package ru.CryptoPro.ssl;

import java.net.Socket;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.x500.X500Principal;
import ru.CryptoPro.JCP.KeyStore.HDImage.FloppyStore;
import ru.CryptoPro.JCP.KeyStore.HDImage.HDImageStore;
import ru.CryptoPro.JCP.KeyStore.JCPPrivateKeyEntry;
import ru.CryptoPro.JCP.KeyStore.VoidInputStream;
import ru.CryptoPro.JCP.params.JCPProtectionParameter;
import ru.CryptoPro.JCP.tools.CertReader.Extension;
import ru.CryptoPro.JCP.tools.ExpandException;
import ru.CryptoPro.JCP.tools.PropertyExpander;
import ru.CryptoPro.ssl.util.ParamUtil;
import ru.CryptoPro.ssl.util.cpSSLConfig;

/* loaded from: classes4.dex */
final class cl_39 extends X509ExtendedKeyManager {

    /* renamed from: a, reason: collision with root package name */
    private static final String[] f1876a = new String[0];
    private Map b = new HashMap();
    private Map c = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_39(KeyStore keyStore, char[] cArr, boolean z) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        String str;
        StringBuilder sb;
        String str2;
        Key key;
        if (z) {
            SSLLogger.trace("%% default SSL context is being initiated, key loading has been refused. To enable default initiation use -Ddisable_default_context=false %%");
        } else if (keyStore != null) {
            SSLLogger.subTrace("Key store format: " + keyStore.getType());
            if (cpSSLConfig.isJCP()) {
                try {
                    String name = keyStore.getProvider().getName();
                    if (name.equalsIgnoreCase("JCP") || name.equalsIgnoreCase("JCSP")) {
                        keyStore.load(new VoidInputStream(), null);
                    }
                } catch (Exception e) {
                    throw new KeyStoreException(e);
                }
            }
            Enumeration<String> aliases = keyStore.aliases();
            Exception exc = null;
            int i = 0;
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    SSLLogger.trace("%% adding as private keys %%");
                    i++;
                    if (cpSSLConfig.isJCP()) {
                        try {
                            SSLLogger.subTraceFormat("Reading the key (JCP): {0}...", nextElement);
                            key = keyStore.getKey(nextElement, cArr);
                        } catch (UnrecoverableKeyException e2) {
                            e = e2;
                            sb = new StringBuilder();
                            str2 = "Error occurred during reading the key (JCP): ";
                            SSLLogger.subThrown(sb.append(str2).append(nextElement).toString(), e);
                        }
                    } else {
                        SSLLogger.subTraceFormat("Loading the private key (Java CSP): {0}...", nextElement);
                        if (cArr != null) {
                            JCPProtectionParameter jCPProtectionParameter = new JCPProtectionParameter(cArr, true, true);
                            SSLLogger.subTraceFormat("Reading the key (Java CSP): {0}", nextElement);
                            try {
                                key = ((JCPPrivateKeyEntry) keyStore.getEntry(nextElement, jCPProtectionParameter)).getPrivateKey();
                            } catch (UnrecoverableEntryException e3) {
                                e = e3;
                                sb = new StringBuilder();
                                str2 = "Error occurred during reading the key entry (Java CSP): ";
                                SSLLogger.subThrown(sb.append(str2).append(nextElement).toString(), e);
                            }
                        } else {
                            SSLLogger.subTraceFormat("Reading the key (Java CSP): {0}", nextElement);
                            key = keyStore.getKey(nextElement, null);
                            try {
                                cl_38.a(nextElement, null, (PrivateKey) key, true);
                            } catch (Exception e4) {
                                e = e4;
                                if (ParamUtil.isCSPLicenseExpired(e)) {
                                    SSLLogger.fatal("Invalid CSP license", (Throwable) e);
                                    exc = e;
                                } else {
                                    sb = new StringBuilder();
                                    str2 = "Error occurred during reading the key (Java CSP): ";
                                    SSLLogger.subThrown(sb.append(str2).append(nextElement).toString(), e);
                                }
                            }
                        }
                    }
                    SSLLogger.subTraceFormat("Private key {0} has been loaded.", nextElement);
                    if (key instanceof PrivateKey) {
                        Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                        if (certificateChain == null || certificateChain.length == 0 || !(certificateChain[0] instanceof X509Certificate)) {
                            SSLLogger.subTraceFormat("{0} certificate chain not found.", nextElement);
                        } else {
                            if (!(certificateChain instanceof X509Certificate[])) {
                                X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
                                System.arraycopy(certificateChain, 0, x509CertificateArr, 0, certificateChain.length);
                                certificateChain = x509CertificateArr;
                            }
                            if (ru.CryptoPro.ssl.pc_4.cl_4.a((X509Certificate) certificateChain[0], Calendar.getInstance().getTime())) {
                                this.b.put(nextElement, new cl_40((PrivateKey) key, (X509Certificate[]) certificateChain));
                                if (SSLLogger.isSubTraceEnabled()) {
                                    StringBuffer stringBuffer = new StringBuffer();
                                    stringBuffer.append("***\n");
                                    stringBuffer.append("found key for: ");
                                    stringBuffer.append(nextElement);
                                    stringBuffer.append("\n");
                                    for (int i2 = 0; i2 < certificateChain.length; i2++) {
                                        stringBuffer.append("chain [");
                                        stringBuffer.append(i2);
                                        stringBuffer.append("] = ");
                                        stringBuffer.append(certificateChain[i2]);
                                        stringBuffer.append("\n");
                                    }
                                    stringBuffer.append("***\n");
                                    str = stringBuffer.toString();
                                }
                            } else {
                                SSLLogger.subTraceFormat("{0} certificate is expired or not yet valid.", nextElement);
                            }
                        }
                    } else {
                        SSLLogger.subTraceFormat("{0} is not a private key.", nextElement);
                    }
                } else {
                    str = "Entry " + nextElement + " is not a key, continue.";
                }
                SSLLogger.subTrace(str);
            }
            if (exc != null && i == 1) {
                throw new KeyStoreException("CSP license has expired", exc);
            }
        }
        if (this.b.size() == 0) {
            StringBuffer stringBuffer2 = new StringBuffer("%% No appropriate keys for handshake");
            if (keyStore != null) {
                try {
                    if ("HDImageStore".equals(keyStore.getType())) {
                        stringBuffer2.append("\n");
                        stringBuffer2.append("PATH: ");
                        try {
                            stringBuffer2.append(PropertyExpander.expand(HDImageStore.getDir()));
                        } catch (ExpandException e5) {
                            stringBuffer2.append(HDImageStore.getDir());
                            stringBuffer2.append(Extension.O_BRAKE_SPACE);
                            stringBuffer2.append(e5.getMessage());
                            stringBuffer2.append(Extension.C_BRAKE_SPACE);
                            SSLLogger.error(stringBuffer2.toString());
                        }
                    } else if ("FloppyStore".equals(keyStore.getType())) {
                        try {
                            stringBuffer2.append(PropertyExpander.expand(FloppyStore.getDir()));
                        } catch (ExpandException e6) {
                            stringBuffer2.append(FloppyStore.getDir());
                            stringBuffer2.append(Extension.O_BRAKE_SPACE);
                            stringBuffer2.append(e6.getMessage());
                            stringBuffer2.append(Extension.C_BRAKE_SPACE);
                            SSLLogger.error(stringBuffer2.toString());
                        }
                    }
                } catch (Exception e7) {
                    SSLLogger.error(stringBuffer2.toString(), (Throwable) e7);
                    return;
                }
            }
            SSLLogger.error(stringBuffer2.toString());
        }
    }

    /* JADX WARN: Can't wrap try/catch for region: R(16:23|(2:25|(4:95|96|97|48)(1:27))(2:98|99)|28|(2:30|(2:32|(4:85|86|87|48)(12:34|35|36|37|(4:39|(1:41)(1:81)|42|(5:44|45|46|47|48)(8:49|(2:(1:77)(1:56)|50)|79|80|(1:58)|46|47|48))(1:82)|59|(1:61)(6:63|(3:66|(2:69|70)(1:68)|64)|71|46|47|48)|62|45|46|47|48))(3:88|89|(5:91|45|46|47|48)))(2:93|94)|92|36|37|(0)(0)|59|(0)(0)|62|45|46|47|48|21) */
    /* JADX WARN: Removed duplicated region for block: B:39:0x012e  */
    /* JADX WARN: Removed duplicated region for block: B:61:0x019c  */
    /* JADX WARN: Removed duplicated region for block: B:63:0x01b2  */
    /* JADX WARN: Removed duplicated region for block: B:82:0x0192  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String[] a(java.lang.String r18, java.security.Principal[] r19, boolean r20) {
        /*
            Method dump skipped, instructions count: 489
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.ssl.cl_39.a(java.lang.String, java.security.Principal[], boolean):java.lang.String[]");
    }

    private static X500Principal[] a(Principal[] principalArr) {
        ArrayList arrayList = new ArrayList(principalArr.length);
        for (Principal principal : principalArr) {
            if (principal instanceof X500Principal) {
                arrayList.add((X500Principal) principal);
            } else {
                try {
                    arrayList.add(new X500Principal(principal.getName()));
                } catch (IllegalArgumentException unused) {
                }
            }
        }
        return (X500Principal[]) arrayList.toArray(new X500Principal[arrayList.size()]);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (strArr == null) {
            return null;
        }
        for (String str : strArr) {
            String[] clientAliases = getClientAliases(str, principalArr);
            if (clientAliases != null && clientAliases.length > 0) {
                return clientAliases[0];
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseClientAlias(strArr, principalArr, null);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseServerAlias(str, principalArr, null);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        String[] strArr;
        if (str == null) {
            return null;
        }
        if (principalArr == null || principalArr.length == 0) {
            String[] strArr2 = (String[]) this.c.get(str);
            if (strArr2 == null) {
                String[] serverAliases = getServerAliases(str, principalArr);
                if (serverAliases == null) {
                    serverAliases = f1876a;
                }
                this.c.put(str, serverAliases);
                strArr = serverAliases;
            } else {
                strArr = strArr2;
            }
        } else {
            strArr = getServerAliases(str, principalArr);
        }
        if (strArr == null || strArr.length <= 0) {
            return null;
        }
        return strArr[0];
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        cl_40 cl_40Var;
        if (str == null || (cl_40Var = (cl_40) this.b.get(str)) == null) {
            return null;
        }
        return (X509Certificate[]) cl_40Var.b.clone();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return a(str, principalArr, false);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        cl_40 cl_40Var;
        if (str == null || (cl_40Var = (cl_40) this.b.get(str)) == null) {
            return null;
        }
        return cl_40Var.f1878a;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return a(str, principalArr, true);
    }
}
