package com.google.android.apps.cast;

import android.database.Cursor;
import android.net.Uri;
import android.os.Build;
import android.util.Base64;
import com.google.cast.receiver.ClientAuthCreds;
import com.google.cast.receiver.ClientAuthCredsMediaDrm;
import com.google.devtools.build.android.desugar.runtime.ThrowableExtension;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Iterator;
import java.util.Random;
import java.util.TimeZone;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.chromium.base.ContextUtils;
import org.chromium.base.Log;

/* loaded from: classes.dex */
public class ClientAuthCredsWidevine implements ClientAuthCredsMediaDrm {
    private static final String CAST_CREDS = "cast_creds";
    private static final String CERT_AUTHORITY = "cast.google.com";
    private static final int CERT_MAX_FUZZ_REMAINING_SECS = 432000;
    private static final long CERT_MIN_REMAINING_SECS = 86400;
    private static final String CLOUD_DEVICE_ID = "cloud_device_id";
    private static final String PEM_CERT_PREFIX = "-----BEGIN CERTIFICATE-----";
    private static final String PEM_CERT_SUFFIX = "-----END CERTIFICATE-----";
    private static final String PROVIDER_AUTHORITY = "com.google.android.tvsetup.app.machine.services.castsetup.castsetupinfo.CastInfoProvider";
    private static final int PROVISIONING_TIMEOUT_MILLIS = 10000;
    private static final String TAG = "ClientAuthCredsWidevine";
    private Values mValues;
    private static final String URL = "content://com.google.android.tvsetup.app.machine.services.castsetup.castsetupinfo.CastInfoProvider/cast_infos";
    private static final Uri CONTENT_URI = Uri.parse(URL);
    private static UUID WIDEVINE_UUID = new UUID(-1301668207276963122L, -6645017420763422227L);

    /* loaded from: classes.dex */
    public static class Request {
        public final byte[] data;
        public final String defaultUrl;

        public Request(String str, byte[] bArr) {
            this.defaultUrl = str;
            this.data = bArr;
        }
    }

    /* loaded from: classes.dex */
    private class RsaSignerImpl implements ClientAuthCreds.RsaSigner {
        private RsaSignerImpl() {
        }

        @Override // com.google.cast.receiver.ClientAuthCreds.RsaSigner
        public byte[] signHash(byte[] bArr) {
            return ClientAuthCredsWidevine.this.mValues.wrappedKey;
        }
    }

    /* loaded from: classes.dex */
    public static class Values {
        public final byte[] certs;
        public final byte[] wrappedKey;

        public Values(byte[] bArr, byte[] bArr2) {
            this.certs = bArr;
            this.wrappedKey = bArr2;
        }
    }

    private ClientAuthCredsWidevine(Values values) {
        this.mValues = values;
    }

    private static boolean ensurePreProvisioned() {
        if (ClientAuthRawSigner.isProvisioned()) {
            Log.i(TAG, "ensureProvisioned: already provisioned, nothing more to do.", new Object[0]);
            return true;
        }
        Log.i(TAG, "ensureProvisioned: making provision request.", new Object[0]);
        Request provisionRequest = ClientAuthRawSigner.getProvisionRequest();
        byte[] postRequest = postRequest(provisionRequest.defaultUrl, provisionRequest.data);
        if (postRequest == null) {
            Log.e(TAG, "ensurePreProvisioned: received null response.", new Object[0]);
            return false;
        }
        if (ClientAuthRawSigner.provideProvisionResponse(postRequest)) {
            return true;
        }
        Log.e(TAG, "ensurePreProvisioned: provideProvisionResponse failed.", new Object[0]);
        return false;
    }

    protected static ArrayList<X509Certificate> getCertificates(byte[] bArr) {
        ArrayList<X509Certificate> arrayList = new ArrayList<>();
        if (bArr == null || bArr.length == 0) {
            Log.e(TAG, "getCertificates: certs is null", new Object[0]);
            return arrayList;
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (String str : new String(bArr, "US-ASCII").split(PEM_CERT_SUFFIX)) {
                int indexOf = str.indexOf(PEM_CERT_PREFIX);
                if (indexOf != -1) {
                    arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(str.substring(indexOf + PEM_CERT_PREFIX.length(), str.length()), 0))));
                }
            }
        } catch (UnsupportedEncodingException e) {
            Log.wtf(TAG, "getCertificates: US-ASCII unsupported!", e);
        } catch (IllegalArgumentException e2) {
            Log.e(TAG, "getCertificates: invalid base64", new Object[0]);
        } catch (CertificateException e3) {
            Log.e(TAG, "getCertificates: failed to parse X.509 certificate", new Object[0]);
        }
        return arrayList;
    }

    private static Values makeCredValuesFromString(String str) {
        String str2 = null;
        String str3 = null;
        if (str != null) {
            String[] split = str.split("\\|");
            str2 = split[0];
            str3 = split[1];
        }
        byte[] bArr = null;
        byte[] bArr2 = null;
        if (str2 != null) {
            try {
                bArr = Base64.decode(str2, 0);
            } catch (IllegalArgumentException e) {
                Log.e(TAG, "makeCredValuesFromString: settings value has bad encoding", new Object[0]);
            }
        }
        if (str3 != null) {
            bArr2 = Base64.decode(str3, 0);
        }
        return new Values(bArr, bArr2);
    }

    public static ClientAuthCredsMediaDrm makeCredsFromString(String str) {
        return new ClientAuthCredsWidevine(makeCredValuesFromString(str));
    }

    private static String makeStringFromCredValues(Values values) {
        return Base64.encodeToString(values.certs, 0) + "|" + Base64.encodeToString(values.wrappedKey, 0);
    }

    public static long nextCredsNeededDelaySecs(String str) {
        Values makeCredValuesFromString = makeCredValuesFromString(str);
        if (makeCredValuesFromString.certs == null || makeCredValuesFromString.wrappedKey == null) {
            return 0L;
        }
        return randomizeCredsNeededDelaySecs(nextCredsNeededDelaySecs(Calendar.getInstance(TimeZone.getTimeZone("UTC")), getCertificates(makeCredValuesFromString.certs)));
    }

    protected static long nextCredsNeededDelaySecs(Calendar calendar, ArrayList<X509Certificate> arrayList) {
        if (arrayList == null || arrayList.isEmpty()) {
            return 0L;
        }
        long j = Long.MAX_VALUE;
        Iterator<X509Certificate> it = arrayList.iterator();
        while (it.hasNext()) {
            X509Certificate next = it.next();
            Calendar calendar2 = (Calendar) calendar.clone();
            calendar2.setTime(next.getNotAfter());
            long convert = TimeUnit.SECONDS.convert(calendar2.getTimeInMillis() - calendar.getTimeInMillis(), TimeUnit.MILLISECONDS) - CERT_MIN_REMAINING_SECS;
            if (convert < 0) {
                Log.i(TAG, "nextCredsNeededDelaySecs: cert expiry: diffInSeconds=" + convert + CERT_MIN_REMAINING_SECS, new Object[0]);
                return 0L;
            }
            if (convert < j) {
                j = convert;
            }
        }
        return j;
    }

    private static byte[] postRequest(String str, byte[] bArr) {
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                String str2 = str + (str.contains("?") ? "&" : "?") + "signedRequest=" + new String(bArr, "US-ASCII");
                Log.d(TAG, "PostRequest:" + str2, new Object[0]);
                HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL(str2).openConnection();
                httpURLConnection2.setDoOutput(true);
                httpURLConnection2.setConnectTimeout(10000);
                httpURLConnection2.setReadTimeout(10000);
                httpURLConnection2.setRequestProperty("Accept", "*/*");
                httpURLConnection2.setRequestProperty("Accept-Encoding", "identity");
                int responseCode = httpURLConnection2.getResponseCode();
                if (responseCode != 200) {
                    Log.e(TAG, "Server returned HTTP error code " + responseCode, new Object[0]);
                    if (httpURLConnection2 != null) {
                        httpURLConnection2.disconnect();
                    }
                    return null;
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                streamCopy(httpURLConnection2.getInputStream(), byteArrayOutputStream);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                if (httpURLConnection2 != null) {
                    httpURLConnection2.disconnect();
                }
                return byteArray;
            } catch (UnsupportedEncodingException e) {
                Log.wtf(TAG, "postRequest: US-ASCII unsupported", e);
                if (0 != 0) {
                    httpURLConnection.disconnect();
                }
                return null;
            } catch (IOException e2) {
                Log.e(TAG, "postRequest: Connection to server failed: ", e2.getMessage());
                if (0 != 0) {
                    httpURLConnection.disconnect();
                }
                return null;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    public static String provisionCredsSync() {
        if (!ensurePreProvisioned()) {
            return null;
        }
        Request credentialRequest = ClientAuthRawSigner.getCredentialRequest(CERT_AUTHORITY);
        byte[] postRequest = postRequest(credentialRequest.defaultUrl, credentialRequest.data);
        if (postRequest == null) {
            Log.e(TAG, "attemptCredsProvisioning. Received null response.", new Object[0]);
            return null;
        }
        Values extractCredentials = ClientAuthRawSigner.extractCredentials(postRequest);
        if (extractCredentials != null) {
            return refreshCreds(makeStringFromCredValues(extractCredentials));
        }
        Log.e(TAG, "attemptCredsProvisioning. Failed to extract credentials from response.", new Object[0]);
        return null;
    }

    protected static long randomizeCredsNeededDelaySecs(long j) {
        long nextInt = j - new Random().nextInt(CERT_MAX_FUZZ_REMAINING_SECS);
        if (nextInt < 0) {
            return 0L;
        }
        return nextInt;
    }

    private static String refreshCreds(String str) {
        if (Build.VERSION.SDK_INT < 26) {
            return str;
        }
        Cursor query = ContextUtils.getApplicationContext().getContentResolver().query(CONTENT_URI, null, null, null);
        if (query != null) {
            try {
                if (query.getCount() != 0) {
                    query.moveToFirst();
                    String string = query.getString(query.getColumnIndexOrThrow(CAST_CREDS));
                    if (query != null) {
                        query.close();
                    }
                    return string;
                }
            } catch (Throwable th) {
                if (query != null) {
                    try {
                        query.close();
                    } catch (Throwable th2) {
                        ThrowableExtension.addSuppressed(th, th2);
                    }
                }
                throw th;
            }
        }
        if (query != null) {
            query.close();
        }
        return str;
    }

    private static void streamCopy(InputStream inputStream, OutputStream outputStream) throws IOException {
        byte[] bArr = new byte[4096];
        int read = inputStream.read(bArr);
        while (read >= 0) {
            outputStream.write(bArr, 0, read);
            read = inputStream.read(bArr);
        }
        inputStream.close();
        outputStream.close();
    }

    @Override // com.google.cast.receiver.ClientAuthCreds
    public byte[] getCerts() {
        return this.mValues.certs;
    }

    @Override // com.google.cast.receiver.ClientAuthCredsMediaDrm
    public UUID getDrmUuid() {
        return WIDEVINE_UUID;
    }

    @Override // com.google.cast.receiver.ClientAuthCreds
    public ClientAuthCreds.RsaSigner makeRsaSigner() {
        return new RsaSignerImpl();
    }
}
