package ru.CryptoPro.ssl;

import java.lang.ref.Reference;
import java.lang.ref.SoftReference;
import java.net.Socket;
import java.security.AlgorithmConstraints;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Timestamp;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import ru.CryptoPro.JCP.tools.CertReader.Extension;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public final class cl_118 extends X509ExtendedKeyManager implements X509KeyManager {

    /* renamed from: a, reason: collision with root package name */
    private static Date f18957a;

    /* renamed from: b, reason: collision with root package name */
    private final List f18958b;

    /* renamed from: c, reason: collision with root package name */
    private final AtomicLong f18959c;

    /* renamed from: d, reason: collision with root package name */
    private final Map f18960d;

    cl_118(KeyStore.Builder builder) {
        this(Collections.singletonList(builder));
    }

    cl_118(List list) {
        this.f18958b = list;
        this.f18959c = new AtomicLong();
        this.f18960d = Collections.synchronizedMap(new cl_124());
    }

    private String a(List list, Principal[] principalArr, cl_121 cl_121Var, AlgorithmConstraints algorithmConstraints) {
        return a(list, principalArr, cl_121Var, algorithmConstraints, null, null);
    }

    private String a(List list, Principal[] principalArr, cl_121 cl_121Var, AlgorithmConstraints algorithmConstraints, List list2, String str) {
        if (list == null || list.isEmpty()) {
            return null;
        }
        Set a10 = a(principalArr);
        int size = this.f18958b.size();
        ArrayList arrayList = null;
        for (int i10 = 0; i10 < size; i10++) {
            try {
                List a11 = a(i10, list, a10, false, cl_121Var, algorithmConstraints, list2, str);
                if (a11 != null) {
                    cl_122 cl_122Var = (cl_122) a11.get(0);
                    if (cl_122Var.f18978d == cl_120.OK) {
                        SSLLogger.fine("KeyMgr: choosing key: " + cl_122Var);
                        return a(cl_122Var);
                    }
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.addAll(a11);
                } else {
                    continue;
                }
            } catch (Exception unused) {
            }
        }
        if (arrayList == null) {
            SSLLogger.fine("KeyMgr: no matching key found");
            return null;
        }
        Collections.sort(arrayList);
        SSLLogger.fine("KeyMgr: no good matching key found, returning best match out of:", arrayList);
        return a((cl_122) arrayList.get(0));
    }

    private String a(cl_122 cl_122Var) {
        return this.f18959c.incrementAndGet() + Extension.DOT_CHAR + cl_122Var.f18975a + Extension.DOT_CHAR + cl_122Var.f18977c;
    }

    private AlgorithmConstraints a(Socket socket) {
        if (socket == null || !socket.isConnected() || !(socket instanceof SSLSocket)) {
            return new cl_93((SSLSocket) null, true);
        }
        SSLSocket sSLSocket = (SSLSocket) socket;
        SSLSession handshakeSession = sSLSocket.getHandshakeSession();
        if (handshakeSession == null || cl_87.a(handshakeSession.getProtocol()).f19404n < cl_87.f19397h.f19404n) {
            return new cl_93(sSLSocket, true);
        }
        return new cl_93(sSLSocket, handshakeSession instanceof ExtendedSSLSession ? ((ExtendedSSLSession) handshakeSession).getPeerSupportedSignatureAlgorithms() : null, true);
    }

    private AlgorithmConstraints a(SSLEngine sSLEngine) {
        SSLSession handshakeSession;
        if (sSLEngine == null || (handshakeSession = sSLEngine.getHandshakeSession()) == null || cl_87.a(handshakeSession.getProtocol()).f19404n < cl_87.f19397h.f19404n) {
            return new cl_93(sSLEngine, true);
        }
        return new cl_93(sSLEngine, handshakeSession instanceof ExtendedSSLSession ? ((ExtendedSSLSession) handshakeSession).getPeerSupportedSignatureAlgorithms() : null, true);
    }

    private KeyStore.PrivateKeyEntry a(String str) {
        if (str == null) {
            return null;
        }
        Reference reference = (Reference) this.f18960d.get(str);
        KeyStore.PrivateKeyEntry privateKeyEntry = reference != null ? (KeyStore.PrivateKeyEntry) reference.get() : null;
        if (privateKeyEntry != null) {
            return privateKeyEntry;
        }
        int indexOf = str.indexOf(46);
        int i10 = indexOf + 1;
        int indexOf2 = str.indexOf(46, i10);
        if (indexOf != -1 && indexOf2 != indexOf) {
            try {
                int parseInt = Integer.parseInt(str.substring(i10, indexOf2));
                String substring = str.substring(indexOf2 + 1);
                KeyStore.Builder builder = (KeyStore.Builder) this.f18958b.get(parseInt);
                KeyStore.Entry entry = builder.getKeyStore().getEntry(substring, builder.getProtectionParameter(str));
                if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                    return null;
                }
                KeyStore.PrivateKeyEntry privateKeyEntry2 = (KeyStore.PrivateKeyEntry) entry;
                this.f18960d.put(str, new SoftReference(privateKeyEntry2));
                return privateKeyEntry2;
            } catch (Exception unused) {
            }
        }
        return null;
    }

    private List a(int i10, List list, Set set, boolean z10, cl_121 cl_121Var, AlgorithmConstraints algorithmConstraints, List list2, String str) {
        Certificate[] certificateChain;
        boolean z11;
        int i11;
        StringBuilder sb2;
        String str2;
        boolean z12;
        Set set2 = set;
        KeyStore keyStore = ((KeyStore.Builder) this.f18958b.get(i10)).getKeyStore();
        Date date = f18957a;
        Enumeration<String> aliases = keyStore.aliases();
        ArrayList arrayList = null;
        boolean z13 = false;
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement) && (certificateChain = keyStore.getCertificateChain(nextElement)) != null && certificateChain.length != 0) {
                int length = certificateChain.length;
                int i12 = 0;
                while (true) {
                    if (i12 >= length) {
                        z11 = false;
                        break;
                    }
                    if (!(certificateChain[i12] instanceof X509Certificate)) {
                        z11 = true;
                        break;
                    }
                    i12++;
                }
                if (!z11) {
                    Iterator it = list.iterator();
                    int i13 = 0;
                    while (true) {
                        if (!it.hasNext()) {
                            i11 = -1;
                            break;
                        }
                        if (((cl_123) it.next()).a(certificateChain)) {
                            i11 = i13;
                            break;
                        }
                        i13++;
                    }
                    if (i11 == -1) {
                        sb2 = new StringBuilder();
                        sb2.append("Ignoring alias ");
                        sb2.append(nextElement);
                        str2 = ": key algorithm does not match.";
                    } else {
                        if (set2 != null) {
                            int length2 = certificateChain.length;
                            int i14 = 0;
                            while (true) {
                                if (i14 >= length2) {
                                    z12 = false;
                                    break;
                                }
                                if (set2.contains(((X509Certificate) certificateChain[i14]).getIssuerX500Principal())) {
                                    z12 = true;
                                    break;
                                }
                                i14++;
                            }
                            if (!z12) {
                                sb2 = new StringBuilder();
                                sb2.append("Ignoring alias ");
                                sb2.append(nextElement);
                                str2 = ": issuers do not match.";
                            }
                        }
                        if (algorithmConstraints == null || a(algorithmConstraints, certificateChain, cl_121Var.b())) {
                            if (date == null) {
                                date = new Date();
                            }
                            Date date2 = date;
                            cl_120 a10 = cl_121Var.a((X509Certificate) certificateChain[0], date2, list2, str);
                            int i15 = i11;
                            cl_122 cl_122Var = new cl_122(i10, i11, nextElement, certificateChain, a10);
                            if (!z13 && a10 == cl_120.OK && i15 == 0) {
                                z13 = true;
                            }
                            if (z13 && !z10) {
                                return Collections.singletonList(cl_122Var);
                            }
                            if (arrayList == null) {
                                arrayList = new ArrayList();
                            }
                            arrayList.add(cl_122Var);
                            set2 = set;
                            date = date2;
                        } else {
                            sb2 = new StringBuilder();
                            sb2.append("Ignoring alias ");
                            sb2.append(nextElement);
                            str2 = ": certificate list does not conform to algorithm constraints.";
                        }
                    }
                    sb2.append(str2);
                    SSLLogger.fine(sb2.toString());
                }
            }
            set2 = set;
        }
        return arrayList;
    }

    private static List a(String... strArr) {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        if (strArr[0] == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            arrayList.add(new cl_123(str));
        }
        return arrayList;
    }

    private Set a(Principal[] principalArr) {
        if (principalArr == null || principalArr.length == 0) {
            return null;
        }
        return new HashSet(Arrays.asList(principalArr));
    }

    private static boolean a(AlgorithmConstraints algorithmConstraints, Certificate[] certificateArr, String str) {
        String str2;
        ru.CryptoPro.ssl.pc_1.cl_0 cl_0Var = new ru.CryptoPro.ssl.pc_1.cl_0(algorithmConstraints, (Timestamp) null, str);
        try {
            cl_0Var.init(false);
            for (int length = certificateArr.length - 1; length >= 0; length--) {
                Certificate certificate = certificateArr[length];
                try {
                    cl_0Var.check(certificate, Collections.emptySet());
                } catch (CertPathValidatorException e10) {
                    e = e10;
                    str2 = "Certificate (" + certificate + ") does not conform to algorithm constraints: ";
                    SSLLogger.subThrown(str2, e);
                    return false;
                }
            }
            return true;
        } catch (CertPathValidatorException e11) {
            e = e11;
            str2 = "Cannot initialize algorithm constraints checker: ";
        }
    }

    private String[] a(List list) {
        String[] strArr = new String[list.size()];
        Iterator it = list.iterator();
        int i10 = 0;
        while (it.hasNext()) {
            strArr[i10] = a((cl_122) it.next());
            i10++;
        }
        return strArr;
    }

    public String[] a(String str, Principal[] principalArr, cl_121 cl_121Var, AlgorithmConstraints algorithmConstraints) {
        if (str == null) {
            return null;
        }
        Set a10 = a(principalArr);
        List a11 = a(str);
        int size = this.f18958b.size();
        ArrayList arrayList = null;
        for (int i10 = 0; i10 < size; i10++) {
            try {
                List a12 = a(i10, a11, a10, true, cl_121Var, algorithmConstraints, null, null);
                if (a12 != null) {
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.addAll(a12);
                }
            } catch (Exception unused) {
            }
        }
        if (arrayList == null || arrayList.isEmpty()) {
            SSLLogger.fine("KeyMgr: no matching alias found");
            return null;
        }
        Collections.sort(arrayList);
        SSLLogger.fine("KeyMgr: getting aliases:", arrayList);
        return a(arrayList);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return a(a(strArr), principalArr, cl_121.CLIENT, a(socket));
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return a(a(strArr), principalArr, cl_121.CLIENT, a(sSLEngine));
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return a(a(str), principalArr, cl_121.SERVER, a(sSLEngine), cl_125.a(sSLEngine), "HTTPS");
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return a(a(str), principalArr, cl_121.SERVER, a(socket), cl_125.a(socket), "HTTPS");
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        KeyStore.PrivateKeyEntry a10 = a(str);
        if (a10 == null) {
            return null;
        }
        return (X509Certificate[]) a10.getCertificateChain();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return a(str, principalArr, cl_121.CLIENT, (AlgorithmConstraints) null);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        KeyStore.PrivateKeyEntry a10 = a(str);
        if (a10 == null) {
            return null;
        }
        return a10.getPrivateKey();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return a(str, principalArr, cl_121.SERVER, (AlgorithmConstraints) null);
    }
}
