package net.luminis.quic.client;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.x500.X500Principal;
import net.luminis.quic.log.Logger;
import net.luminis.tls.engine.CertificateWithPrivateKey;

/* loaded from: classes.dex */
public class CertificateSelector {
    private final String keyPassword;
    private KeyStore keyStore;
    private final Logger log;

    public CertificateSelector(KeyStore keyStore, String str, Logger logger) {
        this.keyStore = keyStore;
        this.keyPassword = str;
        this.log = logger;
    }

    public CertificateWithPrivateKey selectCertificate(List<X500Principal> list, boolean z) {
        CertificateWithPrivateKey certificateWithPrivateKey = null;
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(this.keyStore, this.keyPassword.toCharArray());
            KeyManager keyManager = keyManagerFactory.getKeyManagers()[0];
            if (keyManager instanceof X509ExtendedKeyManager) {
                X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) keyManager;
                String chooseEngineClientAlias = x509ExtendedKeyManager.chooseEngineClientAlias(new String[]{"RSA", "EC"}, (Principal[]) list.toArray(new Principal[0]), null);
                if (chooseEngineClientAlias != null) {
                    certificateWithPrivateKey = new CertificateWithPrivateKey(x509ExtendedKeyManager.getCertificateChain(chooseEngineClientAlias)[0], x509ExtendedKeyManager.getPrivateKey(chooseEngineClientAlias));
                } else {
                    this.log.warn("No client certificate found in key store signed by one of the requested authorities: " + list);
                }
            } else {
                this.log.warn("Key manager is not an X509ExtendedKeyManager");
            }
            if (certificateWithPrivateKey != null || !z) {
                return certificateWithPrivateKey;
            }
            if (Collections.list(this.keyStore.aliases()).isEmpty()) {
                this.log.error("No client certificate found in key store");
                return certificateWithPrivateKey;
            }
            String str = (String) Collections.list(this.keyStore.aliases()).get(0);
            return new CertificateWithPrivateKey((X509Certificate) this.keyStore.getCertificate(str), (PrivateKey) this.keyStore.getKey(str, this.keyPassword.toCharArray()));
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            this.log.error("Failed to extract client certificate from key store", e);
            return null;
        }
    }
}
