package com.sap.cloud.mobile.foundation.authentication;

import android.app.Activity;
import android.security.KeyChain;
import android.security.KeyChainAliasCallback;
import android.security.KeyChainException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.concurrent.Semaphore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class SystemCertificateProvider implements CertificateProvider {
    private static Logger sLogger = LoggerFactory.getLogger((Class<?>) SystemCertificateProvider.class);
    final AliasStore aliasStore;
    private final Semaphore semaphore;

    /* loaded from: classes3.dex */
    public interface AliasStore {
        void clear();

        String getAlias(String str, int i);

        void saveAlias(String str, int i, String str2);
    }

    public SystemCertificateProvider() {
        this.semaphore = new Semaphore(1);
        this.aliasStore = null;
    }

    public SystemCertificateProvider(AliasStore aliasStore) {
        this.semaphore = new Semaphore(1);
        this.aliasStore = aliasStore;
    }

    private void chooseKeyChainAlias(final CertificateRequest certificateRequest) {
        if (!AuthenticationUiCallbackManager.allowShowingUiToAuthenticate()) {
            sLogger.debug("AuthenticationUiCallback did not allow showing UI to authenticate the user.");
            ignore(certificateRequest);
        } else {
            if (!AppLifecycleCallbackHandler.getInstance().isInForeground()) {
                sLogger.debug("Application is not in foreground; cannot show certificate picker UI.");
                ignore(certificateRequest);
                return;
            }
            final Activity activity = AppLifecycleCallbackHandler.getInstance().getActivity();
            if (activity != null) {
                KeyChain.choosePrivateKeyAlias(activity, new KeyChainAliasCallback() { // from class: com.sap.cloud.mobile.foundation.authentication.SystemCertificateProvider.1
                    @Override // android.security.KeyChainAliasCallback
                    public void alias(String str) {
                        if (str == null) {
                            SystemCertificateProvider.this.ignore(certificateRequest);
                            return;
                        }
                        try {
                            PrivateKey privateKey = KeyChain.getPrivateKey(activity, str);
                            X509Certificate[] certificateChain = KeyChain.getCertificateChain(activity, str);
                            if (SystemCertificateProvider.this.aliasStore != null) {
                                SystemCertificateProvider.this.aliasStore.saveAlias(certificateRequest.getHost(), certificateRequest.getPort(), str);
                            }
                            SystemCertificateProvider.this.proceed(certificateRequest, privateKey, certificateChain);
                        } catch (KeyChainException e) {
                            SystemCertificateProvider.sLogger.error("Error while getting keychain alias", (Throwable) e);
                            SystemCertificateProvider.this.ignore(certificateRequest);
                        } catch (InterruptedException e2) {
                            Thread.currentThread().interrupt();
                            SystemCertificateProvider.sLogger.error("Error while getting keychain alias", (Throwable) e2);
                            SystemCertificateProvider.this.ignore(certificateRequest);
                        }
                    }
                }, certificateRequest.getKeyTypes(), certificateRequest.getPrincipals(), certificateRequest.getHost(), certificateRequest.getPort(), null);
            } else {
                sLogger.error("No activity available for performing keychain lookup");
                ignore(certificateRequest);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void ignore(CertificateRequest certificateRequest) {
        sLogger.debug("Ignoring certificate request");
        certificateRequest.ignore();
        this.semaphore.release();
    }

    private void lookupKeyChainAlias(CertificateRequest certificateRequest, String str) {
        Activity activity = AppLifecycleCallbackHandler.getInstance().getActivity();
        if (activity == null) {
            sLogger.error("No activity available for performing keychain lookup");
            ignore(certificateRequest);
            return;
        }
        try {
            proceed(certificateRequest, KeyChain.getPrivateKey(activity, str), KeyChain.getCertificateChain(activity, str));
        } catch (KeyChainException e) {
            sLogger.error("Error while looking up key chain alias", (Throwable) e);
            if (this.aliasStore != null) {
                clear(certificateRequest.getHost(), certificateRequest.getPort());
            }
            chooseKeyChainAlias(certificateRequest);
        } catch (InterruptedException e2) {
            sLogger.error("Interrupted while waiting for certificate chain", (Throwable) e2);
            Thread.currentThread().interrupt();
            ignore(certificateRequest);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void proceed(CertificateRequest certificateRequest, PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
        sLogger.debug("Proceeding with certificate");
        certificateRequest.proceed(privateKey, x509CertificateArr);
        this.semaphore.release();
    }

    @Override // com.sap.cloud.mobile.foundation.authentication.CertificateProvider
    public void clear() {
        AliasStore aliasStore = this.aliasStore;
        if (aliasStore != null) {
            aliasStore.clear();
        }
    }

    @Override // com.sap.cloud.mobile.foundation.authentication.CertificateProvider
    public void clear(String str, int i) {
        AliasStore aliasStore = this.aliasStore;
        if (aliasStore != null) {
            aliasStore.saveAlias(str, i, null);
        }
    }

    @Override // com.sap.cloud.mobile.foundation.authentication.CertificateProvider
    public void onCertificateRequest(CertificateRequest certificateRequest) {
        try {
            this.semaphore.acquire();
        } catch (InterruptedException e) {
            sLogger.error("Unable to handle certificate request", (Throwable) e);
            Thread.currentThread().interrupt();
            certificateRequest.ignore();
        }
        AliasStore aliasStore = this.aliasStore;
        String alias = aliasStore != null ? aliasStore.getAlias(certificateRequest.getHost(), certificateRequest.getPort()) : null;
        if (alias != null) {
            lookupKeyChainAlias(certificateRequest, alias);
        } else {
            chooseKeyChainAlias(certificateRequest);
        }
    }
}
