package com.amazon.mobile.ssnap.internal.security;

import android.util.Base64;
import com.amazon.mobile.ssnap.clientstore.BuildConfig;
import com.amazon.mobile.ssnap.metrics.SsnapMetricsHelper;
import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import com.google.common.io.Closeables;
import dagger.Module;
import dagger.Provides;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.util.zip.GZIPInputStream;
import javax.inject.Singleton;

@Module
/* loaded from: classes12.dex */
public class SecurityModule {
    private static final String BOUNCY_CASTLE_KEY_STORE_TYPE = "BKS";
    private static final String DEFAULT_CERTIFICATE_TYPE = "X.509";
    private static final String DEFAULT_CERT_PATH_VALIDATOR_ALGORITHM = "PKIX";

    private Supplier<CertPathValidator> getCertPathValidator() {
        return Suppliers.memoize(new Supplier<CertPathValidator>() { // from class: com.amazon.mobile.ssnap.internal.security.SecurityModule.2
            @Override // com.google.common.base.Supplier
            public CertPathValidator get() {
                try {
                    return CertPathValidator.getInstance(SecurityModule.DEFAULT_CERT_PATH_VALIDATOR_ALGORITHM);
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }

    private Supplier<CertPathParameters> getTrustedCertPathParameters() {
        return Suppliers.memoize(new Supplier<CertPathParameters>() { // from class: com.amazon.mobile.ssnap.internal.security.SecurityModule.3
            @Override // com.google.common.base.Supplier
            public CertPathParameters get() {
                try {
                    PKIXParameters pKIXParameters = new PKIXParameters(SecurityModule.this.getKeyStore());
                    pKIXParameters.setRevocationEnabled(false);
                    return pKIXParameters;
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }

    Supplier<CertificateFactory> getCertificateFactory() {
        return Suppliers.memoize(new Supplier<CertificateFactory>() { // from class: com.amazon.mobile.ssnap.internal.security.SecurityModule.1
            @Override // com.google.common.base.Supplier
            public CertificateFactory get() {
                try {
                    return CertificateFactory.getInstance(SecurityModule.DEFAULT_CERTIFICATE_TYPE);
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }

    KeyStore getKeyStore() throws Exception {
        byte[] decode = Base64.decode(BuildConfig.TRUSTED_CERTS, 0);
        KeyStore keyStore = KeyStore.getInstance(BOUNCY_CASTLE_KEY_STORE_TYPE);
        GZIPInputStream gZIPInputStream = new GZIPInputStream(new ByteArrayInputStream(decode));
        try {
            keyStore.load(gZIPInputStream, "dontcare".toCharArray());
            return keyStore;
        } finally {
            Closeables.closeQuietly(gZIPInputStream);
        }
    }

    @Provides
    @Singleton
    public SecureContentValidator provideSecureContentValidator(SsnapMetricsHelper ssnapMetricsHelper) {
        return new SecureContentValidator(getCertificateFactory(), getCertPathValidator(), getTrustedCertPathParameters(), ssnapMetricsHelper);
    }
}
