package org.mozilla.gecko;

import android.security.KeyChain;
import android.security.KeyChainException;
import android.util.Log;
import java.lang.reflect.Array;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.mozilla.gecko.annotation.WrapForJNI;
import org.mozilla.gecko.mozglue.JNIObject;

/* loaded from: classes4.dex */
public class ClientAuthCertificateManager {
    public static ClientAuthCertificateManager sClientAuthCertificateManager;
    public final ArrayList<ClientAuthCertificate> mCertificates = new ArrayList<>();

    /* loaded from: classes4.dex */
    public static class ClientAuthCertificate extends JNIObject {
        private static final String LOGTAG = "ClientAuthCertificate";
        private static int sECKey = 3;
        private static int sRSAKey = 2;
        private String mAlias;
        private byte[] mCertificateBytes;
        private byte[][] mIssuersBytes;
        private byte[] mKeyParameters;
        private int mType;

        public ClientAuthCertificate(String str, X509Certificate[] x509CertificateArr) throws UnsuitableCertificateException {
            this.mAlias = str;
            ArrayList arrayList = new ArrayList();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (this.mCertificateBytes == null) {
                    try {
                        this.mCertificateBytes = x509Certificate.getEncoded();
                    } catch (CertificateEncodingException e) {
                        Log.e(LOGTAG, "getEncoded() failed", e);
                        throw new Exception("couldn't get certificate bytes");
                    }
                } else {
                    try {
                        arrayList.add(x509Certificate.getEncoded());
                    } catch (CertificateEncodingException e2) {
                        Log.e(LOGTAG, "getEncoded() failed", e2);
                    }
                }
            }
            this.mIssuersBytes = (byte[][]) arrayList.toArray((byte[][]) Array.newInstance((Class<?>) Byte.TYPE, 0, 0));
            PublicKey publicKey = x509CertificateArr[0].getPublicKey();
            if (publicKey instanceof RSAPublicKey) {
                this.mKeyParameters = ((RSAPublicKey) publicKey).getModulus().toByteArray();
                this.mType = sRSAKey;
            } else {
                if (!(publicKey instanceof ECPublicKey)) {
                    throw new Exception("unsupported key type");
                }
                this.mKeyParameters = publicKey.getEncoded();
                this.mType = sECKey;
            }
        }

        @WrapForJNI
        private byte[] getKeyParameters() {
            return this.mKeyParameters;
        }

        @WrapForJNI
        private int getType() {
            return this.mType;
        }

        @Override // org.mozilla.gecko.mozglue.JNIObject
        @WrapForJNI
        public native void disposeNative();

        @WrapForJNI
        public byte[] getCertificateBytes() {
            return this.mCertificateBytes;
        }

        @WrapForJNI
        public byte[][] getIssuersBytes() {
            return this.mIssuersBytes;
        }
    }

    /* loaded from: classes4.dex */
    public static class UnsuitableCertificateException extends Exception {
    }

    @WrapForJNI
    private static byte[] getCertificateFromAlias(String str) {
        ClientAuthCertificate clientAuthCertificate;
        ClientAuthCertificateManager singleton = getSingleton();
        synchronized (singleton) {
            Iterator<ClientAuthCertificate> it = singleton.mCertificates.iterator();
            while (true) {
                if (!it.hasNext()) {
                    clientAuthCertificate = null;
                    break;
                }
                clientAuthCertificate = it.next();
                if (clientAuthCertificate.mAlias.equals(str)) {
                    break;
                }
            }
            if (clientAuthCertificate != null) {
                return clientAuthCertificate.getCertificateBytes();
            }
            try {
                X509Certificate[] certificateChain = KeyChain.getCertificateChain(GeckoAppShell.getApplicationContext(), str);
                if (certificateChain == null || certificateChain.length < 1) {
                    return null;
                }
                try {
                    ClientAuthCertificate clientAuthCertificate2 = new ClientAuthCertificate(str, certificateChain);
                    singleton.mCertificates.add(clientAuthCertificate2);
                    return clientAuthCertificate2.getCertificateBytes();
                } catch (UnsuitableCertificateException e) {
                    Log.e("ClientAuthCertManager", "unsuitable certificate", e);
                    return null;
                }
            } catch (KeyChainException e2) {
                e = e2;
                Log.e("ClientAuthCertManager", "getCertificateChain failed", e);
                return null;
            } catch (InterruptedException e3) {
                e = e3;
                Log.e("ClientAuthCertManager", "getCertificateChain failed", e);
                return null;
            }
        }
    }

    @WrapForJNI
    private static byte[][] getCertificateIssuersBytes(byte[] bArr) {
        ClientAuthCertificate clientAuthCertificate;
        ClientAuthCertificateManager singleton = getSingleton();
        synchronized (singleton) {
            try {
                Iterator<ClientAuthCertificate> it = singleton.mCertificates.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        clientAuthCertificate = null;
                        break;
                    }
                    clientAuthCertificate = it.next();
                    if (Arrays.equals(clientAuthCertificate.getCertificateBytes(), bArr)) {
                    }
                }
                if (clientAuthCertificate == null) {
                    return null;
                }
                return clientAuthCertificate.getIssuersBytes();
            } finally {
            }
        }
    }

    @WrapForJNI
    private static ClientAuthCertificate[] getClientAuthCertificates() {
        ClientAuthCertificate[] clientAuthCertificateArr;
        ClientAuthCertificateManager singleton = getSingleton();
        synchronized (singleton) {
            clientAuthCertificateArr = (ClientAuthCertificate[]) singleton.mCertificates.toArray(new ClientAuthCertificate[0]);
        }
        return clientAuthCertificateArr;
    }

    public static ClientAuthCertificateManager getSingleton() {
        ClientAuthCertificateManager clientAuthCertificateManager;
        synchronized (ClientAuthCertificateManager.class) {
            try {
                if (sClientAuthCertificateManager == null) {
                    sClientAuthCertificateManager = new ClientAuthCertificateManager();
                }
                clientAuthCertificateManager = sClientAuthCertificateManager;
            } catch (Throwable th) {
                throw th;
            }
        }
        return clientAuthCertificateManager;
    }

    @WrapForJNI
    private static byte[] sign(byte[] bArr, byte[] bArr2, String str) {
        ClientAuthCertificate clientAuthCertificate;
        ClientAuthCertificateManager singleton = getSingleton();
        synchronized (singleton) {
            Iterator<ClientAuthCertificate> it = singleton.mCertificates.iterator();
            while (true) {
                if (!it.hasNext()) {
                    clientAuthCertificate = null;
                    break;
                }
                clientAuthCertificate = it.next();
                if (Arrays.equals(clientAuthCertificate.getCertificateBytes(), bArr)) {
                    break;
                }
            }
            if (clientAuthCertificate == null) {
                return null;
            }
            try {
                PrivateKey privateKey = KeyChain.getPrivateKey(GeckoAppShell.getApplicationContext(), clientAuthCertificate.mAlias);
                if (privateKey == null) {
                    Log.e("ClientAuthCertManager", "couldn't get private key");
                    return null;
                }
                if (str.equals("raw")) {
                    try {
                        Cipher cipher = Cipher.getInstance("RSA/None/NoPadding");
                        try {
                            cipher.init(1, privateKey);
                        } catch (InvalidKeyException e) {
                            Log.e("ClientAuthCertManager", "init failed", e);
                        }
                        try {
                            return cipher.doFinal(bArr2);
                        } catch (BadPaddingException e2) {
                            e = e2;
                            Log.e("ClientAuthCertManager", "doFinal failed", e);
                            return null;
                        } catch (IllegalBlockSizeException e3) {
                            e = e3;
                            Log.e("ClientAuthCertManager", "doFinal failed", e);
                            return null;
                        }
                    } catch (NoSuchAlgorithmException e4) {
                        e = e4;
                        Log.e("ClientAuthCertManager", "getInstance failed", e);
                        return null;
                    } catch (NoSuchPaddingException e5) {
                        e = e5;
                        Log.e("ClientAuthCertManager", "getInstance failed", e);
                        return null;
                    }
                }
                if (!str.equals("NoneWithRSA") && !str.equals("NoneWithECDSA")) {
                    Log.e("ClientAuthCertManager", "given unexpected algorithm ".concat(str));
                    return null;
                }
                try {
                    Signature signature = Signature.getInstance(str);
                    try {
                        signature.initSign(privateKey);
                        try {
                            signature.update(bArr2);
                            try {
                                return signature.sign();
                            } catch (SignatureException e6) {
                                Log.e("ClientAuthCertManager", "sign failed", e6);
                                return null;
                            }
                        } catch (SignatureException e7) {
                            Log.e("ClientAuthCertManager", "update failed", e7);
                        }
                    } catch (InvalidKeyException e8) {
                        Log.e("ClientAuthCertManager", "initSign failed", e8);
                    }
                } catch (NoSuchAlgorithmException e9) {
                    Log.e("ClientAuthCertManager", "getInstance failed", e9);
                }
            } catch (KeyChainException e10) {
                e = e10;
                Log.e("ClientAuthCertManager", "getPrivateKey failed", e);
                return null;
            } catch (InterruptedException e11) {
                e = e11;
                Log.e("ClientAuthCertManager", "getPrivateKey failed", e);
                return null;
            }
        }
    }
}
