package org.bouncycastle.jsse.provider;

import androidx.appcompat.widget.ActionMenuView$$ExternalSyntheticOutline0;
import com.ibm.icu.text.DateFormatSymbols;
import com.ibm.icu.util.AnnualTimeZoneRule;
import java.lang.ref.SoftReference;
import java.lang.reflect.Method;
import java.net.Socket;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jsse.BCExtendedSSLSession;
import org.bouncycastle.jsse.BCSNIHostName;
import org.bouncycastle.jsse.BCX509ExtendedKeyManager;
import org.bouncycastle.jsse.BCX509Key;
import org.bouncycastle.jsse.java.security.BCAlgorithmConstraints;
import org.bouncycastle.tls.NamedGroup;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.TlsUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public class ProvX509KeyManager extends BCX509ExtendedKeyManager {
    public static final Map<String, PublicKeyFilter> FILTERS_CLIENT;
    public static final Map<String, PublicKeyFilter> FILTERS_SERVER;
    public static final Logger LOG = Logger.getLogger(ProvX509KeyManager.class.getName());
    public static final boolean provKeyManagerCheckEKU = PropertyUtils.getBooleanSystemProperty("org.bouncycastle.jsse.keyManager.checkEKU", true);
    public final List<KeyStore.Builder> builders;
    public final JcaJceHelper helper;
    public final boolean isInFipsMode;
    public final AtomicLong versions = new AtomicLong();
    public final Map<String, SoftReference<KeyStore.PrivateKeyEntry>> cachedEntries = Collections.synchronizedMap(new LinkedHashMap<String, SoftReference<KeyStore.PrivateKeyEntry>>(16, 0.75f, true) { // from class: org.bouncycastle.jsse.provider.ProvX509KeyManager.1
        @Override // java.util.LinkedHashMap
        public boolean removeEldestEntry(Map.Entry<String, SoftReference<KeyStore.PrivateKeyEntry>> entry) {
            return size() > 16;
        }
    });

    /* loaded from: classes5.dex */
    public static final class DefaultPublicKeyFilter implements PublicKeyFilter {
        public final String algorithm;
        public final Class<? extends PublicKey> clazz;
        public final int keyUsageBit;

        public DefaultPublicKeyFilter(int i, Class cls, String str) {
            this.algorithm = str;
            this.clazz = cls;
            this.keyUsageBit = i;
        }

        /* JADX WARN: Removed duplicated region for block: B:18:0x0042  */
        /* JADX WARN: Removed duplicated region for block: B:21:? A[RETURN, SYNTHETIC] */
        @Override // org.bouncycastle.jsse.provider.ProvX509KeyManager.PublicKeyFilter
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public final boolean accepts(java.security.PublicKey r5, boolean[] r6, org.bouncycastle.jsse.java.security.BCAlgorithmConstraints r7) {
            /*
                r4 = this;
                java.lang.String r0 = r4.algorithm
                r1 = 0
                r2 = 1
                if (r0 == 0) goto L10
                java.lang.String r3 = org.bouncycastle.jsse.provider.JsseUtils.getPublicKeyAlgorithm(r5)
                boolean r0 = r0.equalsIgnoreCase(r3)
                if (r0 != 0) goto L1a
            L10:
                java.lang.Class<? extends java.security.PublicKey> r0 = r4.clazz
                if (r0 == 0) goto L1c
                boolean r0 = r0.isInstance(r5)
                if (r0 == 0) goto L1c
            L1a:
                r0 = r2
                goto L1d
            L1c:
                r0 = r1
            L1d:
                if (r0 == 0) goto L43
                int r0 = r4.keyUsageBit
                boolean r6 = org.bouncycastle.jsse.provider.ProvAlgorithmChecker.supportsKeyUsage(r6, r0)
                if (r6 == 0) goto L3f
                r6 = 2
                if (r0 == r6) goto L33
                r6 = 4
                if (r0 == r6) goto L30
                java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r6 = org.bouncycastle.jsse.provider.JsseUtils.SIGNATURE_CRYPTO_PRIMITIVES_BC
                goto L35
            L30:
                java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r6 = org.bouncycastle.jsse.provider.JsseUtils.KEY_AGREEMENT_CRYPTO_PRIMITIVES_BC
                goto L35
            L33:
                java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r6 = org.bouncycastle.jsse.provider.JsseUtils.KEY_ENCAPSULATION_CRYPTO_PRIMITIVES_BC
            L35:
                org.bouncycastle.jsse.provider.ProvAlgorithmConstraints r7 = (org.bouncycastle.jsse.provider.ProvAlgorithmConstraints) r7
                boolean r5 = r7.permits(r6, r5)
                if (r5 == 0) goto L3f
                r5 = r2
                goto L40
            L3f:
                r5 = r1
            L40:
                if (r5 == 0) goto L43
                r1 = r2
            L43:
                return r1
            */
            throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvX509KeyManager.DefaultPublicKeyFilter.accepts(java.security.PublicKey, boolean[], org.bouncycastle.jsse.java.security.BCAlgorithmConstraints):boolean");
        }
    }

    /* loaded from: classes5.dex */
    public static final class ECPublicKeyFilter13 implements PublicKeyFilter {
        public final ASN1ObjectIdentifier standardOID;

        public ECPublicKeyFilter13(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
            this.standardOID = aSN1ObjectIdentifier;
        }

        /* JADX WARN: Removed duplicated region for block: B:13:0x005c  */
        /* JADX WARN: Removed duplicated region for block: B:16:? A[RETURN, SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:18:? A[RETURN, SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:29:0x0042  */
        /* JADX WARN: Removed duplicated region for block: B:7:0x0047  */
        @Override // org.bouncycastle.jsse.provider.ProvX509KeyManager.PublicKeyFilter
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public final boolean accepts(java.security.PublicKey r6, boolean[] r7, org.bouncycastle.jsse.java.security.BCAlgorithmConstraints r8) {
            /*
                r5 = this;
                java.lang.String r0 = org.bouncycastle.jsse.provider.JsseUtils.getPublicKeyAlgorithm(r6)
                java.lang.String r1 = "EC"
                boolean r0 = r1.equalsIgnoreCase(r0)
                r1 = 0
                r2 = 1
                if (r0 != 0) goto L16
                java.lang.Class<java.security.interfaces.ECPublicKey> r0 = java.security.interfaces.ECPublicKey.class
                boolean r0 = r0.isInstance(r6)
                if (r0 == 0) goto L44
            L16:
                byte[] r0 = r6.getEncoded()     // Catch: java.lang.Exception -> L39
                org.bouncycastle.asn1.x509.SubjectPublicKeyInfo r0 = org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getInstance(r0)     // Catch: java.lang.Exception -> L39
                org.bouncycastle.asn1.x509.AlgorithmIdentifier r0 = r0.algId     // Catch: java.lang.Exception -> L39
                org.bouncycastle.asn1.ASN1ObjectIdentifier r3 = org.bouncycastle.asn1.x9.X9ObjectIdentifiers.id_ecPublicKey     // Catch: java.lang.Exception -> L39
                org.bouncycastle.asn1.ASN1ObjectIdentifier r4 = r0.algorithm     // Catch: java.lang.Exception -> L39
                boolean r3 = r3.equals(r4)     // Catch: java.lang.Exception -> L39
                if (r3 == 0) goto L39
                org.bouncycastle.asn1.ASN1Encodable r0 = r0.parameters     // Catch: java.lang.Exception -> L39
                if (r0 == 0) goto L39
                org.bouncycastle.asn1.ASN1Primitive r0 = r0.toASN1Primitive()     // Catch: java.lang.Exception -> L39
                boolean r3 = r0 instanceof org.bouncycastle.asn1.ASN1ObjectIdentifier     // Catch: java.lang.Exception -> L39
                if (r3 == 0) goto L39
                org.bouncycastle.asn1.ASN1ObjectIdentifier r0 = (org.bouncycastle.asn1.ASN1ObjectIdentifier) r0     // Catch: java.lang.Exception -> L39
                goto L3a
            L39:
                r0 = 0
            L3a:
                org.bouncycastle.asn1.ASN1ObjectIdentifier r3 = r5.standardOID
                boolean r0 = r3.equals(r0)
                if (r0 == 0) goto L44
                r0 = r2
                goto L45
            L44:
                r0 = r1
            L45:
                if (r0 == 0) goto L5d
                boolean r7 = org.bouncycastle.jsse.provider.ProvAlgorithmChecker.supportsKeyUsage(r7, r1)
                if (r7 == 0) goto L59
                java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r7 = org.bouncycastle.jsse.provider.JsseUtils.SIGNATURE_CRYPTO_PRIMITIVES_BC
                org.bouncycastle.jsse.provider.ProvAlgorithmConstraints r8 = (org.bouncycastle.jsse.provider.ProvAlgorithmConstraints) r8
                boolean r6 = r8.permits(r7, r6)
                if (r6 == 0) goto L59
                r6 = r2
                goto L5a
            L59:
                r6 = r1
            L5a:
                if (r6 == 0) goto L5d
                r1 = r2
            L5d:
                return r1
            */
            throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvX509KeyManager.ECPublicKeyFilter13.accepts(java.security.PublicKey, boolean[], org.bouncycastle.jsse.java.security.BCAlgorithmConstraints):boolean");
        }
    }

    /* loaded from: classes5.dex */
    public static final class Match implements Comparable<Match> {
        public static final MatchQuality INVALID = MatchQuality.MISMATCH_SNI;
        public static final Match NOTHING = new Match(MatchQuality.NONE, AnnualTimeZoneRule.MAX_YEAR, -1, null, null, null);
        public final int builderIndex;
        public final X509Certificate[] cachedCertificateChain;
        public final KeyStore cachedKeyStore;
        public final int keyTypeIndex;
        public final String localAlias;
        public final MatchQuality quality;

        public Match(MatchQuality matchQuality, int i, int i2, String str, KeyStore keyStore, X509Certificate[] x509CertificateArr) {
            this.quality = matchQuality;
            this.keyTypeIndex = i;
            this.builderIndex = i2;
            this.localAlias = str;
            this.cachedKeyStore = keyStore;
            this.cachedCertificateChain = x509CertificateArr;
        }

        @Override // java.lang.Comparable
        public final int compareTo(Match match) {
            MatchQuality matchQuality = this.quality;
            MatchQuality matchQuality2 = INVALID;
            boolean z = matchQuality.compareTo(matchQuality2) < 0;
            if (z != (match.quality.compareTo(matchQuality2) < 0)) {
                return z ? -1 : 1;
            }
            int i = this.keyTypeIndex;
            int i2 = match.keyTypeIndex;
            return i != i2 ? i < i2 ? -1 : 1 : this.quality.compareTo(match.quality);
        }
    }

    /* loaded from: classes5.dex */
    public enum MatchQuality {
        OK,
        RSA_MULTI_USE,
        MISMATCH_SNI,
        EXPIRED,
        NONE
    }

    /* loaded from: classes5.dex */
    public interface PublicKeyFilter {
        boolean accepts(PublicKey publicKey, boolean[] zArr, BCAlgorithmConstraints bCAlgorithmConstraints);
    }

    static {
        HashMap hashMap = new HashMap();
        addFilter("Ed25519", hashMap);
        addFilter("Ed448", hashMap);
        addECFilter13(hashMap, 31);
        addECFilter13(hashMap, 32);
        addECFilter13(hashMap, 33);
        addECFilter13(hashMap, 23);
        addECFilter13(hashMap, 24);
        addECFilter13(hashMap, 25);
        addFilter("RSA", hashMap);
        addFilter("RSASSA-PSS", hashMap);
        addFilter(hashMap, 0, null, DSAPublicKey.class, "DSA");
        addFilter(hashMap, 0, null, ECPublicKey.class, "EC");
        FILTERS_CLIENT = Collections.unmodifiableMap(hashMap);
        HashMap hashMap2 = new HashMap();
        addFilter("Ed25519", hashMap2);
        addFilter("Ed448", hashMap2);
        addECFilter13(hashMap2, 31);
        addECFilter13(hashMap2, 32);
        addECFilter13(hashMap2, 33);
        addECFilter13(hashMap2, 23);
        addECFilter13(hashMap2, 24);
        addECFilter13(hashMap2, 25);
        addFilter("RSA", hashMap2);
        addFilter("RSASSA-PSS", hashMap2);
        addFilterLegacyServer(hashMap2, 0, null, DSAPublicKey.class, 3, 22);
        addFilterLegacyServer(hashMap2, 0, null, ECPublicKey.class, 17);
        addFilterLegacyServer(hashMap2, 0, "RSA", null, 5, 19, 23);
        addFilterLegacyServer(hashMap2, 2, "RSA", null, 1);
        FILTERS_SERVER = Collections.unmodifiableMap(hashMap2);
    }

    public ProvX509KeyManager(boolean z, JcaJceHelper jcaJceHelper, List<KeyStore.Builder> list) {
        this.isInFipsMode = z;
        this.helper = jcaJceHelper;
        this.builders = list;
    }

    public static void addECFilter13(HashMap hashMap, int i) {
        ASN1ObjectIdentifier oid;
        if (!NamedGroup.canBeNegotiated(i, ProtocolVersion.TLSv13)) {
            throw new IllegalStateException("Invalid named group for TLS 1.3 EC filter");
        }
        String curveName = NamedGroup.getCurveName(i);
        if (curveName == null || (oid = ECNamedCurveTable.getOID(curveName)) == null) {
            Logger logger = LOG;
            StringBuilder m = ActionMenuView$$ExternalSyntheticOutline0.m("Failed to register public key filter for EC with ");
            m.append(NamedGroup.getText(i));
            logger.warning(m.toString());
            return;
        }
        String str = "EC";
        boolean z = JsseUtils.provTlsAllowLegacyMasterSecret;
        if (i >= 0) {
            StringBuilder m1m = ActionMenuView$$ExternalSyntheticOutline0.m1m("EC", "/");
            m1m.append(NamedGroup.getStandardName(i));
            str = m1m.toString();
        }
        if (hashMap.put(str, new ECPublicKeyFilter13(oid)) != null) {
            throw new IllegalStateException("Duplicate keys in filters");
        }
    }

    public static void addFilter(String str, HashMap hashMap) {
        addFilter(hashMap, 0, str, null, str);
    }

    public static void addFilter(HashMap hashMap, int i, String str, Class cls, String... strArr) {
        DefaultPublicKeyFilter defaultPublicKeyFilter = new DefaultPublicKeyFilter(i, cls, str);
        for (String str2 : strArr) {
            if (hashMap.put(str2, defaultPublicKeyFilter) != null) {
                throw new IllegalStateException("Duplicate keys in filters");
            }
        }
    }

    public static void addFilterLegacyServer(HashMap hashMap, int i, String str, Class cls, int... iArr) {
        int length = iArr.length;
        String[] strArr = new String[length];
        for (int i2 = 0; i2 < length; i2++) {
            strArr[i2] = JsseUtils.getAuthTypeServer(iArr[i2]);
        }
        addFilter(hashMap, i, str, cls, strArr);
    }

    public static MatchQuality getKeyTypeQuality(boolean z, JcaJceHelper jcaJceHelper, List<String> list, BCAlgorithmConstraints bCAlgorithmConstraints, boolean z2, Date date, String str, X509Certificate[] x509CertificateArr, int i) {
        boolean z3;
        String str2 = list.get(i);
        LOG.finer("EE cert potentially usable for key type: " + str2);
        try {
            ProvAlgorithmChecker.checkChain(z, jcaJceHelper, bCAlgorithmConstraints, Collections.emptySet(), x509CertificateArr, !provKeyManagerCheckEKU ? null : z2 ? KeyPurposeId.id_kp_serverAuth : KeyPurposeId.id_kp_clientAuth, -1);
            z3 = true;
        } catch (CertPathValidatorException e) {
            LOG.log(Level.FINEST, "Certificate chain check failed", (Throwable) e);
            z3 = false;
        }
        if (!z3) {
            LOG.finer("Unsuitable chain for key type: " + str2);
            return MatchQuality.NONE;
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        try {
            x509Certificate.checkValidity(date);
            if (str != null) {
                try {
                    ProvX509TrustManager.checkEndpointID(str, x509Certificate, "HTTPS");
                } catch (CertificateException unused) {
                    return MatchQuality.MISMATCH_SNI;
                }
            }
            if ("RSA".equalsIgnoreCase(JsseUtils.getPublicKeyAlgorithm(x509Certificate.getPublicKey()))) {
                boolean[] keyUsage = x509Certificate.getKeyUsage();
                if (ProvAlgorithmChecker.supportsKeyUsage(keyUsage, 0) && ProvAlgorithmChecker.supportsKeyUsage(keyUsage, 2)) {
                    return MatchQuality.RSA_MULTI_USE;
                }
            }
            return MatchQuality.OK;
        } catch (CertificateException unused2) {
            return MatchQuality.EXPIRED;
        }
    }

    public static List<String> getKeyTypes(String... strArr) {
        if (strArr == null || strArr.length <= 0) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (str == null) {
                throw new IllegalArgumentException("Key types cannot be null");
            }
            if (!arrayList.contains(str)) {
                arrayList.add(str);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    /* JADX WARN: Code restructure failed: missing block: B:17:0x0033, code lost:
    
        if (r6.contains(r0.getSubjectX500Principal()) != false) goto L21;
     */
    /* JADX WARN: Removed duplicated region for block: B:20:0x003b A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:22:0x003c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static int getPotentialKeyType(java.util.List<java.lang.String> r4, int r5, java.util.Set<java.security.Principal> r6, org.bouncycastle.jsse.java.security.BCAlgorithmConstraints r7, boolean r8, java.security.cert.X509Certificate[] r9) {
        /*
            boolean r0 = org.bouncycastle.tls.TlsUtils.isNullOrEmpty(r9)
            r1 = -1
            r2 = 0
            if (r0 == 0) goto L9
            goto L36
        L9:
            if (r6 == 0) goto L38
            boolean r0 = r6.isEmpty()
            if (r0 == 0) goto L12
            goto L38
        L12:
            int r0 = r9.length
        L13:
            int r0 = r0 + r1
            if (r0 < 0) goto L23
            r3 = r9[r0]
            javax.security.auth.x500.X500Principal r3 = r3.getIssuerX500Principal()
            boolean r3 = r6.contains(r3)
            if (r3 == 0) goto L13
            goto L38
        L23:
            r0 = r9[r2]
            int r3 = r0.getBasicConstraints()
            if (r3 < 0) goto L36
            javax.security.auth.x500.X500Principal r0 = r0.getSubjectX500Principal()
            boolean r6 = r6.contains(r0)
            if (r6 == 0) goto L36
            goto L38
        L36:
            r6 = r2
            goto L39
        L38:
            r6 = 1
        L39:
            if (r6 != 0) goto L3c
            return r1
        L3c:
            r6 = r9[r2]
            if (r8 == 0) goto L43
            java.util.Map<java.lang.String, org.bouncycastle.jsse.provider.ProvX509KeyManager$PublicKeyFilter> r8 = org.bouncycastle.jsse.provider.ProvX509KeyManager.FILTERS_SERVER
            goto L45
        L43:
            java.util.Map<java.lang.String, org.bouncycastle.jsse.provider.ProvX509KeyManager$PublicKeyFilter> r8 = org.bouncycastle.jsse.provider.ProvX509KeyManager.FILTERS_CLIENT
        L45:
            java.security.PublicKey r9 = r6.getPublicKey()
            boolean[] r6 = r6.getKeyUsage()
        L4d:
            if (r2 >= r5) goto L68
            java.lang.Object r0 = r4.get(r2)
            java.lang.String r0 = (java.lang.String) r0
            java.lang.Object r0 = r8.get(r0)
            org.bouncycastle.jsse.provider.ProvX509KeyManager$PublicKeyFilter r0 = (org.bouncycastle.jsse.provider.ProvX509KeyManager.PublicKeyFilter) r0
            if (r0 == 0) goto L65
            boolean r0 = r0.accepts(r9, r6, r7)
            if (r0 == 0) goto L65
            r1 = r2
            goto L68
        L65:
            int r2 = r2 + 1
            goto L4d
        L68:
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvX509KeyManager.getPotentialKeyType(java.util.List, int, java.util.Set, org.bouncycastle.jsse.java.security.BCAlgorithmConstraints, boolean, java.security.cert.X509Certificate[]):int");
    }

    public static String getRequestedHostName(TransportData transportData, boolean z) {
        BCExtendedSSLSession bCExtendedSSLSession;
        BCSNIHostName sNIHostName;
        if (transportData == null || !z || (bCExtendedSSLSession = transportData.handshakeSession) == null || (sNIHostName = JsseUtils.getSNIHostName(bCExtendedSSLSession.getRequestedServerNames())) == null) {
            return null;
        }
        return sNIHostName.hostName;
    }

    public static Set<Principal> getUniquePrincipals(Principal[] principalArr) {
        if (principalArr == null) {
            return null;
        }
        if (principalArr.length > 0) {
            HashSet hashSet = new HashSet();
            for (Principal principal : principalArr) {
                if (principal != null) {
                    hashSet.add(principal);
                }
            }
            if (!hashSet.isEmpty()) {
                return Collections.unmodifiableSet(hashSet);
            }
        }
        return Collections.emptySet();
    }

    public final String chooseAlias(List<String> list, Principal[] principalArr, TransportData transportData, boolean z) {
        Match bestMatch = getBestMatch(list, principalArr, transportData, z);
        if (bestMatch.compareTo(Match.NOTHING) >= 0) {
            LOG.fine("No matching key found");
            return null;
        }
        String str = list.get(bestMatch.keyTypeIndex);
        StringBuilder m = ActionMenuView$$ExternalSyntheticOutline0.m(DateFormatSymbols.ALTERNATE_TIME_SEPARATOR);
        m.append(this.versions.incrementAndGet());
        String sb = m.toString();
        StringBuilder sb2 = new StringBuilder();
        sb2.append(bestMatch.builderIndex);
        sb2.append(DateFormatSymbols.ALTERNATE_TIME_SEPARATOR);
        String m2 = ActionMenuView$$ExternalSyntheticOutline0.m(sb2, bestMatch.localAlias, sb);
        Logger logger = LOG;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Found matching key of type: " + str + ", returning alias: " + m2);
        }
        return m2;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return chooseAlias(getKeyTypes(strArr), principalArr, TransportData.from(socket), false);
    }

    @Override // org.bouncycastle.jsse.BCX509ExtendedKeyManager
    public final BCX509Key chooseClientKeyBC(String[] strArr, Principal[] principalArr, Socket socket) {
        return chooseKeyBC(getKeyTypes(strArr), principalArr, TransportData.from(socket), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public final String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseAlias(getKeyTypes(strArr), principalArr, TransportData.from(sSLEngine), false);
    }

    @Override // org.bouncycastle.jsse.BCX509ExtendedKeyManager
    public final BCX509Key chooseEngineClientKeyBC(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseKeyBC(getKeyTypes(strArr), principalArr, TransportData.from(sSLEngine), false);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public final String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseAlias(getKeyTypes(str), principalArr, TransportData.from(sSLEngine), true);
    }

    @Override // org.bouncycastle.jsse.BCX509ExtendedKeyManager
    public final BCX509Key chooseEngineServerKeyBC(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseKeyBC(getKeyTypes(strArr), principalArr, TransportData.from(sSLEngine), true);
    }

    public final BCX509Key chooseKeyBC(List<String> list, Principal[] principalArr, TransportData transportData, boolean z) {
        Match bestMatch = getBestMatch(list, principalArr, transportData, z);
        if (bestMatch.compareTo(Match.NOTHING) < 0) {
            try {
                String str = list.get(bestMatch.keyTypeIndex);
                BCX509Key createKeyBC = createKeyBC(str, bestMatch.builderIndex, bestMatch.localAlias, bestMatch.cachedKeyStore, bestMatch.cachedCertificateChain);
                if (createKeyBC != null) {
                    Logger logger = LOG;
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("Found matching key of type: " + str + ", from alias: " + bestMatch.builderIndex + DateFormatSymbols.ALTERNATE_TIME_SEPARATOR + bestMatch.localAlias);
                    }
                    return createKeyBC;
                }
            } catch (Exception e) {
                LOG.log(Level.FINER, "Failed to load private key", (Throwable) e);
            }
        }
        LOG.fine("No matching key found");
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return chooseAlias(getKeyTypes(str), principalArr, TransportData.from(socket), true);
    }

    @Override // org.bouncycastle.jsse.BCX509ExtendedKeyManager
    public final BCX509Key chooseServerKeyBC(String[] strArr, Principal[] principalArr, Socket socket) {
        return chooseKeyBC(getKeyTypes(strArr), principalArr, TransportData.from(socket), true);
    }

    public final BCX509Key createKeyBC(String str, int i, String str2, KeyStore keyStore, X509Certificate[] x509CertificateArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyStore.ProtectionParameter protectionParameter = this.builders.get(i).getProtectionParameter(str2);
        Method method = KeyStoreUtil.getProtectionAlgorithm;
        if (protectionParameter == null) {
            throw new UnrecoverableKeyException("requested key requires a password");
        }
        if (!(protectionParameter instanceof KeyStore.PasswordProtection)) {
            throw new UnsupportedOperationException();
        }
        KeyStore.PasswordProtection passwordProtection = (KeyStore.PasswordProtection) protectionParameter;
        Method method2 = KeyStoreUtil.getProtectionAlgorithm;
        if (method2 != null && ReflectionUtil.invokeGetter(method2, passwordProtection) != null) {
            throw new KeyStoreException("unsupported password protection algorithm");
        }
        Key key = keyStore.getKey(str2, passwordProtection.getPassword());
        if (key instanceof PrivateKey) {
            return new ProvX509Key(str, (PrivateKey) key, x509CertificateArr);
        }
        return null;
    }

    public final String[] getAliases(List list, Principal[] principalArr, boolean z) {
        int i;
        int i2;
        int i3;
        ArrayList<Match> arrayList = null;
        if (this.builders.isEmpty() || list.isEmpty()) {
            return null;
        }
        int size = list.size();
        Set<Principal> uniquePrincipals = getUniquePrincipals(principalArr);
        BCAlgorithmConstraints algorithmConstraints = TransportData.getAlgorithmConstraints(null, true);
        Date date = new Date();
        String requestedHostName = getRequestedHostName(null, z);
        int size2 = this.builders.size();
        int i4 = 0;
        int i5 = 0;
        while (i5 < size2) {
            try {
                KeyStore keyStore = this.builders.get(i5).getKeyStore();
                if (keyStore == null) {
                    i = size2;
                    i2 = size;
                    i3 = i5;
                } else {
                    Enumeration<String> aliases = keyStore.aliases();
                    ArrayList arrayList2 = arrayList;
                    while (aliases.hasMoreElements()) {
                        try {
                            int i6 = size;
                            i2 = size;
                            i3 = i5;
                            i = size2;
                            try {
                                Match potentialMatch = getPotentialMatch(i5, keyStore, aliases.nextElement(), list, i6, uniquePrincipals, algorithmConstraints, z, date, requestedHostName);
                                if (potentialMatch.compareTo(Match.NOTHING) < 0) {
                                    ArrayList arrayList3 = arrayList2 == null ? new ArrayList() : arrayList2;
                                    arrayList3.add(potentialMatch);
                                    arrayList2 = arrayList3;
                                }
                                i5 = i3;
                                size = i2;
                                size2 = i;
                            } catch (KeyStoreException e) {
                                e = e;
                                arrayList = arrayList2;
                                LOG.log(Level.WARNING, "Failed to fully process KeyStore.Builder at index " + i3, (Throwable) e);
                                i5 = i3 + 1;
                                size = i2;
                                size2 = i;
                            }
                        } catch (KeyStoreException e2) {
                            e = e2;
                            i = size2;
                            i2 = size;
                            i3 = i5;
                        }
                    }
                    i = size2;
                    i2 = size;
                    i3 = i5;
                    arrayList = arrayList2;
                }
            } catch (KeyStoreException e3) {
                e = e3;
                i = size2;
                i2 = size;
                i3 = i5;
            }
            i5 = i3 + 1;
            size = i2;
            size2 = i;
        }
        if (arrayList == null || arrayList.isEmpty()) {
            return null;
        }
        Collections.sort(arrayList);
        String str = DateFormatSymbols.ALTERNATE_TIME_SEPARATOR + this.versions.incrementAndGet();
        String[] strArr = new String[arrayList.size()];
        for (Match match : arrayList) {
            StringBuilder sb = new StringBuilder();
            sb.append(match.builderIndex);
            sb.append(DateFormatSymbols.ALTERNATE_TIME_SEPARATOR);
            strArr[i4] = ActionMenuView$$ExternalSyntheticOutline0.m(sb, match.localAlias, str);
            i4++;
        }
        return strArr;
    }

    public final Match getBestMatch(List<String> list, Principal[] principalArr, TransportData transportData, boolean z) {
        int i;
        int i2;
        boolean z2;
        Match match;
        ProvX509KeyManager provX509KeyManager = this;
        Match match2 = Match.NOTHING;
        if (provX509KeyManager.builders.isEmpty() || list.isEmpty()) {
            return match2;
        }
        int size = list.size();
        Set<Principal> uniquePrincipals = getUniquePrincipals(principalArr);
        boolean z3 = true;
        BCAlgorithmConstraints algorithmConstraints = TransportData.getAlgorithmConstraints(transportData, true);
        Date date = new Date();
        String requestedHostName = getRequestedHostName(transportData, z);
        int size2 = provX509KeyManager.builders.size();
        int i3 = size;
        int i4 = 0;
        Match match3 = match2;
        while (i4 < size2) {
            try {
                KeyStore keyStore = provX509KeyManager.builders.get(i4).getKeyStore();
                if (keyStore == null) {
                    i = i4;
                    i2 = size2;
                    z2 = z3;
                } else {
                    Enumeration<String> aliases = keyStore.aliases();
                    Match match4 = match3;
                    int i5 = i3;
                    while (aliases.hasMoreElements()) {
                        try {
                            int i6 = i5;
                            match = match4;
                            i = i4;
                            i2 = size2;
                            try {
                                match4 = getPotentialMatch(i4, keyStore, aliases.nextElement(), list, i5, uniquePrincipals, algorithmConstraints, z, date, requestedHostName);
                                if (match4.compareTo(match) < 0) {
                                    try {
                                        MatchQuality matchQuality = MatchQuality.OK;
                                        MatchQuality matchQuality2 = match4.quality;
                                        if (matchQuality == matchQuality2 && match4.keyTypeIndex == 0) {
                                            return match4;
                                        }
                                        if (matchQuality2.compareTo(Match.INVALID) < 0) {
                                            z2 = true;
                                            i3 = i6;
                                            try {
                                                i5 = Math.min(i3, match4.keyTypeIndex + 1);
                                            } catch (KeyStoreException e) {
                                                e = e;
                                                match3 = match4;
                                                LOG.log(Level.WARNING, "Failed to fully process KeyStore.Builder at index " + i, (Throwable) e);
                                                i4 = i + 1;
                                                provX509KeyManager = this;
                                                z3 = z2;
                                                size2 = i2;
                                            }
                                        } else {
                                            z2 = true;
                                            i5 = i6;
                                        }
                                    } catch (KeyStoreException e2) {
                                        e = e2;
                                        i3 = i6;
                                        z2 = true;
                                    }
                                } else {
                                    z2 = true;
                                    i5 = i6;
                                    match4 = match;
                                }
                                z3 = z2;
                                i4 = i;
                                size2 = i2;
                            } catch (KeyStoreException e3) {
                                e = e3;
                                i3 = i6;
                                z2 = true;
                                match3 = match;
                                LOG.log(Level.WARNING, "Failed to fully process KeyStore.Builder at index " + i, (Throwable) e);
                                i4 = i + 1;
                                provX509KeyManager = this;
                                z3 = z2;
                                size2 = i2;
                            }
                        } catch (KeyStoreException e4) {
                            e = e4;
                            i3 = i5;
                            i = i4;
                            i2 = size2;
                            z2 = z3;
                            match = match4;
                        }
                    }
                    i3 = i5;
                    i = i4;
                    i2 = size2;
                    z2 = z3;
                    match3 = match4;
                }
            } catch (KeyStoreException e5) {
                e = e5;
                i = i4;
                i2 = size2;
                z2 = z3;
            }
            i4 = i + 1;
            provX509KeyManager = this;
            z3 = z2;
            size2 = i2;
        }
        return match3;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final X509Certificate[] getCertificateChain(String str) {
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(str);
        if (privateKeyEntry == null) {
            return null;
        }
        return (X509Certificate[]) privateKeyEntry.getCertificateChain();
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getClientAliases(String str, Principal[] principalArr) {
        return getAliases(getKeyTypes(str), principalArr, false);
    }

    @Override // org.bouncycastle.jsse.BCX509ExtendedKeyManager
    public final BCX509Key getKeyBC(String str, String str2) {
        PrivateKey privateKey;
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(str2);
        if (privateKeyEntry == null || (privateKey = privateKeyEntry.getPrivateKey()) == null) {
            return null;
        }
        X509Certificate[] x509CertificateChain = JsseUtils.getX509CertificateChain(privateKeyEntry.getCertificateChain());
        if (TlsUtils.isNullOrEmpty(x509CertificateChain)) {
            return null;
        }
        return new ProvX509Key(str, privateKey, x509CertificateChain);
    }

    public final Match getPotentialMatch(int i, KeyStore keyStore, String str, List list, int i2, Set set, BCAlgorithmConstraints bCAlgorithmConstraints, boolean z, Date date, String str2) throws KeyStoreException {
        X509Certificate[] x509CertificateChain;
        int potentialKeyType;
        MatchQuality keyTypeQuality;
        return (!keyStore.isKeyEntry(str) || (potentialKeyType = getPotentialKeyType(list, i2, set, bCAlgorithmConstraints, z, (x509CertificateChain = JsseUtils.getX509CertificateChain(keyStore.getCertificateChain(str))))) < 0 || MatchQuality.NONE == (keyTypeQuality = getKeyTypeQuality(this.isInFipsMode, this.helper, list, bCAlgorithmConstraints, z, date, str2, x509CertificateChain, potentialKeyType))) ? Match.NOTHING : new Match(keyTypeQuality, potentialKeyType, i, str, keyStore, x509CertificateChain);
    }

    @Override // javax.net.ssl.X509KeyManager
    public final PrivateKey getPrivateKey(String str) {
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(str);
        if (privateKeyEntry == null) {
            return null;
        }
        return privateKeyEntry.getPrivateKey();
    }

    public final KeyStore.PrivateKeyEntry getPrivateKeyEntry(String str) {
        int i;
        int lastIndexOf;
        int parseInt;
        KeyStore.PrivateKeyEntry privateKeyEntry;
        KeyStore.PrivateKeyEntry privateKeyEntry2 = null;
        if (str == null) {
            return null;
        }
        SoftReference<KeyStore.PrivateKeyEntry> softReference = this.cachedEntries.get(str);
        if (softReference != null && (privateKeyEntry = softReference.get()) != null) {
            return privateKeyEntry;
        }
        try {
            int indexOf = str.indexOf(46, 0);
            if (indexOf > 0 && (lastIndexOf = str.lastIndexOf(46)) > (i = indexOf + 1) && (parseInt = Integer.parseInt(str.substring(0, indexOf))) >= 0 && parseInt < this.builders.size()) {
                KeyStore.Builder builder = this.builders.get(parseInt);
                String substring = str.substring(i, lastIndexOf);
                KeyStore keyStore = builder.getKeyStore();
                if (keyStore != null) {
                    KeyStore.Entry entry = keyStore.getEntry(substring, builder.getProtectionParameter(substring));
                    if (entry instanceof KeyStore.PrivateKeyEntry) {
                        privateKeyEntry2 = (KeyStore.PrivateKeyEntry) entry;
                    }
                }
            }
        } catch (Exception e) {
            LOG.log(Level.FINER, "Failed to load PrivateKeyEntry: " + str, (Throwable) e);
        }
        if (privateKeyEntry2 != null) {
            this.cachedEntries.put(str, new SoftReference<>(privateKeyEntry2));
        }
        return privateKeyEntry2;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getServerAliases(String str, Principal[] principalArr) {
        return getAliases(getKeyTypes(str), principalArr, true);
    }
}
