package pd;

import be.w4;
import fb.i;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Function;
import javax.security.auth.login.FailedLoginException;

/* compiled from: Pkcs11Provider.java */
/* loaded from: classes.dex */
public class b {

    /* renamed from: e, reason: collision with root package name */
    private static final ze.a f11637e = ze.b.i(b.class);

    /* renamed from: f, reason: collision with root package name */
    private static final h9.b f11638f = new a();

    /* renamed from: g, reason: collision with root package name */
    private static final Map<String, b> f11639g = new ConcurrentHashMap();

    /* renamed from: h, reason: collision with root package name */
    private static final AtomicInteger f11640h = new AtomicInteger();

    /* renamed from: a, reason: collision with root package name */
    private final Provider f11641a;

    /* renamed from: b, reason: collision with root package name */
    private final h f11642b;

    /* renamed from: c, reason: collision with root package name */
    private final KeyStore.Builder f11643c;

    /* renamed from: d, reason: collision with root package name */
    private KeyStore f11644d;

    /* compiled from: Pkcs11Provider.java */
    /* loaded from: classes.dex */
    class a implements h9.b {
        a() {
        }

        @Override // h9.b
        public Iterable<? extends Map.Entry<PublicKey, String>> F0() {
            throw new UnsupportedOperationException();
        }

        @Override // h9.b
        public Map.Entry<String, byte[]> S2(i iVar, PublicKey publicKey, String str, byte[] bArr) {
            throw new UnsupportedOperationException();
        }

        @Override // java.nio.channels.Channel, java.io.Closeable, java.lang.AutoCloseable
        public void close() {
        }

        @Override // java.nio.channels.Channel
        public boolean isOpen() {
            return true;
        }

        @Override // h9.b
        public /* synthetic */ KeyPair y1(PublicKey publicKey) {
            return h9.a.a(this, publicKey);
        }
    }

    /* compiled from: Pkcs11Provider.java */
    /* renamed from: pd.b$b, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    private class C0233b extends m9.b {
        C0233b(PublicKey publicKey, String str) {
            super(b.f11638f, publicKey, str);
        }

        @Override // m9.b, m9.f
        public Map.Entry<String, byte[]> a(i iVar, String str, byte[] bArr) {
            return new AbstractMap.SimpleImmutableEntry(str, b.this.i(iVar, ((hb.f) hb.d.u(str).k()).getAlgorithm(), c(), bArr));
        }
    }

    private b(Provider provider, h hVar) {
        this.f11641a = provider;
        this.f11642b = hVar;
        this.f11643c = KeyStore.Builder.newInstance("PKCS11", provider, new KeyStore.CallbackHandlerProtection(hVar));
    }

    public static b e(Path path, final int i10) {
        final Path absolutePath;
        String path2;
        Object computeIfAbsent;
        final int i11 = i10 < 0 ? 0 : i10;
        absolutePath = path.toAbsolutePath();
        path2 = absolutePath.toString();
        computeIfAbsent = f11639g.computeIfAbsent(String.valueOf(path2) + '/' + i11, new Function() { // from class: pd.a
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                b g10;
                g10 = b.g(absolutePath, i11, i10, (String) obj);
                return g10;
            }
        });
        return (b) computeIfAbsent;
    }

    private boolean f(Throwable th) {
        while (th != null) {
            if (th instanceof FailedLoginException) {
                return true;
            }
            th = th.getCause();
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ b g(Path path, int i10, int i11, String str) {
        Path fileName;
        String path2;
        String path3;
        Provider provider = Security.getProvider("SunPKCS11");
        if (provider == null) {
            throw new UnsupportedOperationException();
        }
        fileName = path.getFileName();
        path2 = fileName.toString();
        String str2 = "JGit-" + i10 + '-' + path2.replaceAll("\\s", "");
        String str3 = "pkcs11-" + f11640h.incrementAndGet() + '-' + str2;
        path3 = path.toString();
        System.setProperty(str3, path3);
        String str4 = "--name = " + str2 + "\nlibrary = ${" + str3 + "}\nslotListIndex = " + i10 + '\n';
        ze.a aVar = f11637e;
        if (aVar.e()) {
            aVar.A("{}: configuring provider with system property {}={} and config:{}{}", str2, str3, path, System.lineSeparator(), str4);
        }
        Provider configure = provider.configure(str4);
        String str5 = "pkcs11:?module-path=" + path;
        if (i11 > 0) {
            str5 = String.valueOf(str5) + "&slot-list-index=" + i11;
        }
        return new b(configure, new h(new w4().v(str5)));
    }

    private synchronized void h(i iVar) {
        if (this.f11644d == null) {
            int g10 = this.f11642b.g(iVar);
            int i10 = 0;
            while (i10 < g10) {
                i10++;
                try {
                    ze.a aVar = f11637e;
                    if (aVar.e()) {
                        aVar.d("{}: Loading PKCS#11 KeyStore (attempt {})", d(), Integer.toString(i10));
                    }
                    this.f11644d = this.f11643c.getKeyStore();
                    this.f11642b.l(null);
                    return;
                } catch (GeneralSecurityException e10) {
                    if (!this.f11642b.l(e10) || i10 >= g10 || !f(e10)) {
                        throw e10;
                    }
                }
            }
        }
    }

    public Iterable<m9.b> c(i iVar) {
        String str;
        h(iVar);
        ArrayList arrayList = new ArrayList(2);
        Enumeration<String> aliases = this.f11644d.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = this.f11644d.getCertificate(nextElement);
            if (certificate != null) {
                PublicKey publicKey = certificate.getPublicKey();
                if (publicKey == null) {
                    ze.a aVar = f11637e;
                    if (aVar.e()) {
                        aVar.d("{}: certificate {} has no public key??", d(), nextElement);
                    }
                } else {
                    ze.a aVar2 = f11637e;
                    if (aVar2.e()) {
                        if (certificate instanceof X509Certificate) {
                            X509Certificate x509Certificate = (X509Certificate) certificate;
                            try {
                                x509Certificate.checkValidity();
                                str = "Certificate is valid";
                            } catch (CertificateExpiredException | CertificateNotYetValidException unused) {
                                str = "Certificate is INVALID";
                            }
                            boolean[] keyUsage = x509Certificate.getKeyUsage();
                            if (keyUsage != null) {
                                StringBuilder sb2 = new StringBuilder(str);
                                sb2.append(", signing ");
                                sb2.append(keyUsage[0] ? "allowed" : "NOT allowed");
                                str = sb2.toString();
                            }
                            f11637e.A("{}: Loaded X.509 certificate {}, key type {}. {}.", d(), nextElement, publicKey.getAlgorithm(), str);
                        } else {
                            aVar2.A("{}: Loaded certificate {}, key type {}.", d(), nextElement, publicKey.getAlgorithm());
                        }
                    }
                    arrayList.add(new C0233b(publicKey, nextElement));
                }
            }
        }
        return arrayList;
    }

    public String d() {
        return this.f11641a.getName();
    }

    synchronized byte[] i(i iVar, String str, String str2, byte[] bArr) {
        int g10 = this.f11642b.g(iVar);
        int i10 = 0;
        while (i10 < g10) {
            i10++;
            try {
                ze.a aVar = f11637e;
                if (aVar.e()) {
                    aVar.A("{}: Signing with PKCS#11 key {}, algorithm {} (attempt {})", d(), str2, str, Integer.toString(i10));
                }
                Signature signature = Signature.getInstance(str, this.f11641a);
                signature.initSign((PrivateKey) this.f11644d.getKey(str2, null));
                signature.update(bArr);
                byte[] sign = signature.sign();
                this.f11642b.l(null);
                return sign;
            } catch (GeneralSecurityException e10) {
                if (!this.f11642b.l(e10) || i10 >= g10 || !f(e10)) {
                    throw e10;
                }
            }
        }
        return null;
    }
}
