package ru.CryptoPro.ssl;

import java.lang.ref.Reference;
import java.lang.ref.SoftReference;
import java.net.Socket;
import java.security.AlgorithmConstraints;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Timestamp;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import ru.CryptoPro.JCP.tools.CertReader.Extension;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public final class cl_115 extends X509ExtendedKeyManager implements X509KeyManager {
    private static Date a;
    private final List b;
    private final AtomicLong c;
    private final Map d;

    cl_115(KeyStore.Builder builder) {
        this(Collections.singletonList(builder));
    }

    cl_115(List list) {
        this.b = list;
        this.c = new AtomicLong();
        this.d = Collections.synchronizedMap(new cl_121());
    }

    private String a(List list, Principal[] principalArr, cl_118 cl_118Var, AlgorithmConstraints algorithmConstraints) {
        return a(list, principalArr, cl_118Var, algorithmConstraints, null, null);
    }

    private String a(List list, Principal[] principalArr, cl_118 cl_118Var, AlgorithmConstraints algorithmConstraints, List list2, String str) {
        if (list == null || list.isEmpty()) {
            return null;
        }
        Set a2 = a(principalArr);
        int size = this.b.size();
        ArrayList arrayList = null;
        for (int i = 0; i < size; i++) {
            try {
                List a3 = a(i, list, a2, false, cl_118Var, algorithmConstraints, list2, str);
                if (a3 != null) {
                    cl_119 cl_119Var = (cl_119) a3.get(0);
                    if (cl_119Var.d == cl_117.OK) {
                        SSLLogger.fine("KeyMgr: choosing key: " + cl_119Var);
                        return a(cl_119Var);
                    }
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.addAll(a3);
                } else {
                    continue;
                }
            } catch (Exception unused) {
            }
        }
        if (arrayList == null) {
            SSLLogger.fine("KeyMgr: no matching key found");
            return null;
        }
        Collections.sort(arrayList);
        SSLLogger.fine("KeyMgr: no good matching key found, returning best match out of:", arrayList);
        return a((cl_119) arrayList.get(0));
    }

    private String a(cl_119 cl_119Var) {
        return this.c.incrementAndGet() + Extension.DOT_CHAR + cl_119Var.a + Extension.DOT_CHAR + cl_119Var.c;
    }

    private AlgorithmConstraints a(Socket socket) {
        if (socket == null || !socket.isConnected() || !(socket instanceof SSLSocket)) {
            return new cl_90((SSLSocket) null, true);
        }
        SSLSocket sSLSocket = (SSLSocket) socket;
        SSLSession handshakeSession = sSLSocket.getHandshakeSession();
        if (handshakeSession == null || cl_84.a(handshakeSession.getProtocol()).n < cl_84.h.n) {
            return new cl_90(sSLSocket, true);
        }
        return new cl_90(sSLSocket, handshakeSession instanceof ExtendedSSLSession ? ((ExtendedSSLSession) handshakeSession).getPeerSupportedSignatureAlgorithms() : null, true);
    }

    private AlgorithmConstraints a(SSLEngine sSLEngine) {
        SSLSession handshakeSession;
        if (sSLEngine == null || (handshakeSession = sSLEngine.getHandshakeSession()) == null || cl_84.a(handshakeSession.getProtocol()).n < cl_84.h.n) {
            return new cl_90(sSLEngine, true);
        }
        return new cl_90(sSLEngine, handshakeSession instanceof ExtendedSSLSession ? ((ExtendedSSLSession) handshakeSession).getPeerSupportedSignatureAlgorithms() : null, true);
    }

    private KeyStore.PrivateKeyEntry a(String str) {
        if (str == null) {
            return null;
        }
        Reference reference = (Reference) this.d.get(str);
        KeyStore.PrivateKeyEntry privateKeyEntry = reference != null ? (KeyStore.PrivateKeyEntry) reference.get() : null;
        if (privateKeyEntry != null) {
            return privateKeyEntry;
        }
        int indexOf = str.indexOf(46);
        int i = indexOf + 1;
        int indexOf2 = str.indexOf(46, i);
        if (indexOf != -1 && indexOf2 != indexOf) {
            try {
                int parseInt = Integer.parseInt(str.substring(i, indexOf2));
                String substring = str.substring(indexOf2 + 1);
                KeyStore.Builder builder = (KeyStore.Builder) this.b.get(parseInt);
                KeyStore.Entry entry = builder.getKeyStore().getEntry(substring, builder.getProtectionParameter(str));
                if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                    return null;
                }
                KeyStore.PrivateKeyEntry privateKeyEntry2 = (KeyStore.PrivateKeyEntry) entry;
                this.d.put(str, new SoftReference(privateKeyEntry2));
                return privateKeyEntry2;
            } catch (Exception unused) {
            }
        }
        return null;
    }

    private List a(int i, List list, Set set, boolean z, cl_118 cl_118Var, AlgorithmConstraints algorithmConstraints, List list2, String str) throws Exception {
        Certificate[] certificateChain;
        int i2;
        int i3;
        StringBuilder append;
        String str2;
        int i4;
        KeyStore keyStore = ((KeyStore.Builder) this.b.get(i)).getKeyStore();
        Date date = a;
        Enumeration<String> aliases = keyStore.aliases();
        int i5 = 0;
        ArrayList arrayList = null;
        boolean z2 = false;
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement) && (certificateChain = keyStore.getCertificateChain(nextElement)) != null && certificateChain.length != 0) {
                int length = certificateChain.length;
                int i6 = i5;
                while (true) {
                    if (i6 >= length) {
                        i2 = i5;
                        break;
                    }
                    if (!(certificateChain[i6] instanceof X509Certificate)) {
                        i2 = 1;
                        break;
                    }
                    i6++;
                }
                if (i2 == 0) {
                    Iterator it = list.iterator();
                    int i7 = i5;
                    while (true) {
                        if (!it.hasNext()) {
                            i3 = -1;
                            break;
                        }
                        if (((cl_120) it.next()).a(certificateChain)) {
                            i3 = i7;
                            break;
                        }
                        i7++;
                    }
                    if (i3 == -1) {
                        append = new StringBuilder().append("Ignoring alias ").append(nextElement);
                        str2 = ": key algorithm does not match.";
                    } else {
                        if (set != null) {
                            int length2 = certificateChain.length;
                            int i8 = i5;
                            while (true) {
                                if (i8 >= length2) {
                                    i4 = i5;
                                    break;
                                }
                                if (set.contains(((X509Certificate) certificateChain[i8]).getIssuerX500Principal())) {
                                    i4 = 1;
                                    break;
                                }
                                i8++;
                            }
                            if (i4 == 0) {
                                append = new StringBuilder().append("Ignoring alias ").append(nextElement);
                                str2 = ": issuers do not match.";
                            }
                        }
                        if (algorithmConstraints == null || a(algorithmConstraints, certificateChain, cl_118Var.b())) {
                            if (date == null) {
                                date = new Date();
                            }
                            Date date2 = date;
                            cl_117 a2 = cl_118Var.a((X509Certificate) certificateChain[i5], date2, list2, str);
                            int i9 = i3;
                            cl_119 cl_119Var = new cl_119(i, i3, nextElement, certificateChain, a2);
                            if (!z2 && a2 == cl_117.OK && i9 == 0) {
                                z2 = true;
                            }
                            if (z2 && !z) {
                                return Collections.singletonList(cl_119Var);
                            }
                            if (arrayList == null) {
                                arrayList = new ArrayList();
                            }
                            arrayList.add(cl_119Var);
                            date = date2;
                            i5 = 0;
                        } else {
                            append = new StringBuilder().append("Ignoring alias ").append(nextElement);
                            str2 = ": certificate list does not conform to algorithm constraints.";
                        }
                    }
                    SSLLogger.fine(append.append(str2).toString());
                }
            }
            i5 = 0;
        }
        return arrayList;
    }

    private static List a(String... strArr) {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        if (strArr[0] == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            arrayList.add(new cl_120(str));
        }
        return arrayList;
    }

    private Set a(Principal[] principalArr) {
        if (principalArr == null || principalArr.length == 0) {
            return null;
        }
        return new HashSet(Arrays.asList(principalArr));
    }

    private static boolean a(AlgorithmConstraints algorithmConstraints, Certificate[] certificateArr, String str) {
        String str2;
        ru.CryptoPro.ssl.pc_1.cl_0 cl_0Var = new ru.CryptoPro.ssl.pc_1.cl_0(algorithmConstraints, (Timestamp) null, str);
        try {
            cl_0Var.init(false);
            for (int length = certificateArr.length - 1; length >= 0; length--) {
                Certificate certificate = certificateArr[length];
                try {
                    cl_0Var.check(certificate, Collections.emptySet());
                } catch (CertPathValidatorException e) {
                    e = e;
                    str2 = "Certificate (" + certificate + ") does not conform to algorithm constraints: ";
                    SSLLogger.subThrown(str2, e);
                    return false;
                }
            }
            return true;
        } catch (CertPathValidatorException e2) {
            e = e2;
            str2 = "Cannot initialize algorithm constraints checker: ";
        }
    }

    private String[] a(List list) {
        String[] strArr = new String[list.size()];
        Iterator it = list.iterator();
        int i = 0;
        while (it.hasNext()) {
            strArr[i] = a((cl_119) it.next());
            i++;
        }
        return strArr;
    }

    public String[] a(String str, Principal[] principalArr, cl_118 cl_118Var, AlgorithmConstraints algorithmConstraints) {
        if (str == null) {
            return null;
        }
        Set a2 = a(principalArr);
        List a3 = a(str);
        int size = this.b.size();
        ArrayList arrayList = null;
        for (int i = 0; i < size; i++) {
            try {
                List a4 = a(i, a3, a2, true, cl_118Var, algorithmConstraints, null, null);
                if (a4 != null) {
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.addAll(a4);
                }
            } catch (Exception unused) {
            }
        }
        if (arrayList == null || arrayList.isEmpty()) {
            SSLLogger.fine("KeyMgr: no matching alias found");
            return null;
        }
        Collections.sort(arrayList);
        SSLLogger.fine("KeyMgr: getting aliases:", arrayList);
        return a(arrayList);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return a(a(strArr), principalArr, cl_118.CLIENT, a(socket));
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return a(a(strArr), principalArr, cl_118.CLIENT, a(sSLEngine));
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return a(a(str), principalArr, cl_118.SERVER, a(sSLEngine), cl_122.a(sSLEngine), "HTTPS");
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return a(a(str), principalArr, cl_118.SERVER, a(socket), cl_122.a(socket), "HTTPS");
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        KeyStore.PrivateKeyEntry a2 = a(str);
        if (a2 == null) {
            return null;
        }
        return (X509Certificate[]) a2.getCertificateChain();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return a(str, principalArr, cl_118.CLIENT, (AlgorithmConstraints) null);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        KeyStore.PrivateKeyEntry a2 = a(str);
        if (a2 == null) {
            return null;
        }
        return a2.getPrivateKey();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return a(str, principalArr, cl_118.SERVER, (AlgorithmConstraints) null);
    }
}
