package org.bouncycastle.jsse.provider;

import defpackage.c9c;
import defpackage.fv;
import defpackage.hv;
import defpackage.j7;
import defpackage.kv;
import defpackage.m86;
import defpackage.mc6;
import defpackage.n99;
import defpackage.o99;
import defpackage.oub;
import defpackage.pa9;
import defpackage.pp7;
import defpackage.ra9;
import defpackage.re7;
import defpackage.rv;
import defpackage.ug0;
import defpackage.w0;
import defpackage.zd6;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;

/* loaded from: classes5.dex */
public final class ProvX509KeyManagerSimple extends rv {
    public static final Logger d = Logger.getLogger(ProvX509KeyManagerSimple.class.getName());
    public static final Map<String, d> e;
    public static final Map<String, d> f;
    public final boolean a;
    public final m86 b;
    public final Map<String, a> c;

    /* loaded from: classes5.dex */
    public static final class Match implements Comparable<Match> {
        public static final Quality d = Quality.MISMATCH_SNI;
        public static final Match e = new Match(Quality.NONE, Integer.MAX_VALUE, null);
        public final Quality a;
        public final int b;
        public final a c;

        /* loaded from: classes5.dex */
        public enum Quality {
            OK,
            RSA_MULTI_USE,
            MISMATCH_SNI,
            EXPIRED,
            NONE
        }

        public Match(Quality quality, int i, a aVar) {
            this.a = quality;
            this.b = i;
            this.c = aVar;
        }

        @Override // java.lang.Comparable
        /* renamed from: j, reason: merged with bridge method [inline-methods] */
        public final int compareTo(Match match) {
            int compare = Boolean.compare(match.l(), l());
            if (compare != 0) {
                return compare;
            }
            int compare2 = Integer.compare(this.b, match.b);
            return compare2 == 0 ? this.a.compareTo(match.a) : compare2;
        }

        public final boolean l() {
            return this.a.compareTo(d) < 0;
        }
    }

    /* loaded from: classes5.dex */
    public static class a {
        public final String a;
        public final PrivateKey b;
        public final X509Certificate[] c;

        public a(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
            this.a = str;
            this.b = privateKey;
            this.c = x509CertificateArr;
        }
    }

    /* loaded from: classes5.dex */
    public static final class b implements d {
        public final String a;
        public final Class<? extends PublicKey> b;
        public final int c;

        public b(String str, Class<? extends PublicKey> cls, int i) {
            this.a = str;
            this.b = cls;
            this.c = i;
        }

        @Override // org.bouncycastle.jsse.provider.ProvX509KeyManagerSimple.d
        public final boolean a(PublicKey publicKey, boolean[] zArr, fv fvVar) {
            Class<? extends PublicKey> cls;
            String str = this.a;
            return ((str != null && str.equalsIgnoreCase(mc6.q(publicKey))) || ((cls = this.b) != null && cls.isInstance(publicKey))) && o99.g(publicKey, zArr, this.c, fvVar);
        }
    }

    /* loaded from: classes5.dex */
    public static final class c implements d {
        public final w0 a;

        public c(w0 w0Var) {
            this.a = w0Var;
        }

        @Override // org.bouncycastle.jsse.provider.ProvX509KeyManagerSimple.d
        public final boolean a(PublicKey publicKey, boolean[] zArr, fv fvVar) {
            boolean z;
            if ("EC".equalsIgnoreCase(mc6.q(publicKey)) || ECPublicKey.class.isInstance(publicKey)) {
                if (this.a.E(mc6.n(publicKey))) {
                    z = true;
                    return !z && o99.g(publicKey, zArr, 0, fvVar);
                }
            }
            z = false;
            if (z) {
            }
        }
    }

    /* loaded from: classes5.dex */
    public interface d {
        boolean a(PublicKey publicKey, boolean[] zArr, fv fvVar);
    }

    static {
        HashMap hashMap = new HashMap();
        h(hashMap, "Ed25519");
        h(hashMap, "Ed448");
        f(hashMap, 31);
        f(hashMap, 32);
        f(hashMap, 33);
        f(hashMap, 23);
        f(hashMap, 24);
        f(hashMap, 25);
        h(hashMap, "RSA");
        h(hashMap, "RSASSA-PSS");
        g(hashMap, 0, null, DSAPublicKey.class, "DSA");
        g(hashMap, 0, null, ECPublicKey.class, "EC");
        e = Collections.unmodifiableMap(hashMap);
        HashMap hashMap2 = new HashMap();
        h(hashMap2, "Ed25519");
        h(hashMap2, "Ed448");
        f(hashMap2, 31);
        f(hashMap2, 32);
        f(hashMap2, 33);
        f(hashMap2, 23);
        f(hashMap2, 24);
        f(hashMap2, 25);
        h(hashMap2, "RSA");
        h(hashMap2, "RSASSA-PSS");
        i(hashMap2, 0, null, DSAPublicKey.class, 3, 22);
        i(hashMap2, 0, null, ECPublicKey.class, 17);
        i(hashMap2, 0, "RSA", null, 5, 19, 23);
        i(hashMap2, 2, "RSA", null, 1);
        f = Collections.unmodifiableMap(hashMap2);
    }

    public ProvX509KeyManagerSimple(boolean z, m86 m86Var, KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        PrivateKey privateKey;
        this.a = z;
        this.b = m86Var;
        HashMap hashMap = new HashMap(4);
        if (keyStore != null) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.entryInstanceOf(nextElement, KeyStore.PrivateKeyEntry.class) && (privateKey = (PrivateKey) keyStore.getKey(nextElement, cArr)) != null) {
                    X509Certificate[] v = mc6.v(keyStore.getCertificateChain(nextElement));
                    if (!oub.e0(v)) {
                        hashMap.put(nextElement, new a(nextElement, privateKey, v));
                    }
                }
            }
        }
        this.c = Collections.unmodifiableMap(hashMap);
    }

    public static void f(Map<String, d> map, int i) {
        w0 c2;
        if (!pp7.a(i, n99.g)) {
            throw new IllegalStateException("Invalid named group for TLS 1.3 EC filter");
        }
        String c3 = pp7.c(i);
        if (c3 != null && (c2 = re7.c(c3)) != null) {
            if (map.put(mc6.m("EC", i), new c(c2)) != null) {
                throw new IllegalStateException("Duplicate keys in filters");
            }
        } else {
            Logger logger = d;
            StringBuilder b2 = ug0.b("Failed to register public key filter for EC with ");
            b2.append(pp7.g(i));
            logger.warning(b2.toString());
        }
    }

    public static void g(Map<String, d> map, int i, String str, Class<? extends PublicKey> cls, String... strArr) {
        b bVar = new b(str, cls, i);
        for (String str2 : strArr) {
            if (map.put(str2, bVar) != null) {
                throw new IllegalStateException("Duplicate keys in filters");
            }
        }
    }

    public static void h(Map<String, d> map, String str) {
        g(map, 0, str, null, str);
    }

    public static void i(Map<String, d> map, int i, String str, Class<? extends PublicKey> cls, int... iArr) {
        int length = iArr.length;
        String[] strArr = new String[length];
        for (int i2 = 0; i2 < length; i2++) {
            strArr[i2] = mc6.h(iArr[i2]);
        }
        g(map, i, str, cls, strArr);
    }

    public static List<String> o(String... strArr) {
        if (strArr == null || strArr.length <= 0) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (str == null) {
                throw new IllegalArgumentException("Key types cannot be null");
            }
            if (!arrayList.contains(str)) {
                arrayList.add(str);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    public static String q(c9c c9cVar, boolean z) {
        hv hvVar;
        kv r;
        if (c9cVar == null || !z || (hvVar = c9cVar.b) == null || (r = mc6.r(hvVar.f())) == null) {
            return null;
        }
        return r.c;
    }

    public static Set<Principal> r(Principal[] principalArr) {
        if (principalArr == null) {
            return null;
        }
        if (principalArr.length > 0) {
            HashSet hashSet = new HashSet();
            for (Principal principal : principalArr) {
                if (principal != null) {
                    hashSet.add(principal);
                }
            }
            if (!hashSet.isEmpty()) {
                return Collections.unmodifiableSet(hashSet);
            }
        }
        return Collections.emptySet();
    }

    @Override // defpackage.rv
    public final pa9 a(String[] strArr, Principal[] principalArr, Socket socket) {
        return k(o(strArr), principalArr, c9c.a(socket), false);
    }

    @Override // defpackage.rv
    public final pa9 b(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return k(o(strArr), principalArr, c9c.b(sSLEngine), false);
    }

    @Override // defpackage.rv
    public final pa9 c(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return k(o(strArr), principalArr, c9c.b(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return j(o(strArr), principalArr, c9c.a(socket), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public final String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return j(o(strArr), principalArr, c9c.b(sSLEngine), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public final String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return j(o(str), principalArr, c9c.b(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return j(o(str), principalArr, c9c.a(socket), true);
    }

    @Override // defpackage.rv
    public final pa9 d(String[] strArr, Principal[] principalArr, Socket socket) {
        return k(o(strArr), principalArr, c9c.a(socket), true);
    }

    @Override // defpackage.rv
    public final pa9 e(String str, String str2) {
        a n = n(str2);
        if (n == null) {
            return null;
        }
        return new pa9(str, n.b, n.c);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final X509Certificate[] getCertificateChain(String str) {
        a n = n(str);
        if (n == null) {
            return null;
        }
        return (X509Certificate[]) n.c.clone();
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getClientAliases(String str, Principal[] principalArr) {
        return l(o(str), principalArr, false);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final PrivateKey getPrivateKey(String str) {
        a n = n(str);
        if (n == null) {
            return null;
        }
        return n.b;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getServerAliases(String str, Principal[] principalArr) {
        return l(o(str), principalArr, true);
    }

    public final String j(List<String> list, Principal[] principalArr, c9c c9cVar, boolean z) {
        Match m = m(list, principalArr, c9cVar, z);
        if (m.compareTo(Match.e) >= 0) {
            d.fine("No matching key found");
            return null;
        }
        String str = list.get(m.b);
        String str2 = m.c.a;
        Logger logger = d;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Found matching key of type: " + str + ", returning alias: " + str2);
        }
        return str2;
    }

    public final pa9 k(List<String> list, Principal[] principalArr, c9c c9cVar, boolean z) {
        Match m = m(list, principalArr, c9cVar, z);
        if (m.compareTo(Match.e) < 0) {
            String str = list.get(m.b);
            a aVar = m.c;
            pa9 pa9Var = aVar == null ? null : new pa9(str, aVar.b, aVar.c);
            if (pa9Var != null) {
                Logger logger = d;
                if (logger.isLoggable(Level.FINE)) {
                    StringBuilder a2 = j7.a("Found matching key of type: ", str, ", from alias: ");
                    a2.append(m.c.a);
                    logger.fine(a2.toString());
                }
                return pa9Var;
            }
        }
        d.fine("No matching key found");
        return null;
    }

    public final String[] l(List list, Principal[] principalArr, boolean z) {
        if (!this.c.isEmpty() && !list.isEmpty()) {
            int size = list.size();
            Set<Principal> r = r(principalArr);
            fv c2 = c9c.c(null, true);
            Date date = new Date();
            String q = q(null, z);
            Iterator<a> it = this.c.values().iterator();
            ArrayList arrayList = null;
            while (it.hasNext()) {
                Match p = p(it.next(), list, size, r, c2, z, date, q);
                if (p.compareTo(Match.e) < 0) {
                    ArrayList arrayList2 = arrayList == null ? new ArrayList() : arrayList;
                    arrayList2.add(p);
                    arrayList = arrayList2;
                }
            }
            if (arrayList != null && !arrayList.isEmpty()) {
                Collections.sort(arrayList);
                String[] strArr = new String[arrayList.size()];
                Iterator it2 = arrayList.iterator();
                int i = 0;
                while (it2.hasNext()) {
                    strArr[i] = ((Match) it2.next()).c.a;
                    i++;
                }
                return strArr;
            }
        }
        return null;
    }

    public final Match m(List<String> list, Principal[] principalArr, c9c c9cVar, boolean z) {
        Match match = Match.e;
        if (this.c.isEmpty() || list.isEmpty()) {
            return match;
        }
        int size = list.size();
        Set<Principal> r = r(principalArr);
        fv c2 = c9c.c(c9cVar, true);
        Date date = new Date();
        String q = q(c9cVar, z);
        Iterator<a> it = this.c.values().iterator();
        Match match2 = match;
        int i = size;
        while (it.hasNext()) {
            int i2 = i;
            Match match3 = match2;
            match2 = p(it.next(), list, i, r, c2, z, date, q);
            if (match2.compareTo(match3) < 0) {
                if (Match.Quality.OK == match2.a && match2.b == 0) {
                    return match2;
                }
                i = match2.l() ? Math.min(i2, match2.b + 1) : i2;
            } else {
                i = i2;
                match2 = match3;
            }
        }
        return match2;
    }

    public final a n(String str) {
        if (str == null) {
            return null;
        }
        return this.c.get(str);
    }

    public final Match p(a aVar, List<String> list, int i, Set<Principal> set, fv fvVar, boolean z, Date date, String str) {
        boolean z2;
        int i2;
        Match.Quality quality;
        X509Certificate[] x509CertificateArr = aVar.c;
        if (!oub.e0(x509CertificateArr)) {
            boolean z3 = true;
            if (set != null && !set.isEmpty()) {
                int length = x509CertificateArr.length;
                while (true) {
                    length--;
                    if (length < 0) {
                        X509Certificate x509Certificate = x509CertificateArr[0];
                        if (x509Certificate.getBasicConstraints() < 0 || !set.contains(x509Certificate.getSubjectX500Principal())) {
                            z2 = false;
                        }
                    } else if (set.contains(x509CertificateArr[length].getIssuerX500Principal())) {
                        break;
                    }
                }
            }
            z2 = true;
            if (z2) {
                X509Certificate x509Certificate2 = x509CertificateArr[0];
                Map<String, d> map = z ? f : e;
                PublicKey publicKey = x509Certificate2.getPublicKey();
                boolean[] keyUsage = x509Certificate2.getKeyUsage();
                int i3 = 0;
                while (true) {
                    if (i3 < i) {
                        d dVar = map.get(list.get(i3));
                        if (dVar != null && dVar.a(publicKey, keyUsage, fvVar)) {
                            i2 = i3;
                            break;
                        }
                        i3++;
                    } else {
                        i2 = -1;
                        break;
                    }
                }
                if (i2 >= 0) {
                    String str2 = list.get(i2);
                    d.finer("EE cert potentially usable for key type: " + str2);
                    try {
                        o99.a(this.a, this.b, fvVar, Collections.emptySet(), x509CertificateArr, !ProvX509KeyManager.g ? null : z ? zd6.c : zd6.d, -1);
                    } catch (CertPathValidatorException e2) {
                        d.log(Level.FINEST, "Certificate chain check failed", (Throwable) e2);
                        z3 = false;
                    }
                    if (z3) {
                        X509Certificate x509Certificate3 = x509CertificateArr[0];
                        try {
                            x509Certificate3.checkValidity(date);
                            if (str != null) {
                                try {
                                    ra9.h(str, x509Certificate3, "HTTPS");
                                } catch (CertificateException unused) {
                                    quality = Match.Quality.MISMATCH_SNI;
                                }
                            }
                        } catch (CertificateException unused2) {
                            quality = Match.Quality.EXPIRED;
                        }
                        if ("RSA".equalsIgnoreCase(mc6.q(x509Certificate3.getPublicKey()))) {
                            boolean[] keyUsage2 = x509Certificate3.getKeyUsage();
                            if (o99.h(keyUsage2, 0) && o99.h(keyUsage2, 2)) {
                                quality = Match.Quality.RSA_MULTI_USE;
                                return new Match(quality, i2, aVar);
                            }
                        }
                        quality = Match.Quality.OK;
                        return new Match(quality, i2, aVar);
                    }
                    d.finer("Unsuitable chain for key type: " + str2);
                }
            }
        }
        return Match.e;
    }
}
