package com.sap.cloud.mobile.foundation.authentication;

import android.util.Pair;
import com.sap.cloud.mobile.foundation.authentication.SystemCertificateProvider;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.concurrent.CountDownLatch;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes7.dex */
public class SslClientAuth {
    private final CertificateProvider certificateProvider;
    private final DelegatingKeyManager keyManager;
    private final SSLSocketFactory socketFactory;
    private final X509TrustManager trustManager;

    /* loaded from: classes7.dex */
    private static class DelegatingKeyManager extends X509ExtendedKeyManager {
        private final HashMap<String, Pair<PrivateKey, X509Certificate[]>> authCache = new HashMap<>();
        private final CertificateProvider provider;

        public DelegatingKeyManager(CertificateProvider certificateProvider) {
            this.provider = certificateProvider;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getCacheKey(String str, int i) {
            return str + ":" + i;
        }

        private Pair<PrivateKey, X509Certificate[]> requestCertificate(String[] strArr, Principal[] principalArr, String str, int i) {
            final Pair<PrivateKey, X509Certificate[]>[] pairArr = new Pair[1];
            final CountDownLatch countDownLatch = new CountDownLatch(1);
            this.provider.onCertificateRequest(new CertificateRequest(new CertificateRequestCallback() { // from class: com.sap.cloud.mobile.foundation.authentication.SslClientAuth.DelegatingKeyManager.1
                @Override // com.sap.cloud.mobile.foundation.authentication.CertificateRequestCallback
                public void ignore() {
                    countDownLatch.countDown();
                }

                @Override // com.sap.cloud.mobile.foundation.authentication.CertificateRequestCallback
                public void proceed(PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
                    pairArr[0] = Pair.create(privateKey, x509CertificateArr);
                    countDownLatch.countDown();
                }
            }, strArr, principalArr, str, i));
            try {
                countDownLatch.await();
                return pairArr[0];
            } catch (InterruptedException unused) {
                return null;
            }
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            if (socket != null) {
                String hostName = socket.getInetAddress().getHostName();
                int port = socket.getPort();
                String cacheKey = getCacheKey(hostName, port);
                if (this.authCache.containsKey(cacheKey)) {
                    return cacheKey;
                }
                Pair<PrivateKey, X509Certificate[]> requestCertificate = requestCertificate(strArr, principalArr, hostName, port);
                if (requestCertificate != null) {
                    this.authCache.put(cacheKey, requestCertificate);
                    return cacheKey;
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            throw new UnsupportedOperationException();
        }

        public void clear() {
            this.authCache.clear();
        }

        public void clear(String str, int i) {
            this.authCache.remove(getCacheKey(str, i));
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            Pair<PrivateKey, X509Certificate[]> pair = this.authCache.get(str);
            if (pair != null) {
                return (X509Certificate[]) pair.second;
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public final String[] getClientAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            Pair<PrivateKey, X509Certificate[]> pair = this.authCache.get(str);
            if (pair != null) {
                return (PrivateKey) pair.first;
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public final String[] getServerAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException();
        }
    }

    public SslClientAuth(CertificateProvider certificateProvider) {
        this.certificateProvider = certificateProvider;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
                throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
            }
            DelegatingKeyManager delegatingKeyManager = new DelegatingKeyManager(certificateProvider);
            this.keyManager = delegatingKeyManager;
            KeyManager[] keyManagerArr = {delegatingKeyManager};
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagers, new SecureRandom());
            this.socketFactory = sSLContext.getSocketFactory();
            this.trustManager = (X509TrustManager) trustManagers[0];
        } catch (GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }

    public static SslClientAuth system() {
        return new SslClientAuth(new SystemCertificateProvider());
    }

    public static SslClientAuth system(SystemCertificateProvider.AliasStore aliasStore) {
        return new SslClientAuth(new SystemCertificateProvider(aliasStore));
    }

    public void clear() {
        this.keyManager.clear();
        this.certificateProvider.clear();
    }

    public void clear(String str, int i) {
        this.keyManager.clear(str, i);
        this.certificateProvider.clear(str, i);
    }

    public X509Certificate[] getSessionCertificate(String str, int i) {
        DelegatingKeyManager delegatingKeyManager = this.keyManager;
        return delegatingKeyManager.getCertificateChain(delegatingKeyManager.getCacheKey(str, i));
    }

    public PrivateKey getSessionPrivateKey(String str, int i) {
        DelegatingKeyManager delegatingKeyManager = this.keyManager;
        return delegatingKeyManager.getPrivateKey(delegatingKeyManager.getCacheKey(str, i));
    }

    public SSLSocketFactory getSslSocketFactory() {
        return this.socketFactory;
    }

    public X509TrustManager getTrustManager() {
        return this.trustManager;
    }
}
