package org.mozilla.gecko;

import android.security.KeyChain;
import android.security.KeyChainException;
import android.util.Log;
import java.lang.reflect.Array;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.mozilla.gecko.annotation.WrapForJNI;
import org.mozilla.gecko.mozglue.JNIObject;

/* loaded from: classes5.dex */
public class ClientAuthCertificateManager {
    private static final String LOGTAG = "ClientAuthCertManager";
    private static ClientAuthCertificateManager sClientAuthCertificateManager;
    private final ArrayList<ClientAuthCertificate> mCertificates = new ArrayList<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes5.dex */
    public static class ClientAuthCertificate extends JNIObject {
        private static final String LOGTAG = "ClientAuthCertificate";
        private static int sECKey = 3;
        private static int sRSAKey = 2;
        private String mAlias;
        private byte[] mCertificateBytes;
        private byte[][] mIssuersBytes;
        private byte[] mKeyParameters;
        private int mType;

        ClientAuthCertificate(String str, X509Certificate[] x509CertificateArr) throws UnsuitableCertificateException {
            this.mAlias = str;
            ArrayList arrayList = new ArrayList();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (this.mCertificateBytes == null) {
                    try {
                        this.mCertificateBytes = x509Certificate.getEncoded();
                    } catch (CertificateEncodingException e) {
                        Log.e(LOGTAG, "getEncoded() failed", e);
                        throw new UnsuitableCertificateException("couldn't get certificate bytes");
                    }
                } else {
                    try {
                        arrayList.add(x509Certificate.getEncoded());
                    } catch (CertificateEncodingException e2) {
                        Log.e(LOGTAG, "getEncoded() failed", e2);
                    }
                }
            }
            this.mIssuersBytes = (byte[][]) arrayList.toArray((byte[][]) Array.newInstance((Class<?>) Byte.TYPE, 0, 0));
            PublicKey publicKey = x509CertificateArr[0].getPublicKey();
            if (publicKey instanceof RSAPublicKey) {
                this.mKeyParameters = ((RSAPublicKey) publicKey).getModulus().toByteArray();
                this.mType = sRSAKey;
            } else {
                if (!(publicKey instanceof ECPublicKey)) {
                    throw new UnsuitableCertificateException("unsupported key type");
                }
                this.mKeyParameters = publicKey.getEncoded();
                this.mType = sECKey;
            }
        }

        @WrapForJNI(calledFrom = "any")
        private byte[] getKeyParameters() {
            return this.mKeyParameters;
        }

        @WrapForJNI(calledFrom = "any")
        private int getType() {
            return this.mType;
        }

        @Override // org.mozilla.gecko.mozglue.JNIObject
        @WrapForJNI
        protected native void disposeNative();

        @WrapForJNI(calledFrom = "any")
        public byte[] getCertificateBytes() {
            return this.mCertificateBytes;
        }

        @WrapForJNI(calledFrom = "any")
        public byte[][] getIssuersBytes() {
            return this.mIssuersBytes;
        }
    }

    /* loaded from: classes5.dex */
    private static class UnsuitableCertificateException extends Exception {
        public UnsuitableCertificateException(String str) {
            super(str);
        }
    }

    private ClientAuthCertificateManager() {
    }

    private ClientAuthCertificate findCertificateByAlias(String str) {
        Iterator<ClientAuthCertificate> it = this.mCertificates.iterator();
        while (it.hasNext()) {
            ClientAuthCertificate next = it.next();
            if (next.mAlias.equals(str)) {
                return next;
            }
        }
        return null;
    }

    private ClientAuthCertificate findCertificateByBytes(byte[] bArr) {
        Iterator<ClientAuthCertificate> it = this.mCertificates.iterator();
        while (it.hasNext()) {
            ClientAuthCertificate next = it.next();
            if (Arrays.equals(next.getCertificateBytes(), bArr)) {
                return next;
            }
        }
        return null;
    }

    @WrapForJNI(calledFrom = "any")
    private static byte[] getCertificateFromAlias(String str) {
        ClientAuthCertificateManager singleton = getSingleton();
        synchronized (singleton) {
            ClientAuthCertificate findCertificateByAlias = singleton.findCertificateByAlias(str);
            if (findCertificateByAlias != null) {
                return findCertificateByAlias.getCertificateBytes();
            }
            try {
                X509Certificate[] certificateChain = KeyChain.getCertificateChain(GeckoAppShell.getApplicationContext(), str);
                if (certificateChain == null || certificateChain.length < 1) {
                    return null;
                }
                try {
                    ClientAuthCertificate clientAuthCertificate = new ClientAuthCertificate(str, certificateChain);
                    singleton.mCertificates.add(clientAuthCertificate);
                    return clientAuthCertificate.getCertificateBytes();
                } catch (UnsuitableCertificateException e) {
                    Log.e(LOGTAG, "unsuitable certificate", e);
                    return null;
                }
            } catch (KeyChainException e2) {
                e = e2;
                Log.e(LOGTAG, "getCertificateChain failed", e);
                return null;
            } catch (InterruptedException e3) {
                e = e3;
                Log.e(LOGTAG, "getCertificateChain failed", e);
                return null;
            }
        }
    }

    @WrapForJNI(calledFrom = "any")
    private static byte[][] getCertificateIssuersBytes(byte[] bArr) {
        ClientAuthCertificateManager singleton = getSingleton();
        synchronized (singleton) {
            ClientAuthCertificate findCertificateByBytes = singleton.findCertificateByBytes(bArr);
            if (findCertificateByBytes == null) {
                return null;
            }
            return findCertificateByBytes.getIssuersBytes();
        }
    }

    @WrapForJNI(calledFrom = "any")
    private static ClientAuthCertificate[] getClientAuthCertificates() {
        ClientAuthCertificate[] clientAuthCertificateArr;
        ClientAuthCertificateManager singleton = getSingleton();
        synchronized (singleton) {
            clientAuthCertificateArr = (ClientAuthCertificate[]) singleton.mCertificates.toArray(new ClientAuthCertificate[0]);
        }
        return clientAuthCertificateArr;
    }

    private static ClientAuthCertificateManager getSingleton() {
        ClientAuthCertificateManager clientAuthCertificateManager;
        synchronized (ClientAuthCertificateManager.class) {
            if (sClientAuthCertificateManager == null) {
                sClientAuthCertificateManager = new ClientAuthCertificateManager();
            }
            clientAuthCertificateManager = sClientAuthCertificateManager;
        }
        return clientAuthCertificateManager;
    }

    @WrapForJNI(calledFrom = "any")
    private static byte[] sign(byte[] bArr, byte[] bArr2, String str) {
        ClientAuthCertificateManager singleton = getSingleton();
        synchronized (singleton) {
            ClientAuthCertificate findCertificateByBytes = singleton.findCertificateByBytes(bArr);
            if (findCertificateByBytes == null) {
                return null;
            }
            try {
                PrivateKey privateKey = KeyChain.getPrivateKey(GeckoAppShell.getApplicationContext(), findCertificateByBytes.mAlias);
                if (privateKey == null) {
                    Log.e(LOGTAG, "couldn't get private key");
                    return null;
                }
                if (str.equals("raw")) {
                    try {
                        Cipher cipher = Cipher.getInstance("RSA/None/NoPadding");
                        try {
                            cipher.init(1, privateKey);
                            try {
                                return cipher.doFinal(bArr2);
                            } catch (BadPaddingException e) {
                                e = e;
                                Log.e(LOGTAG, "doFinal failed", e);
                                return null;
                            } catch (IllegalBlockSizeException e2) {
                                e = e2;
                                Log.e(LOGTAG, "doFinal failed", e);
                                return null;
                            }
                        } catch (InvalidKeyException e3) {
                            Log.e(LOGTAG, "init failed", e3);
                            return null;
                        }
                    } catch (NoSuchAlgorithmException e4) {
                        e = e4;
                        Log.e(LOGTAG, "getInstance failed", e);
                        return null;
                    } catch (NoSuchPaddingException e5) {
                        e = e5;
                        Log.e(LOGTAG, "getInstance failed", e);
                        return null;
                    }
                }
                if (!str.equals("NoneWithRSA") && !str.equals("NoneWithECDSA")) {
                    Log.e(LOGTAG, "given unexpected algorithm " + str);
                    return null;
                }
                try {
                    Signature signature = Signature.getInstance(str);
                    try {
                        signature.initSign(privateKey);
                        try {
                            signature.update(bArr2);
                            try {
                                return signature.sign();
                            } catch (SignatureException e6) {
                                Log.e(LOGTAG, "sign failed", e6);
                                return null;
                            }
                        } catch (SignatureException e7) {
                            Log.e(LOGTAG, "update failed", e7);
                            return null;
                        }
                    } catch (InvalidKeyException e8) {
                        Log.e(LOGTAG, "initSign failed", e8);
                        return null;
                    }
                } catch (NoSuchAlgorithmException e9) {
                    Log.e(LOGTAG, "getInstance failed", e9);
                    return null;
                }
            } catch (KeyChainException e10) {
                e = e10;
                Log.e(LOGTAG, "getPrivateKey failed", e);
                return null;
            } catch (InterruptedException e11) {
                e = e11;
                Log.e(LOGTAG, "getPrivateKey failed", e);
                return null;
            }
        }
    }
}
