package K7;

import android.content.Context;
import android.net.Uri;
import android.security.KeyChain;
import android.security.KeyChainException;
import com.bitwarden.network.ssl.CertificateProvider;
import java.net.Socket;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import kotlin.NoWhenBranchMatchedException;
import tc.AbstractC3289l;

/* renamed from: K7.k, reason: case insensitive filesystem */
/* loaded from: classes.dex */
public final class C0563k implements CertificateProvider {

    /* renamed from: a, reason: collision with root package name */
    public final Context f5371a;

    /* renamed from: b, reason: collision with root package name */
    public final X7.j f5372b;

    public C0563k(Context context, X7.j jVar) {
        kotlin.jvm.internal.k.f("environmentRepository", jVar);
        this.f5371a = context;
        this.f5372b = jVar;
    }

    public final G7.a a() {
        Object obj;
        String path;
        String C02;
        PrivateKey privateKey;
        X509Certificate[] x509CertificateArr;
        String keyUri = this.f5372b.a().getEnvironmentUrlData().getKeyUri();
        Uri parse = keyUri != null ? Uri.parse(keyUri) : null;
        if (parse == null) {
            return null;
        }
        Iterator<E> it = G7.b.getEntries().iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            if (kotlin.jvm.internal.k.b(((G7.b) obj).name(), parse.getAuthority())) {
                break;
            }
        }
        G7.b bVar = (G7.b) obj;
        if (bVar == null || (path = parse.getPath()) == null || (C02 = Oc.l.C0(path, '/')) == null) {
            return null;
        }
        if (C02.length() == 0) {
            C02 = null;
        }
        if (C02 == null) {
            return null;
        }
        int i10 = AbstractC0562j.f5369a[bVar.ordinal()];
        if (i10 != 1) {
            if (i10 != 2) {
                throw new NoWhenBranchMatchedException();
            }
            Context context = this.f5371a;
            try {
                privateKey = KeyChain.getPrivateKey(context, C02);
            } catch (KeyChainException e10) {
                Id.c.f4869a.b(e10, "Requested alias not found in system KeyChain", new Object[0]);
                privateKey = null;
            }
            if (privateKey == null) {
                return null;
            }
            try {
                x509CertificateArr = KeyChain.getCertificateChain(context, C02);
            } catch (KeyChainException e11) {
                Id.c.f4869a.b(e11, "Unable to access certificate chain for provided alias", new Object[0]);
                x509CertificateArr = null;
            }
            if (x509CertificateArr == null) {
                return null;
            }
            return new G7.a(C02, privateKey, AbstractC3289l.U(x509CertificateArr));
        }
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        try {
            Key key = keyStore.getKey(C02, null);
            PrivateKey privateKey2 = key instanceof PrivateKey ? (PrivateKey) key : null;
            if (privateKey2 == null) {
                return null;
            }
            Certificate[] certificateChain = keyStore.getCertificateChain(C02);
            kotlin.jvm.internal.k.e("getCertificateChain(...)", certificateChain);
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : certificateChain) {
                X509Certificate x509Certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
                if (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                }
            }
            if (arrayList.isEmpty()) {
                arrayList = null;
            }
            if (arrayList == null) {
                return null;
            }
            return new G7.a(C02, privateKey2, arrayList);
        } catch (KeyStoreException e12) {
            Id.c.f4869a.b(e12, "Failed to load Android KeyStore", new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e13) {
            Id.c.f4869a.b(e13, "Key cannot be recovered. Password may be incorrect.", new Object[0]);
            return null;
        } catch (UnrecoverableKeyException e14) {
            Id.c.f4869a.b(e14, "Failed to load client certificate from Android KeyStore", new Object[0]);
            return null;
        }
    }

    @Override // com.bitwarden.network.ssl.CertificateProvider
    public final String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        G7.a a10 = a();
        String str = a10 != null ? a10.f4010a : null;
        return str == null ? "" : str;
    }

    @Override // com.bitwarden.network.ssl.CertificateProvider
    public final X509Certificate[] getCertificateChain(String str) {
        List list;
        G7.a a10 = a();
        if (a10 == null || (list = a10.f4012c) == null) {
            return null;
        }
        return (X509Certificate[]) list.toArray(new X509Certificate[0]);
    }

    @Override // com.bitwarden.network.ssl.CertificateProvider
    public final PrivateKey getPrivateKey(String str) {
        G7.a a10 = a();
        if (a10 != null) {
            return a10.f4011b;
        }
        return null;
    }
}
