package cn.com.suresec.jsse.provider;

import cn.com.suresec.asn1.x500.X500Name;
import cn.com.suresec.asn1.x509.Extensions;
import cn.com.suresec.asn1.x509.KeyUsage;
import cn.com.suresec.asn1.x509.TBSCertificate;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;

/* compiled from: ProvX509KeyManager.java */
/* loaded from: classes.dex */
class aw extends X509ExtendedKeyManager {

    /* renamed from: a, reason: collision with root package name */
    private final List<KeyStore.Builder> f1137a;

    /* renamed from: b, reason: collision with root package name */
    private final Map<String, KeyStore.PrivateKeyEntry> f1138b = new HashMap();

    /* renamed from: c, reason: collision with root package name */
    private final AtomicLong f1139c = new AtomicLong();

    /* JADX INFO: Access modifiers changed from: package-private */
    public aw(List<KeyStore.Builder> list) {
        this.f1137a = list;
    }

    private String a(boolean z, String[] strArr, Principal[] principalArr) {
        try {
            Set<X500Name> a2 = t.a(principalArr);
            for (int i = 0; i != strArr.length; i++) {
                List<String> a3 = a(z, strArr[i], a2);
                if (!a3.isEmpty()) {
                    return a3.get(0);
                }
            }
            return null;
        } catch (Exception unused) {
            return null;
        }
    }

    private KeyStore.PrivateKeyEntry a(String str) {
        if (str == null) {
            return null;
        }
        return this.f1138b.get(str);
    }

    private List<String> a(boolean z, int i, KeyStore keyStore, KeyStore.Builder builder, String str, Set<X500Name> set) throws GeneralSecurityException {
        X509Certificate[] a2;
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement) && (a2 = t.a(keyStore.getCertificateChain(nextElement))) != null && a2.length != 0 && a(z, str, set, a2)) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(nextElement, builder.getProtectionParameter(nextElement));
                String str2 = String.valueOf(i) + "." + nextElement + "." + this.f1139c.getAndIncrement();
                this.f1138b.put(str2, privateKeyEntry);
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    private List<String> a(boolean z, String str, Set<X500Name> set) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i != this.f1137a.size(); i++) {
            KeyStore.Builder builder = this.f1137a.get(i);
            try {
                arrayList.addAll(a(z, i, builder.getKeyStore(), builder, str, set));
            } catch (GeneralSecurityException e) {
                throw new IllegalStateException("unable to build key store: " + e.getMessage(), e);
            }
        }
        return arrayList;
    }

    private boolean a(int i, X509Certificate x509Certificate) {
        KeyUsage fromExtensions;
        try {
            Extensions extensions = TBSCertificate.getInstance(x509Certificate.getTBSCertificate()).getExtensions();
            if (extensions == null || (fromExtensions = KeyUsage.fromExtensions(extensions)) == null) {
                return true;
            }
            return ((fromExtensions.getBytes()[0] & 255) & i) == i;
        } catch (Exception unused) {
            return false;
        }
    }

    private boolean a(Set<X500Name> set, X509Certificate x509Certificate) {
        return set.contains(t.a(x509Certificate.getIssuerX500Principal()));
    }

    private boolean a(boolean z, String str, X509Certificate x509Certificate) {
        if (str == null || x509Certificate == null) {
            return false;
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (str.equalsIgnoreCase("DHE_RSA") || str.equalsIgnoreCase("ECDHE_RSA") || str.equalsIgnoreCase("SRP_RSA")) {
            return (publicKey instanceof RSAPublicKey) && a(128, x509Certificate);
        }
        if (str.equalsIgnoreCase("DHE_DSS") || str.equalsIgnoreCase("SRP_DSS")) {
            return (publicKey instanceof DSAPublicKey) && a(128, x509Certificate);
        }
        if (str.equalsIgnoreCase("ECDHE_ECDSA")) {
            return (publicKey instanceof ECPublicKey) && a(128, x509Certificate);
        }
        if (str.equalsIgnoreCase("RSA")) {
            return (publicKey instanceof RSAPublicKey) && a(z ? 32 : 128, x509Certificate);
        }
        return str.equalsIgnoreCase("DSA") ? !z && (publicKey instanceof DSAPublicKey) && a(128, x509Certificate) : str.equalsIgnoreCase("EC") && (publicKey instanceof ECPublicKey) && a(128, x509Certificate);
    }

    private boolean a(boolean z, String str, Set<X500Name> set, X509Certificate[] x509CertificateArr) {
        if (!a(z, str, x509CertificateArr[0])) {
            return false;
        }
        if (set == null || set.isEmpty()) {
            return true;
        }
        int length = x509CertificateArr.length;
        do {
            length--;
            if (length < 0) {
                return false;
            }
        } while (!a(set, x509CertificateArr[length]));
        return true;
    }

    private String[] a(boolean z, String str, Principal[] principalArr) {
        List<String> a2 = a(z, str, t.a(principalArr));
        return (String[]) a2.toArray(new String[a2.size()]);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return a(false, strArr, principalArr);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return a(false, strArr, principalArr);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return a(true, new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return a(true, new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        KeyStore.PrivateKeyEntry a2 = a(str);
        if (a2 == null) {
            return null;
        }
        return (X509Certificate[]) a2.getCertificateChain();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return a(false, str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        KeyStore.PrivateKeyEntry a2 = a(str);
        if (a2 == null) {
            return null;
        }
        return a2.getPrivateKey();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return a(true, str, principalArr);
    }
}
