package ru.CryptoPro.ssl;

import java.net.Socket;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.x500.X500Principal;
import ru.CryptoPro.JCP.KeyStore.HDImage.FloppyStore;
import ru.CryptoPro.JCP.KeyStore.HDImage.HDImageStore;
import ru.CryptoPro.JCP.KeyStore.JCPPrivateKeyEntry;
import ru.CryptoPro.JCP.KeyStore.VoidInputStream;
import ru.CryptoPro.JCP.params.JCPProtectionParameter;
import ru.CryptoPro.JCP.tools.CertReader.Extension;
import ru.CryptoPro.JCP.tools.ExpandException;
import ru.CryptoPro.JCP.tools.PropertyExpander;
import ru.CryptoPro.ssl.util.ParamUtil;
import ru.CryptoPro.ssl.util.cpSSLConfig;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public final class cl_46 extends X509ExtendedKeyManager {
    private static final String[] a = new String[0];
    private Map b = new HashMap();
    private Map c = new HashMap();
    private final boolean d;

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_46(KeyStore keyStore, char[] cArr, boolean z, PKIXBuilderParameters pKIXBuilderParameters, boolean z2, boolean z3) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        StringBuilder append;
        String str;
        String str2;
        StringBuilder sb;
        String str3;
        Key key;
        cl_47 cl_47Var;
        this.d = z2;
        if (z) {
            SSLLogger.info("%% default SSL context is being initiated, key loading has been refused. To enable default initiation use -Ddisable_default_context=false %%");
        } else if (keyStore != null) {
            SSLLogger.fine("Key store format: " + keyStore.getType());
            if (cpSSLConfig.isJCP()) {
                try {
                    String name = keyStore.getProvider().getName();
                    if (name.equalsIgnoreCase("JCP") || name.equalsIgnoreCase("JCSP")) {
                        keyStore.load(new VoidInputStream(), null);
                    }
                } catch (Exception e) {
                    throw new KeyStoreException(e);
                }
            }
            Enumeration<String> aliases = keyStore.aliases();
            cl_47 cl_47Var2 = null;
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (!keyStore.isKeyEntry(nextElement) || keyStore.getCertificate(nextElement) == null) {
                    append = new StringBuilder().append("Entry ").append(nextElement);
                    str = " is not an entry with private key and certificate, continue.";
                } else {
                    SSLLogger.info("%% adding as private keys %%");
                    if (cpSSLConfig.isJCP()) {
                        try {
                            SSLLogger.fine("Reading the key (JCP): " + nextElement + "...");
                            key = keyStore.getKey(nextElement, cArr);
                        } catch (UnrecoverableKeyException e2) {
                            e = e2;
                            sb = new StringBuilder();
                            str3 = "Error occurred during reading the key (JCP): ";
                            SSLLogger.subThrown(sb.append(str3).append(nextElement).toString(), e);
                        }
                    } else {
                        SSLLogger.fine("Loading the private key (Java CSP): " + nextElement + "...");
                        if (cArr == null || cArr.length <= 0) {
                            SSLLogger.fine("Reading the key (Java CSP): " + nextElement);
                            key = keyStore.getKey(nextElement, null);
                            try {
                                cl_45.testPrivateKey(nextElement, null, (PrivateKey) key, true, cpSSLConfig.getDefaultDigestSignatureSSLProvider());
                            } catch (Exception e3) {
                                e = e3;
                                if (ParamUtil.isCSPLicenseExpired(e)) {
                                    SSLLogger.fatal("Invalid CSP license.");
                                    cl_47Var = new cl_47(this, "Invalid CSP license.", e);
                                } else if (ParamUtil.isCSPUserCancelled(e)) {
                                    SSLLogger.fine("User cancelled operation.");
                                    cl_47Var = new cl_47(this, "User cancelled operation.", e);
                                } else {
                                    sb = new StringBuilder();
                                    str3 = "Error occurred during reading the key (Java CSP): ";
                                    SSLLogger.subThrown(sb.append(str3).append(nextElement).toString(), e);
                                }
                                cl_47Var2 = cl_47Var;
                            }
                        } else {
                            JCPProtectionParameter jCPProtectionParameter = new JCPProtectionParameter(cArr, true, true);
                            SSLLogger.fine("Reading the entry (Java CSP): " + nextElement);
                            try {
                                key = ((JCPPrivateKeyEntry) keyStore.getEntry(nextElement, jCPProtectionParameter)).getPrivateKey();
                            } catch (UnrecoverableEntryException e4) {
                                e = e4;
                                sb = new StringBuilder();
                                str3 = "Error occurred during reading the entry (Java CSP): ";
                                SSLLogger.subThrown(sb.append(str3).append(nextElement).toString(), e);
                            }
                        }
                    }
                    Key key2 = key;
                    SSLLogger.fine("Private key " + nextElement + " has been loaded.");
                    if (key2 instanceof PrivateKey) {
                        Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                        if (certificateChain != null && certificateChain.length != 0) {
                            if (certificateChain[0] instanceof X509Certificate) {
                                if (!(certificateChain instanceof X509Certificate[])) {
                                    X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
                                    System.arraycopy(certificateChain, 0, x509CertificateArr, 0, certificateChain.length);
                                    certificateChain = x509CertificateArr;
                                }
                                if (ru.CryptoPro.ssl.pc_10.cl_4.a((X509Certificate) certificateChain[0], Calendar.getInstance().getTime())) {
                                    X509Certificate[] x509CertificateArr2 = new X509Certificate[certificateChain.length];
                                    System.arraycopy(certificateChain, 0, x509CertificateArr2, 0, certificateChain.length);
                                    if (pKIXBuilderParameters != null) {
                                        SSLLogger.fine("Additional chain building and key usage validating of the certificate chain (through the key manager) for " + nextElement + " as " + (z3 ? "client" : "server") + " ...");
                                        try {
                                            x509CertificateArr2 = ru.CryptoPro.ssl.pc_10.cl_4.a("PKIX", z3 ? "tls client" : "tls server", pKIXBuilderParameters).a(x509CertificateArr2);
                                        } catch (ru.CryptoPro.ssl.pc_10.cl_5 e5) {
                                            if (e5.a() == null || !e5.a().equals(ru.CryptoPro.ssl.pc_10.cl_5.b)) {
                                                SSLLogger.ignoredException(e5);
                                            } else {
                                                if (keyStore.size() == 1) {
                                                    throw new KeyStoreException(e5);
                                                }
                                                append = new StringBuilder().append("Ignore certificate with alias ").append(nextElement).append(Extension.COLON_SPACE);
                                                str = e5.getMessage();
                                            }
                                        } catch (Exception e6) {
                                            SSLLogger.ignoredException(e6);
                                        }
                                    }
                                    this.b.put(nextElement, new cl_48((PrivateKey) key2, x509CertificateArr2));
                                    if (SSLLogger.isFineEnabled()) {
                                        StringBuffer stringBuffer = new StringBuffer();
                                        stringBuffer.append("***\n");
                                        stringBuffer.append("found key for: ");
                                        stringBuffer.append(nextElement);
                                        stringBuffer.append("\n");
                                        for (int i = 0; i < x509CertificateArr2.length; i++) {
                                            stringBuffer.append("chain [");
                                            stringBuffer.append(i);
                                            stringBuffer.append("] = ");
                                            stringBuffer.append(x509CertificateArr2[i]);
                                            stringBuffer.append("\n");
                                        }
                                        stringBuffer.append("***\n");
                                        str2 = stringBuffer.toString();
                                        SSLLogger.fine(str2);
                                    }
                                } else {
                                    append = new StringBuilder().append(nextElement);
                                    str = " certificate is expired or not yet valid.";
                                }
                            }
                        }
                        append = new StringBuilder().append(nextElement);
                        str = " certificate chain not found.";
                    } else {
                        append = new StringBuilder().append(nextElement);
                        str = " is not a private key.";
                    }
                }
                str2 = append.append(str).toString();
                SSLLogger.fine(str2);
            }
            if (cl_47Var2 != null && keyStore.size() == 1) {
                throw new KeyStoreException(cl_47Var2.a, cl_47Var2.b);
            }
        }
        if (this.b.size() == 0) {
            StringBuffer stringBuffer2 = new StringBuffer("%% No appropriate keys for handshake");
            if (keyStore != null) {
                try {
                    if ("HDImageStore".equals(keyStore.getType())) {
                        stringBuffer2.append("\n");
                        stringBuffer2.append("PATH: ");
                        try {
                            stringBuffer2.append(PropertyExpander.expand(HDImageStore.getDir()));
                        } catch (ExpandException e7) {
                            stringBuffer2.append(HDImageStore.getDir());
                            stringBuffer2.append(Extension.O_BRAKE_SPACE);
                            stringBuffer2.append(e7.getMessage());
                            stringBuffer2.append(Extension.C_BRAKE_SPACE);
                            SSLLogger.warning(stringBuffer2.toString());
                        }
                    } else if ("FloppyStore".equals(keyStore.getType())) {
                        try {
                            stringBuffer2.append(PropertyExpander.expand(FloppyStore.getDir()));
                        } catch (ExpandException e8) {
                            stringBuffer2.append(FloppyStore.getDir());
                            stringBuffer2.append(Extension.O_BRAKE_SPACE);
                            stringBuffer2.append(e8.getMessage());
                            stringBuffer2.append(Extension.C_BRAKE_SPACE);
                            SSLLogger.warning(stringBuffer2.toString());
                        }
                    }
                } catch (Exception e9) {
                    SSLLogger.warning(stringBuffer2.toString(), e9);
                    return;
                }
            }
            SSLLogger.warning(stringBuffer2.toString());
        }
    }

    /* JADX WARN: Can't wrap try/catch for region: R(11:32|(1:34)(1:121)|35|(2:37|(5:118|119|61|62|47))(1:120)|(2:40|(2:42|(4:44|45|46|47)(1:48))(3:112|113|(6:115|59|60|61|62|47)))(2:116|117)|49|50|51|(9:53|(1:55)(1:107)|56|(1:58)(5:63|(2:(1:103)(1:70)|64)|105|106|(1:72)(1:73))|59|60|61|62|47)(1:108)|74|(2:89|90)(8:76|(1:78)(7:80|(3:83|(2:86|87)(1:85)|81)|88|60|61|62|47)|79|59|60|61|62|47)) */
    /* JADX WARN: Code restructure failed: missing block: B:110:0x0244, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:111:0x0245, code lost:
    
        ru.CryptoPro.ssl.SSLLogger.ignoredException(r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String[] a(java.lang.String r18, java.security.Principal[] r19, boolean r20) {
        /*
            Method dump skipped, instructions count: 608
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.ssl.cl_46.a(java.lang.String, java.security.Principal[], boolean):java.lang.String[]");
    }

    private static X500Principal[] a(Principal[] principalArr) {
        ArrayList arrayList = new ArrayList(principalArr.length);
        for (Principal principal : principalArr) {
            if (principal instanceof X500Principal) {
                arrayList.add((X500Principal) principal);
            } else {
                try {
                    arrayList.add(new X500Principal(principal.getName()));
                } catch (IllegalArgumentException unused) {
                }
            }
        }
        return (X500Principal[]) arrayList.toArray(new X500Principal[arrayList.size()]);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (strArr == null) {
            return null;
        }
        for (String str : strArr) {
            String[] clientAliases = getClientAliases(str, principalArr);
            if (clientAliases != null && clientAliases.length > 0) {
                return clientAliases[0];
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseClientAlias(strArr, principalArr, null);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseServerAlias(str, principalArr, null);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        String[] strArr;
        if (str == null) {
            return null;
        }
        if (principalArr == null || principalArr.length == 0) {
            String[] strArr2 = (String[]) this.c.get(str);
            if (strArr2 == null) {
                String[] serverAliases = getServerAliases(str, principalArr);
                if (serverAliases == null) {
                    serverAliases = a;
                }
                this.c.put(str, serverAliases);
                strArr = serverAliases;
            } else {
                strArr = strArr2;
            }
        } else {
            strArr = getServerAliases(str, principalArr);
        }
        if (strArr == null || strArr.length <= 0) {
            return null;
        }
        return strArr[0];
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        cl_48 cl_48Var;
        if (str == null || (cl_48Var = (cl_48) this.b.get(str)) == null) {
            return null;
        }
        return (X509Certificate[]) cl_48Var.b.clone();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return a(str, principalArr, false);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        cl_48 cl_48Var;
        if (str == null || (cl_48Var = (cl_48) this.b.get(str)) == null) {
            return null;
        }
        return cl_48Var.a;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return a(str, principalArr, true);
    }
}
