package com.amazon.kindle.download.okhttp;

import android.content.Context;
import android.os.SystemClock;
import com.amazon.kindle.krx.metrics.IMetricsManager;
import com.amazon.kindle.log.Log;
import com.amazon.kindle.services.download.DownloadUtils;
import com.amazon.kindle.util.TimeUtils;
import com.amazon.kindle.webservices.X509CertificateUtilsKt;
import com.amazon.kindle.webservices.X509CustomTrust;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import okhttp3.OkHttpClient;

/* compiled from: OkHttpClientProvider.kt */
/* loaded from: classes2.dex */
public final class OkHttpClientProvider implements Function0<OkHttpClient> {
    public static final Companion Companion = new Companion(null);
    private static final String TAG = DownloadUtils.getDownloadModuleTag(OkHttpClientProvider.class);
    private final Lazy cachedClient$delegate;
    private final Context context;
    private final IMetricsManager metricsManager;

    /* compiled from: OkHttpClientProvider.kt */
    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public OkHttpClientProvider(Context context, IMetricsManager metricsManager) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(metricsManager, "metricsManager");
        this.context = context;
        this.metricsManager = metricsManager;
        this.cachedClient$delegate = LazyKt.lazy(new OkHttpClientProvider$cachedClient$2(this));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final OkHttpClient buildClient() {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        injectSslConfiguration(builder);
        OkHttpClient build = builder.build();
        Intrinsics.checkExpressionValueIsNotNull(build, "clientBuilder.build()");
        return build;
    }

    private final OkHttpClient getCachedClient() {
        return (OkHttpClient) this.cachedClient$delegate.getValue();
    }

    private final void handleExpiredCertificate(X509Certificate x509Certificate) {
        IMetricsManager iMetricsManager = this.metricsManager;
        String str = TAG;
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        Intrinsics.checkExpressionValueIsNotNull(subjectX500Principal, "cert.subjectX500Principal");
        iMetricsManager.reportMetric(str, "EXPIRED_CERTIFICATE_AUTHORITY", MapsKt.mapOf(TuplesKt.to("SUBJECT_PRINCIPLE_NAME", subjectX500Principal.getName()), TuplesKt.to("CA_SERIAL_NUMBER_HEX", x509Certificate.getSerialNumber().toString(16)), TuplesKt.to("CA_EXPIRATION", x509Certificate.getNotAfter().toString())));
    }

    private final void injectSslConfiguration(OkHttpClient.Builder builder) {
        long uptimeMillis = SystemClock.uptimeMillis();
        Set union = CollectionsKt.union(X509CertificateUtilsKt.getATS_TRUST_ROOT_CERTS(), X509CertificateUtilsKt.getDIGICERT_TRUST_ROOT_CERTS());
        try {
            Calendar utcCalendarForCurrentTime = TimeUtils.getUtcCalendarForCurrentTime();
            Intrinsics.checkExpressionValueIsNotNull(utcCalendarForCurrentTime, "TimeUtils.getUtcCalendarForCurrentTime()");
            Date time = utcCalendarForCurrentTime.getTime();
            Set set = union;
            ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(set, 10));
            Iterator it = set.iterator();
            while (it.hasNext()) {
                arrayList.add(X509CertificateUtilsKt.readX509CertificateFromRawResource(((Number) it.next()).intValue(), this.context));
            }
            ArrayList arrayList2 = new ArrayList();
            ArrayList arrayList3 = new ArrayList();
            for (Object obj : arrayList) {
                if (time.after(((X509Certificate) obj).getNotAfter())) {
                    arrayList2.add(obj);
                } else {
                    arrayList3.add(obj);
                }
            }
            Pair pair = new Pair(arrayList2, arrayList3);
            List list = (List) pair.component1();
            List<? extends X509Certificate> list2 = (List) pair.component2();
            Iterator it2 = list.iterator();
            while (it2.hasNext()) {
                handleExpiredCertificate((X509Certificate) it2.next());
            }
            X509CustomTrust build = new X509CustomTrust.Builder().addTrustedCertificates(list2).addPlatformTrustedCertificates().build();
            builder.sslSocketFactory(build.getSslContext().getSocketFactory(), build.getTrustManager());
            long uptimeMillis2 = SystemClock.uptimeMillis() - uptimeMillis;
            this.metricsManager.reportTimerMetric(TAG, "CERTIFICATES_PROCESSED", uptimeMillis2);
            Log.debug(TAG, "Processed the bundled CA certificates in " + uptimeMillis2 + " millis");
        } catch (Exception e) {
            Log.error(TAG, "Unable to inject Kindle's TrustManager into OkHttp due to error", e);
            String simpleName = Reflection.getOrCreateKotlinClass(e.getClass()).getSimpleName();
            if (simpleName == null) {
                simpleName = "UNKNOWN";
            }
            this.metricsManager.reportMetric(TAG, "TRUST_MANAGER_EXCEPTION", MapsKt.mapOf(TuplesKt.to("EXCEPTION_CLASS", simpleName)));
        }
    }

    @Override // kotlin.jvm.functions.Function0
    public OkHttpClient invoke() {
        return getCachedClient();
    }
}
