package com.dstc.security.keymanage.keystore;

import com.dstc.security.asn1.Asn1DecodingException;
import com.dstc.security.asn1.Asn1EncodingException;
import com.dstc.security.asn1.Asn1Exception;
import com.dstc.security.certpath.CertPathBuilder;
import com.dstc.security.certpath.X509CertSelector;
import com.dstc.security.common.FriendlyName;
import com.dstc.security.common.OID;
import com.dstc.security.common.X500Name;
import com.dstc.security.keymanage.PKCS8EncryptedPrivateKey;
import com.dstc.security.keymanage.PKCS8Exception;
import com.dstc.security.keymanage.debug.Debug;
import com.dstc.security.keymanage.pkcs12.InvalidFlagException;
import com.dstc.security.keymanage.pkcs12.PFX;
import com.dstc.security.keymanage.pkcs12.SafeBag;
import com.dstc.security.keymanage.pkcs12.bags.CertBag;
import com.dstc.security.keymanage.pkcs12.bags.KeyBag;
import com.dstc.security.keymanage.pkcs12.bags.ShroudedKeyBag;
import com.dstc.security.keymanage.util.PKCS12KeyFactory;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import java.util.Enumeration;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:com/dstc/security/keymanage/keystore/P12KeyStore.class */
public class P12KeyStore extends KeyStoreSpi {
    private PFX pfx = null;
    private BagHandler bagHandler = null;
    private Vector tmpChainStore = new Vector();
    public static String DEFAULT_ENCRYPTION_ALGORITHM = OID.pbeWithSHAAnd3_KeyTripleDES_CBC;
    private static final boolean DUMMY = Licensed.VALID;

    private void addCertEntry(String str, Certificate certificate, boolean z, boolean z2, boolean z3) throws KeyStoreException {
        Debug.log(1, "KeyStore.setCertificateEntry()", "");
        isInitialized();
        this.pfx = null;
        Vector vector = new Vector();
        if (z2) {
            vector.add(SafeBag.createFriendlyName(str));
        }
        if (z) {
            try {
                vector.add(SafeBag.createLocalKeyId(certificate.getEncoded()));
            } catch (CertificateEncodingException e) {
                throw new KeyStoreException(e.toString());
            }
        }
        try {
            SafeBag safeBag = new SafeBag(new CertBag("1.2.840.113549.1.9.22.1", certificate), vector);
            if (z2) {
                this.bagHandler.storeBag(safeBag);
            } else {
                this.tmpChainStore.add(safeBag);
                if (z3) {
                    ((NetscapeBagHandler) this.bagHandler).storeChain(str, this.tmpChainStore);
                    this.tmpChainStore = new Vector();
                }
            }
            Debug.dumpAsn1To(safeBag.getAsn1(), Debug.SAFEBAG_W_CERTBAG);
        } catch (CertificateEncodingException e2) {
            Debug.log(5, "P12KeyStore.setCertificateEntry()", new StringBuffer("Unexpected exception while creating CertBag: ").append(e2.toString()).toString());
            throw new KeyStoreException(e2.toString());
        } catch (CertificateException e3) {
            throw new KeyStoreException(e3.toString());
        }
    }

    private boolean certEquals(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        return X500Name.equals(x509Certificate.getIssuerDN(), x509Certificate2.getIssuerDN()) && x509Certificate.getSerialNumber().equals(x509Certificate2.getSerialNumber());
    }

    private static Vector createSafeBagAttributes(String str, Certificate[] certificateArr) throws KeyStoreException {
        Vector vector = new Vector();
        vector.add(new FriendlyName(str));
        try {
            vector.add(SafeBag.createLocalKeyId(certificateArr[0].getEncoded()));
            return vector;
        } catch (CertificateEncodingException e) {
            throw new KeyStoreException(e.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration engineAliases() {
        Debug.log(1, "KeyStore.aliases()", "");
        isInitialized();
        Vector vector = new Vector();
        for (String str : this.bagHandler.getAllFriendlyNames()) {
            vector.add(str);
        }
        return vector.elements();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        Debug.log(1, new StringBuffer("KeyStore.containsAlias( ").append(str).append(" )").toString(), "");
        isInitialized();
        return this.bagHandler.getBag(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        Debug.log(1, "KeyStore.deleteEntry()", "");
        isInitialized();
        this.pfx = null;
        this.bagHandler.removeBags(str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [java.security.cert.Certificate] */
    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        Debug.log(1, "KeyStore.getCertificate()", "");
        isInitialized();
        CertBag certBag = null;
        for (SafeBag safeBag : this.bagHandler.getBags(str)) {
            try {
                certBag = (CertBag) safeBag.getBag();
                break;
            } catch (ClassCastException unused) {
            }
        }
        X509Certificate x509Certificate = null;
        if (certBag != null) {
            x509Certificate = certBag.getCertificate();
        } else {
            X509Certificate[] chain = ((NetscapeBagHandler) this.bagHandler).getChain(str);
            if (chain != null) {
                x509Certificate = chain[0];
            }
        }
        return x509Certificate;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        Debug.log(1, "KeyStore.getCertificateAlias()", "");
        isInitialized();
        String str = null;
        SafeBag[] allBags = this.bagHandler.getAllBags();
        int i = 0;
        while (true) {
            if (i >= allBags.length) {
                break;
            }
            int hashCode = allBags[i].getBagId().hashCode();
            if (hashCode != SafeBag.CERTBAG) {
                if (hashCode == SafeBag.SHROUDED_KEYBAG || hashCode == SafeBag.KEYBAG) {
                    String friendlyName = allBags[i].getFriendlyName();
                    if (certEquals(((NetscapeBagHandler) this.bagHandler).getChain(friendlyName)[0], (X509Certificate) certificate)) {
                        str = friendlyName;
                        break;
                    }
                }
                i++;
            } else {
                if (certEquals((X509Certificate) ((CertBag) allBags[i].getBag()).getCertificate(), (X509Certificate) certificate)) {
                    str = allBags[i].getFriendlyName();
                    break;
                }
                i++;
            }
        }
        return str;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        Debug.log(1, new StringBuffer("KeyStore.getCertificateChain( ").append(str).append(" )").toString(), "");
        isInitialized();
        new Vector();
        return ((NetscapeBagHandler) this.bagHandler).getChain(str);
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        Debug.log(1, "KeyStore.getCreationDate()", "");
        isInitialized();
        return new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        Debug.log(1, "KeyStoreImpl.getKey()", "");
        isInitialized();
        SafeBag[] bags = this.bagHandler.getBags(str);
        if (bags.length == 0) {
            throw new UnrecoverableKeyException("Key Not Present");
        }
        if (0 >= bags.length) {
            return null;
        }
        if (!bags[0].getBagId().equals("1.2.840.113549.1.12.10.1.2")) {
            try {
                return ((KeyBag) bags[0].getBag()).getPrivateKey();
            } catch (InvalidKeySpecException e) {
                throw new UnrecoverableKeyException(e.getMessage());
            }
        }
        PKCS8EncryptedPrivateKey encryptedPrivateKeyInfo = ((ShroudedKeyBag) bags[0].getBag()).getEncryptedPrivateKeyInfo();
        try {
            encryptedPrivateKeyInfo.decrypt(new PBEKeySpec(cArr));
            return encryptedPrivateKeyInfo.getPrivateKey();
        } catch (PKCS8Exception e2) {
            throw new UnrecoverableKeyException(e2.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        Debug.log(1, "KeyStore.isCertificateEntry()", "");
        isInitialized();
        boolean z = false;
        for (SafeBag safeBag : this.bagHandler.getBags(str)) {
            int hashCode = safeBag.getBagId().hashCode();
            if (hashCode == SafeBag.CERTBAG) {
                z = true;
            } else if (hashCode == SafeBag.KEYBAG || hashCode == SafeBag.SHROUDED_KEYBAG) {
                return false;
            }
        }
        return z;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        Debug.log(1, new StringBuffer("KeyStore.isKeyEntry( ").append(str).append(" )").toString(), "");
        isInitialized();
        for (SafeBag safeBag : this.bagHandler.getBags(str)) {
            int hashCode = safeBag.getBagId().hashCode();
            if (hashCode == SafeBag.KEYBAG || hashCode == SafeBag.SHROUDED_KEYBAG) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        Debug.log(1, "P12KeyStore.load()", "");
        if (inputStream == null) {
            this.bagHandler = new NetscapeBagHandler();
            return;
        }
        try {
            this.pfx = PFX.createPFX(inputStream);
            if (cArr != null) {
                try {
                    if (!this.pfx.verify(PKCS12KeyFactory.createPBEKey(cArr))) {
                        throw new InvalidKeyException();
                    }
                } catch (InvalidKeyException e) {
                    throw new IOException(new StringBuffer("KeyStore Integrity Compromised: ").append(e.toString()).toString());
                }
            }
            this.bagHandler = new NetscapeBagHandler();
            this.bagHandler.setPassword(cArr);
            try {
                this.bagHandler.importBags(this.pfx.getAuthSafe());
            } catch (Asn1Exception e2) {
                throw new CertificateException(e2.toString());
            }
        } catch (Asn1DecodingException e3) {
            throw new IOException(e3.toString());
        } catch (Asn1Exception e4) {
            throw new IOException(e4.toString());
        } catch (Exception unused) {
            throw new IOException(" bad pkcs12 data");
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        if (engineIsCertificateEntry(str)) {
            this.bagHandler.removeBags(str);
        } else if (engineIsKeyEntry(str)) {
            throw new KeyStoreException(new StringBuffer("Alias ").append(str).append(" is a key entry").append(" in this KeyStore").toString());
        }
        addCertEntry(str, certificate, false, true, false);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        Debug.log(1, "KeyStore.setKeyEntry( Key )", "");
        isInitialized();
        if (certificateArr == null || certificateArr.length == 0) {
            throw new KeyStoreException("Invalid Certificate Chain");
        }
        this.pfx = null;
        Vector createSafeBagAttributes = createSafeBagAttributes(str, certificateArr);
        try {
            PKCS8EncryptedPrivateKey pKCS8EncryptedPrivateKey = new PKCS8EncryptedPrivateKey((PrivateKey) key, DEFAULT_ENCRYPTION_ALGORITHM);
            pKCS8EncryptedPrivateKey.encrypt(cArr);
            this.bagHandler.storeBags(new SafeBag[]{new SafeBag(new ShroudedKeyBag(pKCS8EncryptedPrivateKey), createSafeBagAttributes)});
            int length = certificateArr.length - 1;
            if (length == 0) {
                addCertEntry(str, certificateArr[0], true, false, true);
            } else {
                addCertEntry(str, certificateArr[0], true, false, false);
            }
            for (int i = 1; i < length; i++) {
                addCertEntry(str, certificateArr[i], false, false, false);
            }
            if (length > 0) {
                addCertEntry(str, certificateArr[length], false, false, true);
            }
        } catch (PKCS8Exception e) {
            throw new KeyStoreException(new StringBuffer("Encryption error: ").append(e.getMessage()).toString());
        } catch (ClassCastException e2) {
            throw new KeyStoreException(new StringBuffer("Not Private Key: ").append(e2.toString()).toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Debug.log(1, "KeyStore.setKeyEntry( byte[] )", "");
        this.pfx = null;
        if (certificateArr == null || certificateArr.length == 0) {
            throw new KeyStoreException("Invalid Certificate Chain");
        }
        try {
            this.bagHandler.storeBag(new SafeBag(new ShroudedKeyBag(new PKCS8EncryptedPrivateKey(bArr)), createSafeBagAttributes(str, certificateArr)));
            int length = certificateArr.length - 1;
            if (length == 0) {
                addCertEntry(str, certificateArr[0], true, false, true);
            } else {
                addCertEntry(str, certificateArr[0], true, false, false);
            }
            for (int i = 1; i < length; i++) {
                addCertEntry(str, certificateArr[i], false, false, false);
            }
            if (length > 0) {
                addCertEntry(str, certificateArr[length], false, false, true);
            }
        } catch (PKCS8Exception e) {
            throw new KeyStoreException(new StringBuffer("Invalid Encrypted Private Key: ").append(e.toString()).toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        Debug.log(1, "KeyStore.size()", "");
        isInitialized();
        return this.bagHandler.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        Debug.log(1, "KeyStoreImpl.store()", "");
        isInitialized();
        if (this.pfx == null) {
            this.pfx = new PFX(this.bagHandler.export());
            try {
                this.pfx.mac(PKCS12KeyFactory.createPBEKey(cArr), PKCS12KeyFactory.generatePBEParameterSpec(), 1);
            } catch (InvalidFlagException e) {
                throw new IOException(new StringBuffer("Internal Error While Creating PBEKey: ").append(e.toString()).toString());
            } catch (InvalidKeyException e2) {
                throw new IOException(new StringBuffer("Exception While Creating PBEKey: ").append(e2.toString()).toString());
            }
        }
        try {
            this.pfx.encode(outputStream);
        } catch (Asn1EncodingException e3) {
            throw new IOException(new StringBuffer("Exception while encoding PFX to ASN.1: ").append(e3.toString()).toString());
        }
    }

    private String getCN(X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectDN().getName();
        StringTokenizer stringTokenizer = new StringTokenizer(name, ",", false);
        String str = null;
        String str2 = null;
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.indexOf("CN") != -1) {
                str = nextToken;
            } else if (nextToken.indexOf("OU") != -1) {
                str2 = nextToken;
            }
        }
        if (str != null) {
            return str.substring(str.indexOf("=") + 1);
        }
        if (str2 == null) {
            return name;
        }
        return str2.substring(str2.indexOf("=") + 1);
    }

    private void isInitialized() {
        if (this.bagHandler == null) {
            throw new RuntimeException("Operation On Uninitialized KeyStore");
        }
    }

    private void verifyChain(Certificate[] certificateArr) throws KeyStoreException {
        try {
            X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
            X509CertSelector x509CertSelector = new X509CertSelector();
            CertPathBuilder certPathBuilder = new CertPathBuilder();
            Vector vector = new Vector();
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
            for (int i = 0; i < x509CertificateArr.length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateArr[i];
            }
            vector.add(x509CertificateArr[x509CertificateArr.length - 1]);
            certPathBuilder.setTrustedCerts(vector);
            x509CertSelector.setIssuerDN(x509Certificate.getIssuerDN().getName());
            x509CertSelector.setSerialNumber(x509Certificate.getSerialNumber());
            certPathBuilder.verify(x509CertificateArr);
        } catch (Exception e) {
            throw new KeyStoreException(new StringBuffer("Cert chain doesn't verify: ").append(e.getMessage()).toString());
        }
    }
}
