package com.fsck.k9.mail.ssl;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyChain;
import android.security.KeyChainException;
import com.fsck.k9.mail.CertificateValidationException;
import com.fsck.k9.mail.MessagingException;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;

@TargetApi(14)
/* loaded from: classes.dex */
class KeyChainKeyManager extends X509ExtendedKeyManager {
    private static PrivateKey sClientCertificateReferenceWorkaround;
    private final String mAlias;
    private final X509Certificate[] mChain;
    private final PrivateKey mPrivateKey;

    public KeyChainKeyManager(Context context, String str) {
        this.mAlias = str;
        try {
            this.mChain = fetchCertificateChain(context, str);
            this.mPrivateKey = fetchPrivateKey(context, str);
        } catch (KeyChainException e) {
            throw new CertificateValidationException(e.getMessage(), CertificateValidationException.Reason.RetrievalFailure, str);
        } catch (InterruptedException e2) {
            throw new CertificateValidationException(e2.getMessage(), CertificateValidationException.Reason.RetrievalFailure, str);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x005a, code lost:
    
        if (r11.length != 0) goto L26;
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x006a, code lost:
    
        r0 = java.util.Arrays.asList(r11);
        r2 = r9.mChain;
        r3 = r2.length;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x0071, code lost:
    
        if (r4 < r3) goto L29;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x0095, code lost:
    
        if (r0.contains(r2[r4].getIssuerX500Principal()) == false) goto L32;
     */
    /* JADX WARN: Code restructure failed: missing block: B:26:0x009b, code lost:
    
        r4 = r4 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:?, code lost:
    
        return r9.mAlias;
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0073, code lost:
    
        r0 = "Client certificate " + r9.mAlias + " not issued by any of the requested issuers";
     */
    /* JADX WARN: Code restructure failed: missing block: B:33:?, code lost:
    
        return null;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String chooseAlias(java.lang.String[] r10, java.security.Principal[] r11) {
        /*
            r9 = this;
            r1 = 0
            r4 = 0
            if (r10 == 0) goto L7
            int r0 = r10.length
            if (r0 != 0) goto L8
        L7:
            return r1
        L8:
            java.security.cert.X509Certificate[] r0 = r9.mChain
            r0 = r0[r4]
            java.security.PublicKey r2 = r0.getPublicKey()
            java.lang.String r5 = r2.getAlgorithm()
            java.lang.String r0 = r0.getSigAlgName()
            java.util.Locale r2 = java.util.Locale.US
            java.lang.String r6 = r0.toUpperCase(r2)
            int r7 = r10.length
            r3 = r4
        L20:
            if (r3 < r7) goto L39
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            java.lang.String r2 = "Client certificate "
            r0.<init>(r2)
            java.lang.String r2 = r9.mAlias
            java.lang.StringBuilder r0 = r0.append(r2)
            java.lang.String r2 = " does not match any of the requested key types"
            java.lang.StringBuilder r0 = r0.append(r2)
            r0.toString()
            goto L7
        L39:
            r2 = r10[r3]
            if (r2 == 0) goto L9e
            r0 = 95
            int r8 = r2.indexOf(r0)
            r0 = -1
            if (r8 != r0) goto L5f
            r0 = r1
        L47:
            boolean r2 = r5.equals(r2)
            if (r2 == 0) goto L9e
            if (r0 == 0) goto L57
            if (r6 == 0) goto L57
            boolean r0 = r6.contains(r0)
            if (r0 == 0) goto L9e
        L57:
            if (r11 == 0) goto L5c
            int r0 = r11.length
            if (r0 != 0) goto L6a
        L5c:
            java.lang.String r1 = r9.mAlias
            goto L7
        L5f:
            int r0 = r8 + 1
            java.lang.String r0 = r2.substring(r0)
            java.lang.String r2 = r2.substring(r4, r8)
            goto L47
        L6a:
            java.util.List r0 = java.util.Arrays.asList(r11)
            java.security.cert.X509Certificate[] r2 = r9.mChain
            int r3 = r2.length
        L71:
            if (r4 < r3) goto L8b
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            java.lang.String r2 = "Client certificate "
            r0.<init>(r2)
            java.lang.String r2 = r9.mAlias
            java.lang.StringBuilder r0 = r0.append(r2)
            java.lang.String r2 = " not issued by any of the requested issuers"
            java.lang.StringBuilder r0 = r0.append(r2)
            r0.toString()
            goto L7
        L8b:
            r5 = r2[r4]
            javax.security.auth.x500.X500Principal r5 = r5.getIssuerX500Principal()
            boolean r5 = r0.contains(r5)
            if (r5 == 0) goto L9b
            java.lang.String r1 = r9.mAlias
            goto L7
        L9b:
            int r4 = r4 + 1
            goto L71
        L9e:
            int r0 = r3 + 1
            r3 = r0
            goto L20
        */
        throw new UnsupportedOperationException("Method not decompiled: com.fsck.k9.mail.ssl.KeyChainKeyManager.chooseAlias(java.lang.String[], java.security.Principal[]):java.lang.String");
    }

    private X509Certificate[] fetchCertificateChain(Context context, String str) {
        X509Certificate[] certificateChain = KeyChain.getCertificateChain(context, str);
        if (certificateChain == null || certificateChain.length == 0) {
            throw new MessagingException("No certificate chain found for: " + str);
        }
        try {
            for (X509Certificate x509Certificate : certificateChain) {
                x509Certificate.checkValidity();
            }
            return certificateChain;
        } catch (CertificateException e) {
            throw new CertificateValidationException(e.getMessage(), CertificateValidationException.Reason.Expired, str);
        }
    }

    private PrivateKey fetchPrivateKey(Context context, String str) {
        PrivateKey privateKey = KeyChain.getPrivateKey(context, str);
        if (privateKey == null) {
            throw new MessagingException("No private key found for: " + str);
        }
        if (Build.VERSION.SDK_INT < 17) {
            savePrivateKeyReference(privateKey);
        }
        return privateKey;
    }

    private static synchronized void savePrivateKeyReference(PrivateKey privateKey) {
        synchronized (KeyChainKeyManager.class) {
            if (sClientCertificateReferenceWorkaround == null) {
                sClientCertificateReferenceWorkaround = privateKey;
            }
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return chooseAlias(strArr, principalArr);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseAlias(strArr, principalArr);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseAlias(new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return chooseAlias(new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (this.mAlias.equals(str)) {
            return this.mChain;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String chooseAlias = chooseAlias(new String[]{str}, principalArr);
        if (chooseAlias == null) {
            return null;
        }
        return new String[]{chooseAlias};
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        if (this.mAlias.equals(str)) {
            return this.mPrivateKey;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        String chooseAlias = chooseAlias(new String[]{str}, principalArr);
        if (chooseAlias == null) {
            return null;
        }
        return new String[]{chooseAlias};
    }
}
