package com.google.api.gax.rpc.mtls;

import com.google.api.client.googleapis.mtls.MtlsUtils;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.SecurityUtils;
import com.google.api.core.BetaApi;
import com.google.api.gax.rpc.internal.EnvironmentProvider;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;

@BetaApi
/* loaded from: input_file:com/google/api/gax/rpc/mtls/MtlsProvider.class */
public class MtlsProvider {
    private static final String DEFAULT_CONTEXT_AWARE_METADATA_PATH = System.getProperty("user.home") + "/.secureConnect/context_aware_metadata.json";
    private String metadataPath;
    private EnvironmentProvider envProvider;
    private ProcessProvider processProvider;

    /* loaded from: input_file:com/google/api/gax/rpc/mtls/MtlsProvider$DefaultProcessProvider.class */
    static class DefaultProcessProvider implements ProcessProvider {
        DefaultProcessProvider() {
        }

        @Override // com.google.api.gax.rpc.mtls.MtlsProvider.ProcessProvider
        public Process createProcess(InputStream inputStream) throws IOException {
            if (inputStream == null) {
                return null;
            }
            return new ProcessBuilder(MtlsProvider.extractCertificateProviderCommand(inputStream)).start();
        }
    }

    /* loaded from: input_file:com/google/api/gax/rpc/mtls/MtlsProvider$MtlsEndpointUsagePolicy.class */
    public enum MtlsEndpointUsagePolicy {
        NEVER,
        AUTO,
        ALWAYS
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/google/api/gax/rpc/mtls/MtlsProvider$ProcessProvider.class */
    public interface ProcessProvider {
        Process createProcess(InputStream inputStream) throws IOException;
    }

    @VisibleForTesting
    MtlsProvider(EnvironmentProvider environmentProvider, ProcessProvider processProvider, String str) {
        this.envProvider = environmentProvider;
        this.processProvider = processProvider;
        this.metadataPath = str;
    }

    public MtlsProvider() {
        this(System::getenv, new DefaultProcessProvider(), DEFAULT_CONTEXT_AWARE_METADATA_PATH);
    }

    public boolean useMtlsClientCertificate() {
        return "true".equals(this.envProvider.getenv(MtlsUtils.DefaultMtlsProvider.GOOGLE_API_USE_CLIENT_CERTIFICATE));
    }

    public MtlsEndpointUsagePolicy getMtlsEndpointUsagePolicy() {
        String str = this.envProvider.getenv("GOOGLE_API_USE_MTLS_ENDPOINT");
        return "never".equals(str) ? MtlsEndpointUsagePolicy.NEVER : "always".equals(str) ? MtlsEndpointUsagePolicy.ALWAYS : MtlsEndpointUsagePolicy.AUTO;
    }

    public KeyStore getKeyStore() throws IOException {
        try {
            FileInputStream fileInputStream = new FileInputStream(this.metadataPath);
            Throwable th = null;
            try {
                KeyStore keyStore = getKeyStore(fileInputStream, this.processProvider);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return keyStore;
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (FileNotFoundException e) {
            return null;
        } catch (InterruptedException e2) {
            throw new IOException("Interrupted executing certificate provider command", e2);
        } catch (GeneralSecurityException e3) {
            return null;
        }
    }

    @VisibleForTesting
    static KeyStore getKeyStore(InputStream inputStream, ProcessProvider processProvider) throws IOException, InterruptedException, GeneralSecurityException {
        Process createProcess = processProvider.createProcess(inputStream);
        int runCertificateProviderCommand = runCertificateProviderCommand(createProcess, 1000L);
        if (runCertificateProviderCommand != 0) {
            throw new IOException("Cert provider command failed with exit code: " + runCertificateProviderCommand);
        }
        return SecurityUtils.createMtlsKeyStore(createProcess.getInputStream());
    }

    @VisibleForTesting
    static ImmutableList<String> extractCertificateProviderCommand(InputStream inputStream) throws IOException {
        return ((ContextAwareMetadataJson) new GsonFactory().createJsonParser(inputStream).parse(ContextAwareMetadataJson.class)).getCommands();
    }

    @VisibleForTesting
    static int runCertificateProviderCommand(Process process, long j) throws IOException, InterruptedException {
        long currentTimeMillis = System.currentTimeMillis();
        long j2 = j;
        while (j2 > 0) {
            Thread.sleep(Math.min(j2 + 1, 100L));
            j2 -= System.currentTimeMillis() - currentTimeMillis;
            try {
                return process.exitValue();
            } catch (IllegalThreadStateException e) {
            }
        }
        process.destroy();
        throw new IOException("cert provider command timed out");
    }
}
