package org.mozilla.gecko;

import android.security.KeyChain;
import android.security.KeyChainException;
import java.lang.reflect.Array;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.mozilla.gecko.annotation.WrapForJNI;
import org.mozilla.gecko.mozglue.JNIObject;
import pl.C5173m;

/* loaded from: classes3.dex */
public class ClientAuthCertificateManager {

    /* renamed from: b, reason: collision with root package name */
    public static ClientAuthCertificateManager f51310b;

    /* renamed from: a, reason: collision with root package name */
    public final ArrayList<ClientAuthCertificate> f51311a = new ArrayList<>();

    /* loaded from: classes3.dex */
    public static class ClientAuthCertificate extends JNIObject {
        private static final String LOGTAG = "ClientAuthCertificate";
        private static int sECKey = 3;
        private static int sRSAKey = 2;
        private String mAlias;
        private byte[] mCertificateBytes;
        private byte[][] mIssuersBytes;
        private byte[] mKeyParameters;
        private int mType;

        public ClientAuthCertificate(String str, X509Certificate[] x509CertificateArr) {
            this.mAlias = str;
            ArrayList arrayList = new ArrayList();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (this.mCertificateBytes == null) {
                    try {
                        this.mCertificateBytes = x509Certificate.getEncoded();
                    } catch (CertificateEncodingException e7) {
                        C5173m.g(LOGTAG, "getEncoded() failed", e7);
                        throw new Exception("couldn't get certificate bytes");
                    }
                } else {
                    try {
                        arrayList.add(x509Certificate.getEncoded());
                    } catch (CertificateEncodingException e8) {
                        C5173m.g(LOGTAG, "getEncoded() failed", e8);
                    }
                }
            }
            this.mIssuersBytes = (byte[][]) arrayList.toArray((byte[][]) Array.newInstance((Class<?>) Byte.TYPE, 0, 0));
            PublicKey publicKey = x509CertificateArr[0].getPublicKey();
            if (publicKey instanceof RSAPublicKey) {
                this.mKeyParameters = ((RSAPublicKey) publicKey).getModulus().toByteArray();
                this.mType = sRSAKey;
            } else {
                if (!(publicKey instanceof ECPublicKey)) {
                    throw new Exception("unsupported key type");
                }
                this.mKeyParameters = publicKey.getEncoded();
                this.mType = sECKey;
            }
        }

        @WrapForJNI
        private byte[] getKeyParameters() {
            return this.mKeyParameters;
        }

        @WrapForJNI
        private int getType() {
            return this.mType;
        }

        @Override // org.mozilla.gecko.mozglue.JNIObject
        @WrapForJNI
        public native void disposeNative();

        @WrapForJNI
        public byte[] getCertificateBytes() {
            return this.mCertificateBytes;
        }

        @WrapForJNI
        public byte[][] getIssuersBytes() {
            return this.mIssuersBytes;
        }
    }

    /* loaded from: classes3.dex */
    public static class a extends Exception {
    }

    public static ClientAuthCertificateManager a() {
        ClientAuthCertificateManager clientAuthCertificateManager;
        synchronized (ClientAuthCertificateManager.class) {
            try {
                if (f51310b == null) {
                    f51310b = new ClientAuthCertificateManager();
                }
                clientAuthCertificateManager = f51310b;
            } catch (Throwable th2) {
                throw th2;
            }
        }
        return clientAuthCertificateManager;
    }

    @WrapForJNI
    private static byte[] getCertificateFromAlias(String str) {
        ClientAuthCertificate clientAuthCertificate;
        ClientAuthCertificateManager a10 = a();
        synchronized (a10) {
            Iterator<ClientAuthCertificate> it = a10.f51311a.iterator();
            while (true) {
                if (!it.hasNext()) {
                    clientAuthCertificate = null;
                    break;
                }
                clientAuthCertificate = it.next();
                if (clientAuthCertificate.mAlias.equals(str)) {
                    break;
                }
            }
            if (clientAuthCertificate != null) {
                return clientAuthCertificate.getCertificateBytes();
            }
            try {
                X509Certificate[] certificateChain = KeyChain.getCertificateChain(GeckoAppShell.getApplicationContext(), str);
                if (certificateChain == null || certificateChain.length < 1) {
                    return null;
                }
                try {
                    ClientAuthCertificate clientAuthCertificate2 = new ClientAuthCertificate(str, certificateChain);
                    a10.f51311a.add(clientAuthCertificate2);
                    return clientAuthCertificate2.getCertificateBytes();
                } catch (a e7) {
                    C5173m.g("ClientAuthCertManager", "unsuitable certificate", e7);
                    return null;
                }
            } catch (KeyChainException e8) {
                e = e8;
                C5173m.g("ClientAuthCertManager", "getCertificateChain failed", e);
                return null;
            } catch (InterruptedException e10) {
                e = e10;
                C5173m.g("ClientAuthCertManager", "getCertificateChain failed", e);
                return null;
            }
        }
    }

    @WrapForJNI
    private static byte[][] getCertificateIssuersBytes(byte[] bArr) {
        ClientAuthCertificate clientAuthCertificate;
        ClientAuthCertificateManager a10 = a();
        synchronized (a10) {
            try {
                Iterator<ClientAuthCertificate> it = a10.f51311a.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        clientAuthCertificate = null;
                        break;
                    }
                    clientAuthCertificate = it.next();
                    if (Arrays.equals(clientAuthCertificate.getCertificateBytes(), bArr)) {
                    }
                }
                if (clientAuthCertificate == null) {
                    return null;
                }
                return clientAuthCertificate.getIssuersBytes();
            } finally {
            }
        }
    }

    @WrapForJNI
    private static ClientAuthCertificate[] getClientAuthCertificates() {
        ClientAuthCertificate[] clientAuthCertificateArr;
        ClientAuthCertificateManager a10 = a();
        synchronized (a10) {
            clientAuthCertificateArr = (ClientAuthCertificate[]) a10.f51311a.toArray(new ClientAuthCertificate[0]);
        }
        return clientAuthCertificateArr;
    }

    @WrapForJNI
    private static byte[] sign(byte[] bArr, byte[] bArr2, String str) {
        ClientAuthCertificate clientAuthCertificate;
        ClientAuthCertificateManager a10 = a();
        synchronized (a10) {
            Iterator<ClientAuthCertificate> it = a10.f51311a.iterator();
            while (true) {
                if (!it.hasNext()) {
                    clientAuthCertificate = null;
                    break;
                }
                clientAuthCertificate = it.next();
                if (Arrays.equals(clientAuthCertificate.getCertificateBytes(), bArr)) {
                    break;
                }
            }
            if (clientAuthCertificate == null) {
                return null;
            }
            try {
                PrivateKey privateKey = KeyChain.getPrivateKey(GeckoAppShell.getApplicationContext(), clientAuthCertificate.mAlias);
                if (privateKey == null) {
                    C5173m.f("ClientAuthCertManager", "couldn't get private key");
                    return null;
                }
                if (str.equals("raw")) {
                    try {
                        Cipher cipher = Cipher.getInstance("RSA/None/NoPadding");
                        try {
                            cipher.init(1, privateKey);
                        } catch (InvalidKeyException e7) {
                            C5173m.g("ClientAuthCertManager", "init failed", e7);
                        }
                        try {
                            return cipher.doFinal(bArr2);
                        } catch (BadPaddingException e8) {
                            e = e8;
                            C5173m.g("ClientAuthCertManager", "doFinal failed", e);
                            return null;
                        } catch (IllegalBlockSizeException e10) {
                            e = e10;
                            C5173m.g("ClientAuthCertManager", "doFinal failed", e);
                            return null;
                        }
                    } catch (NoSuchAlgorithmException e11) {
                        e = e11;
                        C5173m.g("ClientAuthCertManager", "getInstance failed", e);
                        return null;
                    } catch (NoSuchPaddingException e12) {
                        e = e12;
                        C5173m.g("ClientAuthCertManager", "getInstance failed", e);
                        return null;
                    }
                }
                if (!str.equals("NoneWithRSA") && !str.equals("NoneWithECDSA")) {
                    C5173m.f("ClientAuthCertManager", "given unexpected algorithm ".concat(str));
                    return null;
                }
                try {
                    Signature signature = Signature.getInstance(str);
                    try {
                        signature.initSign(privateKey);
                        try {
                            signature.update(bArr2);
                            try {
                                return signature.sign();
                            } catch (SignatureException e13) {
                                C5173m.g("ClientAuthCertManager", "sign failed", e13);
                                return null;
                            }
                        } catch (SignatureException e14) {
                            C5173m.g("ClientAuthCertManager", "update failed", e14);
                        }
                    } catch (InvalidKeyException e15) {
                        C5173m.g("ClientAuthCertManager", "initSign failed", e15);
                    }
                } catch (NoSuchAlgorithmException e16) {
                    C5173m.g("ClientAuthCertManager", "getInstance failed", e16);
                }
            } catch (KeyChainException e17) {
                e = e17;
                C5173m.g("ClientAuthCertManager", "getPrivateKey failed", e);
                return null;
            } catch (InterruptedException e18) {
                e = e18;
                C5173m.g("ClientAuthCertManager", "getPrivateKey failed", e);
                return null;
            }
        }
    }
}
