package org.bouncycastle.jsse.provider;

import j$.util.DesugarCollections;
import java.lang.ref.SoftReference;
import java.lang.reflect.Method;
import java.net.Socket;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;

/* loaded from: classes4.dex */
public final class x1 extends zc.g {

    /* renamed from: f, reason: collision with root package name */
    public static final Logger f23021f = Logger.getLogger(x1.class.getName());

    /* renamed from: g, reason: collision with root package name */
    public static final boolean f23022g = o0.a("org.bouncycastle.jsse.keyManager.checkEKU", true);

    /* renamed from: h, reason: collision with root package name */
    public static final Map f23023h;

    /* renamed from: i, reason: collision with root package name */
    public static final Map f23024i;

    /* renamed from: a, reason: collision with root package name */
    public final AtomicLong f23025a = new AtomicLong();

    /* renamed from: b, reason: collision with root package name */
    public final boolean f23026b;

    /* renamed from: c, reason: collision with root package name */
    public final wc.b f23027c;

    /* renamed from: d, reason: collision with root package name */
    public final List f23028d;

    /* renamed from: e, reason: collision with root package name */
    public final Map f23029e;

    static {
        HashMap hashMap = new HashMap();
        g("Ed25519", hashMap);
        g("Ed448", hashMap);
        f(hashMap, 31);
        f(hashMap, 32);
        f(hashMap, 33);
        f(hashMap, 23);
        f(hashMap, 24);
        f(hashMap, 25);
        g("RSA", hashMap);
        g("RSASSA-PSS", hashMap);
        h(hashMap, 0, null, DSAPublicKey.class, "DSA");
        h(hashMap, 0, null, ECPublicKey.class, "EC");
        f23023h = Collections.unmodifiableMap(hashMap);
        HashMap hashMap2 = new HashMap();
        g("Ed25519", hashMap2);
        g("Ed448", hashMap2);
        f(hashMap2, 31);
        f(hashMap2, 32);
        f(hashMap2, 33);
        f(hashMap2, 23);
        f(hashMap2, 24);
        f(hashMap2, 25);
        g("RSA", hashMap2);
        g("RSASSA-PSS", hashMap2);
        i(hashMap2, 0, null, DSAPublicKey.class, 3, 22);
        i(hashMap2, 0, null, ECPublicKey.class, 17);
        i(hashMap2, 0, "RSA", null, 5, 19, 23);
        i(hashMap2, 2, "RSA", null, 1);
        f23024i = Collections.unmodifiableMap(hashMap2);
    }

    public x1(boolean z10, wc.b bVar, List list) {
        final float f10 = 0.75f;
        final boolean z11 = true;
        final int i10 = 16;
        this.f23029e = DesugarCollections.synchronizedMap(new LinkedHashMap<String, SoftReference<KeyStore.PrivateKeyEntry>>(i10, f10, z11) { // from class: org.bouncycastle.jsse.provider.ProvX509KeyManager$1
            @Override // java.util.LinkedHashMap
            public boolean removeEldestEntry(Map.Entry<String, SoftReference<KeyStore.PrivateKeyEntry>> entry) {
                return size() > 16;
            }
        });
        this.f23026b = z10;
        this.f23027c = bVar;
        this.f23028d = list;
    }

    public static void f(HashMap hashMap, int i10) {
        pb.r O;
        if (!org.slf4j.helpers.c.n(i10, org.bouncycastle.tls.u.f23274g)) {
            throw new IllegalStateException("Invalid named group for TLS 1.3 EC filter");
        }
        String x10 = org.slf4j.helpers.c.x(i10);
        if (x10 != null && (O = kotlinx.coroutines.e0.O(x10)) != null) {
            if (hashMap.put(y.k(i10, "EC"), new u1(O)) != null) {
                throw new IllegalStateException("Duplicate keys in filters");
            }
        } else {
            f23021f.warning("Failed to register public key filter for EC with " + org.slf4j.helpers.c.H(i10));
        }
    }

    public static void g(String str, HashMap hashMap) {
        h(hashMap, 0, str, null, str);
    }

    public static void h(HashMap hashMap, int i10, String str, Class cls, String... strArr) {
        t1 t1Var = new t1(str, i10, cls);
        for (String str2 : strArr) {
            if (hashMap.put(str2, t1Var) != null) {
                throw new IllegalStateException("Duplicate keys in filters");
            }
        }
    }

    public static void i(HashMap hashMap, int i10, String str, Class cls, int... iArr) {
        int length = iArr.length;
        String[] strArr = new String[length];
        for (int i11 = 0; i11 < length; i11++) {
            strArr[i11] = y.g(iArr[i11]);
        }
        h(hashMap, i10, str, cls, strArr);
    }

    public static List o(String... strArr) {
        if (strArr == null || strArr.length <= 0) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (str == null) {
                throw new IllegalArgumentException("Key types cannot be null");
            }
            if (!arrayList.contains(str)) {
                arrayList.add(str);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    public static Set r(Principal[] principalArr) {
        if (principalArr == null) {
            return null;
        }
        if (principalArr.length > 0) {
            HashSet hashSet = new HashSet();
            for (Principal principal : principalArr) {
                if (principal != null) {
                    hashSet.add(principal);
                }
            }
            if (!hashSet.isEmpty()) {
                return Collections.unmodifiableSet(hashSet);
            }
        }
        return Collections.emptySet();
    }

    @Override // zc.g
    public final m7.r a(String[] strArr, Principal[] principalArr, Socket socket) {
        return k(o(strArr), principalArr, p5.d.c(socket), false);
    }

    @Override // zc.g
    public final m7.r b(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return k(o(strArr), principalArr, p5.d.d(sSLEngine), false);
    }

    @Override // zc.g
    public final m7.r c(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return k(o(strArr), principalArr, p5.d.d(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return j(o(strArr), principalArr, p5.d.c(socket), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public final String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return j(o(strArr), principalArr, p5.d.d(sSLEngine), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public final String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return j(o(str), principalArr, p5.d.d(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return j(o(str), principalArr, p5.d.c(socket), true);
    }

    @Override // zc.g
    public final m7.r d(String[] strArr, Principal[] principalArr, Socket socket) {
        return k(o(strArr), principalArr, p5.d.c(socket), true);
    }

    @Override // zc.g
    public final m7.r e(String str, String str2) {
        PrivateKey privateKey;
        KeyStore.PrivateKeyEntry q10 = q(str2);
        if (q10 == null || (privateKey = q10.getPrivateKey()) == null) {
            return null;
        }
        X509Certificate[] t10 = y.t(q10.getCertificateChain());
        if (org.bouncycastle.tls.b1.M(t10)) {
            return null;
        }
        return new m7.r(str, 4, privateKey, t10);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final X509Certificate[] getCertificateChain(String str) {
        KeyStore.PrivateKeyEntry q10 = q(str);
        if (q10 == null) {
            return null;
        }
        return (X509Certificate[]) q10.getCertificateChain();
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getClientAliases(String str, Principal[] principalArr) {
        return m(o(str), principalArr, false);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final PrivateKey getPrivateKey(String str) {
        KeyStore.PrivateKeyEntry q10 = q(str);
        if (q10 == null) {
            return null;
        }
        return q10.getPrivateKey();
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getServerAliases(String str, Principal[] principalArr) {
        return m(o(str), principalArr, true);
    }

    public final String j(List list, Principal[] principalArr, p5.d dVar, boolean z10) {
        v1 n10 = n(list, principalArr, dVar, z10);
        int compareTo = n10.compareTo(v1.f22998h);
        Logger logger = f23021f;
        if (compareTo >= 0) {
            logger.fine("No matching key found");
            return null;
        }
        String str = (String) list.get(n10.f23000b);
        String str2 = "." + this.f23025a.incrementAndGet();
        StringBuilder sb2 = new StringBuilder();
        sb2.append(n10.f23001c);
        sb2.append(".");
        String r10 = android.support.v4.media.b.r(sb2, n10.f23002d, str2);
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Found matching key of type: " + str + ", returning alias: " + r10);
        }
        return r10;
    }

    public final m7.r k(List list, Principal[] principalArr, p5.d dVar, boolean z10) {
        v1 n10 = n(list, principalArr, dVar, z10);
        int compareTo = n10.compareTo(v1.f22998h);
        Logger logger = f23021f;
        if (compareTo < 0) {
            try {
                String str = (String) list.get(n10.f23000b);
                m7.r l10 = l(str, n10.f23001c, n10.f23002d, n10.f23003e, n10.f23004f);
                if (l10 != null) {
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("Found matching key of type: " + str + ", from alias: " + n10.f23001c + "." + n10.f23002d);
                    }
                    return l10;
                }
            } catch (Exception e2) {
                logger.log(Level.FINER, "Failed to load private key", (Throwable) e2);
            }
        }
        logger.fine("No matching key found");
        return null;
    }

    public final m7.r l(String str, int i10, String str2, KeyStore keyStore, X509Certificate[] x509CertificateArr) {
        KeyStore.ProtectionParameter protectionParameter = ((KeyStore.Builder) this.f23028d.get(i10)).getProtectionParameter(str2);
        Method method = l0.f22888a;
        if (protectionParameter == null) {
            throw new UnrecoverableKeyException("requested key requires a password");
        }
        if (!(protectionParameter instanceof KeyStore.PasswordProtection)) {
            throw new UnsupportedOperationException();
        }
        KeyStore.PasswordProtection passwordProtection = (KeyStore.PasswordProtection) protectionParameter;
        Method method2 = l0.f22888a;
        if (method2 != null && kotlin.text.i.E0(passwordProtection, method2) != null) {
            throw new KeyStoreException("unsupported password protection algorithm");
        }
        Key key = keyStore.getKey(str2, passwordProtection.getPassword());
        if (!(key instanceof PrivateKey)) {
            return null;
        }
        return new m7.r(str, 4, (PrivateKey) key, x509CertificateArr);
    }

    public final String[] m(List list, Principal[] principalArr, boolean z10) {
        int i10;
        List list2;
        int i11;
        List list3 = this.f23028d;
        ArrayList<v1> arrayList = null;
        if (list3.isEmpty() || list.isEmpty()) {
            return null;
        }
        int size = list.size();
        Set r10 = r(principalArr);
        q0 g10 = p5.d.g(null, true);
        Date date = new Date();
        int size2 = list3.size();
        int i12 = 0;
        int i13 = 0;
        while (i13 < size2) {
            try {
                KeyStore keyStore = ((KeyStore.Builder) list3.get(i13)).getKeyStore();
                Enumeration<String> aliases = keyStore.aliases();
                ArrayList arrayList2 = arrayList;
                while (aliases.hasMoreElements()) {
                    try {
                        list2 = list3;
                        i11 = i13;
                        i10 = size2;
                        try {
                            v1 p10 = p(i13, keyStore, aliases.nextElement(), list, size, r10, g10, z10, date, null);
                            if (p10.compareTo(v1.f22998h) < 0) {
                                ArrayList arrayList3 = arrayList2 == null ? new ArrayList() : arrayList2;
                                arrayList3.add(p10);
                                arrayList2 = arrayList3;
                            }
                            i13 = i11;
                            list3 = list2;
                            size2 = i10;
                        } catch (KeyStoreException e2) {
                            e = e2;
                            arrayList = arrayList2;
                            f23021f.log(Level.WARNING, android.support.v4.media.b.g("Failed to fully process KeyStore.Builder at index ", i11), (Throwable) e);
                            i13 = i11 + 1;
                            list3 = list2;
                            size2 = i10;
                        }
                    } catch (KeyStoreException e10) {
                        e = e10;
                        i10 = size2;
                        list2 = list3;
                        i11 = i13;
                    }
                }
                i10 = size2;
                list2 = list3;
                i11 = i13;
                arrayList = arrayList2;
            } catch (KeyStoreException e11) {
                e = e11;
                i10 = size2;
                list2 = list3;
                i11 = i13;
            }
            i13 = i11 + 1;
            list3 = list2;
            size2 = i10;
        }
        if (arrayList == null || arrayList.isEmpty()) {
            return null;
        }
        Collections.sort(arrayList);
        String str = "." + this.f23025a.incrementAndGet();
        String[] strArr = new String[arrayList.size()];
        for (v1 v1Var : arrayList) {
            StringBuilder sb2 = new StringBuilder();
            sb2.append(v1Var.f23001c);
            sb2.append(".");
            strArr[i12] = android.support.v4.media.b.r(sb2, v1Var.f23002d, str);
            i12++;
        }
        return strArr;
    }

    public final v1 n(List list, Principal[] principalArr, p5.d dVar, boolean z10) {
        int i10;
        List list2;
        int i11;
        v1 v1Var;
        zc.a aVar;
        zc.b p10;
        v1 v1Var2 = v1.f22998h;
        List list3 = this.f23028d;
        if (list3.isEmpty() || list.isEmpty()) {
            return v1Var2;
        }
        int size = list.size();
        Set r10 = r(principalArr);
        q0 g10 = p5.d.g(dVar, true);
        Date date = new Date();
        String str = (dVar == null || !z10 || (aVar = (zc.a) dVar.f24160c) == null || (p10 = y.p(aVar.e())) == null) ? null : p10.f26896c;
        int size2 = list3.size();
        int i12 = size;
        v1 v1Var3 = v1Var2;
        int i13 = 0;
        while (i13 < size2) {
            try {
                KeyStore keyStore = ((KeyStore.Builder) list3.get(i13)).getKeyStore();
                Enumeration<String> aliases = keyStore.aliases();
                v1 v1Var4 = v1Var3;
                int i14 = i12;
                while (aliases.hasMoreElements()) {
                    try {
                        i11 = i14;
                        list2 = list3;
                        v1Var = v1Var4;
                        i10 = size2;
                    } catch (KeyStoreException e2) {
                        e = e2;
                        i11 = i14;
                        i10 = size2;
                        list2 = list3;
                        v1Var = v1Var4;
                    }
                    try {
                        v1Var4 = p(i13, keyStore, aliases.nextElement(), list, i14, r10, g10, z10, date, str);
                        if (v1Var4.compareTo(v1Var) < 0) {
                            try {
                                ProvX509KeyManager$Match$Quality provX509KeyManager$Match$Quality = ProvX509KeyManager$Match$Quality.OK;
                                ProvX509KeyManager$Match$Quality provX509KeyManager$Match$Quality2 = v1Var4.f22999a;
                                int i15 = v1Var4.f23000b;
                                if (provX509KeyManager$Match$Quality == provX509KeyManager$Match$Quality2 && i15 == 0) {
                                    return v1Var4;
                                }
                                if (provX509KeyManager$Match$Quality2.compareTo(v1.f22997g) < 0) {
                                    i14 = Math.min(i11, i15 + 1);
                                    list3 = list2;
                                    size2 = i10;
                                }
                            } catch (KeyStoreException e10) {
                                e = e10;
                                v1Var3 = v1Var4;
                                i12 = i11;
                                f23021f.log(Level.WARNING, android.support.v4.media.b.g("Failed to fully process KeyStore.Builder at index ", i13), (Throwable) e);
                                i13++;
                                list3 = list2;
                                size2 = i10;
                            }
                        } else {
                            v1Var4 = v1Var;
                        }
                        i14 = i11;
                        list3 = list2;
                        size2 = i10;
                    } catch (KeyStoreException e11) {
                        e = e11;
                        v1Var3 = v1Var;
                        i12 = i11;
                        f23021f.log(Level.WARNING, android.support.v4.media.b.g("Failed to fully process KeyStore.Builder at index ", i13), (Throwable) e);
                        i13++;
                        list3 = list2;
                        size2 = i10;
                    }
                }
                i10 = size2;
                list2 = list3;
                i12 = i14;
                v1Var3 = v1Var4;
            } catch (KeyStoreException e12) {
                e = e12;
                i10 = size2;
                list2 = list3;
            }
            i13++;
            list3 = list2;
            size2 = i10;
        }
        return v1Var3;
    }

    public final v1 p(int i10, KeyStore keyStore, String str, List list, int i11, Set set, q0 q0Var, boolean z10, Date date, String str2) {
        boolean z11;
        int i12;
        ProvX509KeyManager$Match$Quality provX509KeyManager$Match$Quality;
        if (keyStore.isKeyEntry(str)) {
            X509Certificate[] t10 = y.t(keyStore.getCertificateChain(str));
            if (!org.bouncycastle.tls.b1.M(t10)) {
                boolean z12 = true;
                if (set != null && !set.isEmpty()) {
                    int length = t10.length;
                    while (true) {
                        length--;
                        if (length < 0) {
                            X509Certificate x509Certificate = t10[0];
                            if (x509Certificate.getBasicConstraints() < 0 || !set.contains(x509Certificate.getSubjectX500Principal())) {
                                z11 = false;
                            }
                        } else if (set.contains(t10[length].getIssuerX500Principal())) {
                            break;
                        }
                    }
                }
                z11 = true;
                if (z11) {
                    X509Certificate x509Certificate2 = t10[0];
                    Map map = z10 ? f23024i : f23023h;
                    PublicKey publicKey = x509Certificate2.getPublicKey();
                    boolean[] keyUsage = x509Certificate2.getKeyUsage();
                    int i13 = 0;
                    while (true) {
                        if (i13 < i11) {
                            w1 w1Var = (w1) map.get((String) list.get(i13));
                            if (w1Var != null && w1Var.a(publicKey, keyUsage, q0Var)) {
                                i12 = i13;
                                break;
                            }
                            i13++;
                        } else {
                            i12 = -1;
                            break;
                        }
                    }
                    if (i12 >= 0) {
                        String str3 = (String) list.get(i12);
                        String p10 = com.google.android.gms.internal.mlkit_vision_common.c.p("EE cert potentially usable for key type: ", str3);
                        Logger logger = f23021f;
                        logger.finer(p10);
                        try {
                            p0.a(this.f23026b, this.f23027c, q0Var, Collections.emptySet(), t10, !f23022g ? null : z10 ? ic.f.f19445c : ic.f.f19446d, -1);
                        } catch (CertPathValidatorException e2) {
                            logger.log(Level.FINEST, "Certificate chain check failed", (Throwable) e2);
                            z12 = false;
                        }
                        if (z12) {
                            X509Certificate x509Certificate3 = t10[0];
                            try {
                                x509Certificate3.checkValidity(date);
                                if (str2 != null) {
                                    try {
                                        f2.g(str2, x509Certificate3, "HTTPS");
                                    } catch (CertificateException unused) {
                                        provX509KeyManager$Match$Quality = ProvX509KeyManager$Match$Quality.MISMATCH_SNI;
                                    }
                                }
                            } catch (CertificateException unused2) {
                                provX509KeyManager$Match$Quality = ProvX509KeyManager$Match$Quality.EXPIRED;
                            }
                            if ("RSA".equalsIgnoreCase(y.o(x509Certificate3.getPublicKey()))) {
                                boolean[] keyUsage2 = x509Certificate3.getKeyUsage();
                                if (p0.h(keyUsage2, 0) && p0.h(keyUsage2, 2)) {
                                    provX509KeyManager$Match$Quality = ProvX509KeyManager$Match$Quality.RSA_MULTI_USE;
                                    return new v1(provX509KeyManager$Match$Quality, i12, i10, str, keyStore, t10);
                                }
                            }
                            provX509KeyManager$Match$Quality = ProvX509KeyManager$Match$Quality.OK;
                            return new v1(provX509KeyManager$Match$Quality, i12, i10, str, keyStore, t10);
                        }
                        logger.finer("Unsuitable chain for key type: " + str3);
                    }
                }
            }
        }
        return v1.f22998h;
    }

    public final KeyStore.PrivateKeyEntry q(String str) {
        int i10;
        int lastIndexOf;
        int parseInt;
        KeyStore.PrivateKeyEntry privateKeyEntry;
        KeyStore.PrivateKeyEntry privateKeyEntry2 = null;
        if (str == null) {
            return null;
        }
        Map map = this.f23029e;
        SoftReference softReference = (SoftReference) map.get(str);
        if (softReference != null && (privateKeyEntry = (KeyStore.PrivateKeyEntry) softReference.get()) != null) {
            return privateKeyEntry;
        }
        List list = this.f23028d;
        try {
            int indexOf = str.indexOf(46, 0);
            if (indexOf > 0 && (lastIndexOf = str.lastIndexOf(46)) > (i10 = indexOf + 1) && (parseInt = Integer.parseInt(str.substring(0, indexOf))) >= 0 && parseInt < list.size()) {
                KeyStore.Builder builder = (KeyStore.Builder) list.get(parseInt);
                String substring = str.substring(i10, lastIndexOf);
                KeyStore.Entry entry = builder.getKeyStore().getEntry(substring, builder.getProtectionParameter(substring));
                if (entry instanceof KeyStore.PrivateKeyEntry) {
                    privateKeyEntry2 = (KeyStore.PrivateKeyEntry) entry;
                }
            }
        } catch (Exception e2) {
            f23021f.log(Level.FINER, com.google.android.gms.internal.mlkit_vision_common.c.p("Failed to load PrivateKeyEntry: ", str), (Throwable) e2);
        }
        if (privateKeyEntry2 != null) {
            map.put(str, new SoftReference(privateKeyEntry2));
        }
        return privateKeyEntry2;
    }
}
