package org.postgresql.m.d;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;
import org.postgresql.m.d.b;
import org.postgresql.o.c;
import org.postgresql.o.r;
import org.postgresql.o.s;

/* loaded from: classes.dex */
public class a implements X509KeyManager {

    /* renamed from: c, reason: collision with root package name */
    private String f9023c;

    /* renamed from: d, reason: collision with root package name */
    private String f9024d;

    /* renamed from: e, reason: collision with root package name */
    private CallbackHandler f9025e;

    /* renamed from: f, reason: collision with root package name */
    private boolean f9026f;

    /* renamed from: a, reason: collision with root package name */
    private X509Certificate[] f9021a = null;

    /* renamed from: b, reason: collision with root package name */
    private PrivateKey f9022b = null;

    /* renamed from: g, reason: collision with root package name */
    private r f9027g = null;

    public a(String str, String str2, CallbackHandler callbackHandler, boolean z) {
        this.f9023c = str;
        this.f9024d = str2;
        this.f9025e = callbackHandler;
        this.f9026f = z;
    }

    public void a() {
        r rVar = this.f9027g;
        if (rVar != null) {
            throw rVar;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (this.f9023c == null) {
            return null;
        }
        if (principalArr == null || principalArr.length == 0) {
            return "user";
        }
        X509Certificate[] certificateChain = getCertificateChain("user");
        if (certificateChain == null) {
            return null;
        }
        X500Principal issuerX500Principal = certificateChain[certificateChain.length - 1].getIssuerX500Principal();
        boolean z = false;
        for (Principal principal : principalArr) {
            if (issuerX500Principal.equals(principal)) {
                z = true;
            }
        }
        if (z) {
            return "user";
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (this.f9021a == null && this.f9023c != null) {
            try {
                try {
                    Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(new FileInputStream(this.f9023c));
                    this.f9021a = (X509Certificate[]) generateCertificates.toArray(new X509Certificate[generateCertificates.size()]);
                } catch (FileNotFoundException e2) {
                    if (!this.f9026f) {
                        this.f9027g = new r(c.a("Could not open SSL certificate file {0}.", this.f9023c), s.f9075j, e2);
                    }
                    return null;
                } catch (CertificateException e3) {
                    this.f9027g = new r(c.a("Loading the SSL certificate {0} into a KeyManager failed.", this.f9023c), s.f9075j, e3);
                    return null;
                }
            } catch (CertificateException e4) {
                this.f9027g = new r(c.a("Could not find a java cryptographic algorithm: X.509 CertificateFactory not available.", new Object[0]), s.f9075j, e4);
                return null;
            }
        }
        return this.f9021a;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String chooseClientAlias = chooseClientAlias(new String[]{str}, principalArr, null);
        return chooseClientAlias == null ? new String[0] : new String[]{chooseClientAlias};
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        RandomAccessFile randomAccessFile = null;
        try {
            try {
                if (this.f9022b == null && this.f9024d != null) {
                    if (this.f9021a == null && getCertificateChain("user") == null) {
                        return null;
                    }
                    try {
                        RandomAccessFile randomAccessFile2 = new RandomAccessFile(new File(this.f9024d), "r");
                        try {
                            byte[] bArr = new byte[(int) randomAccessFile2.length()];
                            randomAccessFile2.readFully(bArr);
                            randomAccessFile2.close();
                            KeyFactory keyFactory = KeyFactory.getInstance(this.f9021a[0].getPublicKey().getAlgorithm());
                            try {
                                this.f9022b = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr));
                            } catch (InvalidKeySpecException unused) {
                                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
                                try {
                                    Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
                                    PasswordCallback passwordCallback = new PasswordCallback(c.a("Enter SSL password: ", new Object[0]), false);
                                    try {
                                        this.f9025e.handle(new Callback[]{passwordCallback});
                                        try {
                                            cipher.init(2, SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(passwordCallback.getPassword())), encryptedPrivateKeyInfo.getAlgParameters());
                                            this.f9022b = keyFactory.generatePrivate(encryptedPrivateKeyInfo.getKeySpec(cipher));
                                        } catch (GeneralSecurityException e2) {
                                            this.f9027g = new r(c.a("Could not decrypt SSL key file {0}.", this.f9024d), s.f9075j, e2);
                                            return null;
                                        }
                                    } catch (UnsupportedCallbackException e3) {
                                        this.f9027g = ((this.f9025e instanceof b.a) && "Console is not available".equals(e3.getMessage())) ? new r(c.a("Could not read password for SSL key file, console is not available.", new Object[0]), s.f9075j, e3) : new r(c.a("Could not read password for SSL key file by callbackhandler {0}.", this.f9025e.getClass().getName()), s.f9075j, e3);
                                        return null;
                                    }
                                } catch (NoSuchPaddingException e4) {
                                    throw new NoSuchAlgorithmException(e4.getMessage(), e4);
                                }
                            }
                        } catch (IOException e5) {
                            e = e5;
                            randomAccessFile = randomAccessFile2;
                            if (randomAccessFile != null) {
                                try {
                                    randomAccessFile.close();
                                } catch (IOException unused2) {
                                }
                            }
                            this.f9027g = new r(c.a("Could not read SSL key file {0}.", this.f9024d), s.f9075j, e);
                            return this.f9022b;
                        }
                    } catch (FileNotFoundException e6) {
                        if (this.f9026f) {
                            return null;
                        }
                        throw e6;
                    }
                }
            } catch (IOException e7) {
                e = e7;
            }
            return this.f9022b;
        } catch (NoSuchAlgorithmException e8) {
            this.f9027g = new r(c.a("Could not find a java cryptographic algorithm: {0}.", e8.getMessage()), s.f9075j, e8);
            return null;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return new String[0];
    }
}
