package org.bouncycastle.jsse.provider;

import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import org.bouncycastle.tls.e3;
import org.jose4j.jwk.EllipticCurveJsonWebKey;
import org.jose4j.jwk.OctetKeyPairJsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;

/* loaded from: classes4.dex */
public class ProvX509KeyManagerSimple extends lg0.j {

    /* renamed from: d, reason: collision with root package name */
    public static final Logger f48624d = Logger.getLogger(ProvX509KeyManagerSimple.class.getName());

    /* renamed from: e, reason: collision with root package name */
    public static final Map f48625e = r();

    /* renamed from: f, reason: collision with root package name */
    public static final Map f48626f = s();

    /* renamed from: a, reason: collision with root package name */
    public final boolean f48627a;

    /* renamed from: b, reason: collision with root package name */
    public final gg0.d f48628b;

    /* renamed from: c, reason: collision with root package name */
    public final Map f48629c;

    /* loaded from: classes4.dex */
    public static final class Match implements Comparable {

        /* renamed from: k, reason: collision with root package name */
        public static final Quality f48630k = Quality.MISMATCH_SNI;

        /* renamed from: s, reason: collision with root package name */
        public static final Match f48631s = new Match(Quality.NONE, -1, null);

        /* renamed from: c, reason: collision with root package name */
        public final Quality f48632c;

        /* renamed from: d, reason: collision with root package name */
        public final int f48633d;

        /* renamed from: e, reason: collision with root package name */
        public final a f48634e;

        /* loaded from: classes4.dex */
        public enum Quality {
            OK,
            RSA_MULTI_USE,
            MISMATCH_SNI,
            EXPIRED,
            NONE
        }

        public Match(Quality quality, int i11, a aVar) {
            this.f48632c = quality;
            this.f48633d = i11;
            this.f48634e = aVar;
        }

        @Override // java.lang.Comparable
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public int compareTo(Match match) {
            int compare = Boolean.compare(match.c(), c());
            if (compare != 0) {
                return compare;
            }
            int compare2 = Integer.compare(this.f48633d, match.f48633d);
            return compare2 == 0 ? this.f48632c.compareTo(match.f48632c) : compare2;
        }

        public boolean b() {
            return Quality.OK == this.f48632c && this.f48633d == 0;
        }

        public boolean c() {
            return this.f48632c.compareTo(f48630k) < 0;
        }
    }

    /* loaded from: classes4.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public final String f48636a;

        /* renamed from: b, reason: collision with root package name */
        public final PrivateKey f48637b;

        /* renamed from: c, reason: collision with root package name */
        public final X509Certificate[] f48638c;

        public a(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
            this.f48636a = str;
            this.f48637b = privateKey;
            this.f48638c = x509CertificateArr;
        }
    }

    /* loaded from: classes4.dex */
    public static final class b implements d {

        /* renamed from: a, reason: collision with root package name */
        public final String f48639a;

        /* renamed from: b, reason: collision with root package name */
        public final Class f48640b;

        /* renamed from: c, reason: collision with root package name */
        public final int f48641c;

        public b(String str, Class cls, int i11) {
            this.f48639a = str;
            this.f48640b = cls;
            this.f48641c = i11;
        }

        @Override // org.bouncycastle.jsse.provider.ProvX509KeyManagerSimple.d
        public boolean a(PublicKey publicKey, boolean[] zArr, mg0.a aVar) {
            return b(publicKey) && f0.t(publicKey, zArr, this.f48641c, aVar);
        }

        public final boolean b(PublicKey publicKey) {
            Class cls;
            String str = this.f48639a;
            return (str != null && str.equalsIgnoreCase(y.G(publicKey))) || ((cls = this.f48640b) != null && cls.isInstance(publicKey));
        }
    }

    /* loaded from: classes4.dex */
    public static final class c implements d {

        /* renamed from: a, reason: collision with root package name */
        public final xd0.n f48642a;

        public c(xd0.n nVar) {
            this.f48642a = nVar;
        }

        @Override // org.bouncycastle.jsse.provider.ProvX509KeyManagerSimple.d
        public boolean a(PublicKey publicKey, boolean[] zArr, mg0.a aVar) {
            return b(publicKey) && f0.t(publicKey, zArr, 0, aVar);
        }

        public final boolean b(PublicKey publicKey) {
            if (EllipticCurveJsonWebKey.KEY_TYPE.equalsIgnoreCase(y.G(publicKey)) || ECPublicKey.class.isInstance(publicKey)) {
                return this.f48642a.x(y.C(publicKey));
            }
            return false;
        }
    }

    /* loaded from: classes4.dex */
    public interface d {
        boolean a(PublicKey publicKey, boolean[] zArr, mg0.a aVar);
    }

    public ProvX509KeyManagerSimple(boolean z11, gg0.d dVar, KeyStore keyStore, char[] cArr) {
        this.f48627a = z11;
        this.f48628b = dVar;
        this.f48629c = I(keyStore, cArr);
    }

    public static List A(String... strArr) {
        if (strArr == null || strArr.length <= 0) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (str == null) {
                throw new IllegalArgumentException("Key types cannot be null");
            }
            if (!arrayList.contains(str)) {
                arrayList.add(str);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    public static String[] B(int... iArr) {
        int length = iArr.length;
        String[] strArr = new String[length];
        for (int i11 = 0; i11 < length; i11++) {
            strArr[i11] = y.z(iArr[i11]);
        }
        return strArr;
    }

    public static String D(p1 p1Var, boolean z11) {
        lg0.b e11;
        lg0.c H;
        if (p1Var == null || !z11 || (e11 = p1Var.e()) == null || (H = y.H(e11.f())) == null) {
            return null;
        }
        return H.c();
    }

    public static int E(X509Certificate x509Certificate, List list, int i11, mg0.a aVar, boolean z11) {
        Map map = z11 ? f48626f : f48625e;
        PublicKey publicKey = x509Certificate.getPublicKey();
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        for (int i12 = 0; i12 < i11; i12++) {
            d dVar = (d) map.get((String) list.get(i12));
            if (dVar != null && dVar.a(publicKey, keyUsage, aVar)) {
                return i12;
            }
        }
        return -1;
    }

    public static Set F(Principal[] principalArr) {
        if (principalArr == null) {
            return null;
        }
        if (principalArr.length > 0) {
            HashSet hashSet = new HashSet();
            for (Principal principal : principalArr) {
                if (principal != null) {
                    hashSet.add(principal);
                }
            }
            if (!hashSet.isEmpty()) {
                return Collections.unmodifiableSet(hashSet);
            }
        }
        return Collections.emptySet();
    }

    public static boolean H(X509Certificate[] x509CertificateArr, Set set) {
        if (set == null || set.isEmpty()) {
            return true;
        }
        int length = x509CertificateArr.length;
        do {
            length--;
            if (length < 0) {
                X509Certificate x509Certificate = x509CertificateArr[0];
                return x509Certificate.getBasicConstraints() >= 0 && set.contains(x509Certificate.getSubjectX500Principal());
            }
        } while (!set.contains(x509CertificateArr[length].getIssuerX500Principal()));
        return true;
    }

    public static Map I(KeyStore keyStore, char[] cArr) {
        PrivateKey privateKey;
        HashMap hashMap = new HashMap(4);
        if (keyStore != null) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.entryInstanceOf(nextElement, KeyStore.PrivateKeyEntry.class) && (privateKey = (PrivateKey) keyStore.getKey(nextElement, cArr)) != null) {
                    X509Certificate[] O = y.O(keyStore.getCertificateChain(nextElement));
                    if (!e3.X0(O)) {
                        hashMap.put(nextElement, new a(nextElement, privateKey, O));
                    }
                }
            }
        }
        return Collections.unmodifiableMap(hashMap);
    }

    public static void f(Map map, int i11) {
        xd0.n f11;
        if (!org.bouncycastle.tls.p0.a(i11, org.bouncycastle.tls.u0.f49272g)) {
            throw new IllegalStateException("Invalid named group for TLS 1.3 EC filter");
        }
        String c11 = org.bouncycastle.tls.p0.c(i11);
        if (c11 != null && (f11 = bf0.b.f(c11)) != null) {
            n(map, y.x(EllipticCurveJsonWebKey.KEY_TYPE, i11), new c(f11));
            return;
        }
        f48624d.warning("Failed to register public key filter for EC with " + org.bouncycastle.tls.p0.h(i11));
    }

    public static void g(Map map, int i11, String str, Class cls, String... strArr) {
        b bVar = new b(str, cls, i11);
        for (String str2 : strArr) {
            n(map, str2, bVar);
        }
    }

    public static void h(Map map, Class cls, String... strArr) {
        g(map, 0, null, cls, strArr);
    }

    public static void i(Map map, String str) {
        g(map, 0, str, null, str);
    }

    public static void j(Map map, int i11, String str, Class cls, int... iArr) {
        g(map, i11, str, cls, B(iArr));
    }

    public static void k(Map map, int i11, String str, int... iArr) {
        j(map, i11, str, null, iArr);
    }

    public static void l(Map map, Class cls, int... iArr) {
        j(map, 0, null, cls, iArr);
    }

    public static void m(Map map, String str, int... iArr) {
        k(map, 0, str, iArr);
    }

    public static void n(Map map, String str, d dVar) {
        if (map.put(str, dVar) != null) {
            throw new IllegalStateException("Duplicate keys in filters");
        }
    }

    public static List o(List list, Match match) {
        if (list == null) {
            list = new ArrayList();
        }
        list.add(match);
        return list;
    }

    public static Map r() {
        HashMap hashMap = new HashMap();
        i(hashMap, OctetKeyPairJsonWebKey.SUBTYPE_ED25519);
        i(hashMap, OctetKeyPairJsonWebKey.SUBTYPE_ED448);
        f(hashMap, 31);
        f(hashMap, 32);
        f(hashMap, 33);
        f(hashMap, 23);
        f(hashMap, 24);
        f(hashMap, 25);
        i(hashMap, RsaJsonWebKey.KEY_TYPE);
        i(hashMap, "RSASSA-PSS");
        h(hashMap, DSAPublicKey.class, "DSA");
        h(hashMap, ECPublicKey.class, EllipticCurveJsonWebKey.KEY_TYPE);
        return Collections.unmodifiableMap(hashMap);
    }

    public static Map s() {
        HashMap hashMap = new HashMap();
        i(hashMap, OctetKeyPairJsonWebKey.SUBTYPE_ED25519);
        i(hashMap, OctetKeyPairJsonWebKey.SUBTYPE_ED448);
        f(hashMap, 31);
        f(hashMap, 32);
        f(hashMap, 33);
        f(hashMap, 23);
        f(hashMap, 24);
        f(hashMap, 25);
        i(hashMap, RsaJsonWebKey.KEY_TYPE);
        i(hashMap, "RSASSA-PSS");
        l(hashMap, DSAPublicKey.class, 3, 22);
        l(hashMap, ECPublicKey.class, 17);
        m(hashMap, RsaJsonWebKey.KEY_TYPE, 5, 19, 23);
        k(hashMap, 2, RsaJsonWebKey.KEY_TYPE, 1);
        return Collections.unmodifiableMap(hashMap);
    }

    public static String u(Match match) {
        return match.f48634e.f48636a;
    }

    public static String[] v(List list) {
        String[] strArr = new String[list.size()];
        Iterator it = list.iterator();
        int i11 = 0;
        while (it.hasNext()) {
            strArr[i11] = u((Match) it.next());
            i11++;
        }
        return strArr;
    }

    public static Match.Quality y(X509Certificate x509Certificate, Date date, String str) {
        try {
            x509Certificate.checkValidity(date);
            if (str != null) {
                try {
                    j1.i(str, x509Certificate, "HTTPS");
                } catch (CertificateException unused) {
                    return Match.Quality.MISMATCH_SNI;
                }
            }
            if (RsaJsonWebKey.KEY_TYPE.equalsIgnoreCase(y.G(x509Certificate.getPublicKey()))) {
                boolean[] keyUsage = x509Certificate.getKeyUsage();
                if (f0.x(keyUsage, 0) && f0.x(keyUsage, 2)) {
                    return Match.Quality.RSA_MULTI_USE;
                }
            }
            return Match.Quality.OK;
        } catch (CertificateException unused2) {
            return Match.Quality.EXPIRED;
        }
    }

    public final Match C(a aVar, List list, int i11, Set set, mg0.a aVar2, boolean z11, Date date, String str) {
        int E;
        X509Certificate[] x509CertificateArr = aVar.f48638c;
        return (e3.X0(x509CertificateArr) || !H(x509CertificateArr, set) || (E = E(x509CertificateArr[0], list, i11, aVar2, z11)) < 0 || !G(x509CertificateArr, aVar2, z11)) ? Match.f48631s : new Match(y(x509CertificateArr[0], date, str), E, aVar);
    }

    public final boolean G(X509Certificate[] x509CertificateArr, mg0.a aVar, boolean z11) {
        try {
            f0.d(this.f48627a, this.f48628b, aVar, Collections.emptySet(), x509CertificateArr, ProvX509KeyManager.F(z11), -1);
            return true;
        } catch (CertPathValidatorException unused) {
            return false;
        }
    }

    @Override // lg0.j
    public lg0.l a(String[] strArr, Principal[] principalArr, Socket socket) {
        return q(A(strArr), principalArr, p1.a(socket), false);
    }

    @Override // lg0.j
    public lg0.l b(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return q(A(strArr), principalArr, p1.b(sSLEngine), false);
    }

    @Override // lg0.j
    public lg0.l c(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return q(A(strArr), principalArr, p1.b(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return p(A(strArr), principalArr, p1.a(socket), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return p(A(strArr), principalArr, p1.b(sSLEngine), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return p(A(str), principalArr, p1.b(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return p(A(str), principalArr, p1.a(socket), true);
    }

    @Override // lg0.j
    public lg0.l d(String[] strArr, Principal[] principalArr, Socket socket) {
        return q(A(strArr), principalArr, p1.a(socket), true);
    }

    @Override // lg0.j
    public lg0.l e(String str, String str2) {
        return t(str, z(str2));
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        a z11 = z(str);
        if (z11 == null) {
            return null;
        }
        return (X509Certificate[]) z11.f48638c.clone();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return w(A(str), principalArr, null, false);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        a z11 = z(str);
        if (z11 == null) {
            return null;
        }
        return z11.f48637b;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return w(A(str), principalArr, null, true);
    }

    public final String p(List list, Principal[] principalArr, p1 p1Var, boolean z11) {
        Match x11 = x(list, principalArr, p1Var, z11);
        if (x11.compareTo(Match.f48631s) >= 0) {
            f48624d.fine("No matching key found");
            return null;
        }
        String str = (String) list.get(x11.f48633d);
        String u11 = u(x11);
        Logger logger = f48624d;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Found matching key of type: " + str + ", returning alias: " + u11);
        }
        return u11;
    }

    public final lg0.l q(List list, Principal[] principalArr, p1 p1Var, boolean z11) {
        String str;
        lg0.l t11;
        Match x11 = x(list, principalArr, p1Var, z11);
        if (x11.compareTo(Match.f48631s) >= 0 || (t11 = t((str = (String) list.get(x11.f48633d)), x11.f48634e)) == null) {
            f48624d.fine("No matching key found");
            return null;
        }
        Logger logger = f48624d;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Found matching key of type: " + str + ", from alias: " + u(x11));
        }
        return t11;
    }

    public final lg0.l t(String str, a aVar) {
        if (aVar == null) {
            return null;
        }
        return new i1(str, aVar.f48637b, aVar.f48638c);
    }

    public final String[] w(List list, Principal[] principalArr, p1 p1Var, boolean z11) {
        if (this.f48629c.isEmpty() || list.isEmpty()) {
            return null;
        }
        int size = list.size();
        Set F = F(principalArr);
        mg0.a c11 = p1.c(p1Var, true);
        Date date = new Date();
        String D = D(p1Var, z11);
        Iterator it = this.f48629c.values().iterator();
        List list2 = null;
        while (it.hasNext()) {
            List list3 = list2;
            Match C = C((a) it.next(), list, size, F, c11, z11, date, D);
            list2 = C.compareTo(Match.f48631s) < 0 ? o(list3, C) : list3;
        }
        List list4 = list2;
        if (list4 == null || list4.isEmpty()) {
            return null;
        }
        Collections.sort(list4);
        return v(list4);
    }

    public final Match x(List list, Principal[] principalArr, p1 p1Var, boolean z11) {
        boolean z12;
        Match match = Match.f48631s;
        if (this.f48629c.isEmpty() || list.isEmpty()) {
            return match;
        }
        int size = list.size();
        Set F = F(principalArr);
        mg0.a c11 = p1.c(p1Var, true);
        Date date = new Date();
        String D = D(p1Var, z11);
        Iterator it = this.f48629c.values().iterator();
        Match match2 = match;
        int i11 = size;
        while (it.hasNext()) {
            int i12 = i11;
            Match match3 = match2;
            match2 = C((a) it.next(), list, i11, F, c11, z11, date, D);
            if (match2.compareTo(match3) >= 0) {
                z12 = true;
                i11 = i12;
                match2 = match3;
            } else {
                if (match2.b()) {
                    return match2;
                }
                if (match2.c()) {
                    z12 = true;
                    i11 = Math.min(i12, match2.f48633d + 1);
                } else {
                    z12 = true;
                    i11 = i12;
                }
            }
        }
        return match2;
    }

    public final a z(String str) {
        if (str == null) {
            return null;
        }
        return (a) this.f48629c.get(str);
    }
}
