package com.microsoft.mmx.agents.ypp.authclient.trust;

import androidx.annotation.NonNull;
import com.microsoft.appmanager.telemetry.TraceContext;
import com.microsoft.appmanager.utils.AsyncOperation;
import com.microsoft.mmx.agents.ypp.authclient.telemetry.CryptoTrustCertChainManagerTelemetry;
import com.microsoft.mmx.agents.ypp.authclient.trust.CertValidityStatus;
import com.microsoft.mmx.agents.ypp.authclient.trust.CryptoTrustCertChainManager;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.ExecutionException;
import javax.inject.Inject;
import org.joda.time.DateTime;

/* loaded from: classes3.dex */
public class CryptoTrustCertChainManager {
    private final CertChainValidator certChainValidator;
    private final PlatformConfiguration configuration;
    private final CryptoTrustCertChainRepository cryptoTrustCertChainRepository;
    private final Object lock = new Object();
    private final CryptoTrustCertChainManagerTelemetry telemetry;

    @Inject
    public CryptoTrustCertChainManager(@NonNull CryptoTrustCertChainRepository cryptoTrustCertChainRepository, @NonNull PlatformConfiguration platformConfiguration, @NonNull CryptoTrustCertChainManagerTelemetry cryptoTrustCertChainManagerTelemetry, @NonNull CertChainValidator certChainValidator) {
        this.cryptoTrustCertChainRepository = cryptoTrustCertChainRepository;
        this.configuration = platformConfiguration;
        this.telemetry = cryptoTrustCertChainManagerTelemetry;
        this.certChainValidator = certChainValidator;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: checkCertValidity, reason: merged with bridge method [inline-methods] */
    public CertValidityStatus a(@NonNull CryptoTrustCertChain cryptoTrustCertChain, @NonNull TraceContext traceContext) {
        return shouldRefreshRevocationStatus(cryptoTrustCertChain) ? updateCertValidityStatus(cryptoTrustCertChain, traceContext) : cryptoTrustCertChain.getValidityStatus();
    }

    private long getCurrentTime() {
        return DateTime.now().getMillis();
    }

    private boolean isUndeterminedRevocationStatusStillValid(@NonNull CryptoTrustCertChain cryptoTrustCertChain) {
        return CertValidityStatus.UNDETERMINED_REVOCATION_STATUS.equals(cryptoTrustCertChain.getValidityStatus()) && cryptoTrustCertChain.getLastValidTime() > getCurrentTime() - this.configuration.getTrustUndeterminedRevocationCertChainDuration().getMillis();
    }

    private boolean isValidityStatusTrusted(@NonNull CryptoTrustCertChain cryptoTrustCertChain, @NonNull TraceContext traceContext) {
        CertValidityStatus validityStatus = cryptoTrustCertChain.getValidityStatus();
        if (CertValidityStatus.VALID.equals(validityStatus)) {
            return true;
        }
        String leafCertThumbprint = cryptoTrustCertChain.getLeafCertThumbprint();
        if (isUndeterminedRevocationStatusStillValid(cryptoTrustCertChain)) {
            this.telemetry.validCertWithUndeterminedRevocationStatusEvent(leafCertThumbprint, traceContext);
            return true;
        }
        this.telemetry.invalidCertStatusAnomalyEvent(leafCertThumbprint, validityStatus, "isValidityStatusTrusted", cryptoTrustCertChain.getLastValidTime(), cryptoTrustCertChain.getLastValidityCheckedTime(), traceContext);
        return false;
    }

    private void removeExpiredCertChainsLocked(@NonNull TraceContext traceContext) {
        for (CryptoTrustCertChain cryptoTrustCertChain : this.cryptoTrustCertChainRepository.getAllCertChains()) {
            if (CertValidityStatus.EXPIRED.equals(cryptoTrustCertChain.getValidityStatus())) {
                this.cryptoTrustCertChainRepository.remove(cryptoTrustCertChain.getLeafCertThumbprint());
                this.telemetry.removeCertChainDueToExpiredEvent(cryptoTrustCertChain, traceContext);
            }
        }
    }

    private boolean shouldRefreshRevocationStatus(CryptoTrustCertChain cryptoTrustCertChain) {
        return (cryptoTrustCertChain.getValidityStatus().equals(CertValidityStatus.VALID) && (cryptoTrustCertChain.getLastValidityCheckedTime() > (getCurrentTime() - this.configuration.getCertChainValidRevocationCheckInterval().getMillis()) ? 1 : (cryptoTrustCertChain.getLastValidityCheckedTime() == (getCurrentTime() - this.configuration.getCertChainValidRevocationCheckInterval().getMillis()) ? 0 : -1)) < 0) || (cryptoTrustCertChain.getValidityStatus().equals(CertValidityStatus.UNDETERMINED_REVOCATION_STATUS) && (cryptoTrustCertChain.getLastValidityCheckedTime() > (getCurrentTime() - this.configuration.getCertChainUndeterminedRevocationCheckInterval().getMillis()) ? 1 : (cryptoTrustCertChain.getLastValidityCheckedTime() == (getCurrentTime() - this.configuration.getCertChainUndeterminedRevocationCheckInterval().getMillis()) ? 0 : -1)) < 0);
    }

    private CertValidityStatus updateCertValidityStatus(@NonNull CryptoTrustCertChain cryptoTrustCertChain, @NonNull TraceContext traceContext) {
        CertValidityStatus requestCertValidityStatus = this.certChainValidator.requestCertValidityStatus(cryptoTrustCertChain, traceContext);
        this.telemetry.requestCertRevocationStatusEvent(cryptoTrustCertChain.getLeafCertThumbprint(), requestCertValidityStatus, traceContext);
        synchronized (this.lock) {
            if (this.cryptoTrustCertChainRepository.getCertChain(cryptoTrustCertChain.getLeafCertThumbprint()) != null) {
                CryptoTrustCertChain cryptoTrustCertChain2 = new CryptoTrustCertChain(new ArrayList(cryptoTrustCertChain.getCertChain()), requestCertValidityStatus, getCurrentTime(), CertValidityStatus.VALID.equals(requestCertValidityStatus) ? getCurrentTime() : cryptoTrustCertChain.getLastValidTime());
                this.cryptoTrustCertChainRepository.addOrUpdateCertChain(cryptoTrustCertChain2);
                this.telemetry.updateCertChainStatusEvent(cryptoTrustCertChain2, traceContext);
            }
        }
        return requestCertValidityStatus;
    }

    public /* synthetic */ Boolean b(CryptoTrustCertChain cryptoTrustCertChain, TraceContext traceContext, CertValidityStatus certValidityStatus) {
        return Boolean.valueOf(isValidityStatusTrusted(cryptoTrustCertChain, traceContext));
    }

    public AsyncOperation<Boolean> isCertChainValidAsync(@NonNull String str, @NonNull final TraceContext traceContext) {
        if (this.configuration.isCryptoTrustRevocationCheckDisable()) {
            this.telemetry.trustCertChainDueToDisableRevocationCheck(str, traceContext);
            return AsyncOperation.completedFuture(Boolean.TRUE);
        }
        synchronized (this.lock) {
            final CryptoTrustCertChain certChain = this.cryptoTrustCertChainRepository.getCertChain(str);
            if (certChain != null) {
                return AsyncOperation.supplyAsync(new AsyncOperation.Supplier() { // from class: b.e.c.a.n3.f.d.c
                    @Override // com.microsoft.appmanager.utils.AsyncOperation.Supplier
                    public final Object get() {
                        return CryptoTrustCertChainManager.this.a(certChain, traceContext);
                    }
                }).thenApply(new AsyncOperation.ResultFunction() { // from class: b.e.c.a.n3.f.d.b
                    @Override // com.microsoft.appmanager.utils.AsyncOperation.ResultFunction
                    public final Object apply(Object obj) {
                        return CryptoTrustCertChainManager.this.b(certChain, traceContext, (CertValidityStatus) obj);
                    }
                });
            }
            this.telemetry.invalidCertStatusAnomalyEvent(str, CertValidityStatus.CERT_CHAIN_NOT_FOUND, "isCertChainValidAsync", 0L, 0L, traceContext);
            return AsyncOperation.completedFuture(Boolean.FALSE);
        }
    }

    public boolean isCertChainValidSync(@NonNull String str, @NonNull TraceContext traceContext) {
        try {
            return isCertChainValidAsync(str, traceContext).get().booleanValue();
        } catch (InterruptedException | ExecutionException e2) {
            this.telemetry.isCertChainValidSyncInterruptedException(e2, traceContext);
            return true;
        }
    }

    public void putCertChain(@NonNull List<X509Certificate> list, @NonNull TraceContext traceContext) {
        synchronized (this.lock) {
            CryptoTrustCertChain cryptoTrustCertChain = new CryptoTrustCertChain(new ArrayList(list), CertValidityStatus.VALID, System.currentTimeMillis(), 0L);
            if (this.cryptoTrustCertChainRepository.getCertChain(cryptoTrustCertChain.getLeafCertThumbprint()) == null) {
                this.cryptoTrustCertChainRepository.addOrUpdateCertChain(cryptoTrustCertChain);
                this.telemetry.addCertChainEvent(cryptoTrustCertChain, traceContext);
                removeExpiredCertChainsLocked(traceContext);
            }
        }
    }
}
