package org.bouncycastle.jsse.provider;

import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;

/* loaded from: classes3.dex */
public final class d2 extends mc.g {

    /* renamed from: d, reason: collision with root package name */
    public static final Logger f30237d = Logger.getLogger(d2.class.getName());

    /* renamed from: e, reason: collision with root package name */
    public static final Map f30238e;

    /* renamed from: f, reason: collision with root package name */
    public static final Map f30239f;

    /* renamed from: a, reason: collision with root package name */
    public final boolean f30240a;

    /* renamed from: b, reason: collision with root package name */
    public final jc.b f30241b;

    /* renamed from: c, reason: collision with root package name */
    public final Map f30242c;

    static {
        HashMap hashMap = new HashMap();
        g("Ed25519", hashMap);
        g("Ed448", hashMap);
        f(hashMap, 31);
        f(hashMap, 32);
        f(hashMap, 33);
        f(hashMap, 23);
        f(hashMap, 24);
        f(hashMap, 25);
        g("RSA", hashMap);
        g("RSASSA-PSS", hashMap);
        h(hashMap, 0, null, DSAPublicKey.class, "DSA");
        h(hashMap, 0, null, ECPublicKey.class, "EC");
        f30238e = Collections.unmodifiableMap(hashMap);
        HashMap hashMap2 = new HashMap();
        g("Ed25519", hashMap2);
        g("Ed448", hashMap2);
        f(hashMap2, 31);
        f(hashMap2, 32);
        f(hashMap2, 33);
        f(hashMap2, 23);
        f(hashMap2, 24);
        f(hashMap2, 25);
        g("RSA", hashMap2);
        g("RSASSA-PSS", hashMap2);
        i(hashMap2, 0, null, DSAPublicKey.class, 3, 22);
        i(hashMap2, 0, null, ECPublicKey.class, 17);
        i(hashMap2, 0, "RSA", null, 5, 19, 23);
        i(hashMap2, 2, "RSA", null, 1);
        f30239f = Collections.unmodifiableMap(hashMap2);
    }

    public d2(boolean z10, jc.b bVar, KeyStore keyStore, char[] cArr) {
        PrivateKey privateKey;
        this.f30240a = z10;
        this.f30241b = bVar;
        HashMap hashMap = new HashMap(4);
        if (keyStore != null) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.entryInstanceOf(nextElement, KeyStore.PrivateKeyEntry.class) && (privateKey = (PrivateKey) keyStore.getKey(nextElement, cArr)) != null) {
                    X509Certificate[] t2 = z.t(keyStore.getCertificateChain(nextElement));
                    if (!org.bouncycastle.tls.a1.M(t2)) {
                        hashMap.put(nextElement, new y1(nextElement, privateKey, t2));
                    }
                }
            }
        }
        this.f30242c = Collections.unmodifiableMap(hashMap);
    }

    public static void f(HashMap hashMap, int i10) {
        org.bouncycastle.asn1.r S;
        if (!v.q.l(i10, org.bouncycastle.tls.v.f30752g)) {
            throw new IllegalStateException("Invalid named group for TLS 1.3 EC filter");
        }
        String O = v.q.O(i10);
        if (O != null && (S = b9.a.S(O)) != null) {
            if (hashMap.put(z.k(i10, "EC"), new a2(S)) != null) {
                throw new IllegalStateException("Duplicate keys in filters");
            }
        } else {
            f30237d.warning("Failed to register public key filter for EC with " + v.q.Z(i10));
        }
    }

    public static void g(String str, HashMap hashMap) {
        h(hashMap, 0, str, null, str);
    }

    public static void h(HashMap hashMap, int i10, String str, Class cls, String... strArr) {
        z1 z1Var = new z1(str, i10, cls);
        for (String str2 : strArr) {
            if (hashMap.put(str2, z1Var) != null) {
                throw new IllegalStateException("Duplicate keys in filters");
            }
        }
    }

    public static void i(HashMap hashMap, int i10, String str, Class cls, int... iArr) {
        int length = iArr.length;
        String[] strArr = new String[length];
        for (int i11 = 0; i11 < length; i11++) {
            strArr[i11] = z.g(iArr[i11]);
        }
        h(hashMap, i10, str, cls, strArr);
    }

    public static List n(String... strArr) {
        if (strArr == null || strArr.length <= 0) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (str == null) {
                throw new IllegalArgumentException("Key types cannot be null");
            }
            if (!arrayList.contains(str)) {
                arrayList.add(str);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    public static Set p(Principal[] principalArr) {
        if (principalArr == null) {
            return null;
        }
        if (principalArr.length > 0) {
            HashSet hashSet = new HashSet();
            for (Principal principal : principalArr) {
                if (principal != null) {
                    hashSet.add(principal);
                }
            }
            if (!hashSet.isEmpty()) {
                return Collections.unmodifiableSet(hashSet);
            }
        }
        return Collections.emptySet();
    }

    @Override // mc.g
    public final q5.r a(String[] strArr, Principal[] principalArr, Socket socket) {
        return k(n(strArr), principalArr, io.ktor.client.utils.c.j(socket), false);
    }

    @Override // mc.g
    public final q5.r b(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return k(n(strArr), principalArr, io.ktor.client.utils.c.k(sSLEngine), false);
    }

    @Override // mc.g
    public final q5.r c(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return k(n(strArr), principalArr, io.ktor.client.utils.c.k(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return j(n(strArr), principalArr, io.ktor.client.utils.c.j(socket), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public final String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return j(n(strArr), principalArr, io.ktor.client.utils.c.k(sSLEngine), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public final String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return j(n(str), principalArr, io.ktor.client.utils.c.k(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return j(n(str), principalArr, io.ktor.client.utils.c.j(socket), true);
    }

    @Override // mc.g
    public final q5.r d(String[] strArr, Principal[] principalArr, Socket socket) {
        return k(n(strArr), principalArr, io.ktor.client.utils.c.j(socket), true);
    }

    @Override // mc.g
    public final q5.r e(String str, String str2) {
        y1 y1Var = str2 == null ? null : (y1) this.f30242c.get(str2);
        if (y1Var == null) {
            return null;
        }
        return new q5.r(str, y1Var.f30499b, y1Var.f30500c, 5);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final X509Certificate[] getCertificateChain(String str) {
        y1 y1Var = str == null ? null : (y1) this.f30242c.get(str);
        if (y1Var == null) {
            return null;
        }
        return (X509Certificate[]) y1Var.f30500c.clone();
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getClientAliases(String str, Principal[] principalArr) {
        return l(n(str), principalArr, false);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final PrivateKey getPrivateKey(String str) {
        y1 y1Var = str == null ? null : (y1) this.f30242c.get(str);
        if (y1Var == null) {
            return null;
        }
        return y1Var.f30499b;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getServerAliases(String str, Principal[] principalArr) {
        return l(n(str), principalArr, true);
    }

    public final String j(List list, Principal[] principalArr, io.ktor.client.utils.c cVar, boolean z10) {
        b2 m10 = m(list, principalArr, cVar, z10);
        int compareTo = m10.compareTo(b2.f30213f);
        Logger logger = f30237d;
        if (compareTo >= 0) {
            logger.fine("No matching key found");
            return null;
        }
        String str = (String) list.get(m10.f30215c);
        String str2 = m10.f30216d.f30498a;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Found matching key of type: " + str + ", returning alias: " + str2);
        }
        return str2;
    }

    public final q5.r k(List list, Principal[] principalArr, io.ktor.client.utils.c cVar, boolean z10) {
        q5.r rVar;
        b2 m10 = m(list, principalArr, cVar, z10);
        int compareTo = m10.compareTo(b2.f30213f);
        Logger logger = f30237d;
        if (compareTo < 0) {
            String str = (String) list.get(m10.f30215c);
            y1 y1Var = m10.f30216d;
            if (y1Var == null) {
                rVar = null;
            } else {
                rVar = new q5.r(str, y1Var.f30499b, y1Var.f30500c, 5);
            }
            if (rVar != null) {
                if (logger.isLoggable(Level.FINE)) {
                    StringBuilder z11 = a5.s1.z("Found matching key of type: ", str, ", from alias: ");
                    z11.append(y1Var.f30498a);
                    logger.fine(z11.toString());
                }
                return rVar;
            }
        }
        logger.fine("No matching key found");
        return null;
    }

    public final String[] l(List list, Principal[] principalArr, boolean z10) {
        Map map = this.f30242c;
        if (!map.isEmpty() && !list.isEmpty()) {
            int size = list.size();
            Set p10 = p(principalArr);
            q0 l5 = io.ktor.client.utils.c.l(null, true);
            Date date = new Date();
            Iterator it = map.values().iterator();
            ArrayList arrayList = null;
            while (it.hasNext()) {
                b2 o10 = o((y1) it.next(), list, size, p10, l5, z10, date, null);
                if (o10.compareTo(b2.f30213f) < 0) {
                    ArrayList arrayList2 = arrayList == null ? new ArrayList() : arrayList;
                    arrayList2.add(o10);
                    arrayList = arrayList2;
                }
            }
            if (arrayList != null && !arrayList.isEmpty()) {
                Collections.sort(arrayList);
                String[] strArr = new String[arrayList.size()];
                Iterator it2 = arrayList.iterator();
                int i10 = 0;
                while (it2.hasNext()) {
                    strArr[i10] = ((b2) it2.next()).f30216d.f30498a;
                    i10++;
                }
                return strArr;
            }
        }
        return null;
    }

    public final b2 m(List list, Principal[] principalArr, io.ktor.client.utils.c cVar, boolean z10) {
        mc.a aVar;
        mc.b p10;
        b2 b2Var = b2.f30213f;
        Map map = this.f30242c;
        if (!map.isEmpty() && !list.isEmpty()) {
            int size = list.size();
            Set p11 = p(principalArr);
            q0 l5 = io.ktor.client.utils.c.l(cVar, true);
            Date date = new Date();
            String str = (cVar == null || !z10 || (aVar = (mc.a) cVar.f27323d) == null || (p10 = z.p(aVar.e())) == null) ? null : p10.f29488c;
            Iterator it = map.values().iterator();
            int i10 = size;
            while (it.hasNext()) {
                int i11 = i10;
                b2 o10 = o((y1) it.next(), list, i10, p11, l5, z10, date, str);
                if (o10.compareTo(b2Var) < 0) {
                    ProvX509KeyManagerSimple$Match$Quality provX509KeyManagerSimple$Match$Quality = ProvX509KeyManagerSimple$Match$Quality.OK;
                    ProvX509KeyManagerSimple$Match$Quality provX509KeyManagerSimple$Match$Quality2 = o10.f30214b;
                    int i12 = o10.f30215c;
                    if (provX509KeyManagerSimple$Match$Quality == provX509KeyManagerSimple$Match$Quality2 && i12 == 0) {
                        return o10;
                    }
                    if (provX509KeyManagerSimple$Match$Quality2.compareTo(b2.f30212e) < 0) {
                        i10 = Math.min(i11, i12 + 1);
                        b2Var = o10;
                    } else {
                        b2Var = o10;
                    }
                }
                i10 = i11;
            }
        }
        return b2Var;
    }

    public final b2 o(y1 y1Var, List list, int i10, Set set, q0 q0Var, boolean z10, Date date, String str) {
        boolean z11;
        int i11;
        boolean z12;
        ProvX509KeyManagerSimple$Match$Quality provX509KeyManagerSimple$Match$Quality;
        X509Certificate[] x509CertificateArr = y1Var.f30500c;
        if (!org.bouncycastle.tls.a1.M(x509CertificateArr)) {
            if (set != null && !set.isEmpty()) {
                int length = x509CertificateArr.length;
                while (true) {
                    length--;
                    if (length < 0) {
                        X509Certificate x509Certificate = x509CertificateArr[0];
                        if (x509Certificate.getBasicConstraints() < 0 || !set.contains(x509Certificate.getSubjectX500Principal())) {
                            z11 = false;
                        }
                    } else if (set.contains(x509CertificateArr[length].getIssuerX500Principal())) {
                        break;
                    }
                }
            }
            z11 = true;
            if (z11) {
                X509Certificate x509Certificate2 = x509CertificateArr[0];
                Map map = z10 ? f30239f : f30238e;
                PublicKey publicKey = x509Certificate2.getPublicKey();
                boolean[] keyUsage = x509Certificate2.getKeyUsage();
                int i12 = 0;
                while (true) {
                    if (i12 < i10) {
                        c2 c2Var = (c2) map.get((String) list.get(i12));
                        if (c2Var != null && c2Var.a(publicKey, keyUsage, q0Var)) {
                            i11 = i12;
                            break;
                        }
                        i12++;
                    } else {
                        i11 = -1;
                        break;
                    }
                }
                if (i11 >= 0) {
                    String str2 = (String) list.get(i11);
                    String o10 = a5.s1.o("EE cert potentially usable for key type: ", str2);
                    Logger logger = f30237d;
                    logger.finer(o10);
                    try {
                        p0.a(this.f30240a, this.f30241b, q0Var, Collections.emptySet(), x509CertificateArr, !x1.f30486g ? null : z10 ? mb.f.f29464d : mb.f.f29465e, -1);
                        z12 = true;
                    } catch (CertPathValidatorException e10) {
                        logger.log(Level.FINEST, "Certificate chain check failed", (Throwable) e10);
                        z12 = false;
                    }
                    if (z12) {
                        X509Certificate x509Certificate3 = x509CertificateArr[0];
                        try {
                            x509Certificate3.checkValidity(date);
                            if (str != null) {
                                try {
                                    f2.g(str, x509Certificate3, "HTTPS");
                                } catch (CertificateException unused) {
                                    provX509KeyManagerSimple$Match$Quality = ProvX509KeyManagerSimple$Match$Quality.MISMATCH_SNI;
                                }
                            }
                        } catch (CertificateException unused2) {
                            provX509KeyManagerSimple$Match$Quality = ProvX509KeyManagerSimple$Match$Quality.EXPIRED;
                        }
                        if ("RSA".equalsIgnoreCase(z.o(x509Certificate3.getPublicKey()))) {
                            boolean[] keyUsage2 = x509Certificate3.getKeyUsage();
                            if (p0.h(keyUsage2, 0) && p0.h(keyUsage2, 2)) {
                                provX509KeyManagerSimple$Match$Quality = ProvX509KeyManagerSimple$Match$Quality.RSA_MULTI_USE;
                                return new b2(provX509KeyManagerSimple$Match$Quality, i11, y1Var);
                            }
                        }
                        provX509KeyManagerSimple$Match$Quality = ProvX509KeyManagerSimple$Match$Quality.OK;
                        return new b2(provX509KeyManagerSimple$Match$Quality, i11, y1Var);
                    }
                    logger.finer("Unsuitable chain for key type: " + str2);
                }
            }
        }
        return b2.f30213f;
    }
}
