package com.paloaltonetworks.globalprotect.ph;

import android.security.KeyChain;
import android.security.KeyChainException;
import android.util.Base64;
import com.paloaltonetworks.globalprotect.G;
import com.paloaltonetworks.globalprotect.util.Log;
import com.paloaltonetworks.globalprotect.util.StringUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.StringWriter;
import java.net.Socket;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.DestroyFailedException;

/* loaded from: classes.dex */
public class PanX509KeyManager extends X509ExtendedKeyManager {
    private static final String h = "PH";

    /* renamed from: a, reason: collision with root package name */
    private String f1822a = null;

    /* renamed from: b, reason: collision with root package name */
    private boolean f1823b = false;
    private boolean c = false;
    private boolean d = false;
    private boolean e = false;
    private b f = null;
    private Principal[] g = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class b {
        private static final String f = "PanCF";

        /* renamed from: a, reason: collision with root package name */
        private String f1824a;

        /* renamed from: b, reason: collision with root package name */
        private String f1825b;
        private String c;
        private X509Certificate[] d;
        private PrivateKey e;

        private b() {
            this.f1824a = null;
            this.f1825b = null;
            this.d = null;
            this.e = null;
        }

        private String c(KeyStore keyStore) throws KeyStoreException {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (nextElement != null) {
                    return nextElement;
                }
            }
            return null;
        }

        private X509Certificate[] d(Certificate[] certificateArr) {
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : certificateArr) {
                if (certificate instanceof X509Certificate) {
                    arrayList.add((X509Certificate) certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[certificateArr.length]);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void i(d dVar) {
            this.f1825b = dVar.d;
            if (StringUtils.hasSameContent(this.f1824a, dVar.e)) {
                return;
            }
            Log.LOG_DEBUG(f, "PanKeyManager: cert file changed, reload...");
            this.f1824a = dVar.e;
            String str = dVar.c;
            if (str != null) {
                j(str);
            }
            if (h()) {
                return;
            }
            Log.LOG_ERROR(f, "PanKeyManager: Failed to reload cert file!");
            b();
        }

        private boolean j(String str) {
            FileInputStream fileInputStream;
            Log.LOG_DEBUG(f, "PanKeyManager:loadCertFile ...");
            FileInputStream fileInputStream2 = null;
            try {
                try {
                    fileInputStream = new FileInputStream(new File(str));
                } catch (Throwable th) {
                    th = th;
                }
            } catch (FileNotFoundException e) {
                e = e;
            } catch (IOException e2) {
                e = e2;
            } catch (KeyStoreException e3) {
                e = e3;
            } catch (NoSuchAlgorithmException e4) {
                e = e4;
            } catch (UnrecoverableKeyException e5) {
                e = e5;
            } catch (CertificateException e6) {
                e = e6;
            }
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(fileInputStream, this.f1825b.toCharArray());
                String c = c(keyStore);
                this.c = c;
                if (!StringUtils.isNullOrEmpty(c)) {
                    Key key = keyStore.getKey(this.c, this.f1825b.toCharArray());
                    if (key instanceof PrivateKey) {
                        this.e = (PrivateKey) key;
                        this.d = d(keyStore.getCertificateChain(this.c));
                        Log.LOG_DEBUG(f, "PanKeyManager:loadCertFile key loaded.");
                    }
                }
                try {
                    fileInputStream.close();
                } catch (IOException unused) {
                }
                return true;
            } catch (FileNotFoundException e7) {
                e = e7;
                fileInputStream2 = fileInputStream;
                Log.LOG_ERROR(f, "PanKeyManager:loadCertFile file not found, err: " + e.getMessage());
                if (fileInputStream2 == null) {
                    return false;
                }
                try {
                    fileInputStream2.close();
                } catch (IOException unused2) {
                    return false;
                }
            } catch (IOException e8) {
                e = e8;
                fileInputStream2 = fileInputStream;
                Log.LOG_ERROR(f, "PanKeyManager:loadCertFile IOException, err: " + e.getMessage());
                if (fileInputStream2 == null) {
                    return false;
                }
                fileInputStream2.close();
            } catch (KeyStoreException e9) {
                e = e9;
                fileInputStream2 = fileInputStream;
                Log.LOG_ERROR(f, "PanKeyManager:loadCertFile KeyStoreException, err: " + e.getMessage());
                if (fileInputStream2 == null) {
                    return false;
                }
                fileInputStream2.close();
            } catch (NoSuchAlgorithmException e10) {
                e = e10;
                fileInputStream2 = fileInputStream;
                Log.LOG_ERROR(f, "PanKeyManager:loadCertFile NoSuchAlgorithmException, err: " + e.getMessage());
                if (fileInputStream2 == null) {
                    return false;
                }
                fileInputStream2.close();
            } catch (UnrecoverableKeyException e11) {
                e = e11;
                fileInputStream2 = fileInputStream;
                Log.LOG_ERROR(f, "PanKeyManager:loadCertFile UnrecoverableKeyException, err: " + e.getMessage());
                if (fileInputStream2 == null) {
                    return false;
                }
                fileInputStream2.close();
            } catch (CertificateException e12) {
                e = e12;
                fileInputStream2 = fileInputStream;
                Log.LOG_ERROR(f, "PanKeyManager:loadCertFile CertificateException, err: " + e.getMessage());
                if (fileInputStream2 == null) {
                    return false;
                }
                fileInputStream2.close();
            } catch (Throwable th2) {
                th = th2;
                fileInputStream2 = fileInputStream;
                if (fileInputStream2 != null) {
                    try {
                        fileInputStream2.close();
                    } catch (IOException unused3) {
                    }
                }
                throw th;
            }
        }

        public void b() {
            Log.LOG_DEBUG(f, "PanKeyManager: close key");
            this.f1824a = null;
            this.f1825b = null;
            this.c = null;
            this.d = null;
            PrivateKey privateKey = this.e;
            if (privateKey != null) {
                try {
                    privateKey.destroy();
                } catch (DestroyFailedException unused) {
                } catch (Throwable th) {
                    this.e = null;
                    throw th;
                }
                this.e = null;
            }
        }

        public String e() {
            return this.c;
        }

        public PrivateKey f() {
            return this.e;
        }

        public X509Certificate[] g() {
            return this.d;
        }

        public boolean h() {
            return (this.e == null || this.d == null) ? false : true;
        }
    }

    public static String a(X509Certificate x509Certificate) {
        StringWriter stringWriter = new StringWriter();
        try {
            stringWriter.write("-----BEGIN CERTIFICATE-----\n");
            stringWriter.write(Base64.encodeToString(x509Certificate.getEncoded(), 2));
            stringWriter.write("\n-----END CERTIFICATE-----\n");
        } catch (CertificateEncodingException e) {
            e.printStackTrace();
            Log.ERROR("certToString");
            Log.ERROR(e.toString());
        }
        return stringWriter.toString();
    }

    private void c() {
        b bVar = this.f;
        if (bVar != null) {
            bVar.b();
            this.f = null;
        }
    }

    public void b(String str) throws CertificateException {
        try {
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(G.appContext, str);
            if (certificateChain != null) {
                try {
                    if (G.reg.N().equals("yes")) {
                        String str2 = "";
                        for (int i = 0; i < certificateChain.length; i++) {
                            str2 = str2 + a(certificateChain[i]);
                            Log.DEBUG("checkCientCertificate: index " + i);
                        }
                        String checkFips = G.panJni.checkFips(str2, 3);
                        Log.DEBUG("checkCientCertificate: checkFips chain.length " + certificateChain.length + ", ret " + checkFips);
                        if (Integer.parseInt(checkFips) != 4) {
                            Log.DEBUG("checkCientCertificate: checkFips failed");
                            throw new CertificateException("FIPS client check failed");
                        }
                        Log.DEBUG("checkCientCertificate: checkFips successful");
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                    Log.ERROR("checkCientCertificate error:");
                    Log.ERROR(e.toString());
                    throw new CertificateException("FIPS client check failed");
                }
            }
        } catch (KeyChainException e2) {
            e2.printStackTrace();
            Log.ERROR("checkCientCertificate getCertificateChain KeyChainException error:");
            Log.ERROR(e2.toString());
            throw new CertificateException("FIPS client check failed");
        } catch (InterruptedException e3) {
            e3.printStackTrace();
            Log.ERROR("checkCientCertificate getCertificateChain InterruptedException error:");
            Log.ERROR(e3.toString());
            throw new CertificateException("FIPS client check failed");
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x0072  */
    /* JADX WARN: Removed duplicated region for block: B:7:0x0054  */
    @Override // javax.net.ssl.X509KeyManager
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String chooseClientAlias(java.lang.String[] r6, java.security.Principal[] r7, java.net.Socket r8) {
        /*
            r5 = this;
            r5.g = r7
            java.lang.StringBuilder r8 = new java.lang.StringBuilder
            r8.<init>()
            java.lang.String r0 = "PanKeyManager: chooseClientAlias, keyTypes = "
            r8.append(r0)
            java.lang.String r6 = java.util.Arrays.toString(r6)
            r8.append(r6)
            java.lang.String r6 = r8.toString()
            java.lang.String r8 = "PH"
            com.paloaltonetworks.globalprotect.util.Log.LOG_DEBUG(r8, r6)
            r6 = 0
            if (r7 != 0) goto L25
            java.lang.String r7 = "PanKeyManager: chooseClientAlias, issuers is null!"
        L21:
            com.paloaltonetworks.globalprotect.util.Log.LOG_ERROR(r8, r7)
            goto L4c
        L25:
            int r0 = r7.length
            if (r0 != 0) goto L2b
            java.lang.String r7 = "PanKeyManager: chooseClientAlias, issuers is empty!"
            goto L21
        L2b:
            int r0 = r7.length
            r1 = 0
        L2d:
            if (r1 >= r0) goto L4c
            r2 = r7[r1]
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            r3.<init>()
            java.lang.String r4 = "PanKeyManager: \tIssuers: "
            r3.append(r4)
            java.lang.String r2 = r2.toString()
            r3.append(r2)
            java.lang.String r2 = r3.toString()
            com.paloaltonetworks.globalprotect.util.Log.LOG_DEBUG(r8, r2)
            int r1 = r1 + 1
            goto L2d
        L4c:
            java.lang.String r7 = r5.f1822a
            boolean r7 = com.paloaltonetworks.globalprotect.util.StringUtils.isNullOrEmpty(r7)
            if (r7 != 0) goto L72
            java.lang.StringBuilder r7 = new java.lang.StringBuilder
            r7.<init>()
            java.lang.String r0 = "PanKeyManager: \tUse Cert: "
            r7.append(r0)
            java.lang.String r0 = r5.f1822a
            r7.append(r0)
            java.lang.String r7 = r7.toString()
            com.paloaltonetworks.globalprotect.util.Log.LOG_DEBUG(r8, r7)
            r5.e = r6
            r5.c()
            java.lang.String r6 = r5.f1822a
            return r6
        L72:
            com.paloaltonetworks.globalprotect.ph.PanX509KeyManager$b r6 = r5.f
            r7 = 1
            if (r6 == 0) goto L8b
            boolean r6 = r6.h()
            if (r6 == 0) goto L8b
            java.lang.String r6 = "PanKeyManager: \tUse partner cert file"
            com.paloaltonetworks.globalprotect.util.Log.LOG_DEBUG(r8, r6)
            r5.e = r7
            com.paloaltonetworks.globalprotect.ph.PanX509KeyManager$b r6 = r5.f
            java.lang.String r6 = r6.e()
            return r6
        L8b:
            java.lang.String r6 = "PanKeyManager: \tCert is not selected"
            com.paloaltonetworks.globalprotect.util.Log.LOG_DEBUG(r8, r6)
            com.paloaltonetworks.globalprotect.ph.a.w(r7)
            r6 = 0
            return r6
        */
        throw new UnsupportedOperationException("Method not decompiled: com.paloaltonetworks.globalprotect.ph.PanX509KeyManager.chooseClientAlias(java.lang.String[], java.security.Principal[], java.net.Socket):java.lang.String");
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        throw new UnsupportedOperationException();
    }

    public Principal[] d() {
        return this.g;
    }

    public boolean e() {
        return this.f1823b && this.c;
    }

    public boolean f() {
        return this.d;
    }

    public void g(d dVar, String str) {
        this.f1822a = str;
        this.f1823b = false;
        this.c = false;
        this.g = null;
        this.d = false;
        if (!StringUtils.isNullOrEmpty(dVar.e)) {
            Log.LOG_DEBUG(h, "PanKeyManager: Use cert file");
            if (this.f == null) {
                this.f = new b();
            }
            this.f.i(dVar);
            return;
        }
        if (!StringUtils.isNullOrEmpty(this.f1822a)) {
            Log.LOG_DEBUG(h, "PanKeyManager: Use cert alias: " + this.f1822a);
        }
        c();
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        StringBuilder sb;
        String interruptedException;
        Log.LOG_DEBUG(h, "PanKeyManager: getCertificateChain for alias: " + str);
        if (StringUtils.isNullOrEmpty(this.f1822a)) {
            if (this.e) {
                return this.f.g();
            }
            return null;
        }
        try {
            return KeyChain.getCertificateChain(G.appContext, str);
        } catch (KeyChainException e) {
            sb = new StringBuilder();
            sb.append("PanKeyManager: err: ");
            interruptedException = e.toString();
            sb.append(interruptedException);
            Log.LOG_ERROR(h, sb.toString());
            return null;
        } catch (InterruptedException e2) {
            sb = new StringBuilder();
            sb.append("PanKeyManager: err: ");
            interruptedException = e2.toString();
            sb.append(interruptedException);
            Log.LOG_ERROR(h, sb.toString());
            return null;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getClientAliases(String str, Principal[] principalArr) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        b bVar;
        StringBuilder sb;
        String interruptedException;
        Log.LOG_DEBUG(h, "PanKeyManager: getPrivateKey for alias: " + str);
        if (StringUtils.isNullOrEmpty(this.f1822a)) {
            if (!this.e || (bVar = this.f) == null) {
                return null;
            }
            PrivateKey f = bVar.f();
            if (f == null) {
                return f;
            }
            try {
                b(str);
                return f;
            } catch (CertificateException e) {
                Log.LOG_ERROR(h, "PanKeyManager: checkClientCertificate err: " + e.toString());
                return null;
            }
        }
        this.f1823b = true;
        try {
            PrivateKey privateKey = KeyChain.getPrivateKey(G.appContext, str);
            if (privateKey != null) {
                this.c = true;
                this.d = false;
                try {
                    b(str);
                } catch (CertificateException e2) {
                    Log.LOG_ERROR(h, "PanKeyManager: checkClientCertificate err: " + e2.toString());
                    return null;
                }
            } else {
                Log.LOG_ERROR(h, "PanKeyManager: key is not found for alias: " + str);
                this.c = false;
                this.d = true;
            }
            return privateKey;
        } catch (KeyChainException e3) {
            sb = new StringBuilder();
            sb.append("PanKeyManager:KeyChainException err: ");
            interruptedException = e3.toString();
            sb.append(interruptedException);
            Log.LOG_ERROR(h, sb.toString());
            return null;
        } catch (InterruptedException e4) {
            sb = new StringBuilder();
            sb.append("PanKeyManager:InterruptedException err: ");
            interruptedException = e4.toString();
            sb.append(interruptedException);
            Log.LOG_ERROR(h, sb.toString());
            return null;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public final String[] getServerAliases(String str, Principal[] principalArr) {
        throw new UnsupportedOperationException();
    }
}
