package org.atalk.xryptomail.mail.ssl;

import android.content.Context;
import android.security.KeyChain;
import android.security.KeyChainException;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import org.atalk.xryptomail.mail.CertificateValidationException;
import org.atalk.xryptomail.mail.MessagingException;

/* loaded from: classes.dex */
class KeyChainKeyManager extends X509ExtendedKeyManager {
    private static PrivateKey sClientCertificateReferenceWorkaround;
    private final String mAlias;
    private final X509Certificate[] mChain;
    private final PrivateKey mPrivateKey;

    public KeyChainKeyManager(Context context, String str) throws MessagingException {
        this.mAlias = str;
        try {
            this.mChain = fetchCertificateChain(context, str);
            this.mPrivateKey = fetchPrivateKey(context, str);
        } catch (KeyChainException e) {
            throw new CertificateValidationException(e.getMessage(), CertificateValidationException.Reason.RetrievalFailure, str);
        } catch (InterruptedException e2) {
            throw new CertificateValidationException(e2.getMessage(), CertificateValidationException.Reason.RetrievalFailure, str);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x0054, code lost:
    
        if (r11.length != 0) goto L28;
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x0057, code lost:
    
        r10 = java.util.Arrays.asList(r11);
        r11 = r9.mChain;
        r1 = r11.length;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x005e, code lost:
    
        if (r2 >= r1) goto L49;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x006a, code lost:
    
        if (r10.contains(r11[r2].getIssuerX500Principal()) == false) goto L34;
     */
    /* JADX WARN: Code restructure failed: missing block: B:26:0x006f, code lost:
    
        r2 = r2 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x006e, code lost:
    
        return r9.mAlias;
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0072, code lost:
    
        timber.log.Timber.w("Client certificate %s not issued by any of the requested issuers", r9.mAlias);
     */
    /* JADX WARN: Code restructure failed: missing block: B:33:0x007d, code lost:
    
        return null;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String chooseAlias(java.lang.String[] r10, java.security.Principal[] r11) {
        /*
            r9 = this;
            r0 = 0
            if (r10 == 0) goto L8c
            int r1 = r10.length
            if (r1 != 0) goto L8
            goto L8c
        L8:
            java.security.cert.X509Certificate[] r1 = r9.mChain
            r2 = 0
            r1 = r1[r2]
            java.security.PublicKey r3 = r1.getPublicKey()
            java.lang.String r3 = r3.getAlgorithm()
            java.lang.String r1 = r1.getSigAlgName()
            java.util.Locale r4 = java.util.Locale.US
            java.lang.String r1 = r1.toUpperCase(r4)
            int r4 = r10.length
            r5 = r2
        L21:
            if (r5 >= r4) goto L81
            r6 = r10[r5]
            if (r6 != 0) goto L28
            goto L4e
        L28:
            r7 = 95
            int r7 = r6.indexOf(r7)
            r8 = -1
            if (r7 != r8) goto L33
            r8 = r0
            goto L3d
        L33:
            int r8 = r7 + 1
            java.lang.String r8 = r6.substring(r8)
            java.lang.String r6 = r6.substring(r2, r7)
        L3d:
            boolean r6 = r3.equals(r6)
            if (r6 != 0) goto L44
            goto L4e
        L44:
            if (r8 == 0) goto L51
            if (r1 == 0) goto L51
            boolean r6 = r1.contains(r8)
            if (r6 != 0) goto L51
        L4e:
            int r5 = r5 + 1
            goto L21
        L51:
            if (r11 == 0) goto L7e
            int r10 = r11.length
            if (r10 != 0) goto L57
            goto L7e
        L57:
            java.util.List r10 = java.util.Arrays.asList(r11)
            java.security.cert.X509Certificate[] r11 = r9.mChain
            int r1 = r11.length
        L5e:
            if (r2 >= r1) goto L72
            r3 = r11[r2]
            javax.security.auth.x500.X500Principal r3 = r3.getIssuerX500Principal()
            boolean r3 = r10.contains(r3)
            if (r3 == 0) goto L6f
            java.lang.String r10 = r9.mAlias
            return r10
        L6f:
            int r2 = r2 + 1
            goto L5e
        L72:
            java.lang.String r10 = r9.mAlias
            java.lang.Object[] r10 = new java.lang.Object[]{r10}
            java.lang.String r11 = "Client certificate %s not issued by any of the requested issuers"
            timber.log.Timber.w(r11, r10)
            return r0
        L7e:
            java.lang.String r10 = r9.mAlias
            return r10
        L81:
            java.lang.String r10 = r9.mAlias
            java.lang.Object[] r10 = new java.lang.Object[]{r10}
            java.lang.String r11 = "Client certificate %s does not match any of the requested key types"
            timber.log.Timber.w(r11, r10)
        L8c:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.atalk.xryptomail.mail.ssl.KeyChainKeyManager.chooseAlias(java.lang.String[], java.security.Principal[]):java.lang.String");
    }

    private X509Certificate[] fetchCertificateChain(Context context, String str) throws KeyChainException, InterruptedException, MessagingException {
        X509Certificate[] certificateChain = KeyChain.getCertificateChain(context, str);
        if (certificateChain == null || certificateChain.length == 0) {
            throw new MessagingException("No certificate chain found for: " + str);
        }
        try {
            for (X509Certificate x509Certificate : certificateChain) {
                x509Certificate.checkValidity();
            }
            return certificateChain;
        } catch (CertificateException e) {
            throw new CertificateValidationException(e.getMessage(), CertificateValidationException.Reason.Expired, str);
        }
    }

    private PrivateKey fetchPrivateKey(Context context, String str) throws KeyChainException, InterruptedException, MessagingException {
        PrivateKey privateKey = KeyChain.getPrivateKey(context, str);
        if (privateKey != null) {
            return privateKey;
        }
        throw new MessagingException("No private key found for: " + str);
    }

    private static synchronized void savePrivateKeyReference(PrivateKey privateKey) {
        synchronized (KeyChainKeyManager.class) {
            if (sClientCertificateReferenceWorkaround == null) {
                sClientCertificateReferenceWorkaround = privateKey;
            }
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return chooseAlias(strArr, principalArr);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseAlias(strArr, principalArr);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseAlias(new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return chooseAlias(new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (this.mAlias.equals(str)) {
            return this.mChain;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String chooseAlias = chooseAlias(new String[]{str}, principalArr);
        if (chooseAlias == null) {
            return null;
        }
        return new String[]{chooseAlias};
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        if (this.mAlias.equals(str)) {
            return this.mPrivateKey;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        String chooseAlias = chooseAlias(new String[]{str}, principalArr);
        if (chooseAlias == null) {
            return null;
        }
        return new String[]{chooseAlias};
    }
}
