package com.amazon.mobile.ssnap.clientstore.signaturevalidation;

import android.net.Uri;
import android.os.SystemClock;
import android.text.TextUtils;
import bolts.Continuation;
import bolts.Task;
import com.amazon.mobile.ssnap.clientstore.delegate.WeblabDelegate;
import com.amazon.mobile.ssnap.clientstore.developerhooks.DeveloperHooks;
import com.amazon.mobile.ssnap.clientstore.featurestore.FetchResponse;
import com.amazon.mobile.ssnap.clientstore.filestore.FileStore;
import com.amazon.mobile.ssnap.clientstore.filestore.FileVersion;
import com.amazon.mobile.ssnap.clientstore.metrics.ClientStoreMetric;
import com.amazon.mobile.ssnap.internal.security.SecureContentValidator;
import com.amazon.mobile.ssnap.metrics.SsnapMetricEvent;
import com.amazon.mobile.ssnap.metrics.SsnapMetricsHelper;
import com.google.common.base.Charsets;
import com.google.common.io.Closeables;
import dagger.Lazy;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.util.Locale;
import javax.inject.Named;
import okhttp3.Headers;

/* loaded from: classes2.dex */
public class FileSignatureValidatorImpl implements FileSignatureValidator {
    static String FETCH_CERT_CHAIN = "Fetch Cert Chain Task";
    static String VALIDATE_CACHED_FILE = "Validate Cached File";
    private final FileStore mCertificateStore;
    private final DeveloperHooks mDeveloperHooks;
    private final SsnapMetricsHelper mMetricsHelper;
    private final Lazy<SecureContentValidator> mSecureContentValidator;
    private final FileStore mSignatureStore;
    private final WeblabDelegate mWeblabDelegate;

    /* loaded from: classes2.dex */
    final class HeaderKeys {
        static final String BASE64_SIGNATURE_V2 = "x-amz-meta-ssnap-signature-v2";
        static final String CERTIFICATE_CHAIN_URL_V2 = "x-amz-meta-ssnap-certchain-url-v2";

        HeaderKeys() {
        }
    }

    public FileSignatureValidatorImpl(Lazy<SecureContentValidator> lazy, @Named("CertificateStore") FileStore fileStore, @Named("SignatureStore") FileStore fileStore2, SsnapMetricsHelper ssnapMetricsHelper, DeveloperHooks developerHooks, WeblabDelegate weblabDelegate) {
        this.mSecureContentValidator = lazy;
        this.mCertificateStore = fileStore;
        this.mSignatureStore = fileStore2;
        this.mMetricsHelper = ssnapMetricsHelper;
        this.mDeveloperHooks = developerHooks;
        this.mWeblabDelegate = weblabDelegate;
    }

    private Task<Void> fetchCertChainAndValidate(final Uri uri, final InputStream inputStream, final FileSignature fileSignature, final FileVersion fileVersion, final boolean z) {
        final long elapsedRealtime = SystemClock.elapsedRealtime();
        return this.mCertificateStore.getFileAsync(FileStore.CachePolicy.STATIC, fileSignature.getCertificateChainUrl()).onSuccess(new Continuation<FetchResponse<File>, Void>() { // from class: com.amazon.mobile.ssnap.clientstore.signaturevalidation.FileSignatureValidatorImpl.1
            @Override // bolts.Continuation
            public Void then(Task<FetchResponse<File>> task) throws Exception {
                try {
                    try {
                        FileSignatureValidatorImpl.this.mMetricsHelper.logTimer(new SsnapMetricEvent(ClientStoreMetric.SSNAP_CERT_FETCH_DURATION, "STATIC"), SystemClock.elapsedRealtime() - elapsedRealtime);
                        ((SecureContentValidator) FileSignatureValidatorImpl.this.mSecureContentValidator.get()).validate(inputStream, fileSignature.getBase64Signature(), task.getResult().getResponse());
                        FileSignatureValidatorImpl.this.mSignatureStore.storeFile(uri, fileSignature.toJsonString(), fileVersion, null);
                        return null;
                    } finally {
                        if (z) {
                            inputStream.close();
                        }
                    }
                } catch (IOException | GeneralSecurityException e) {
                    FileSignatureValidatorImpl.this.mCertificateStore.removeEntry(fileSignature.getCertificateChainUrl());
                    FileSignatureValidatorImpl.this.logSignatureValidationFailed(uri, fileSignature.getBase64Signature(), e, FileSignatureValidatorImpl.FETCH_CERT_CHAIN);
                    throw new GeneralSecurityException(e);
                }
            }
        });
    }

    private GeneralSecurityException headerNotFoundError(Uri uri, String str) {
        return new GeneralSecurityException(String.format(Locale.US, "Header '(%s)' not found in response for (%s)", str, uri.toString()));
    }

    protected void logSignatureValidationFailed(Uri uri, String str, Exception exc, String str2) {
        if (str.length() > 5) {
            str = str.substring(0, 5);
        }
        this.mMetricsHelper.logCounter(new SsnapMetricEvent.Builder(ClientStoreMetric.SIGNATURE_VALIDATION_FAILED).exception(exc).uri(uri).metadata("Identifier", str).metadata("Task", str2).build());
    }

    protected boolean shouldSkipValidation() {
        return this.mDeveloperHooks.isDebugBuild() && this.mDeveloperHooks.isSignatureValidationDisabled();
    }

    @Override // com.amazon.mobile.ssnap.clientstore.signaturevalidation.FileSignatureValidator
    public void validateCachedFile(Uri uri, File file) throws Exception {
        if (shouldSkipValidation()) {
            return;
        }
        if (file == null || !file.exists()) {
            throw new FileNotFoundException("File with signature should be cached");
        }
        Task<FetchResponse<File>> cachedFile = this.mSignatureStore.getCachedFile(uri);
        cachedFile.waitForCompletion();
        if (cachedFile.isFaulted()) {
            throw new IOException("Signature file task failed", cachedFile.getError());
        }
        if (cachedFile.getResult() == null) {
            throw new IOException("Signature file task has no result");
        }
        File response = cachedFile.getResult().getResponse();
        if (!response.exists()) {
            throw new FileNotFoundException("Signature file should be cached");
        }
        FileSignature parse = FileSignature.parse(response);
        String base64Signature = parse.getBase64Signature();
        Uri certificateChainUrl = parse.getCertificateChainUrl();
        long elapsedRealtime = SystemClock.elapsedRealtime();
        Task<FetchResponse<File>> cachedFile2 = this.mCertificateStore.getCachedFile(certificateChainUrl);
        cachedFile2.waitForCompletion();
        if (cachedFile2.isFaulted()) {
            throw new IOException("Certificate chain file task failed", cachedFile2.getError());
        }
        if (cachedFile2.getResult() == null) {
            throw new IOException("Certificate chain file task has no result");
        }
        File response2 = cachedFile2.getResult().getResponse();
        if (!response2.exists()) {
            throw new FileNotFoundException("Certificate chain file should be cached");
        }
        this.mMetricsHelper.logTimer(new SsnapMetricEvent(ClientStoreMetric.SSNAP_CERT_FETCH_DURATION, "CACHE"), SystemClock.elapsedRealtime() - elapsedRealtime);
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            try {
                this.mSecureContentValidator.get().validate(fileInputStream, base64Signature, response2);
            } finally {
                Closeables.closeQuietly(fileInputStream);
            }
        } catch (IOException | GeneralSecurityException e) {
            this.mSignatureStore.removeEntry(uri);
            logSignatureValidationFailed(uri, base64Signature, e, VALIDATE_CACHED_FILE);
            throw new GeneralSecurityException(e);
        }
    }

    @Override // com.amazon.mobile.ssnap.clientstore.signaturevalidation.FileSignatureValidator
    public Task<Void> validateContentToStore(Uri uri, String str, FileSignature fileSignature) {
        return shouldSkipValidation() ? Task.forResult(null) : fetchCertChainAndValidate(uri, new ByteArrayInputStream(str.getBytes(Charsets.UTF_8)), fileSignature, null, true);
    }

    @Override // com.amazon.mobile.ssnap.clientstore.signaturevalidation.FileSignatureValidator
    public Task<Void> validateResponse(Uri uri, InputStream inputStream, Headers headers) {
        if (shouldSkipValidation()) {
            return Task.forResult(null);
        }
        String str = headers.get("x-amz-meta-ssnap-signature-v2");
        if (TextUtils.isEmpty(str)) {
            this.mMetricsHelper.logCounter(new SsnapMetricEvent(ClientStoreMetric.SIGNATURE_HEADER_V2_NOT_FOUND));
            return Task.forError(headerNotFoundError(uri, "x-amz-meta-ssnap-signature-v2"));
        }
        String str2 = headers.get("x-amz-meta-ssnap-certchain-url-v2");
        if (!TextUtils.isEmpty(str2)) {
            return fetchCertChainAndValidate(uri, inputStream, new FileSignature(str, Uri.parse(str2)), FileVersion.parse(headers), false);
        }
        this.mMetricsHelper.logCounter(new SsnapMetricEvent(ClientStoreMetric.SIGNATURE_HEADER_V2_NOT_FOUND));
        return Task.forError(headerNotFoundError(uri, "x-amz-meta-ssnap-certchain-url-v2"));
    }
}
