package com.microsoft.identity.broker.components;

import com.microsoft.identity.broker.crypto.AndroidKeyStoreCryptoFactory;
import com.microsoft.identity.broker4j.broker.crypto.IKeyEntry;
import com.microsoft.identity.broker4j.broker.crypto.keyfactories.AbstractBrokerKeyFactory;
import com.microsoft.identity.broker4j.broker.platform.components.IBrokerHttpClientProvider;
import com.microsoft.identity.broker4j.workplacejoin.SslContextFactory;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.net.HttpClient;
import com.microsoft.identity.common.java.net.UrlConnectionHttpClient;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.X509ExtendedKeyManager;
import lombok.NonNull;

/* loaded from: classes2.dex */
public class AndroidBrokerKeyStoreHttpClientProvider implements IBrokerHttpClientProvider {
    private KeyManager[] getKeyManagers(@NonNull IKeyEntry iKeyEntry) throws ClientException {
        if (iKeyEntry == null) {
            throw new NullPointerException("privateKey is marked non-null but is null");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(AndroidKeyStoreCryptoFactory.ANDROID_KEYSTORE);
            keyStore.load(null);
            final String alias = iKeyEntry.getAlias();
            final X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(AbstractBrokerKeyFactory.DEVICE_CERTIFICATE_ALIAS_PREFIX + alias);
            final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, null);
            return new KeyManager[]{new X509ExtendedKeyManager() { // from class: com.microsoft.identity.broker.components.AndroidBrokerKeyStoreHttpClientProvider.1
                @Override // javax.net.ssl.X509KeyManager
                public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                    return alias;
                }

                @Override // javax.net.ssl.X509KeyManager
                public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                    return null;
                }

                @Override // javax.net.ssl.X509KeyManager
                public X509Certificate[] getCertificateChain(String str) {
                    if (alias.equals(str)) {
                        return new X509Certificate[]{x509Certificate};
                    }
                    return null;
                }

                @Override // javax.net.ssl.X509KeyManager
                public String[] getClientAliases(String str, Principal[] principalArr) {
                    return new String[]{alias};
                }

                @Override // javax.net.ssl.X509KeyManager
                public PrivateKey getPrivateKey(String str) {
                    if (alias.equals(str)) {
                        return privateKeyEntry.getPrivateKey();
                    }
                    return null;
                }

                @Override // javax.net.ssl.X509KeyManager
                public String[] getServerAliases(String str, Principal[] principalArr) {
                    return null;
                }
            }};
        } catch (IOException e) {
            throw new ClientException("io_error", e.getMessage(), e);
        } catch (KeyStoreException e2) {
            throw new ClientException(ClientException.KEYSTORE_NOT_INITIALIZED, e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new ClientException("no_such_algorithm", e3.getMessage(), e3);
        } catch (UnrecoverableEntryException e4) {
            throw new ClientException(ClientException.INVALID_PROTECTION_PARAMS, e4.getMessage(), e4);
        } catch (CertificateException e5) {
            throw new ClientException(ClientException.CERTIFICATE_LOAD_FAILURE, e5.getMessage(), e5);
        }
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerHttpClientProvider
    public HttpClient getHttpClientForRequestsWithClientTLS(@NonNull X509Certificate x509Certificate, @NonNull IKeyEntry iKeyEntry, int i, int i2) throws ClientException {
        if (x509Certificate == null) {
            throw new NullPointerException("certificate is marked non-null but is null");
        }
        if (iKeyEntry != null) {
            return UrlConnectionHttpClient.builder().connectTimeoutMs(Integer.valueOf(i)).readTimeoutMs(Integer.valueOf(i2)).sslContext(SslContextFactory.createSSLContext(getKeyManagers(iKeyEntry))).build();
        }
        throw new NullPointerException("privateKey is marked non-null but is null");
    }
}
