package com.citrix.sdk.keystore;

import android.content.Context;
import android.security.KeyChain;
import com.citrix.sdk.ssl.androidnative.Debug;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class CitrixKeyChain {
    private static final String PUREBRED_RSA_ALGORITHM = "NONEwithRSA";
    private static final String PUREBRED_RSA_PROVIDER = "AndroidKeyStoreBCWorkaround";
    private static Context context;
    private static String identityAlias;

    public static Context getContext() {
        return context;
    }

    public static CitrixKeyChainIdentity getIdentity() {
        Debug.logd("CitrixKeyChain.getIdentity -- (selected alias=[%s])", identityAlias);
        Context context2 = context;
        if (context2 == null) {
            Debug.loge("No Android Application context provided");
            return null;
        }
        String str = identityAlias;
        if (str == null) {
            Debug.loge("No identity alias provided");
            return null;
        }
        try {
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(context2, str);
            if (certificateChain != null && certificateChain.length != 0) {
                Debug.logd("Got identity chain (%d certs)", Integer.valueOf(certificateChain.length));
                for (int i = 0; i < certificateChain.length; i++) {
                    Debug.logd("cert[%d] %s  issued by %s", Integer.valueOf(i), certificateChain[i].getSubjectDN().getName(), certificateChain[i].getIssuerX500Principal().getName());
                }
                PrivateKey privateKey = KeyChain.getPrivateKey(context, str);
                if (privateKey == null) {
                    Debug.loge("Identity without private key");
                    return null;
                }
                Debug.logd("Got private key");
                try {
                    return new CitrixKeyChainIdentity(certificateChain[0].getEncoded(), privateKey);
                } catch (CertificateEncodingException e2) {
                    Debug.loge("Identity with invalid certificate");
                    Debug.log(e2);
                    Debug.logd("returned null");
                    return null;
                }
            }
            Debug.loge("Identity without certificate");
            return null;
        } catch (Exception e3) {
            Debug.log(e3);
            Debug.logd("returned null");
            return null;
        }
    }

    public static String getIdentityAlias() {
        return identityAlias;
    }

    public static void setContext(Context context2) {
        context = context2;
    }

    public static void setIdentityAlias(String str) {
        identityAlias = str;
    }

    public static byte[] sign(byte[] bArr, PrivateKey privateKey) {
        Debug.logd("CitrixKeyChain.sign (signing %d bytes)", Integer.valueOf(bArr.length));
        if (privateKey == null) {
            Debug.loge("No private key provided");
            return null;
        }
        Debug.logw("CitrixKeyChain.sign: Using %s from provider \"%s\"", PUREBRED_RSA_ALGORITHM, PUREBRED_RSA_PROVIDER);
        try {
            Debug.logd("Signing using algo '%s' and key '%s'", PUREBRED_RSA_ALGORITHM, privateKey);
            Signature signature = Signature.getInstance(PUREBRED_RSA_ALGORITHM, PUREBRED_RSA_PROVIDER);
            signature.initSign(privateKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            Debug.logd("Returning %d bytes", Integer.valueOf(sign.length));
            return sign;
        } catch (InvalidKeyException e2) {
            e = e2;
            Debug.log(e);
            return new byte[0];
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            Debug.log(e);
            return new byte[0];
        } catch (NoSuchProviderException e4) {
            Debug.logd("Could not locate Purebred provider (%s) to sign with non-exportable private key", PUREBRED_RSA_PROVIDER);
            Debug.log(e4);
            return new byte[0];
        } catch (SignatureException e5) {
            e = e5;
            Debug.log(e);
            return new byte[0];
        }
    }
}
