package org.bouncycastle.jsse.provider;

import java.lang.ref.SoftReference;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;

/* loaded from: classes2.dex */
class ProvX509KeyManager extends X509ExtendedKeyManager {

    /* renamed from: e, reason: collision with root package name */
    private static final Logger f13101e = Logger.getLogger(ProvX509KeyManager.class.getName());

    /* renamed from: f, reason: collision with root package name */
    private static final Map<String, a> f13102f = l();

    /* renamed from: g, reason: collision with root package name */
    private static final Map<String, a> f13103g = m();
    private final org.bouncycastle.jcajce.util.c a;

    /* renamed from: b, reason: collision with root package name */
    private final List<KeyStore.Builder> f13104b;

    /* renamed from: c, reason: collision with root package name */
    private final Map<String, SoftReference<KeyStore.PrivateKeyEntry>> f13105c = Collections.synchronizedMap(new LinkedHashMap<String, SoftReference<KeyStore.PrivateKeyEntry>>(16, 0.75f, true) { // from class: org.bouncycastle.jsse.provider.ProvX509KeyManager.1
        @Override // java.util.LinkedHashMap
        protected boolean removeEldestEntry(Map.Entry<String, SoftReference<KeyStore.PrivateKeyEntry>> entry) {
            return size() > 16;
        }
    });

    /* renamed from: d, reason: collision with root package name */
    private final AtomicLong f13106d = new AtomicLong();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class Match implements Comparable<Match> {

        /* renamed from: d, reason: collision with root package name */
        static final Match f13107d = new Match(-1, null, Quality.NONE);
        final int a;

        /* renamed from: b, reason: collision with root package name */
        final String f13108b;

        /* renamed from: c, reason: collision with root package name */
        final Quality f13109c;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes2.dex */
        public enum Quality {
            OK,
            MISMATCH_SNI,
            EXPIRED,
            NONE
        }

        Match(int i, String str, Quality quality) {
            this.a = i;
            this.f13108b = str;
            this.f13109c = quality;
        }

        @Override // java.lang.Comparable
        /* renamed from: i, reason: merged with bridge method [inline-methods] */
        public int compareTo(Match match) {
            return this.f13109c.compareTo(match.f13109c);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class a {
        final String a;

        /* renamed from: b, reason: collision with root package name */
        final Class<? extends PublicKey> f13110b;

        /* renamed from: c, reason: collision with root package name */
        final int f13111c;

        a(String str, Class<? extends PublicKey> cls, int i) {
            this.a = str;
            this.f13110b = cls;
            this.f13111c = i;
        }

        private boolean b(PublicKey publicKey) {
            Class<? extends PublicKey> cls;
            String str = this.a;
            return (str != null && str.equalsIgnoreCase(x.B(publicKey))) || ((cls = this.f13110b) != null && cls.isInstance(publicKey));
        }

        boolean a(PublicKey publicKey, boolean[] zArr, org.bouncycastle.jsse.java.security.a aVar) {
            return b(publicKey) && d0.p(publicKey, zArr, this.f13111c, aVar);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProvX509KeyManager(org.bouncycastle.jcajce.util.c cVar, List<KeyStore.Builder> list) {
        this.a = cVar;
        this.f13104b = list;
    }

    private static boolean A(X509Certificate[] x509CertificateArr, Set<Principal> set) {
        if (set == null || set.isEmpty()) {
            return true;
        }
        int length = x509CertificateArr.length;
        do {
            length--;
            if (length < 0) {
                X509Certificate x509Certificate = x509CertificateArr[0];
                return x509Certificate.getBasicConstraints() >= 0 && set.contains(x509Certificate.getSubjectX500Principal());
            }
        } while (!set.contains(x509CertificateArr[length].getIssuerX500Principal()));
        return true;
    }

    private static boolean B(X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (3 != x509Certificate.getVersion()) {
                return false;
            }
        }
        return true;
    }

    private static boolean C(X509Certificate x509Certificate, List<String> list, org.bouncycastle.jsse.java.security.a aVar, boolean z) {
        Map<String, a> map = z ? f13103g : f13102f;
        PublicKey publicKey = x509Certificate.getPublicKey();
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            a aVar2 = map.get(it.next());
            if (aVar2 != null && aVar2.a(publicKey, keyUsage, aVar)) {
                return true;
            }
        }
        return false;
    }

    private KeyStore.PrivateKeyEntry D(String str) {
        int i;
        int indexOf;
        int parseInt;
        try {
            int indexOf2 = str.indexOf(46, 0);
            if (indexOf2 <= 0 || (indexOf = str.indexOf(46, (i = indexOf2 + 1))) <= i || (parseInt = Integer.parseInt(str.substring(0, indexOf2))) < 0 || parseInt >= this.f13104b.size()) {
                return null;
            }
            KeyStore.Builder builder = this.f13104b.get(parseInt);
            String substring = str.substring(i, indexOf);
            KeyStore.Entry entry = builder.getKeyStore().getEntry(substring, builder.getProtectionParameter(substring));
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                return (KeyStore.PrivateKeyEntry) entry;
            }
            return null;
        } catch (Exception e2) {
            f13101e.log(Level.FINER, "Failed to load PrivateKeyEntry: " + str, (Throwable) e2);
            return null;
        }
    }

    private static void a(Map<String, a> map, int i, String str, Class<? extends PublicKey> cls, String... strArr) {
        a aVar = new a(str, cls, i);
        for (String str2 : strArr) {
            if (map.put(str2.toUpperCase(Locale.ENGLISH), aVar) != null) {
                throw new IllegalStateException("Duplicate keys in filters");
            }
        }
    }

    private static void b(Map<String, a> map, Class<? extends PublicKey> cls, String... strArr) {
        a(map, 0, null, cls, strArr);
    }

    private static void c(Map<String, a> map, String str) {
        a(map, 0, str, null, str);
    }

    private static void d(Map<String, a> map, int i, String str, Class<? extends PublicKey> cls, int... iArr) {
        a(map, i, str, cls, t(iArr));
    }

    private static void e(Map<String, a> map, int i, String str, int... iArr) {
        d(map, i, str, null, iArr);
    }

    private static void f(Map<String, a> map, Class<? extends PublicKey> cls, int... iArr) {
        d(map, 0, null, cls, iArr);
    }

    private static void g(Map<String, a> map, String str, int... iArr) {
        e(map, 0, str, iArr);
    }

    private static List<Match> h(List<Match> list, List<Match> list2) {
        if (list2 == null || list2.isEmpty()) {
            return list;
        }
        if (list == null) {
            return list2;
        }
        list.addAll(list2);
        return list;
    }

    private static List<Match> i(List<Match> list, Match match) {
        if (list == null) {
            list = new ArrayList<>();
        }
        list.add(match);
        return list;
    }

    private String j(List<String> list, Principal[] principalArr, k1 k1Var, boolean z) {
        Match match = Match.f13107d;
        if (!this.f13104b.isEmpty() && !list.isEmpty()) {
            Set<Principal> y = y(principalArr);
            org.bouncycastle.jsse.java.security.a c2 = k1.c(k1Var, true);
            Date date = new Date();
            String x = x(k1Var, z);
            int size = this.f13104b.size();
            Match match2 = match;
            int i = 0;
            while (true) {
                if (i >= size) {
                    match = match2;
                    break;
                }
                try {
                    match = k(i, list, y, c2, z, date, x);
                    if (match.compareTo(match2) < 0) {
                        try {
                            if (Match.Quality.OK == match.f13109c) {
                                break;
                            }
                        } catch (Exception unused) {
                        }
                        match2 = match;
                    } else {
                        continue;
                    }
                } catch (Exception unused2) {
                }
                i++;
            }
        }
        if (Match.f13107d == match) {
            f13101e.fine("No matching key found");
            return null;
        }
        String n = n(match, u());
        f13101e.fine("Found matching key, returning alias: " + n);
        return n;
    }

    private Match k(int i, List<String> list, Set<Principal> set, org.bouncycastle.jsse.java.security.a aVar, boolean z, Date date, String str) throws Exception {
        KeyStore keyStore = this.f13104b.get(i).getKeyStore();
        Match match = Match.f13107d;
        Enumeration<String> aliases = keyStore.aliases();
        Match match2 = match;
        while (aliases.hasMoreElements()) {
            Match v = v(i, keyStore, aliases.nextElement(), match2.f13109c, list, set, aVar, z, date, str);
            if (v != null) {
                match2 = v;
                if (Match.Quality.OK == v.f13109c) {
                    break;
                }
            }
        }
        return match2;
    }

    private static Map<String, a> l() {
        HashMap hashMap = new HashMap();
        c(hashMap, "Ed25519");
        c(hashMap, "Ed448");
        c(hashMap, "RSA");
        c(hashMap, "RSASSA-PSS");
        b(hashMap, DSAPublicKey.class, "DSA");
        b(hashMap, ECPublicKey.class, "EC");
        return Collections.unmodifiableMap(hashMap);
    }

    private static Map<String, a> m() {
        HashMap hashMap = new HashMap();
        c(hashMap, "Ed25519");
        c(hashMap, "Ed448");
        c(hashMap, "RSA");
        c(hashMap, "RSASSA-PSS");
        f(hashMap, DSAPublicKey.class, 3, 22);
        f(hashMap, ECPublicKey.class, 17);
        g(hashMap, "RSA", 5, 19, 23);
        e(hashMap, 2, "RSA", 1);
        return Collections.unmodifiableMap(hashMap);
    }

    private static String n(Match match, String str) {
        return match.a + "." + match.f13108b + str;
    }

    private static String[] o(List<Match> list, String str) {
        String[] strArr = new String[list.size()];
        Iterator<Match> it = list.iterator();
        int i = 0;
        while (it.hasNext()) {
            strArr[i] = n(it.next(), str);
            i++;
        }
        return strArr;
    }

    private String[] p(List<String> list, Principal[] principalArr, k1 k1Var, boolean z) {
        if (this.f13104b.isEmpty() || list.isEmpty()) {
            return null;
        }
        Set<Principal> y = y(principalArr);
        org.bouncycastle.jsse.java.security.a c2 = k1.c(k1Var, true);
        Date date = new Date();
        String x = x(k1Var, z);
        int size = this.f13104b.size();
        List<Match> list2 = null;
        for (int i = 0; i < size; i++) {
            List<Match> list3 = list2;
            try {
                list2 = h(list3, q(i, list, y, c2, z, date, x));
            } catch (Exception unused) {
                list2 = list3;
            }
        }
        List<Match> list4 = list2;
        if (list4 == null || list4.isEmpty()) {
            return null;
        }
        Collections.sort(list4);
        return o(list4, u());
    }

    private List<Match> q(int i, List<String> list, Set<Principal> set, org.bouncycastle.jsse.java.security.a aVar, boolean z, Date date, String str) throws Exception {
        Match v;
        KeyStore keyStore = this.f13104b.get(i).getKeyStore();
        Enumeration<String> aliases = keyStore.aliases();
        List<Match> list2 = null;
        while (true) {
            List<Match> list3 = list2;
            while (aliases.hasMoreElements()) {
                v = v(i, keyStore, aliases.nextElement(), Match.Quality.NONE, list, set, aVar, z, date, str);
                if (v != null) {
                    break;
                }
            }
            return list3;
            list2 = i(list3, v);
        }
    }

    private static Match.Quality r(X509Certificate x509Certificate, Date date, String str) {
        try {
            x509Certificate.checkValidity(date);
            if (str != null) {
                try {
                    e1.i(str, x509Certificate, "HTTPS");
                } catch (CertificateException unused) {
                    return Match.Quality.MISMATCH_SNI;
                }
            }
            return Match.Quality.OK;
        } catch (CertificateException unused2) {
            return Match.Quality.EXPIRED;
        }
    }

    private static List<String> s(String... strArr) {
        if (strArr != null && strArr.length > 0) {
            ArrayList arrayList = new ArrayList(strArr.length);
            for (String str : strArr) {
                if (str != null) {
                    arrayList.add(str.toUpperCase(Locale.ENGLISH));
                }
            }
            if (!arrayList.isEmpty()) {
                return Collections.unmodifiableList(arrayList);
            }
        }
        return Collections.emptyList();
    }

    private static String[] t(int... iArr) {
        int length = iArr.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = x.x(iArr[i]);
        }
        return strArr;
    }

    private String u() {
        return "." + this.f13106d.incrementAndGet();
    }

    private Match v(int i, KeyStore keyStore, String str, Match.Quality quality, List<String> list, Set<Principal> set, org.bouncycastle.jsse.java.security.a aVar, boolean z, Date date, String str2) throws Exception {
        if (!keyStore.isKeyEntry(str)) {
            return null;
        }
        X509Certificate[] J = x.J(keyStore.getCertificateChain(str));
        if (!z(J, list, set, aVar, z)) {
            return null;
        }
        Match.Quality r = r(J[0], date, str2);
        if (r.compareTo(quality) < 0) {
            return new Match(i, str, r);
        }
        return null;
    }

    private KeyStore.PrivateKeyEntry w(String str) {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        if (str == null) {
            return null;
        }
        SoftReference<KeyStore.PrivateKeyEntry> softReference = this.f13105c.get(str);
        if (softReference != null && (privateKeyEntry = softReference.get()) != null) {
            return privateKeyEntry;
        }
        KeyStore.PrivateKeyEntry D = D(str);
        if (D != null) {
            this.f13105c.put(str, new SoftReference<>(D));
        }
        return D;
    }

    private static String x(k1 k1Var, boolean z) {
        g.a.a.b e2;
        g.a.a.c C;
        if (k1Var == null || !z || (e2 = k1Var.e()) == null || (C = x.C(e2.f())) == null) {
            return null;
        }
        return C.c();
    }

    private static Set<Principal> y(Principal[] principalArr) {
        if (principalArr == null) {
            return null;
        }
        if (principalArr.length > 0) {
            HashSet hashSet = new HashSet();
            for (Principal principal : principalArr) {
                if (principal != null) {
                    hashSet.add(principal);
                }
            }
            if (!hashSet.isEmpty()) {
                return Collections.unmodifiableSet(hashSet);
            }
        }
        return Collections.emptySet();
    }

    private boolean z(X509Certificate[] x509CertificateArr, List<String> list, Set<Principal> set, org.bouncycastle.jsse.java.security.a aVar, boolean z) {
        if (x509CertificateArr != null && x509CertificateArr.length >= 1 && B(x509CertificateArr) && A(x509CertificateArr, set) && C(x509CertificateArr[0], list, aVar, z)) {
            try {
                d0.c(this.a, aVar, Collections.emptySet(), x509CertificateArr, e1.p(z), -1);
                return true;
            } catch (CertPathValidatorException unused) {
            }
        }
        return false;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return j(s(strArr), principalArr, k1.a(socket), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return j(s(strArr), principalArr, k1.b(sSLEngine), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return j(s(str), principalArr, k1.b(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return j(s(str), principalArr, k1.a(socket), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        KeyStore.PrivateKeyEntry w = w(str);
        if (w == null) {
            return null;
        }
        return (X509Certificate[]) w.getCertificateChain();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return p(s(str), principalArr, null, false);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        KeyStore.PrivateKeyEntry w = w(str);
        if (w == null) {
            return null;
        }
        return w.getPrivateKey();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return p(s(str), principalArr, null, true);
    }
}
