package org.bouncycastle.jsse.provider;

import defpackage.a36;
import defpackage.bhb;
import defpackage.bu;
import defpackage.cy8;
import defpackage.du;
import defpackage.dy8;
import defpackage.dz5;
import defpackage.ez8;
import defpackage.fd9;
import defpackage.fn;
import defpackage.gu;
import defpackage.gz8;
import defpackage.m46;
import defpackage.nu;
import defpackage.nvb;
import defpackage.o46;
import defpackage.ox8;
import defpackage.q29;
import defpackage.sf7;
import defpackage.v0;
import defpackage.w49;
import j$.util.DesugarCollections;
import java.lang.ref.SoftReference;
import java.lang.reflect.Method;
import java.net.Socket;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;

/* loaded from: classes5.dex */
public final class ProvX509KeyManager extends nu {
    public static final Logger f = Logger.getLogger(ProvX509KeyManager.class.getName());
    public static final boolean g = ox8.a("org.bouncycastle.jsse.keyManager.checkEKU", true);
    public static final Map<String, c> h;
    public static final Map<String, c> i;
    public final boolean b;
    public final dz5 c;
    public final List<KeyStore.Builder> d;
    public final AtomicLong a = new AtomicLong();
    public final Map<String, SoftReference<KeyStore.PrivateKeyEntry>> e = DesugarCollections.synchronizedMap(new LinkedHashMap<String, SoftReference<KeyStore.PrivateKeyEntry>>(16, 0.75f, true) { // from class: org.bouncycastle.jsse.provider.ProvX509KeyManager.1
        @Override // java.util.LinkedHashMap
        public boolean removeEldestEntry(Map.Entry<String, SoftReference<KeyStore.PrivateKeyEntry>> entry) {
            return size() > 16;
        }
    });

    /* loaded from: classes5.dex */
    public static final class Match implements Comparable<Match> {
        public static final Quality g = Quality.MISMATCH_SNI;
        public static final Match h = new Match(Quality.NONE, Integer.MAX_VALUE, -1, null, null, null);
        public final Quality a;
        public final int b;
        public final int c;
        public final String d;
        public final KeyStore e;
        public final X509Certificate[] f;

        /* loaded from: classes5.dex */
        public enum Quality {
            OK,
            RSA_MULTI_USE,
            MISMATCH_SNI,
            EXPIRED,
            NONE
        }

        public Match(Quality quality, int i, int i2, String str, KeyStore keyStore, X509Certificate[] x509CertificateArr) {
            this.a = quality;
            this.b = i;
            this.c = i2;
            this.d = str;
            this.e = keyStore;
            this.f = x509CertificateArr;
        }

        @Override // java.lang.Comparable
        /* renamed from: j, reason: merged with bridge method [inline-methods] */
        public final int compareTo(Match match) {
            int compare = Boolean.compare(match.l(), l());
            if (compare != 0) {
                return compare;
            }
            int compare2 = Integer.compare(this.b, match.b);
            return compare2 == 0 ? this.a.compareTo(match.a) : compare2;
        }

        public final boolean l() {
            return this.a.compareTo(g) < 0;
        }
    }

    /* loaded from: classes5.dex */
    public static final class a implements c {
        public final String a;
        public final Class<? extends PublicKey> b;
        public final int c;

        public a(String str, Class<? extends PublicKey> cls, int i) {
            this.a = str;
            this.b = cls;
            this.c = i;
        }

        @Override // org.bouncycastle.jsse.provider.ProvX509KeyManager.c
        public final boolean a(PublicKey publicKey, boolean[] zArr, bu buVar) {
            Class<? extends PublicKey> cls;
            String str = this.a;
            return ((str != null && str.equalsIgnoreCase(a36.q(publicKey))) || ((cls = this.b) != null && cls.isInstance(publicKey))) && dy8.g(publicKey, zArr, this.c, buVar);
        }
    }

    /* loaded from: classes5.dex */
    public static final class b implements c {
        public final v0 a;

        public b(v0 v0Var) {
            this.a = v0Var;
        }

        @Override // org.bouncycastle.jsse.provider.ProvX509KeyManager.c
        public final boolean a(PublicKey publicKey, boolean[] zArr, bu buVar) {
            boolean z;
            if ("EC".equalsIgnoreCase(a36.q(publicKey)) || ECPublicKey.class.isInstance(publicKey)) {
                if (this.a.E(a36.n(publicKey))) {
                    z = true;
                    return !z && dy8.g(publicKey, zArr, 0, buVar);
                }
            }
            z = false;
            if (z) {
            }
        }
    }

    /* loaded from: classes5.dex */
    public interface c {
        boolean a(PublicKey publicKey, boolean[] zArr, bu buVar);
    }

    static {
        HashMap hashMap = new HashMap();
        h(hashMap, "Ed25519");
        h(hashMap, "Ed448");
        f(hashMap, 31);
        f(hashMap, 32);
        f(hashMap, 33);
        f(hashMap, 23);
        f(hashMap, 24);
        f(hashMap, 25);
        h(hashMap, "RSA");
        h(hashMap, "RSASSA-PSS");
        g(hashMap, 0, null, DSAPublicKey.class, "DSA");
        g(hashMap, 0, null, ECPublicKey.class, "EC");
        h = Collections.unmodifiableMap(hashMap);
        HashMap hashMap2 = new HashMap();
        h(hashMap2, "Ed25519");
        h(hashMap2, "Ed448");
        f(hashMap2, 31);
        f(hashMap2, 32);
        f(hashMap2, 33);
        f(hashMap2, 23);
        f(hashMap2, 24);
        f(hashMap2, 25);
        h(hashMap2, "RSA");
        h(hashMap2, "RSASSA-PSS");
        i(hashMap2, 0, null, DSAPublicKey.class, 3, 22);
        i(hashMap2, 0, null, ECPublicKey.class, 17);
        i(hashMap2, 0, "RSA", null, 5, 19, 23);
        i(hashMap2, 2, "RSA", null, 1);
        i = Collections.unmodifiableMap(hashMap2);
    }

    public ProvX509KeyManager(boolean z, dz5 dz5Var, List<KeyStore.Builder> list) {
        this.b = z;
        this.c = dz5Var;
        this.d = list;
    }

    public static void f(Map<String, c> map, int i2) {
        v0 h2;
        if (!sf7.a(i2, cy8.g)) {
            throw new IllegalStateException("Invalid named group for TLS 1.3 EC filter");
        }
        String e = sf7.e(i2);
        if (e != null && (h2 = q29.h(e)) != null) {
            if (map.put(a36.m("EC", i2), new b(h2)) != null) {
                throw new IllegalStateException("Duplicate keys in filters");
            }
        } else {
            Logger logger = f;
            StringBuilder a2 = w49.a("Failed to register public key filter for EC with ");
            a2.append(sf7.i(i2));
            logger.warning(a2.toString());
        }
    }

    public static void g(Map<String, c> map, int i2, String str, Class<? extends PublicKey> cls, String... strArr) {
        a aVar = new a(str, cls, i2);
        for (String str2 : strArr) {
            if (map.put(str2, aVar) != null) {
                throw new IllegalStateException("Duplicate keys in filters");
            }
        }
    }

    public static void h(Map<String, c> map, String str) {
        g(map, 0, str, null, str);
    }

    public static void i(Map<String, c> map, int i2, String str, Class<? extends PublicKey> cls, int... iArr) {
        int length = iArr.length;
        String[] strArr = new String[length];
        for (int i3 = 0; i3 < length; i3++) {
            strArr[i3] = a36.h(iArr[i3]);
        }
        g(map, i2, str, cls, strArr);
    }

    public static String m(Match match, String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(match.c);
        sb.append(".");
        return fn.c(sb, match.d, str);
    }

    public static List<String> p(String... strArr) {
        if (strArr == null || strArr.length <= 0) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (str == null) {
                throw new IllegalArgumentException("Key types cannot be null");
            }
            if (!arrayList.contains(str)) {
                arrayList.add(str);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    public static String t(nvb nvbVar, boolean z) {
        du duVar;
        gu r;
        if (nvbVar == null || !z || (duVar = nvbVar.b) == null || (r = a36.r(duVar.f())) == null) {
            return null;
        }
        return r.c;
    }

    public static Set<Principal> u(Principal[] principalArr) {
        if (principalArr == null) {
            return null;
        }
        if (principalArr.length > 0) {
            HashSet hashSet = new HashSet();
            for (Principal principal : principalArr) {
                if (principal != null) {
                    hashSet.add(principal);
                }
            }
            if (!hashSet.isEmpty()) {
                return Collections.unmodifiableSet(hashSet);
            }
        }
        return Collections.emptySet();
    }

    @Override // defpackage.nu
    public final ez8 a(String[] strArr, Principal[] principalArr, Socket socket) {
        return k(p(strArr), principalArr, nvb.a(socket), false);
    }

    @Override // defpackage.nu
    public final ez8 b(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return k(p(strArr), principalArr, nvb.b(sSLEngine), false);
    }

    @Override // defpackage.nu
    public final ez8 c(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return k(p(strArr), principalArr, nvb.b(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return j(p(strArr), principalArr, nvb.a(socket), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public final String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return j(p(strArr), principalArr, nvb.b(sSLEngine), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public final String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return j(p(str), principalArr, nvb.b(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return j(p(str), principalArr, nvb.a(socket), true);
    }

    @Override // defpackage.nu
    public final ez8 d(String[] strArr, Principal[] principalArr, Socket socket) {
        return k(p(strArr), principalArr, nvb.a(socket), true);
    }

    @Override // defpackage.nu
    public final ez8 e(String str, String str2) {
        PrivateKey privateKey;
        KeyStore.PrivateKeyEntry s = s(str2);
        if (s == null || (privateKey = s.getPrivateKey()) == null) {
            return null;
        }
        X509Certificate[] v = a36.v(s.getCertificateChain());
        if (bhb.e0(v)) {
            return null;
        }
        return new ez8(str, privateKey, v);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final X509Certificate[] getCertificateChain(String str) {
        KeyStore.PrivateKeyEntry s = s(str);
        if (s == null) {
            return null;
        }
        return (X509Certificate[]) s.getCertificateChain();
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getClientAliases(String str, Principal[] principalArr) {
        return n(p(str), principalArr, false);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final PrivateKey getPrivateKey(String str) {
        KeyStore.PrivateKeyEntry s = s(str);
        if (s == null) {
            return null;
        }
        return s.getPrivateKey();
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getServerAliases(String str, Principal[] principalArr) {
        return n(p(str), principalArr, true);
    }

    public final String j(List<String> list, Principal[] principalArr, nvb nvbVar, boolean z) {
        Match o = o(list, principalArr, nvbVar, z);
        if (o.compareTo(Match.h) >= 0) {
            f.fine("No matching key found");
            return null;
        }
        String str = list.get(o.b);
        String m = m(o, q());
        Logger logger = f;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Found matching key of type: " + str + ", returning alias: " + m);
        }
        return m;
    }

    public final ez8 k(List<String> list, Principal[] principalArr, nvb nvbVar, boolean z) {
        Match o = o(list, principalArr, nvbVar, z);
        if (o.compareTo(Match.h) < 0) {
            try {
                String str = list.get(o.b);
                ez8 l = l(str, o.c, o.d, o.e, o.f);
                if (l != null) {
                    Logger logger = f;
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("Found matching key of type: " + str + ", from alias: " + o.c + "." + o.d);
                    }
                    return l;
                }
            } catch (Exception e) {
                f.log(Level.FINER, "Failed to load private key", (Throwable) e);
            }
        }
        f.fine("No matching key found");
        return null;
    }

    public final ez8 l(String str, int i2, String str2, KeyStore keyStore, X509Certificate[] x509CertificateArr) {
        KeyStore.ProtectionParameter protectionParameter = this.d.get(i2).getProtectionParameter(str2);
        Method method = o46.a;
        if (protectionParameter == null) {
            throw new UnrecoverableKeyException("requested key requires a password");
        }
        if (!(protectionParameter instanceof KeyStore.PasswordProtection)) {
            throw new UnsupportedOperationException();
        }
        KeyStore.PasswordProtection passwordProtection = (KeyStore.PasswordProtection) protectionParameter;
        Method method2 = o46.a;
        if (method2 != null && fd9.h(passwordProtection, method2) != null) {
            throw new KeyStoreException("unsupported password protection algorithm");
        }
        Key key = keyStore.getKey(str2, passwordProtection.getPassword());
        if (key instanceof PrivateKey) {
            return new ez8(str, (PrivateKey) key, x509CertificateArr);
        }
        return null;
    }

    public final String[] n(List list, Principal[] principalArr, boolean z) {
        int i2;
        int i3;
        if (this.d.isEmpty() || list.isEmpty()) {
            return null;
        }
        int size = list.size();
        Set<Principal> u = u(principalArr);
        bu c2 = nvb.c(null, true);
        Date date = new Date();
        String t = t(null, z);
        int size2 = this.d.size();
        int i4 = 0;
        ArrayList arrayList = null;
        int i5 = 0;
        while (i5 < size2) {
            try {
                KeyStore keyStore = this.d.get(i5).getKeyStore();
                Enumeration<String> aliases = keyStore.aliases();
                ArrayList arrayList2 = arrayList;
                while (aliases.hasMoreElements()) {
                    try {
                        i2 = i5;
                        i3 = size2;
                    } catch (KeyStoreException e) {
                        e = e;
                        i2 = i5;
                        i3 = size2;
                    }
                    try {
                        Match r = r(i5, keyStore, aliases.nextElement(), list, size, u, c2, z, date, t);
                        if (r.compareTo(Match.h) < 0) {
                            ArrayList arrayList3 = arrayList2 == null ? new ArrayList() : arrayList2;
                            arrayList3.add(r);
                            arrayList2 = arrayList3;
                        }
                        i5 = i2;
                        size2 = i3;
                    } catch (KeyStoreException e2) {
                        e = e2;
                        arrayList = arrayList2;
                        f.log(Level.WARNING, "Failed to fully process KeyStore.Builder at index " + i2, (Throwable) e);
                        i5 = i2 + 1;
                        size2 = i3;
                    }
                }
                i2 = i5;
                i3 = size2;
                arrayList = arrayList2;
            } catch (KeyStoreException e3) {
                e = e3;
                i2 = i5;
                i3 = size2;
            }
            i5 = i2 + 1;
            size2 = i3;
        }
        if (arrayList == null || arrayList.isEmpty()) {
            return null;
        }
        Collections.sort(arrayList);
        String q = q();
        String[] strArr = new String[arrayList.size()];
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            strArr[i4] = m((Match) it.next(), q);
            i4++;
        }
        return strArr;
    }

    public final Match o(List<String> list, Principal[] principalArr, nvb nvbVar, boolean z) {
        int i2;
        int i3;
        int i4;
        Match match;
        int i5;
        ProvX509KeyManager provX509KeyManager = this;
        Match match2 = Match.h;
        if (provX509KeyManager.d.isEmpty() || list.isEmpty()) {
            return match2;
        }
        int size = list.size();
        Set<Principal> u = u(principalArr);
        bu c2 = nvb.c(nvbVar, true);
        Date date = new Date();
        String t = t(nvbVar, z);
        int size2 = provX509KeyManager.d.size();
        int i6 = size;
        int i7 = 0;
        Match match3 = match2;
        while (i7 < size2) {
            try {
                KeyStore keyStore = provX509KeyManager.d.get(i7).getKeyStore();
                Enumeration<String> aliases = keyStore.aliases();
                Match match4 = match3;
                int i8 = i6;
                while (aliases.hasMoreElements()) {
                    try {
                        int i9 = i8;
                        match = match4;
                        i2 = i7;
                        i3 = size2;
                        try {
                            match3 = r(i7, keyStore, aliases.nextElement(), list, i8, u, c2, z, date, t);
                            if (match3.compareTo(match) < 0) {
                                try {
                                    if (Match.Quality.OK == match3.a && match3.b == 0) {
                                        return match3;
                                    }
                                    if (match3.l()) {
                                        i5 = i9;
                                        try {
                                            match4 = match3;
                                            i8 = Math.min(i5, match3.b + 1);
                                        } catch (KeyStoreException e) {
                                            e = e;
                                            i6 = i5;
                                            f.log(Level.WARNING, "Failed to fully process KeyStore.Builder at index " + i2, (Throwable) e);
                                            i7 = i2 + 1;
                                            provX509KeyManager = this;
                                            size2 = i3;
                                        }
                                    } else {
                                        match4 = match3;
                                        i8 = i9;
                                    }
                                } catch (KeyStoreException e2) {
                                    e = e2;
                                    i5 = i9;
                                }
                            } else {
                                i8 = i9;
                                match4 = match;
                            }
                            i7 = i2;
                            size2 = i3;
                        } catch (KeyStoreException e3) {
                            e = e3;
                            i4 = i9;
                            i6 = i4;
                            match3 = match;
                            f.log(Level.WARNING, "Failed to fully process KeyStore.Builder at index " + i2, (Throwable) e);
                            i7 = i2 + 1;
                            provX509KeyManager = this;
                            size2 = i3;
                        }
                    } catch (KeyStoreException e4) {
                        e = e4;
                        i4 = i8;
                        match = match4;
                        i2 = i7;
                        i3 = size2;
                    }
                }
                i2 = i7;
                i3 = size2;
                i6 = i8;
                match3 = match4;
            } catch (KeyStoreException e5) {
                e = e5;
                i2 = i7;
                i3 = size2;
            }
            i7 = i2 + 1;
            provX509KeyManager = this;
            size2 = i3;
        }
        return match3;
    }

    public final String q() {
        StringBuilder a2 = w49.a(".");
        a2.append(this.a.incrementAndGet());
        return a2.toString();
    }

    public final Match r(int i2, KeyStore keyStore, String str, List list, int i3, Set set, bu buVar, boolean z, Date date, String str2) {
        boolean z2;
        int i4;
        Match.Quality quality;
        if (keyStore.isKeyEntry(str)) {
            X509Certificate[] v = a36.v(keyStore.getCertificateChain(str));
            if (!bhb.e0(v)) {
                boolean z3 = true;
                if (set != null && !set.isEmpty()) {
                    int length = v.length;
                    while (true) {
                        length--;
                        if (length < 0) {
                            X509Certificate x509Certificate = v[0];
                            if (x509Certificate.getBasicConstraints() < 0 || !set.contains(x509Certificate.getSubjectX500Principal())) {
                                z2 = false;
                            }
                        } else if (set.contains(v[length].getIssuerX500Principal())) {
                            break;
                        }
                    }
                }
                z2 = true;
                if (z2) {
                    X509Certificate x509Certificate2 = v[0];
                    Map<String, c> map = z ? i : h;
                    PublicKey publicKey = x509Certificate2.getPublicKey();
                    boolean[] keyUsage = x509Certificate2.getKeyUsage();
                    int i5 = 0;
                    while (true) {
                        if (i5 < i3) {
                            c cVar = map.get((String) list.get(i5));
                            if (cVar != null && cVar.a(publicKey, keyUsage, buVar)) {
                                i4 = i5;
                                break;
                            }
                            i5++;
                        } else {
                            i4 = -1;
                            break;
                        }
                    }
                    if (i4 >= 0) {
                        String str3 = (String) list.get(i4);
                        f.finer("EE cert potentially usable for key type: " + str3);
                        try {
                            dy8.a(this.b, this.c, buVar, Collections.emptySet(), v, !g ? null : z ? m46.c : m46.d, -1);
                        } catch (CertPathValidatorException e) {
                            f.log(Level.FINEST, "Certificate chain check failed", (Throwable) e);
                            z3 = false;
                        }
                        if (z3) {
                            X509Certificate x509Certificate3 = v[0];
                            try {
                                x509Certificate3.checkValidity(date);
                                if (str2 != null) {
                                    try {
                                        gz8.h(str2, x509Certificate3, "HTTPS");
                                    } catch (CertificateException unused) {
                                        quality = Match.Quality.MISMATCH_SNI;
                                    }
                                }
                            } catch (CertificateException unused2) {
                                quality = Match.Quality.EXPIRED;
                            }
                            if ("RSA".equalsIgnoreCase(a36.q(x509Certificate3.getPublicKey()))) {
                                boolean[] keyUsage2 = x509Certificate3.getKeyUsage();
                                if (dy8.h(keyUsage2, 0) && dy8.h(keyUsage2, 2)) {
                                    quality = Match.Quality.RSA_MULTI_USE;
                                    return new Match(quality, i4, i2, str, keyStore, v);
                                }
                            }
                            quality = Match.Quality.OK;
                            return new Match(quality, i4, i2, str, keyStore, v);
                        }
                        f.finer("Unsuitable chain for key type: " + str3);
                    }
                }
            }
        }
        return Match.h;
    }

    public final KeyStore.PrivateKeyEntry s(String str) {
        int i2;
        int lastIndexOf;
        int parseInt;
        KeyStore.PrivateKeyEntry privateKeyEntry;
        KeyStore.PrivateKeyEntry privateKeyEntry2 = null;
        if (str == null) {
            return null;
        }
        SoftReference<KeyStore.PrivateKeyEntry> softReference = this.e.get(str);
        if (softReference != null && (privateKeyEntry = softReference.get()) != null) {
            return privateKeyEntry;
        }
        try {
            int indexOf = str.indexOf(46, 0);
            if (indexOf > 0 && (lastIndexOf = str.lastIndexOf(46)) > (i2 = indexOf + 1) && (parseInt = Integer.parseInt(str.substring(0, indexOf))) >= 0 && parseInt < this.d.size()) {
                KeyStore.Builder builder = this.d.get(parseInt);
                String substring = str.substring(i2, lastIndexOf);
                KeyStore.Entry entry = builder.getKeyStore().getEntry(substring, builder.getProtectionParameter(substring));
                if (entry instanceof KeyStore.PrivateKeyEntry) {
                    privateKeyEntry2 = (KeyStore.PrivateKeyEntry) entry;
                }
            }
        } catch (Exception e) {
            f.log(Level.FINER, "Failed to load PrivateKeyEntry: " + str, (Throwable) e);
        }
        if (privateKeyEntry2 != null) {
            this.e.put(str, new SoftReference<>(privateKeyEntry2));
        }
        return privateKeyEntry2;
    }
}
