package com.citrix.cck.jsse.keystore;

import android.content.Context;
import android.security.KeyChain;
import com.citrix.cck.CCK;
import com.citrix.cck.Debug;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;

/* loaded from: classes3.dex */
public class CitrixKeyChain {

    /* renamed from: a, reason: collision with root package name */
    private static Context f2628a;
    private static String b;

    private CitrixKeyChain() {
    }

    public static CitrixKeyChainIdentity getIdentity() {
        Debug.logd("CitrixKeyChain.getIdentity -- (selected alias=[%s])", b);
        Context context = f2628a;
        if (context == null) {
            Debug.loge("No Android Application context provided!");
            return null;
        }
        String str = b;
        if (str == null) {
            Debug.logd("No identity alias provided. Ignoring keychain");
            return null;
        }
        try {
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(context, str);
            if (certificateChain != null && certificateChain.length != 0) {
                Debug.logd("Got identity chain (%d certs)", Integer.valueOf(certificateChain.length));
                for (int i = 0; i < certificateChain.length; i++) {
                    Debug.logd("cert[%d] %s  issued by %s", Integer.valueOf(i), certificateChain[i].getSubjectDN().getName(), certificateChain[i].getIssuerX500Principal().getName());
                }
                PrivateKey privateKey = KeyChain.getPrivateKey(f2628a, str);
                if (privateKey == null) {
                    Debug.logd("Identity without private key. Ignoring keychain");
                    return null;
                }
                Debug.logd("Got private key");
                try {
                    return new CitrixKeyChainIdentity(certificateChain[0].getEncoded(), privateKey);
                } catch (CertificateEncodingException e) {
                    Debug.loge("Identity with invalid certificate: " + e.getMessage());
                    Debug.logd("returned null");
                    return null;
                }
            }
            Debug.logd("Identity without certificates. Ignoring keychain");
            return null;
        } catch (Exception e2) {
            Debug.loge("Unexpected exception in KeyChain.getIdentity: " + e2.getMessage());
            Debug.logd("returned null");
            return null;
        }
    }

    public static String getIdentityAlias() {
        return b;
    }

    public static synchronized void prepareForUse(Context context, String str) {
        synchronized (CitrixKeyChain.class) {
            if (CCK.isDebugEnabled()) {
                Debug.logd("calling CCK.setupAndroidKeyChain");
            }
            f2628a = context;
            setIdentityAlias(str);
        }
    }

    public static void setIdentityAlias(String str) {
        b = str;
    }

    public static byte[] sign(byte[] bArr, PrivateKey privateKey) {
        Debug.logd("CitrixKeyChain.sign (signing %d bytes)", Integer.valueOf(bArr.length));
        if (privateKey == null) {
            Debug.loge("No private key provided");
            return null;
        }
        Debug.logw("CitrixKeyChain.sign: Using algorithm \"%s\" from provider \"%s\"", "NONEwithRSA", "AndroidKeyStoreBCWorkaround");
        try {
            Debug.logd("Signing using algo '%s' and key '%s'", "NONEwithRSA", privateKey);
            Signature signature = Signature.getInstance("NONEwithRSA", "AndroidKeyStoreBCWorkaround");
            signature.initSign(privateKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            Debug.logd("Returning %d bytes", Integer.valueOf(sign.length));
            return sign;
        } catch (InvalidKeyException e) {
            e = e;
            Debug.loge(e);
            return new byte[0];
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            Debug.loge(e);
            return new byte[0];
        } catch (NoSuchProviderException e3) {
            e = e3;
            Debug.logd("Could not locate Purebred provider (%s) to sign with non-exportable private key", "AndroidKeyStoreBCWorkaround");
            Debug.loge(e);
            return new byte[0];
        } catch (SignatureException e4) {
            e = e4;
            Debug.loge(e);
            return new byte[0];
        }
    }
}
