClient = apiClient;
            this.storage = (Storage) Preconditions.checkNotNull(storage);
            this.lock = new ReentrantReadWriteLock();
            this.certificates = parseCertificates(storage.getSavedCertificate());
        } catch (CertificateException e2) {
            throw new RuntimeException(e2);
        }
    }

    private Map<String, X509Certificate> downloadCertificates() {
        GetPublicKeys.Response execute = this.apiClient.newGetPublicKeysRequest().execute();
        if (execute == null || execute.hasError()) {
            return Collections.emptyMap();
        }
        this.storage.saveCertificate(execute.getJsonResponse().toString());
        return parseCertificates(execute.getJsonResponse());
    }

    private X509Certificate lockedGetCertificate(String str) {
        this.lock.readLock().lock();
        X509Certificate x509Certificate = this.certificates.get(str);
        this.lock.readLock().unlock();
        return x509Certificate;
    }

    private Map<String, X509Certificate> parseCertificates(String str) {
        if (str != null) {
            try {
                return parseCertificates(new JSONObject(str));
            } catch (JSONException e2) {
                String str2 = TAG;
                String valueOf = String.valueOf(str);
                Log.e(str2, valueOf.length() != 0 ? "Invalid certificates JSON response: ".concat(valueOf) : new String("Invalid certificates JSON response: "), e2);
            }
        }
        return Collections.emptyMap();
    }

    private Map<String, X509Certificate> parseCertificates(JSONObject jSONObject) {
        HashMap hashMap = new HashMap();
        try {
            Iterator<String> keys = jSONObject.keys();
            while (keys.hasNext()) {
                String next = keys.next();
                String optString = jSONObject.optString(next, null);
                if (optString == null) {
                    String str = TAG;
                    String valueOf = String.valueOf(String.valueOf(next));
                    String valueOf2 = String.valueOf(String.valueOf(jSONObject.toString()));
                    StringBuilder sb = new StringBuilder(valueOf.length() + 33 + valueOf2.length());
                    sb.append("Cannot find certificate for ");
                    sb.append(valueOf);
                    sb.append(" in: ");
                    sb.append(valueOf2);
                    Log.e(str, sb.toString());
                } else {
                    hashMap.put(next, toCertificate(optString));
                }
            }
        } catch (CertificateException e2) {
            String str2 = TAG;
            String valueOf3 = String.valueOf(jSONObject.toString());
            Log.e(str2, valueOf3.length() != 0 ? "Invalid certificates JSON response: ".concat(valueOf3) : new String("Invalid certificates JSON response: "), e2);
        }
        return hashMap;
    }

    private X509Certificate toCertificate(String str) {
        return (X509Certificate) this.certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(str.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", "").getBytes(), 0)));
    }

    private void updateCertificates(Map<String, X509Certificate> map) {
        if (map.isEmpty()) {
            return;
        }
        this.lock.writeLock().lock();
        this.certificates = map;
        this.lock.writeLock().unlock();
    }

    public X509Certificate getCertificate(String str) {
        X509Certificate lockedGetCertificate = lockedGetCertificate(str);
        if (lockedGetCertificate != null) {
            return lockedGetCertificate;
        }
        updateCertificates(downloadCertificates());
        return lockedGetCertificate(str);
    }
}
