package com.baltimore.jpkiplus.pkcs12;

import com.baltimore.jcrypto.asn1.ASN1Integer;
import com.baltimore.jcrypto.asn1.ASN1Null;
import com.baltimore.jcrypto.asn1.ASN1OctetString;
import com.baltimore.jcrypto.asn1.ASN1Sequence;
import com.baltimore.jcrypto.coders.BERCoder;
import com.baltimore.jcrypto.coders.DERCoder;
import com.baltimore.jcrypto.pkcs.AlgorithmIdentifier;
import com.baltimore.jcrypto.pkcs.PKCS_12;
import com.baltimore.jcrypto.pkcs.PassPhraseProtect;
import com.baltimore.jcrypto.utils.Buffer;
import com.baltimore.jcrypto.utils.ByteArray;
import com.baltimore.jcrypto.utils.OIDs;
import com.baltimore.jcrypto.utils.Utils;
import com.baltimore.jpkiplus.pkcs12.safebagcontent.CertBag;
import com.baltimore.jpkiplus.pkcs12.safebagcontent.KeyBag;
import com.baltimore.jpkiplus.pkcs12.safebagcontent.PKCS8ShroudedKeyBag;
import com.baltimore.jpkiplus.pkcs12.safebagcontent.SafeContentsBag;
import com.baltimore.jpkiplus.pkcs7.content.Data;
import com.baltimore.jpkiplus.pkcs7.content.SignedData;
import com.baltimore.jpkiplus.utils.DERReader;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509Certificate;
import com.baltimore.jpkiplus.x509.extensions.AuthorityKeyIdentifier;
import com.baltimore.jpkiplus.x509.extensions.SubjectKeyIdentifier;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: [DashoPro-V1.3-013000] */
/* loaded from: input_file:com/baltimore/jpkiplus/pkcs12/PKCS12KeyStoreImpl.class */
public class PKCS12KeyStoreImpl extends KeyStoreSpi {
    private Map a = new HashMap();
    private Map b = new HashMap();
    private static final String c = "12";

    @Override // java.security.KeyStoreSpi
    public Enumeration engineAliases() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.b.keySet());
        hashSet.addAll(this.a.keySet());
        Iterator it = hashSet.iterator();
        Vector vector = new Vector(hashSet.size());
        while (it.hasNext()) {
            vector.addElement(it.next());
        }
        return vector.elements();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return this.a.containsKey(str) || this.b.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        this.a.remove(str);
        this.b.remove(str);
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        return (Certificate) this.b.get(str);
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        for (Map.Entry entry : this.b.entrySet()) {
            if (certificate.equals(entry.getValue())) {
                return (String) entry.getKey();
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        List list = (List) this.a.get(str);
        if (list == null || list.size() <= 1) {
            return null;
        }
        Certificate[] certificateArr = new Certificate[list.size() - 1];
        for (int i = 0; i < certificateArr.length; i++) {
            certificateArr[i] = (Certificate) list.get(1 + i);
        }
        return certificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        List list = (List) this.a.get(str);
        if (list == null) {
            return null;
        }
        try {
            return ((KeyBag) list.get(0)).getKey(new Buffer(new String(cArr)));
        } catch (NoSuchAlgorithmException e) {
            throw e;
        } catch (Exception e2) {
            throw new UnrecoverableKeyException(new StringBuffer("Error getting keystore entry: ").append(e2).toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return this.b.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return this.a.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        Data data;
        X509Certificate x509Certificate;
        this.a.clear();
        this.b.clear();
        if (inputStream == null) {
            if (cArr != null) {
                throw new IOException("Password specified for new key store");
            }
            return;
        }
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) BERCoder.decode(new DERReader(inputStream).read(c));
            if (aSN1Sequence.getNumberOfComponents() < 2 || aSN1Sequence.getNumberOfComponents() > 3) {
                throw new IOException("Invalid keystore outer sequence");
            }
            ASN1Integer aSN1Integer = (ASN1Integer) aSN1Sequence.getComponent(0);
            if (aSN1Integer.getIntValue() != 3) {
                throw new IOException(new StringBuffer("Keystore version error: ").append(aSN1Integer).toString());
            }
            ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1Sequence.getComponent(1);
            if (aSN1Sequence.getNumberOfComponents() == 2 && cArr != null) {
                throw new IOException("Authenticated requested for unauthenticated keystore");
            }
            Buffer buffer = cArr == null ? null : new Buffer(new String(cArr));
            if (cArr != null) {
                data = new Data(aSN1Sequence2);
                ASN1Sequence aSN1Sequence3 = (ASN1Sequence) aSN1Sequence.getComponent(2);
                if (aSN1Sequence3.getNumberOfComponents() < 2 || aSN1Sequence3.getNumberOfComponents() > 3) {
                    throw new IOException("Invalid keystore MAC sequence");
                }
                ASN1Sequence aSN1Sequence4 = (ASN1Sequence) aSN1Sequence3.getComponent(0);
                String stringFromOID = OIDs.getStringFromOID(new AlgorithmIdentifier(aSN1Sequence4.getComponent(0)).getAlgorithm());
                byte[] value = ((ASN1OctetString) aSN1Sequence4.getComponent(1)).getValue();
                byte[] generateMaterialPKCS12 = new PassPhraseProtect(stringFromOID).generateMaterialPKCS12(PKCS_12.getPassPhraseBytes(buffer), ((ASN1OctetString) aSN1Sequence3.getComponent(1)).getValue(), aSN1Sequence3.getNumberOfComponents() == 3 ? ((ASN1Integer) aSN1Sequence3.getComponent(2)).getIntValue() : 1, (byte) 3, 20, -1, false);
                Mac mac = Mac.getInstance(new StringBuffer("Hmac").append(stringFromOID).toString());
                mac.init(new SecretKeySpec(generateMaterialPKCS12, new StringBuffer("Hmac").append(stringFromOID).toString()));
                mac.update(data.getData());
                if (!Utils.cmpByteArrays(mac.doFinal(), value)) {
                    throw new IOException("MAC error: File corrupt or passphrase incorrect");
                }
            } else {
                data = aSN1Sequence2.getComponent(0).equals(OIDs.data) ? new Data(aSN1Sequence2) : (Data) new SignedData(aSN1Sequence2).getContent();
            }
            PFX pfx = new PFX();
            if (buffer != null) {
                pfx.setPassPhrase(buffer);
            }
            ASN1Sequence aSN1Sequence5 = (ASN1Sequence) BERCoder.decode(data.getData());
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            for (int i = 0; i < aSN1Sequence5.getNumberOfComponents(); i++) {
                ASN1Sequence aSN1Sequence6 = (ASN1Sequence) aSN1Sequence5.getComponent(i);
                if (aSN1Sequence6.getComponent(0).equals(OIDs.data)) {
                    arrayList.add(new AuthenticatedSafe(aSN1Sequence6, pfx).getSafeContents());
                } else if (aSN1Sequence6.getComponent(0).equals(OIDs.encryptedData)) {
                    try {
                        arrayList2.add(new AuthenticatedSafe(aSN1Sequence6, pfx).getSafeContents());
                    } catch (Exception unused) {
                    }
                }
            }
            for (int i2 = 0; i2 < arrayList2.size(); i2++) {
                SafeContents safeContents = (SafeContents) arrayList2.get(i2);
                SafeContents safeContents2 = new SafeContents();
                for (int i3 = 0; i3 < safeContents.getNumberOfSafeBags(); i3++) {
                    SafeBag safeBag = safeContents.getSafeBag(i3);
                    if (OIDs.safeContentsBag.equals(safeBag.getBagType())) {
                        arrayList2.add(((SafeContentsBag) safeBag).getSafeContents());
                    } else if (OIDs.keyBag.equals(safeBag.getBagType())) {
                        KeyBag keyBag = (KeyBag) safeBag;
                        PKCS8ShroudedKeyBag pKCS8ShroudedKeyBag = new PKCS8ShroudedKeyBag(keyBag.getKey(), buffer);
                        pKCS8ShroudedKeyBag.setFriendlyName(keyBag.getFriendlyName());
                        pKCS8ShroudedKeyBag.setLocalKeyID(keyBag.getLocalKeyID());
                        safeContents2.addSafeBag(pKCS8ShroudedKeyBag);
                    } else {
                        safeContents2.addSafeBag(safeBag);
                    }
                }
                arrayList.add(safeContents2);
            }
            ArrayList<KeyBag> arrayList3 = new ArrayList();
            HashMap hashMap = new HashMap();
            ArrayList arrayList4 = new ArrayList();
            for (int i4 = 0; i4 < arrayList.size(); i4++) {
                SafeContents safeContents3 = (SafeContents) arrayList.get(i4);
                for (int i5 = 0; i5 < safeContents3.getNumberOfSafeBags(); i5++) {
                    SafeBag safeBag2 = safeContents3.getSafeBag(i5);
                    if (OIDs.safeContentsBag.equals(safeBag2.getBagType())) {
                        arrayList.add(((SafeContentsBag) safeBag2).getSafeContents());
                    } else if (OIDs.keyBag.equals(safeBag2.getBagType()) || OIDs.pkcs8ShroudedKeyBag.equals(safeBag2.getBagType())) {
                        arrayList3.add((KeyBag) safeBag2);
                    } else if (OIDs.certBag.equals(safeBag2.getBagType())) {
                        CertBag certBag = (CertBag) safeBag2;
                        String friendlyName = certBag.getFriendlyName();
                        byte[] localKeyID = certBag.getLocalKeyID();
                        JCRYPTO_X509Certificate cert = certBag.getCert();
                        arrayList4.add(cert);
                        if (friendlyName != null) {
                            int i6 = 2;
                            while (this.b.containsKey(friendlyName)) {
                                int i7 = i6;
                                i6++;
                                friendlyName = new StringBuffer(String.valueOf(friendlyName)).append("#").append(i7).toString();
                            }
                            this.b.put(friendlyName, cert);
                        }
                        if (localKeyID != null) {
                            hashMap.put(new ByteArray(localKeyID), cert);
                        }
                    }
                }
            }
            for (KeyBag keyBag2 : arrayList3) {
                String friendlyName2 = keyBag2.getFriendlyName();
                if (friendlyName2 == null) {
                    byte[] localKeyID2 = keyBag2.getLocalKeyID();
                    if (localKeyID2 != null && (x509Certificate = (X509Certificate) hashMap.get(new ByteArray(localKeyID2))) != null) {
                        String name = x509Certificate.getSubjectDN().getName();
                        int indexOf = name.indexOf("CN=");
                        if (indexOf >= 0) {
                            int i8 = indexOf + 3;
                            int i9 = i8;
                            int length = name.length();
                            while (i9 < length && name.charAt(i9) != ',') {
                                if (name.charAt(i9) == '\\') {
                                    i9++;
                                }
                                i9++;
                            }
                            friendlyName2 = name.substring(i8, i9);
                        }
                    }
                    if (friendlyName2 == null) {
                        friendlyName2 = "Key";
                    }
                }
                String str = friendlyName2;
                int i10 = 2;
                while (this.a.containsKey(friendlyName2)) {
                    int i11 = i10;
                    i10++;
                    friendlyName2 = new StringBuffer(String.valueOf(str)).append("#").append(i11).toString();
                }
                ArrayList arrayList5 = new ArrayList();
                this.a.put(friendlyName2, arrayList5);
                arrayList5.add(keyBag2);
                byte[] localKeyID3 = keyBag2.getLocalKeyID();
                if (localKeyID3 != null) {
                    X509Certificate x509Certificate2 = (X509Certificate) hashMap.get(new ByteArray(localKeyID3));
                    while (x509Certificate2 != null) {
                        arrayList5.add(x509Certificate2);
                        X509Certificate x509Certificate3 = null;
                        Iterator it = arrayList4.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            X509Certificate x509Certificate4 = (X509Certificate) it.next();
                            if (a(x509Certificate2, x509Certificate4)) {
                                x509Certificate3 = x509Certificate4;
                                break;
                            }
                        }
                        x509Certificate2 = x509Certificate3;
                    }
                }
            }
        } catch (IOException e) {
            throw e;
        } catch (CertificateException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new IOException(new StringBuffer("PKCS#12 error: ").append(e3).toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        this.b.put(str, certificate);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(new PKCS8ShroudedKeyBag((PrivateKey) key, new Buffer(new String(cArr)), OIDs.pbeWithSHA1And3_KeyTripleDES_CBC));
            for (Certificate certificate : certificateArr) {
                arrayList.add(certificate);
            }
            this.a.put(str, arrayList);
        } catch (Exception e) {
            throw new KeyStoreException(new StringBuffer("Error setting keystore entry: ").append(e).toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("Unsupported");
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.b.keySet());
        hashSet.addAll(this.a.keySet());
        return hashSet.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        try {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            aSN1Sequence.addComponent(new ASN1Integer(3));
            SafeContents safeContents = new SafeContents();
            HashMap hashMap = new HashMap(this.b);
            for (Map.Entry entry : this.a.entrySet()) {
                String str = (String) entry.getKey();
                List list = (List) entry.getValue();
                KeyBag keyBag = (KeyBag) list.get(0);
                keyBag.setBagAttributes(null);
                keyBag.setFriendlyName(str);
                byte[] bArr = null;
                if (list.size() > 1) {
                    MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
                    messageDigest.update(((X509Certificate) list.get(1)).getEncoded());
                    bArr = messageDigest.digest();
                    keyBag.setLocalKeyID(bArr);
                }
                safeContents.addSafeBag(keyBag);
                for (int i = 1; i < list.size(); i++) {
                    X509Certificate x509Certificate = (X509Certificate) list.get(i);
                    CertBag certBag = new CertBag(x509Certificate);
                    if (i == 1) {
                        certBag.setLocalKeyID(bArr);
                        if (x509Certificate.equals(hashMap.get(str))) {
                            certBag.setFriendlyName(str);
                            hashMap.remove(str);
                        }
                    }
                    safeContents.addSafeBag(certBag);
                }
            }
            for (Map.Entry entry2 : hashMap.entrySet()) {
                String str2 = (String) entry2.getKey();
                CertBag certBag2 = new CertBag((X509Certificate) entry2.getValue());
                certBag2.setFriendlyName(str2);
                safeContents.addSafeBag(certBag2);
            }
            ASN1Sequence aSN1Sequence2 = new ASN1Sequence();
            aSN1Sequence2.addComponent(new Data(DERCoder.encode(safeContents)));
            Data data = new Data(DERCoder.encode(aSN1Sequence2));
            aSN1Sequence.addComponent(data);
            if (cArr != null) {
                byte[] bArr2 = new byte[16];
                new SecureRandom().nextBytes(bArr2);
                byte[] generateMaterialPKCS12 = new PassPhraseProtect("SHA1").generateMaterialPKCS12(PKCS_12.getPassPhraseBytes(new Buffer(new String(cArr))), bArr2, 768, (byte) 3, 20, -1, false);
                Mac mac = Mac.getInstance(new StringBuffer("Hmac").append("SHA1").toString());
                mac.init(new SecretKeySpec(generateMaterialPKCS12, new StringBuffer("Hmac").append("SHA1").toString()));
                mac.update(data.getData());
                byte[] doFinal = mac.doFinal();
                ASN1Sequence aSN1Sequence3 = new ASN1Sequence();
                aSN1Sequence3.addComponent(new AlgorithmIdentifier(OIDs.sha1, new ASN1Null()));
                aSN1Sequence3.addComponent(new ASN1OctetString(doFinal));
                ASN1Sequence aSN1Sequence4 = new ASN1Sequence();
                aSN1Sequence4.addComponent(aSN1Sequence3);
                aSN1Sequence4.addComponent(new ASN1OctetString(bArr2));
                if (768 != 1) {
                    aSN1Sequence4.addComponent(new ASN1Integer(768));
                }
                aSN1Sequence.addComponent(aSN1Sequence4);
            }
            outputStream.write(DERCoder.encode(aSN1Sequence));
        } catch (IOException e) {
            throw e;
        } catch (NoSuchAlgorithmException e2) {
            throw e2;
        } catch (CertificateException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new IOException(new StringBuffer("PKCS#12 error: ").append(e4).toString());
        }
    }

    private static boolean a(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertificateException {
        if (x509Certificate.equals(x509Certificate2) || !x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
            return false;
        }
        JCRYPTO_X509Certificate cast = JCRYPTO_X509Certificate.cast(x509Certificate);
        JCRYPTO_X509Certificate cast2 = JCRYPTO_X509Certificate.cast(x509Certificate2);
        AuthorityKeyIdentifier authorityKeyIdentifier = cast.getAuthorityKeyIdentifier();
        SubjectKeyIdentifier subjectKeyIdentifier = cast2.getSubjectKeyIdentifier();
        if (authorityKeyIdentifier != null && subjectKeyIdentifier != null) {
            return authorityKeyIdentifier.compare(subjectKeyIdentifier);
        }
        boolean[] issuerUniqueID = x509Certificate.getIssuerUniqueID();
        boolean[] subjectUniqueID = x509Certificate2.getSubjectUniqueID();
        return (issuerUniqueID == null || subjectUniqueID == null) ? cast.getSigAlgName().indexOf(cast2.getPublicKey().getAlgorithm()) >= 0 : Utils.cmpBooleanArrays(issuerUniqueID, subjectUniqueID);
    }
}
