package com.pam.rayana.h.a;

import android.content.Context;
import android.os.Build;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.util.Log;
import com.pam.rayana.C0000R;
import com.pam.rayana.g.f;
import com.pam.rayana.g.q;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;

/* loaded from: classes.dex */
public class a extends X509ExtendedKeyManager {
    private static PrivateKey a;
    private final String b;
    private final X509Certificate[] c;
    private final PrivateKey d;

    public a(Context context, String str) {
        this.b = str;
        try {
            this.c = a(context, str);
            this.d = b(context, str);
        } catch (KeyChainException e) {
            throw new f(context.getString(C0000R.string.client_certificate_retrieval_failure, str), e);
        } catch (InterruptedException e2) {
            throw new q(context.getString(C0000R.string.client_certificate_retrieval_failure, str), e2);
        }
    }

    private String a(String[] strArr, Principal[] principalArr) {
        String substring;
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        X509Certificate x509Certificate = this.c[0];
        String algorithm = x509Certificate.getPublicKey().getAlgorithm();
        String upperCase = x509Certificate.getSigAlgName().toUpperCase(Locale.US);
        int length = strArr.length;
        for (int i = 0; i < length; i++) {
            String str = strArr[i];
            if (str != null) {
                int indexOf = str.indexOf(95);
                if (indexOf == -1) {
                    substring = null;
                } else {
                    substring = str.substring(indexOf + 1);
                    str = str.substring(0, indexOf);
                }
                if (algorithm.equals(str) && (substring == null || upperCase.contains(substring))) {
                    if (principalArr == null || principalArr.length == 0) {
                        return this.b;
                    }
                    List asList = Arrays.asList(principalArr);
                    for (X509Certificate x509Certificate2 : this.c) {
                        if (asList.contains(x509Certificate2.getIssuerX500Principal())) {
                            return this.b;
                        }
                    }
                    Log.w("rayana", "Client certificate " + this.b + " not issued by any of the requested issuers");
                    return null;
                }
            }
        }
        Log.w("rayana", "Client certificate " + this.b + " does not match any of the requested key types");
        return null;
    }

    private static synchronized void a(PrivateKey privateKey) {
        synchronized (a.class) {
            if (a == null) {
                a = privateKey;
            }
        }
    }

    private X509Certificate[] a(Context context, String str) {
        X509Certificate[] certificateChain = KeyChain.getCertificateChain(context, str);
        if (certificateChain == null || certificateChain.length == 0) {
            throw new q("No certificate chain found for: " + str);
        }
        try {
            for (X509Certificate x509Certificate : certificateChain) {
                x509Certificate.checkValidity();
            }
            return certificateChain;
        } catch (CertificateException e) {
            throw new f(context.getString(C0000R.string.client_certificate_expired, str, e.toString()));
        }
    }

    private PrivateKey b(Context context, String str) {
        PrivateKey privateKey = KeyChain.getPrivateKey(context, str);
        if (privateKey == null) {
            throw new q("No private key found for: " + str);
        }
        if (Build.VERSION.SDK_INT < 17) {
            a(privateKey);
        }
        return privateKey;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return a(strArr, principalArr);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return a(strArr, principalArr);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return a(new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return a(new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (this.b.equals(str)) {
            return this.c;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String a2 = a(new String[]{str}, principalArr);
        if (a2 == null) {
            return null;
        }
        return new String[]{a2};
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        if (this.b.equals(str)) {
            return this.d;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        String a2 = a(new String[]{str}, principalArr);
        if (a2 == null) {
            return null;
        }
        return new String[]{a2};
    }
}
