package org.bouncycastle.jsse.provider;

import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.jcajce.spec.EdDSAParameterSpec;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jsse.BCExtendedSSLSession;
import org.bouncycastle.jsse.BCSNIHostName;
import org.bouncycastle.jsse.BCX509ExtendedKeyManager;
import org.bouncycastle.jsse.BCX509Key;
import org.bouncycastle.jsse.java.security.BCAlgorithmConstraints;
import org.bouncycastle.tls.NamedGroup;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.TlsUtils;

/* loaded from: classes4.dex */
class bm extends BCX509ExtendedKeyManager {
    private static final Logger hIJ = Logger.getLogger(bm.class.getName());
    private static final Map<String, e> hWi = aUM();
    private static final Map<String, e> hWj = aUN();
    private final boolean hSp;
    private final Map<String, a> hWv;
    private final JcaJceHelper hjs;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static class a {
        private final String gpN;
        private final X509Certificate[] hWe;
        private final PrivateKey privateKey;

        a(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
            this.gpN = str;
            this.privateKey = privateKey;
            this.hWe = x509CertificateArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static final class b implements e {
        final String cAH;
        final Class<? extends PublicKey> eOq;
        final int hWl;

        b(String str, Class<? extends PublicKey> cls, int i) {
            this.cAH = str;
            this.eOq = cls;
            this.hWl = i;
        }

        private boolean h(PublicKey publicKey) {
            Class<? extends PublicKey> cls;
            String str = this.cAH;
            return (str != null && str.equalsIgnoreCase(y.f(publicKey))) || ((cls = this.eOq) != null && cls.isInstance(publicKey));
        }

        @Override // org.bouncycastle.jsse.provider.bm.e
        public boolean a(PublicKey publicKey, boolean[] zArr, BCAlgorithmConstraints bCAlgorithmConstraints) {
            return h(publicKey) && ag.a(publicKey, zArr, this.hWl, bCAlgorithmConstraints);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static final class c implements e {
        final ASN1ObjectIdentifier hWm;

        c(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
            this.hWm = aSN1ObjectIdentifier;
        }

        private boolean h(PublicKey publicKey) {
            if ("EC".equalsIgnoreCase(y.f(publicKey)) || ECPublicKey.class.isInstance(publicKey)) {
                return this.hWm.equals((ASN1Primitive) y.e(publicKey));
            }
            return false;
        }

        @Override // org.bouncycastle.jsse.provider.bm.e
        public boolean a(PublicKey publicKey, boolean[] zArr, BCAlgorithmConstraints bCAlgorithmConstraints) {
            return h(publicKey) && ag.a(publicKey, zArr, 0, bCAlgorithmConstraints);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static final class d implements Comparable<d> {
        static final a hWw = a.MISMATCH_SNI;
        static final d hWx = new d(a.NONE, Integer.MAX_VALUE, null);
        final int hWq;
        final a hWy;
        final a hWz;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes4.dex */
        public enum a {
            OK,
            RSA_MULTI_USE,
            MISMATCH_SNI,
            EXPIRED,
            NONE
        }

        d(a aVar, int i, a aVar2) {
            this.hWy = aVar;
            this.hWq = i;
            this.hWz = aVar2;
        }

        boolean aUP() {
            return a.OK == this.hWy && this.hWq == 0;
        }

        @Override // java.lang.Comparable
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public int compareTo(d dVar) {
            int compare = Boolean.compare(dVar.isValid(), isValid());
            if (compare != 0) {
                return compare;
            }
            int compare2 = Integer.compare(this.hWq, dVar.hWq);
            return compare2 == 0 ? this.hWy.compareTo(dVar.hWy) : compare2;
        }

        boolean isValid() {
            return this.hWy.compareTo(hWw) < 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public interface e {
        boolean a(PublicKey publicKey, boolean[] zArr, BCAlgorithmConstraints bCAlgorithmConstraints);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public bm(boolean z, JcaJceHelper jcaJceHelper, KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        this.hSp = z;
        this.hjs = jcaJceHelper;
        this.hWv = a(keyStore, cArr);
    }

    private static String[] A(int... iArr) {
        int length = iArr.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = y.qB(iArr[i]);
        }
        return strArr;
    }

    private static int a(X509Certificate x509Certificate, List<String> list, int i, BCAlgorithmConstraints bCAlgorithmConstraints, boolean z) {
        Map<String, e> map = z ? hWj : hWi;
        PublicKey publicKey = x509Certificate.getPublicKey();
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        for (int i2 = 0; i2 < i; i2++) {
            e eVar = map.get(list.get(i2));
            if (eVar != null && eVar.a(publicKey, keyUsage, bCAlgorithmConstraints)) {
                return i2;
            }
        }
        return -1;
    }

    private String a(List<String> list, Principal[] principalArr, bu buVar, boolean z) {
        d e2 = e(list, principalArr, buVar, z);
        if (e2.compareTo(d.hWx) >= 0) {
            hIJ.fine("No matching key found");
            return null;
        }
        String str = list.get(e2.hWq);
        String a2 = a(e2);
        Logger logger = hIJ;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Found matching key of type: " + str + ", returning alias: " + a2);
        }
        return a2;
    }

    private static String a(d dVar) {
        return dVar.hWz.gpN;
    }

    private static String a(bu buVar, boolean z) {
        BCExtendedSSLSession aVc;
        BCSNIHostName ck;
        if (buVar == null || !z || (aVc = buVar.aVc()) == null || (ck = y.ck(aVc.getRequestedServerNames())) == null) {
            return null;
        }
        return ck.getAsciiName();
    }

    private static List<d> a(List<d> list, d dVar) {
        if (list == null) {
            list = new ArrayList<>();
        }
        list.add(dVar);
        return list;
    }

    private static Map<String, a> a(KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        PrivateKey privateKey;
        HashMap hashMap = new HashMap(4);
        if (keyStore != null) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.entryInstanceOf(nextElement, KeyStore.PrivateKeyEntry.class) && (privateKey = (PrivateKey) keyStore.getKey(nextElement, cArr)) != null) {
                    X509Certificate[] a2 = y.a(keyStore.getCertificateChain(nextElement));
                    if (!TlsUtils.isNullOrEmpty(a2)) {
                        hashMap.put(nextElement, new a(nextElement, privateKey, a2));
                    }
                }
            }
        }
        return Collections.unmodifiableMap(hashMap);
    }

    private static Set<Principal> a(Principal[] principalArr) {
        if (principalArr == null) {
            return null;
        }
        if (principalArr.length > 0) {
            HashSet hashSet = new HashSet();
            for (Principal principal : principalArr) {
                if (principal != null) {
                    hashSet.add(principal);
                }
            }
            if (!hashSet.isEmpty()) {
                return Collections.unmodifiableSet(hashSet);
            }
        }
        return Collections.emptySet();
    }

    private BCX509Key a(String str, a aVar) {
        if (aVar == null) {
            return null;
        }
        return new bk(str, aVar.privateKey, aVar.hWe);
    }

    private d a(a aVar, List<String> list, int i, Set<Principal> set, BCAlgorithmConstraints bCAlgorithmConstraints, boolean z, Date date, String str) {
        int a2;
        X509Certificate[] x509CertificateArr = aVar.hWe;
        if (!TlsUtils.isNullOrEmpty(x509CertificateArr) && a(x509CertificateArr, set) && (a2 = a(x509CertificateArr[0], list, i, bCAlgorithmConstraints, z)) >= 0) {
            String str2 = list.get(a2);
            Logger logger = hIJ;
            logger.finer("EE cert potentially usable for key type: " + str2);
            if (a(x509CertificateArr, bCAlgorithmConstraints, z)) {
                return new d(b(x509CertificateArr[0], date, str), a2, aVar);
            }
            logger.finer("Unsuitable chain for key type: " + str2);
        }
        return d.hWx;
    }

    private static void a(Map<String, e> map, int i) {
        ASN1ObjectIdentifier oid;
        if (!NamedGroup.canBeNegotiated(i, ProtocolVersion.TLSv13)) {
            throw new IllegalStateException("Invalid named group for TLS 1.3 EC filter");
        }
        String curveName = NamedGroup.getCurveName(i);
        if (curveName == null || (oid = ECNamedCurveTable.getOID(curveName)) == null) {
            hIJ.warning("Failed to register public key filter for EC with " + NamedGroup.getText(i));
        } else {
            a(map, y.R("EC", i), new c(oid));
        }
    }

    private static void a(Map<String, e> map, int i, String str, Class<? extends PublicKey> cls, int... iArr) {
        a(map, i, str, cls, A(iArr));
    }

    private static void a(Map<String, e> map, int i, String str, Class<? extends PublicKey> cls, String... strArr) {
        b bVar = new b(str, cls, i);
        for (String str2 : strArr) {
            a(map, str2, bVar);
        }
    }

    private static void a(Map<String, e> map, int i, String str, int... iArr) {
        a(map, i, str, (Class<? extends PublicKey>) null, iArr);
    }

    private static void a(Map<String, e> map, Class<? extends PublicKey> cls, int... iArr) {
        a(map, 0, (String) null, cls, iArr);
    }

    private static void a(Map<String, e> map, Class<? extends PublicKey> cls, String... strArr) {
        a(map, 0, (String) null, cls, strArr);
    }

    private static void a(Map<String, e> map, String str, e eVar) {
        if (map.put(str, eVar) != null) {
            throw new IllegalStateException("Duplicate keys in filters");
        }
    }

    private static void a(Map<String, e> map, String str, int... iArr) {
        a(map, 0, str, iArr);
    }

    private static boolean a(X509Certificate[] x509CertificateArr, Set<Principal> set) {
        if (set == null || set.isEmpty()) {
            return true;
        }
        int length = x509CertificateArr.length;
        do {
            length--;
            if (length < 0) {
                X509Certificate x509Certificate = x509CertificateArr[0];
                return x509Certificate.getBasicConstraints() >= 0 && set.contains(x509Certificate.getSubjectX500Principal());
            }
        } while (!set.contains(x509CertificateArr[length].getIssuerX500Principal()));
        return true;
    }

    private boolean a(X509Certificate[] x509CertificateArr, BCAlgorithmConstraints bCAlgorithmConstraints, boolean z) {
        try {
            ag.a(this.hSp, this.hjs, bCAlgorithmConstraints, Collections.emptySet(), x509CertificateArr, bl.ds(z), -1);
            return true;
        } catch (CertPathValidatorException e2) {
            hIJ.log(Level.FINEST, "Certificate chain check failed", (Throwable) e2);
            return false;
        }
    }

    private static Map<String, e> aUM() {
        HashMap hashMap = new HashMap();
        d(hashMap, EdDSAParameterSpec.Ed25519);
        d(hashMap, EdDSAParameterSpec.Ed448);
        a(hashMap, 31);
        a(hashMap, 32);
        a(hashMap, 33);
        a(hashMap, 23);
        a(hashMap, 24);
        a(hashMap, 25);
        d(hashMap, "RSA");
        d(hashMap, "RSASSA-PSS");
        a(hashMap, (Class<? extends PublicKey>) DSAPublicKey.class, "DSA");
        a(hashMap, (Class<? extends PublicKey>) ECPublicKey.class, "EC");
        return Collections.unmodifiableMap(hashMap);
    }

    private static Map<String, e> aUN() {
        HashMap hashMap = new HashMap();
        d(hashMap, EdDSAParameterSpec.Ed25519);
        d(hashMap, EdDSAParameterSpec.Ed448);
        a(hashMap, 31);
        a(hashMap, 32);
        a(hashMap, 33);
        a(hashMap, 23);
        a(hashMap, 24);
        a(hashMap, 25);
        d(hashMap, "RSA");
        d(hashMap, "RSASSA-PSS");
        a(hashMap, (Class<? extends PublicKey>) DSAPublicKey.class, 3, 22);
        a(hashMap, (Class<? extends PublicKey>) ECPublicKey.class, 17);
        a(hashMap, "RSA", 5, 19, 23);
        a(hashMap, 2, "RSA", 1);
        return Collections.unmodifiableMap(hashMap);
    }

    private BCX509Key b(List<String> list, Principal[] principalArr, bu buVar, boolean z) {
        String str;
        BCX509Key a2;
        d e2 = e(list, principalArr, buVar, z);
        if (e2.compareTo(d.hWx) >= 0 || (a2 = a((str = list.get(e2.hWq)), e2.hWz)) == null) {
            hIJ.fine("No matching key found");
            return null;
        }
        Logger logger = hIJ;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Found matching key of type: " + str + ", from alias: " + a(e2));
        }
        return a2;
    }

    private static d.a b(X509Certificate x509Certificate, Date date, String str) {
        try {
            x509Certificate.checkValidity(date);
            if (str != null) {
                try {
                    bn.a(str, x509Certificate, "HTTPS");
                } catch (CertificateException unused) {
                    return d.a.MISMATCH_SNI;
                }
            }
            if ("RSA".equalsIgnoreCase(y.f(x509Certificate.getPublicKey()))) {
                boolean[] keyUsage = x509Certificate.getKeyUsage();
                if (ag.a(keyUsage, 0) && ag.a(keyUsage, 2)) {
                    return d.a.RSA_MULTI_USE;
                }
            }
            return d.a.OK;
        } catch (CertificateException unused2) {
            return d.a.EXPIRED;
        }
    }

    private String[] c(List<String> list, Principal[] principalArr, bu buVar, boolean z) {
        if (this.hWv.isEmpty() || list.isEmpty()) {
            return null;
        }
        int size = list.size();
        Set<Principal> a2 = a(principalArr);
        BCAlgorithmConstraints b2 = bu.b(buVar, true);
        Date date = new Date();
        String a3 = a(buVar, z);
        Iterator<a> it = this.hWv.values().iterator();
        List<d> list2 = null;
        while (it.hasNext()) {
            List<d> list3 = list2;
            d a4 = a(it.next(), list, size, a2, b2, z, date, a3);
            list2 = a4.compareTo(d.hWx) < 0 ? a(list3, a4) : list3;
        }
        List<d> list4 = list2;
        if (list4 == null || list4.isEmpty()) {
            return null;
        }
        Collections.sort(list4);
        return cq(list4);
    }

    private static String[] cq(List<d> list) {
        String[] strArr = new String[list.size()];
        Iterator<d> it = list.iterator();
        int i = 0;
        while (it.hasNext()) {
            strArr[i] = a(it.next());
            i++;
        }
        return strArr;
    }

    private static void d(Map<String, e> map, String str) {
        a(map, 0, str, (Class<? extends PublicKey>) null, str);
    }

    private d e(List<String> list, Principal[] principalArr, bu buVar, boolean z) {
        boolean z2;
        d dVar = d.hWx;
        if (this.hWv.isEmpty() || list.isEmpty()) {
            return dVar;
        }
        int size = list.size();
        Set<Principal> a2 = a(principalArr);
        BCAlgorithmConstraints b2 = bu.b(buVar, true);
        Date date = new Date();
        String a3 = a(buVar, z);
        Iterator<a> it = this.hWv.values().iterator();
        d dVar2 = dVar;
        int i = size;
        while (it.hasNext()) {
            int i2 = i;
            d dVar3 = dVar2;
            dVar2 = a(it.next(), list, i, a2, b2, z, date, a3);
            if (dVar2.compareTo(dVar3) >= 0) {
                z2 = true;
                i = i2;
                dVar2 = dVar3;
            } else {
                if (dVar2.aUP()) {
                    return dVar2;
                }
                if (dVar2.isValid()) {
                    z2 = true;
                    i = Math.min(i2, dVar2.hWq + 1);
                } else {
                    z2 = true;
                    i = i2;
                }
            }
        }
        return dVar2;
    }

    private a kB(String str) {
        if (str == null) {
            return null;
        }
        return this.hWv.get(str);
    }

    private static List<String> w(String... strArr) {
        if (strArr == null || strArr.length <= 0) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (str == null) {
                throw new IllegalArgumentException("Key types cannot be null");
            }
            if (!arrayList.contains(str)) {
                arrayList.add(str);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return a(w(strArr), principalArr, bu.d(socket), false);
    }

    @Override // org.bouncycastle.jsse.BCX509ExtendedKeyManager
    public BCX509Key chooseClientKeyBC(String[] strArr, Principal[] principalArr, Socket socket) {
        return b(w(strArr), principalArr, bu.d(socket), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return a(w(strArr), principalArr, bu.c(sSLEngine), false);
    }

    @Override // org.bouncycastle.jsse.BCX509ExtendedKeyManager
    public BCX509Key chooseEngineClientKeyBC(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return b(w(strArr), principalArr, bu.c(sSLEngine), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return a(w(str), principalArr, bu.c(sSLEngine), true);
    }

    @Override // org.bouncycastle.jsse.BCX509ExtendedKeyManager
    public BCX509Key chooseEngineServerKeyBC(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return b(w(strArr), principalArr, bu.c(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return a(w(str), principalArr, bu.d(socket), true);
    }

    @Override // org.bouncycastle.jsse.BCX509ExtendedKeyManager
    public BCX509Key chooseServerKeyBC(String[] strArr, Principal[] principalArr, Socket socket) {
        return b(w(strArr), principalArr, bu.d(socket), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        a kB = kB(str);
        if (kB == null) {
            return null;
        }
        return (X509Certificate[]) kB.hWe.clone();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return c(w(str), principalArr, null, false);
    }

    @Override // org.bouncycastle.jsse.BCX509ExtendedKeyManager
    protected BCX509Key getKeyBC(String str, String str2) {
        return a(str, kB(str2));
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        a kB = kB(str);
        if (kB == null) {
            return null;
        }
        return kB.privateKey;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return c(w(str), principalArr, null, true);
    }
}
