package org.bouncycastle.jsse.provider;

import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import org.bouncycastle.tls.h3;

/* loaded from: classes3.dex */
public class ProvX509KeyManagerSimple extends pg.j {

    /* renamed from: d, reason: collision with root package name */
    public static final Logger f17928d = Logger.getLogger(ProvX509KeyManagerSimple.class.getName());

    /* renamed from: e, reason: collision with root package name */
    public static final Map<String, d> f17929e = r();

    /* renamed from: f, reason: collision with root package name */
    public static final Map<String, d> f17930f = s();

    /* renamed from: a, reason: collision with root package name */
    public final boolean f17931a;

    /* renamed from: b, reason: collision with root package name */
    public final ng.b f17932b;

    /* renamed from: c, reason: collision with root package name */
    public final Map<String, a> f17933c;

    /* loaded from: classes3.dex */
    public static final class Match implements Comparable<Match> {

        /* renamed from: f, reason: collision with root package name */
        public static final Quality f17934f = Quality.MISMATCH_SNI;

        /* renamed from: g, reason: collision with root package name */
        public static final Match f17935g = new Match(Quality.NONE, Integer.MAX_VALUE, null);

        /* renamed from: c, reason: collision with root package name */
        public final Quality f17936c;

        /* renamed from: d, reason: collision with root package name */
        public final int f17937d;

        /* renamed from: e, reason: collision with root package name */
        public final a f17938e;

        /* loaded from: classes3.dex */
        public enum Quality {
            OK,
            RSA_MULTI_USE,
            MISMATCH_SNI,
            EXPIRED,
            NONE
        }

        public Match(Quality quality, int i10, a aVar) {
            this.f17936c = quality;
            this.f17937d = i10;
            this.f17938e = aVar;
        }

        @Override // java.lang.Comparable
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public int compareTo(Match match) {
            int compare = Boolean.compare(match.d(), d());
            if (compare != 0) {
                return compare;
            }
            int compare2 = Integer.compare(this.f17937d, match.f17937d);
            return compare2 == 0 ? this.f17936c.compareTo(match.f17936c) : compare2;
        }

        public boolean c() {
            return Quality.OK == this.f17936c && this.f17937d == 0;
        }

        public boolean d() {
            return this.f17936c.compareTo(f17934f) < 0;
        }
    }

    /* loaded from: classes3.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public final String f17945a;

        /* renamed from: b, reason: collision with root package name */
        public final PrivateKey f17946b;

        /* renamed from: c, reason: collision with root package name */
        public final X509Certificate[] f17947c;

        public a(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
            this.f17945a = str;
            this.f17946b = privateKey;
            this.f17947c = x509CertificateArr;
        }
    }

    /* loaded from: classes3.dex */
    public static final class b implements d {

        /* renamed from: a, reason: collision with root package name */
        public final String f17948a;

        /* renamed from: b, reason: collision with root package name */
        public final Class<? extends PublicKey> f17949b;

        /* renamed from: c, reason: collision with root package name */
        public final int f17950c;

        public b(String str, Class<? extends PublicKey> cls, int i10) {
            this.f17948a = str;
            this.f17949b = cls;
            this.f17950c = i10;
        }

        @Override // org.bouncycastle.jsse.provider.ProvX509KeyManagerSimple.d
        public boolean a(PublicKey publicKey, boolean[] zArr, qg.a aVar) {
            return b(publicKey) && f0.t(publicKey, zArr, this.f17950c, aVar);
        }

        public final boolean b(PublicKey publicKey) {
            Class<? extends PublicKey> cls;
            String str = this.f17948a;
            return (str != null && str.equalsIgnoreCase(y.G(publicKey))) || ((cls = this.f17949b) != null && cls.isInstance(publicKey));
        }
    }

    /* loaded from: classes3.dex */
    public static final class c implements d {

        /* renamed from: a, reason: collision with root package name */
        public final ff.u f17951a;

        public c(ff.u uVar) {
            this.f17951a = uVar;
        }

        @Override // org.bouncycastle.jsse.provider.ProvX509KeyManagerSimple.d
        public boolean a(PublicKey publicKey, boolean[] zArr, qg.a aVar) {
            return b(publicKey) && f0.t(publicKey, zArr, 0, aVar);
        }

        public final boolean b(PublicKey publicKey) {
            if ("EC".equalsIgnoreCase(y.G(publicKey)) || ECPublicKey.class.isInstance(publicKey)) {
                return this.f17951a.u(y.C(publicKey));
            }
            return false;
        }
    }

    /* loaded from: classes3.dex */
    public interface d {
        boolean a(PublicKey publicKey, boolean[] zArr, qg.a aVar);
    }

    public ProvX509KeyManagerSimple(boolean z10, ng.b bVar, KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        this.f17931a = z10;
        this.f17932b = bVar;
        this.f17933c = I(keyStore, cArr);
    }

    public static List<String> A(String... strArr) {
        if (strArr == null || strArr.length <= 0) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (str == null) {
                throw new IllegalArgumentException("Key types cannot be null");
            }
            if (!arrayList.contains(str)) {
                arrayList.add(str);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    public static String[] B(int... iArr) {
        int length = iArr.length;
        String[] strArr = new String[length];
        for (int i10 = 0; i10 < length; i10++) {
            strArr[i10] = y.z(iArr[i10]);
        }
        return strArr;
    }

    public static String D(p1 p1Var, boolean z10) {
        pg.b e10;
        pg.c H;
        if (p1Var == null || !z10 || (e10 = p1Var.e()) == null || (H = y.H(e10.f())) == null) {
            return null;
        }
        return H.c();
    }

    public static int E(X509Certificate x509Certificate, List<String> list, int i10, qg.a aVar, boolean z10) {
        Map<String, d> map = z10 ? f17930f : f17929e;
        PublicKey publicKey = x509Certificate.getPublicKey();
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        for (int i11 = 0; i11 < i10; i11++) {
            d dVar = map.get(list.get(i11));
            if (dVar != null && dVar.a(publicKey, keyUsage, aVar)) {
                return i11;
            }
        }
        return -1;
    }

    public static Set<Principal> F(Principal[] principalArr) {
        if (principalArr == null) {
            return null;
        }
        if (principalArr.length > 0) {
            HashSet hashSet = new HashSet();
            for (Principal principal : principalArr) {
                if (principal != null) {
                    hashSet.add(principal);
                }
            }
            if (!hashSet.isEmpty()) {
                return Collections.unmodifiableSet(hashSet);
            }
        }
        return Collections.emptySet();
    }

    public static boolean H(X509Certificate[] x509CertificateArr, Set<Principal> set) {
        if (set == null || set.isEmpty()) {
            return true;
        }
        int length = x509CertificateArr.length;
        do {
            length--;
            if (length < 0) {
                X509Certificate x509Certificate = x509CertificateArr[0];
                return x509Certificate.getBasicConstraints() >= 0 && set.contains(x509Certificate.getSubjectX500Principal());
            }
        } while (!set.contains(x509CertificateArr[length].getIssuerX500Principal()));
        return true;
    }

    public static Map<String, a> I(KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        PrivateKey privateKey;
        HashMap hashMap = new HashMap(4);
        if (keyStore != null) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.entryInstanceOf(nextElement, KeyStore.PrivateKeyEntry.class) && (privateKey = (PrivateKey) keyStore.getKey(nextElement, cArr)) != null) {
                    X509Certificate[] P = y.P(keyStore.getCertificateChain(nextElement));
                    if (!h3.n1(P)) {
                        hashMap.put(nextElement, new a(nextElement, privateKey, P));
                    }
                }
            }
        }
        return Collections.unmodifiableMap(hashMap);
    }

    public static void f(Map<String, d> map, int i10) {
        ff.u a10;
        if (!org.bouncycastle.tls.p0.a(i10, org.bouncycastle.tls.v0.f18664g)) {
            throw new IllegalStateException("Invalid named group for TLS 1.3 EC filter");
        }
        String c10 = org.bouncycastle.tls.p0.c(i10);
        if (c10 != null && (a10 = ag.a.a(c10)) != null) {
            n(map, y.x("EC", i10), new c(a10));
            return;
        }
        f17928d.warning("Failed to register public key filter for EC with " + org.bouncycastle.tls.p0.h(i10));
    }

    public static void g(Map<String, d> map, int i10, String str, Class<? extends PublicKey> cls, String... strArr) {
        b bVar = new b(str, cls, i10);
        for (String str2 : strArr) {
            n(map, str2, bVar);
        }
    }

    public static void h(Map<String, d> map, Class<? extends PublicKey> cls, String... strArr) {
        g(map, 0, null, cls, strArr);
    }

    public static void i(Map<String, d> map, String str) {
        g(map, 0, str, null, str);
    }

    public static void j(Map<String, d> map, int i10, String str, Class<? extends PublicKey> cls, int... iArr) {
        g(map, i10, str, cls, B(iArr));
    }

    public static void k(Map<String, d> map, int i10, String str, int... iArr) {
        j(map, i10, str, null, iArr);
    }

    public static void l(Map<String, d> map, Class<? extends PublicKey> cls, int... iArr) {
        j(map, 0, null, cls, iArr);
    }

    public static void m(Map<String, d> map, String str, int... iArr) {
        k(map, 0, str, iArr);
    }

    public static void n(Map<String, d> map, String str, d dVar) {
        if (map.put(str, dVar) != null) {
            throw new IllegalStateException("Duplicate keys in filters");
        }
    }

    public static List<Match> o(List<Match> list, Match match) {
        if (list == null) {
            list = new ArrayList<>();
        }
        list.add(match);
        return list;
    }

    public static Map<String, d> r() {
        HashMap hashMap = new HashMap();
        i(hashMap, "Ed25519");
        i(hashMap, "Ed448");
        f(hashMap, 31);
        f(hashMap, 32);
        f(hashMap, 33);
        f(hashMap, 23);
        f(hashMap, 24);
        f(hashMap, 25);
        i(hashMap, "RSA");
        i(hashMap, "RSASSA-PSS");
        h(hashMap, DSAPublicKey.class, "DSA");
        h(hashMap, ECPublicKey.class, "EC");
        return Collections.unmodifiableMap(hashMap);
    }

    public static Map<String, d> s() {
        HashMap hashMap = new HashMap();
        i(hashMap, "Ed25519");
        i(hashMap, "Ed448");
        f(hashMap, 31);
        f(hashMap, 32);
        f(hashMap, 33);
        f(hashMap, 23);
        f(hashMap, 24);
        f(hashMap, 25);
        i(hashMap, "RSA");
        i(hashMap, "RSASSA-PSS");
        l(hashMap, DSAPublicKey.class, 3, 22);
        l(hashMap, ECPublicKey.class, 17);
        m(hashMap, "RSA", 5, 19, 23);
        k(hashMap, 2, "RSA", 1);
        return Collections.unmodifiableMap(hashMap);
    }

    public static String u(Match match) {
        return match.f17938e.f17945a;
    }

    public static String[] v(List<Match> list) {
        String[] strArr = new String[list.size()];
        Iterator<Match> it2 = list.iterator();
        int i10 = 0;
        while (it2.hasNext()) {
            strArr[i10] = u(it2.next());
            i10++;
        }
        return strArr;
    }

    public static Match.Quality y(X509Certificate x509Certificate, Date date, String str) {
        try {
            x509Certificate.checkValidity(date);
            if (str != null) {
                try {
                    j1.i(str, x509Certificate, "HTTPS");
                } catch (CertificateException unused) {
                    return Match.Quality.MISMATCH_SNI;
                }
            }
            if ("RSA".equalsIgnoreCase(y.G(x509Certificate.getPublicKey()))) {
                boolean[] keyUsage = x509Certificate.getKeyUsage();
                if (f0.A(keyUsage, 0) && f0.A(keyUsage, 2)) {
                    return Match.Quality.RSA_MULTI_USE;
                }
            }
            return Match.Quality.OK;
        } catch (CertificateException unused2) {
            return Match.Quality.EXPIRED;
        }
    }

    public final Match C(a aVar, List<String> list, int i10, Set<Principal> set, qg.a aVar2, boolean z10, Date date, String str) {
        int E;
        X509Certificate[] x509CertificateArr = aVar.f17947c;
        if (!h3.n1(x509CertificateArr) && H(x509CertificateArr, set) && (E = E(x509CertificateArr[0], list, i10, aVar2, z10)) >= 0) {
            String str2 = list.get(E);
            Logger logger = f17928d;
            logger.finer("EE cert potentially usable for key type: " + str2);
            if (G(x509CertificateArr, aVar2, z10)) {
                return new Match(y(x509CertificateArr[0], date, str), E, aVar);
            }
            logger.finer("Unsuitable chain for key type: " + str2);
        }
        return Match.f17935g;
    }

    public final boolean G(X509Certificate[] x509CertificateArr, qg.a aVar, boolean z10) {
        try {
            f0.c(this.f17931a, this.f17932b, aVar, Collections.emptySet(), x509CertificateArr, ProvX509KeyManager.F(z10), -1);
            return true;
        } catch (CertPathValidatorException e10) {
            f17928d.log(Level.FINEST, "Certificate chain check failed", (Throwable) e10);
            return false;
        }
    }

    @Override // pg.j
    public pg.l a(String[] strArr, Principal[] principalArr, Socket socket) {
        return q(A(strArr), principalArr, p1.a(socket), false);
    }

    @Override // pg.j
    public pg.l b(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return q(A(strArr), principalArr, p1.b(sSLEngine), false);
    }

    @Override // pg.j
    public pg.l c(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return q(A(strArr), principalArr, p1.b(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return p(A(strArr), principalArr, p1.a(socket), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return p(A(strArr), principalArr, p1.b(sSLEngine), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return p(A(str), principalArr, p1.b(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return p(A(str), principalArr, p1.a(socket), true);
    }

    @Override // pg.j
    public pg.l d(String[] strArr, Principal[] principalArr, Socket socket) {
        return q(A(strArr), principalArr, p1.a(socket), true);
    }

    @Override // pg.j
    public pg.l e(String str, String str2) {
        return t(str, z(str2));
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        a z10 = z(str);
        if (z10 == null) {
            return null;
        }
        return (X509Certificate[]) z10.f17947c.clone();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return w(A(str), principalArr, null, false);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        a z10 = z(str);
        if (z10 == null) {
            return null;
        }
        return z10.f17946b;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return w(A(str), principalArr, null, true);
    }

    public final String p(List<String> list, Principal[] principalArr, p1 p1Var, boolean z10) {
        Match x10 = x(list, principalArr, p1Var, z10);
        if (x10.compareTo(Match.f17935g) >= 0) {
            f17928d.fine("No matching key found");
            return null;
        }
        String str = list.get(x10.f17937d);
        String u10 = u(x10);
        Logger logger = f17928d;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Found matching key of type: " + str + ", returning alias: " + u10);
        }
        return u10;
    }

    public final pg.l q(List<String> list, Principal[] principalArr, p1 p1Var, boolean z10) {
        String str;
        pg.l t10;
        Match x10 = x(list, principalArr, p1Var, z10);
        if (x10.compareTo(Match.f17935g) >= 0 || (t10 = t((str = list.get(x10.f17937d)), x10.f17938e)) == null) {
            f17928d.fine("No matching key found");
            return null;
        }
        Logger logger = f17928d;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Found matching key of type: " + str + ", from alias: " + u(x10));
        }
        return t10;
    }

    public final pg.l t(String str, a aVar) {
        if (aVar == null) {
            return null;
        }
        return new i1(str, aVar.f17946b, aVar.f17947c);
    }

    public final String[] w(List<String> list, Principal[] principalArr, p1 p1Var, boolean z10) {
        if (this.f17933c.isEmpty() || list.isEmpty()) {
            return null;
        }
        int size = list.size();
        Set<Principal> F = F(principalArr);
        qg.a c10 = p1.c(p1Var, true);
        Date date = new Date();
        String D = D(p1Var, z10);
        Iterator<a> it2 = this.f17933c.values().iterator();
        List<Match> list2 = null;
        while (it2.hasNext()) {
            List<Match> list3 = list2;
            Match C = C(it2.next(), list, size, F, c10, z10, date, D);
            list2 = C.compareTo(Match.f17935g) < 0 ? o(list3, C) : list3;
        }
        List<Match> list4 = list2;
        if (list4 == null || list4.isEmpty()) {
            return null;
        }
        Collections.sort(list4);
        return v(list4);
    }

    public final Match x(List<String> list, Principal[] principalArr, p1 p1Var, boolean z10) {
        boolean z11;
        Match match = Match.f17935g;
        if (this.f17933c.isEmpty() || list.isEmpty()) {
            return match;
        }
        int size = list.size();
        Set<Principal> F = F(principalArr);
        qg.a c10 = p1.c(p1Var, true);
        Date date = new Date();
        String D = D(p1Var, z10);
        Iterator<a> it2 = this.f17933c.values().iterator();
        Match match2 = match;
        int i10 = size;
        while (it2.hasNext()) {
            int i11 = i10;
            Match match3 = match2;
            match2 = C(it2.next(), list, i10, F, c10, z10, date, D);
            if (match2.compareTo(match3) >= 0) {
                z11 = true;
                i10 = i11;
                match2 = match3;
            } else {
                if (match2.c()) {
                    return match2;
                }
                if (match2.d()) {
                    z11 = true;
                    i10 = Math.min(i11, match2.f17937d + 1);
                } else {
                    z11 = true;
                    i10 = i11;
                }
            }
        }
        return match2;
    }

    public final a z(String str) {
        if (str == null) {
            return null;
        }
        return this.f17933c.get(str);
    }
}
