package mitm.common.security.smime.selector;

import java.security.KeyStoreException;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import mitm.common.security.KeyAndCertificate;
import mitm.common.security.PKISecurityServices;
import mitm.common.security.certificate.validator.CertificateValidatorChain;
import mitm.common.security.certificate.validator.IsValidForSMIMESigning;
import mitm.common.security.certstore.MissingKeyAlias;
import mitm.common.security.certstore.X509CertStoreEntry;
import mitm.common.security.smime.selector.EmailSelector;
import mitm.common.util.Check;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class SigningKeyAndCertificateSelector implements KeyAndCertificateSelector {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SigningKeyAndCertificateSelector.class);
    private final EmailSelector emailSelector;
    private final PKISecurityServices pKISecurityServices;

    public SigningKeyAndCertificateSelector(PKISecurityServices pKISecurityServices) {
        Check.notNull(pKISecurityServices, "pKISecurityServices");
        this.pKISecurityServices = pKISecurityServices;
        this.emailSelector = new EmailSelector(pKISecurityServices.getKeyAndCertStore(), new EmailSelector.MatchListener() { // from class: mitm.common.security.smime.selector.SigningKeyAndCertificateSelector.1
            @Override // mitm.common.security.smime.selector.EmailSelector.MatchListener
            public boolean match(X509CertStoreEntry x509CertStoreEntry) {
                return SigningKeyAndCertificateSelector.this.match(x509CertStoreEntry);
            }
        }, MissingKeyAlias.NOT_ALLOWED);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean match(X509CertStoreEntry x509CertStoreEntry) {
        if (x509CertStoreEntry == null || x509CertStoreEntry.getCertificate() == null) {
            return false;
        }
        X509Certificate certificate = x509CertStoreEntry.getCertificate();
        CertificateValidatorChain certificateValidatorChain = new CertificateValidatorChain();
        certificateValidatorChain.addValidators(new IsValidForSMIMESigning());
        certificateValidatorChain.addValidators(this.pKISecurityServices.getPKITrustCheckCertificateValidatorFactory().createValidator(null));
        try {
            return certificateValidatorChain.isValid(certificate);
        } catch (CertificateException e) {
            logger.error("Error validating certificate.", (Throwable) e);
            return false;
        }
    }

    @Override // mitm.common.security.smime.selector.KeyAndCertificateSelector
    public Set<KeyAndCertificate> getMatchingKeyAndCertificates(String str) {
        HashSet hashSet = new HashSet();
        Iterator<X509CertStoreEntry> it = this.emailSelector.getMatchingEntries(str).iterator();
        while (it.hasNext()) {
            try {
                KeyAndCertificate keyAndCertificate = this.pKISecurityServices.getKeyAndCertStore().getKeyAndCertificate(it.next());
                if (keyAndCertificate != null && keyAndCertificate.getPrivateKey() != null) {
                    hashSet.add(keyAndCertificate);
                }
            } catch (KeyStoreException e) {
                logger.error("Error getting getKeyAndCertificate.", (Throwable) e);
            } catch (CertStoreException e2) {
                logger.error("Error getting getKeyAndCertificate.", (Throwable) e2);
            }
        }
        return hashSet;
    }

    public void setMaxCertificates(int i) {
        this.emailSelector.setMaxMatch(i);
    }
}
