package defpackage;

import android.os.Parcel;
import com.google.android.gms.usonia.auth.internal.CertificateRequestInformation;
import com.google.android.gms.usonia.auth.internal.SignAppCertificateParams;
import java.io.ByteArrayInputStream;
import java.net.Socket;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.X509ExtendedKeyManager;

/* compiled from: :com.google.android.gms@230413110@23.04.13 (180706-505809224) */
/* loaded from: classes4.dex */
public final class asuu extends X509ExtendedKeyManager {
    private final String a;
    private final asut b = new asut();
    private boolean c = false;

    public asuu(String str) {
        this.a = str;
    }

    private final SignAppCertificateParams g(KeyPair keyPair) {
        try {
            CertificateRequestInformation certificateRequestInformation = new CertificateRequestInformation();
            certificateRequestInformation.a = this.a;
            certificateRequestInformation.b = keyPair.getPublic().getEncoded();
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(keyPair.getPrivate());
            Parcel obtain = Parcel.obtain();
            asur.a(certificateRequestInformation, obtain);
            signature.update(obtain.marshall());
            SignAppCertificateParams signAppCertificateParams = new SignAppCertificateParams();
            signAppCertificateParams.a = certificateRequestInformation;
            signAppCertificateParams.b = "SHA256withECDSA";
            signAppCertificateParams.c = signature.sign();
            return signAppCertificateParams;
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new AssertionError(e);
        }
    }

    private static final KeyPair h() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(asvk.a);
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new AssertionError("Unable to generate a key with Android Keystore", e);
        }
    }

    public final synchronized SignAppCertificateParams a() {
        KeyPair h;
        if (this.c) {
            throw new IllegalStateException("Cannot generateKeyAndCSR() twice before calling setCertificate().");
        }
        this.c = true;
        h = h();
        asut asutVar = this.b;
        asutVar.a[asutVar.a()] = h.getPrivate();
        return g(h);
    }

    public final synchronized X509Certificate b() {
        return this.b.f();
    }

    public final synchronized caid c() {
        X509Certificate f = this.b.f();
        if (f == null) {
            return caid.a;
        }
        return caid.b(f.getNotAfter().getTime());
    }

    @Override // javax.net.ssl.X509KeyManager
    public final synchronized String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return this.b.b();
    }

    @Override // javax.net.ssl.X509KeyManager
    public final synchronized String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return this.b.b();
    }

    public final synchronized void d() {
        this.c = false;
    }

    public final synchronized void e(byte[] bArr) {
        if (this.b.e() == null) {
            throw new IllegalStateException("setCertificate() was called with no pending key. Must call generateKeyAndCSR first.");
        }
        asut asutVar = this.b;
        asutVar.b[asutVar.a()] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        asut asutVar2 = this.b;
        bfsd.a(asutVar2.e());
        bfsd.a(asutVar2.g());
        asutVar2.c = asutVar2.a();
        this.c = false;
    }

    public final synchronized KeyManager[] f() {
        if (this.b.d() == null) {
            throw new IllegalStateException("Must call setCertificate before getKeyManager");
        }
        return new KeyManager[]{this};
    }

    @Override // javax.net.ssl.X509KeyManager
    public final synchronized X509Certificate[] getCertificateChain(String str) {
        X509Certificate[] x509CertificateArr;
        if (this.b.b().equals(str)) {
            X509Certificate f = this.b.f();
            bfsd.a(f);
            return new X509Certificate[]{f};
        }
        if (this.b.c().equals(str)) {
            X509Certificate g = this.b.g();
            bfsd.a(g);
            x509CertificateArr = new X509Certificate[]{g};
        } else {
            x509CertificateArr = new X509Certificate[0];
        }
        return x509CertificateArr;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final synchronized String[] getClientAliases(String str, Principal[] principalArr) {
        return new String[]{this.b.b()};
    }

    @Override // javax.net.ssl.X509KeyManager
    public final synchronized PrivateKey getPrivateKey(String str) {
        if (this.b.b().equals(str)) {
            PrivateKey d = this.b.d();
            bfsd.a(d);
            return d;
        }
        if (!this.b.c().equals(str)) {
            return null;
        }
        PrivateKey e = this.b.e();
        bfsd.a(e);
        return e;
    }

    @Override // javax.net.ssl.X509KeyManager
    public final synchronized String[] getServerAliases(String str, Principal[] principalArr) {
        return new String[]{this.b.b()};
    }
}
