package com.sunlei.mailmaster.net.ssl;

import android.content.Context;
import android.os.Build;
import android.security.KeyChain;
import android.security.KeyChainException;
import com.sunlei.mailmaster.R;
import com.sunlei.mailmaster.mail.CertificateValidationException;
import com.sunlei.mailmaster.mail.MessagingException;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;

/* loaded from: classes.dex */
public class KeyChainKeyManager extends X509ExtendedKeyManager {
    private static PrivateKey sClientCertificateReferenceWorkaround;
    private final String mAlias;
    private final X509Certificate[] mChain;
    private final PrivateKey mPrivateKey;

    public KeyChainKeyManager(Context context, String str) throws MessagingException {
        this.mAlias = str;
        try {
            this.mChain = fetchCertificateChain(context, str);
            this.mPrivateKey = fetchPrivateKey(context, str);
        } catch (KeyChainException e) {
            throw new CertificateValidationException(context.getString(R.string.client_certificate_retrieval_failure, str), e);
        } catch (InterruptedException e2) {
            throw new MessagingException(context.getString(R.string.client_certificate_retrieval_failure, str), e2);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:20:0x0064, code lost:
    
        if (r15.length != 0) goto L27;
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x0075, code lost:
    
        r6 = java.util.Arrays.asList(r15);
        r10 = r13.mChain;
        r11 = r10.length;
        r9 = 0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x007d, code lost:
    
        if (r9 < r11) goto L30;
     */
    /* JADX WARN: Code restructure failed: missing block: B:24:0x00a8, code lost:
    
        if (r6.contains(r10[r9].getIssuerX500Principal()) == false) goto L33;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x00ae, code lost:
    
        r9 = r9 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:?, code lost:
    
        return r13.mAlias;
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x007f, code lost:
    
        android.util.Log.w(com.sunlei.mailmaster.K9.LOG_TAG, "Client certificate " + r13.mAlias + " not issued by any of the requested issuers");
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:?, code lost:
    
        return null;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String chooseAlias(java.lang.String[] r14, java.security.Principal[] r15) {
        /*
            r13 = this;
            if (r14 == 0) goto L5
            int r9 = r14.length
            if (r9 != 0) goto L7
        L5:
            r9 = 0
        L6:
            return r9
        L7:
            java.security.cert.X509Certificate[] r9 = r13.mChain
            r10 = 0
            r0 = r9[r10]
            java.security.PublicKey r9 = r0.getPublicKey()
            java.lang.String r2 = r9.getAlgorithm()
            java.lang.String r9 = r0.getSigAlgName()
            java.util.Locale r10 = java.util.Locale.US
            java.lang.String r3 = r9.toUpperCase(r10)
            int r10 = r14.length
            r9 = 0
        L20:
            if (r9 < r10) goto L40
            java.lang.String r9 = "k9"
            java.lang.StringBuilder r10 = new java.lang.StringBuilder
            java.lang.String r11 = "Client certificate "
            r10.<init>(r11)
            java.lang.String r11 = r13.mAlias
            java.lang.StringBuilder r10 = r10.append(r11)
            java.lang.String r11 = " does not match any of the requested key types"
            java.lang.StringBuilder r10 = r10.append(r11)
            java.lang.String r10 = r10.toString()
            android.util.Log.w(r9, r10)
            r9 = 0
            goto L6
        L40:
            r7 = r14[r9]
            if (r7 != 0) goto L47
        L44:
            int r9 = r9 + 1
            goto L20
        L47:
            r11 = 95
            int r4 = r7.indexOf(r11)
            r11 = -1
            if (r4 != r11) goto L69
            r8 = 0
        L51:
            boolean r11 = r2.equals(r7)
            if (r11 == 0) goto L44
            if (r8 == 0) goto L61
            if (r3 == 0) goto L61
            boolean r11 = r3.contains(r8)
            if (r11 == 0) goto L44
        L61:
            if (r15 == 0) goto L66
            int r9 = r15.length
            if (r9 != 0) goto L75
        L66:
            java.lang.String r9 = r13.mAlias
            goto L6
        L69:
            int r11 = r4 + 1
            java.lang.String r8 = r7.substring(r11)
            r11 = 0
            java.lang.String r7 = r7.substring(r11, r4)
            goto L51
        L75:
            java.util.List r6 = java.util.Arrays.asList(r15)
            java.security.cert.X509Certificate[] r10 = r13.mChain
            int r11 = r10.length
            r9 = 0
        L7d:
            if (r9 < r11) goto L9e
            java.lang.String r9 = "k9"
            java.lang.StringBuilder r10 = new java.lang.StringBuilder
            java.lang.String r11 = "Client certificate "
            r10.<init>(r11)
            java.lang.String r11 = r13.mAlias
            java.lang.StringBuilder r10 = r10.append(r11)
            java.lang.String r11 = " not issued by any of the requested issuers"
            java.lang.StringBuilder r10 = r10.append(r11)
            java.lang.String r10 = r10.toString()
            android.util.Log.w(r9, r10)
            r9 = 0
            goto L6
        L9e:
            r1 = r10[r9]
            javax.security.auth.x500.X500Principal r5 = r1.getIssuerX500Principal()
            boolean r12 = r6.contains(r5)
            if (r12 == 0) goto Lae
            java.lang.String r9 = r13.mAlias
            goto L6
        Lae:
            int r9 = r9 + 1
            goto L7d
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sunlei.mailmaster.net.ssl.KeyChainKeyManager.chooseAlias(java.lang.String[], java.security.Principal[]):java.lang.String");
    }

    private X509Certificate[] fetchCertificateChain(Context context, String str) throws KeyChainException, InterruptedException, MessagingException {
        X509Certificate[] certificateChain = KeyChain.getCertificateChain(context, str);
        if (certificateChain == null || certificateChain.length == 0) {
            throw new MessagingException("No certificate chain found for: " + str);
        }
        try {
            for (X509Certificate x509Certificate : certificateChain) {
                x509Certificate.checkValidity();
            }
            return certificateChain;
        } catch (CertificateException e) {
            throw new CertificateValidationException(context.getString(R.string.client_certificate_expired, str, e.toString()));
        }
    }

    private PrivateKey fetchPrivateKey(Context context, String str) throws KeyChainException, InterruptedException, MessagingException {
        PrivateKey privateKey = KeyChain.getPrivateKey(context, str);
        if (privateKey == null) {
            throw new MessagingException("No private key found for: " + str);
        }
        if (Build.VERSION.SDK_INT < 17) {
            savePrivateKeyReference(privateKey);
        }
        return privateKey;
    }

    private static synchronized void savePrivateKeyReference(PrivateKey privateKey) {
        synchronized (KeyChainKeyManager.class) {
            if (sClientCertificateReferenceWorkaround == null) {
                sClientCertificateReferenceWorkaround = privateKey;
            }
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return chooseAlias(strArr, principalArr);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseAlias(strArr, principalArr);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseAlias(new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return chooseAlias(new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (this.mAlias.equals(str)) {
            return this.mChain;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String chooseAlias = chooseAlias(new String[]{str}, principalArr);
        if (chooseAlias == null) {
            return null;
        }
        return new String[]{chooseAlias};
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        if (this.mAlias.equals(str)) {
            return this.mPrivateKey;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        String chooseAlias = chooseAlias(new String[]{str}, principalArr);
        if (chooseAlias == null) {
            return null;
        }
        return new String[]{chooseAlias};
    }
}
