package org.bouncycastle.jce.provider;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.apache.xalan.templates.Constants;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BERConstructedOctetString;
import org.bouncycastle.asn1.BEROutputStream;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
import org.bouncycastle.asn1.pkcs.CertBag;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.EncryptedData;
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.MacData;
import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.Pfx;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.SafeBag;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.jce.interfaces.BCKeyStore;
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:org/bouncycastle/jce/provider/JDKPKCS12KeyStore.class */
public class JDKPKCS12KeyStore extends KeyStoreSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore {
    private static final int SALT_SIZE = 20;
    private static final int MIN_ITERATIONS = 1024;
    private static final DERObjectIdentifier KEY_ALGORITHM = PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC;
    private static final DERObjectIdentifier CERT_ALGORITHM = PKCSObjectIdentifiers.pbewithSHAAnd40BitRC2_CBC;
    static final int NULL = 0;
    static final int CERTIFICATE = 1;
    static final int KEY = 2;
    static final int SECRET = 3;
    static final int SEALED = 4;
    static final int KEY_PRIVATE = 0;
    static final int KEY_PUBLIC = 1;
    static final int KEY_SECRET = 2;
    private CertificateFactory certFact;
    private IgnoresCaseHashtable keys = new IgnoresCaseHashtable(null);
    private Hashtable localIds = new Hashtable();
    private IgnoresCaseHashtable certs = new IgnoresCaseHashtable(null);
    private Hashtable chainCerts = new Hashtable();
    private Hashtable keyCerts = new Hashtable();
    protected SecureRandom random = new SecureRandom();

    /* renamed from: org.bouncycastle.jce.provider.JDKPKCS12KeyStore$1, reason: invalid class name */
    /* loaded from: input_file:org/bouncycastle/jce/provider/JDKPKCS12KeyStore$1.class */
    static class AnonymousClass1 {
    }

    /* loaded from: input_file:org/bouncycastle/jce/provider/JDKPKCS12KeyStore$BCPKCS12KeyStore.class */
    public static class BCPKCS12KeyStore extends JDKPKCS12KeyStore {
        public BCPKCS12KeyStore() {
            super("BC");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/jce/provider/JDKPKCS12KeyStore$CertId.class */
    public class CertId {
        byte[] id;
        private final JDKPKCS12KeyStore this$0;

        CertId(JDKPKCS12KeyStore jDKPKCS12KeyStore, PublicKey publicKey) {
            this.this$0 = jDKPKCS12KeyStore;
            this.id = jDKPKCS12KeyStore.createSubjectKeyId(publicKey).getKeyIdentifier();
        }

        CertId(JDKPKCS12KeyStore jDKPKCS12KeyStore, byte[] bArr) {
            this.this$0 = jDKPKCS12KeyStore;
            this.id = bArr;
        }

        public int hashCode() {
            int i = this.id[0] & 255;
            for (int i2 = 1; i2 != this.id.length - 4; i2++) {
                i ^= ((((this.id[i2] & 255) << 24) | ((this.id[i2 + 1] & 255) << 16)) | ((this.id[i2 + 2] & 255) << 8)) | (this.id[i2 + 3] & 255);
            }
            return i;
        }

        public boolean equals(Object obj) {
            if (!(obj instanceof CertId)) {
                return false;
            }
            CertId certId = (CertId) obj;
            if (certId.id.length != this.id.length) {
                return false;
            }
            for (int i = 0; i != this.id.length; i++) {
                if (certId.id[i] != this.id[i]) {
                    return false;
                }
            }
            return true;
        }
    }

    /* loaded from: input_file:org/bouncycastle/jce/provider/JDKPKCS12KeyStore$DefPKCS12KeyStore.class */
    public static class DefPKCS12KeyStore extends JDKPKCS12KeyStore {
        public DefPKCS12KeyStore() {
            super(null);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/jce/provider/JDKPKCS12KeyStore$IgnoresCaseHashtable.class */
    public static class IgnoresCaseHashtable {
        private Hashtable orig;
        private Hashtable keys;

        private IgnoresCaseHashtable() {
            this.orig = new Hashtable();
            this.keys = new Hashtable();
        }

        public void put(String str, Object obj) {
            String lowerCase = Strings.toLowerCase(str);
            String str2 = (String) this.keys.get(lowerCase);
            if (str2 != null) {
                this.orig.remove(str2);
            }
            this.keys.put(lowerCase, str);
            this.orig.put(str, obj);
        }

        public Enumeration keys() {
            return this.orig.keys();
        }

        public Object remove(String str) {
            String str2 = (String) this.keys.remove(Strings.toLowerCase(str));
            if (str2 == null) {
                return null;
            }
            return this.orig.remove(str2);
        }

        public Object get(String str) {
            String str2 = (String) this.keys.get(Strings.toLowerCase(str));
            if (str2 == null) {
                return null;
            }
            return this.orig.get(str2);
        }

        public Enumeration elements() {
            return this.orig.elements();
        }

        IgnoresCaseHashtable(AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    public JDKPKCS12KeyStore(String str) {
        this.certFact = null;
        try {
            if (str != null) {
                this.certFact = CertificateFactory.getInstance("X.509", str);
            } else {
                this.certFact = CertificateFactory.getInstance("X.509");
            }
        } catch (Exception e) {
            throw new IllegalArgumentException(new StringBuffer().append("can't create cert factory - ").append(e.toString()).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey) {
        try {
            return new SubjectKeyIdentifier(new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(publicKey.getEncoded()).readObject()));
        } catch (Exception e) {
            throw new RuntimeException("error creating key");
        }
    }

    @Override // org.bouncycastle.jce.interfaces.BCKeyStore
    public void setRandom(SecureRandom secureRandom) {
        this.random = secureRandom;
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration engineAliases() {
        Hashtable hashtable = new Hashtable();
        Enumeration keys = this.certs.keys();
        while (keys.hasMoreElements()) {
            hashtable.put(keys.nextElement(), "cert");
        }
        Enumeration keys2 = this.keys.keys();
        while (keys2.hasMoreElements()) {
            String str = (String) keys2.nextElement();
            if (hashtable.get(str) == null) {
                hashtable.put(str, "key");
            }
        }
        return hashtable.keys();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return (this.certs.get(str) == null && this.keys.get(str) == null) ? false : true;
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        Key key = (Key) this.keys.remove(str);
        Certificate certificate = (Certificate) this.certs.remove(str);
        if (certificate != null) {
            this.chainCerts.remove(new CertId(this, certificate.getPublicKey()));
        }
        if (key != null) {
            String str2 = (String) this.localIds.remove(str);
            if (str2 != null) {
                certificate = (Certificate) this.keyCerts.remove(str2);
            }
            if (certificate != null) {
                this.chainCerts.remove(new CertId(this, certificate.getPublicKey()));
            }
        }
        if (certificate == null && key == null) {
            throw new KeyStoreException(new StringBuffer().append("no such entry as ").append(str).toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        if (str == null) {
            throw new IllegalArgumentException("null alias passed to getCertificate.");
        }
        Certificate certificate = (Certificate) this.certs.get(str);
        if (certificate == null) {
            String str2 = (String) this.localIds.get(str);
            certificate = str2 != null ? (Certificate) this.keyCerts.get(str2) : (Certificate) this.keyCerts.get(str);
        }
        return certificate;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        Enumeration elements = this.certs.elements();
        Enumeration keys = this.certs.keys();
        while (elements.hasMoreElements()) {
            Certificate certificate2 = (Certificate) elements.nextElement();
            String str = (String) keys.nextElement();
            if (certificate2.equals(certificate)) {
                return str;
            }
        }
        Enumeration elements2 = this.keyCerts.elements();
        Enumeration keys2 = this.keyCerts.keys();
        while (elements2.hasMoreElements()) {
            Certificate certificate3 = (Certificate) elements2.nextElement();
            String str2 = (String) keys2.nextElement();
            if (certificate3.equals(certificate)) {
                return str2;
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        if (str == null) {
            throw new IllegalArgumentException("null alias passed to getCertificateChain.");
        }
        if (!engineIsKeyEntry(str)) {
            return null;
        }
        Certificate engineGetCertificate = engineGetCertificate(str);
        if (engineGetCertificate == null) {
            return null;
        }
        Vector vector = new Vector();
        while (engineGetCertificate != null) {
            X509Certificate x509Certificate = (X509Certificate) engineGetCertificate;
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
            if (extensionValue != null) {
                try {
                    AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier((ASN1Sequence) new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(extensionValue).readObject()).getOctets()).readObject());
                    r11 = authorityKeyIdentifier.getKeyIdentifier() != null ? (Certificate) this.chainCerts.get(new CertId(this, authorityKeyIdentifier.getKeyIdentifier())) : null;
                } catch (IOException e) {
                    throw new RuntimeException(e.toString());
                }
            }
            if (r11 == null) {
                Principal issuerDN = x509Certificate.getIssuerDN();
                if (!issuerDN.equals(x509Certificate.getSubjectDN())) {
                    Enumeration keys = this.chainCerts.keys();
                    while (keys.hasMoreElements()) {
                        X509Certificate x509Certificate2 = (X509Certificate) this.chainCerts.get(keys.nextElement());
                        if (x509Certificate2.getSubjectDN().equals(issuerDN)) {
                            try {
                                x509Certificate.verify(x509Certificate2.getPublicKey());
                                r11 = x509Certificate2;
                                break;
                            } catch (Exception e2) {
                            }
                        }
                    }
                }
            }
            vector.addElement(engineGetCertificate);
            engineGetCertificate = r11 != engineGetCertificate ? r11 : null;
        }
        Certificate[] certificateArr = new Certificate[vector.size()];
        for (int i = 0; i != certificateArr.length; i++) {
            certificateArr[i] = (Certificate) vector.elementAt(i);
        }
        return certificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        return new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        if (str == null) {
            throw new IllegalArgumentException("null alias passed to getKey.");
        }
        return (Key) this.keys.get(str);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return this.certs.get(str) != null && this.keys.get(str) == null;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return this.keys.get(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        if (this.keys.get(str) != null) {
            throw new KeyStoreException(new StringBuffer().append("There is a key entry with the name ").append(str).append(Constants.ATTRVAL_THIS).toString());
        }
        this.certs.put(str, certificate);
        this.chainCerts.put(new CertId(this, certificate.getPublicKey()), certificate);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new RuntimeException("operation not supported");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if ((key instanceof PrivateKey) && certificateArr == null) {
            throw new KeyStoreException("no certificate chain for private key");
        }
        if (this.keys.get(str) != null) {
            engineDeleteEntry(str);
        }
        this.keys.put(str, key);
        this.certs.put(str, certificateArr[0]);
        for (int i = 0; i != certificateArr.length; i++) {
            this.chainCerts.put(new CertId(this, certificateArr[i].getPublicKey()), certificateArr[i]);
        }
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        Hashtable hashtable = new Hashtable();
        Enumeration keys = this.certs.keys();
        while (keys.hasMoreElements()) {
            hashtable.put(keys.nextElement(), "cert");
        }
        Enumeration keys2 = this.keys.keys();
        while (keys2.hasMoreElements()) {
            String str = (String) keys2.nextElement();
            if (hashtable.get(str) == null) {
                hashtable.put(str, "key");
            }
        }
        return hashtable.size();
    }

    protected PrivateKey unwrapKey(AlgorithmIdentifier algorithmIdentifier, byte[] bArr, char[] cArr, boolean z) throws IOException {
        String id = algorithmIdentifier.getObjectId().getId();
        PKCS12PBEParams pKCS12PBEParams = new PKCS12PBEParams((ASN1Sequence) algorithmIdentifier.getParameters());
        PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr);
        try {
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(id, "BC");
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(pKCS12PBEParams.getIV(), pKCS12PBEParams.getIterations().intValue());
            SecretKey generateSecret = secretKeyFactory.generateSecret(pBEKeySpec);
            ((JCEPBEKey) generateSecret).setTryWrongPKCS12Zero(z);
            Cipher cipher = Cipher.getInstance(id, "BC");
            cipher.init(4, generateSecret, pBEParameterSpec);
            return (PrivateKey) cipher.unwrap(bArr, "", 2);
        } catch (Exception e) {
            throw new IOException(new StringBuffer().append("exception unwrapping private key - ").append(e.toString()).toString());
        }
    }

    protected byte[] wrapKey(String str, Key key, PKCS12PBEParams pKCS12PBEParams, char[] cArr) throws IOException {
        PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr);
        try {
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(str, "BC");
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(pKCS12PBEParams.getIV(), pKCS12PBEParams.getIterations().intValue());
            Cipher cipher = Cipher.getInstance(str, "BC");
            cipher.init(3, secretKeyFactory.generateSecret(pBEKeySpec), pBEParameterSpec);
            return cipher.wrap(key);
        } catch (Exception e) {
            throw new IOException(new StringBuffer().append("exception encrypting data - ").append(e.toString()).toString());
        }
    }

    protected byte[] cryptData(boolean z, AlgorithmIdentifier algorithmIdentifier, char[] cArr, boolean z2, byte[] bArr) throws IOException {
        String id = algorithmIdentifier.getObjectId().getId();
        PKCS12PBEParams pKCS12PBEParams = new PKCS12PBEParams((ASN1Sequence) algorithmIdentifier.getParameters());
        PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr);
        try {
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(id, "BC");
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(pKCS12PBEParams.getIV(), pKCS12PBEParams.getIterations().intValue());
            JCEPBEKey jCEPBEKey = (JCEPBEKey) secretKeyFactory.generateSecret(pBEKeySpec);
            jCEPBEKey.setTryWrongPKCS12Zero(z2);
            Cipher cipher = Cipher.getInstance(id, "BC");
            cipher.init(z ? 1 : 2, jCEPBEKey, pBEParameterSpec);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new IOException(new StringBuffer().append("exception decrypting data - ").append(e.toString()).toString());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException {
        if (inputStream == null) {
            return;
        }
        if (cArr == null) {
            throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
        }
        BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
        bufferedInputStream.mark(10);
        if (bufferedInputStream.read() != 48) {
            throw new IOException("stream does not represent a PKCS12 key store");
        }
        bufferedInputStream.reset();
        Pfx pfx = new Pfx((ASN1Sequence) new ASN1InputStream(bufferedInputStream).readObject());
        ContentInfo authSafe = pfx.getAuthSafe();
        Vector vector = new Vector();
        boolean z = false;
        boolean z2 = false;
        if (pfx.getMacData() != null) {
            BEROutputStream bEROutputStream = new BEROutputStream(new ByteArrayOutputStream());
            MacData macData = pfx.getMacData();
            DigestInfo mac = macData.getMac();
            AlgorithmIdentifier algorithmId = mac.getAlgorithmId();
            byte[] salt = macData.getSalt();
            int intValue = macData.getIterationCount().intValue();
            bEROutputStream.writeObject(authSafe);
            byte[] octets = ((ASN1OctetString) authSafe.getContent()).getOctets();
            try {
                byte[] calculatePbeMac = calculatePbeMac(algorithmId.getObjectId(), salt, intValue, cArr, false, octets);
                byte[] digest = mac.getDigest();
                if (!Arrays.areEqual(calculatePbeMac, digest)) {
                    if (cArr.length > 0) {
                        throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
                    }
                    if (!Arrays.areEqual(calculatePbeMac(algorithmId.getObjectId(), salt, intValue, cArr, true, octets), digest)) {
                        throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
                    }
                    z2 = true;
                }
            } catch (IOException e) {
                throw e;
            } catch (Exception e2) {
                throw new IOException(new StringBuffer().append("error constructing MAC: ").append(e2.toString()).toString());
            }
        }
        this.keys = new IgnoresCaseHashtable(null);
        this.localIds = new Hashtable();
        if (authSafe.getContentType().equals(PKCSObjectIdentifiers.data)) {
            ContentInfo[] contentInfo = new AuthenticatedSafe((ASN1Sequence) new ASN1InputStream(((ASN1OctetString) authSafe.getContent()).getOctets()).readObject()).getContentInfo();
            for (int i = 0; i != contentInfo.length; i++) {
                if (contentInfo[i].getContentType().equals(PKCSObjectIdentifiers.data)) {
                    ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(((ASN1OctetString) contentInfo[i].getContent()).getOctets()).readObject();
                    for (int i2 = 0; i2 != aSN1Sequence.size(); i2++) {
                        SafeBag safeBag = new SafeBag((ASN1Sequence) aSN1Sequence.getObjectAt(i2));
                        if (safeBag.getBagId().equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag)) {
                            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo((ASN1Sequence) safeBag.getBagValue());
                            PrivateKey unwrapKey = unwrapKey(encryptedPrivateKeyInfo.getEncryptionAlgorithm(), encryptedPrivateKeyInfo.getEncryptedData(), cArr, z2);
                            PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier = (PKCS12BagAttributeCarrier) unwrapKey;
                            String str = null;
                            ASN1OctetString aSN1OctetString = null;
                            if (safeBag.getBagAttributes() != null) {
                                Enumeration objects = safeBag.getBagAttributes().getObjects();
                                while (objects.hasMoreElements()) {
                                    ASN1Sequence aSN1Sequence2 = (ASN1Sequence) objects.nextElement();
                                    DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) aSN1Sequence2.getObjectAt(0);
                                    ASN1Set aSN1Set = (ASN1Set) aSN1Sequence2.getObjectAt(1);
                                    DERObject dERObject = null;
                                    if (aSN1Set.size() > 0) {
                                        dERObject = (DERObject) aSN1Set.getObjectAt(0);
                                        pKCS12BagAttributeCarrier.setBagAttribute(dERObjectIdentifier, dERObject);
                                    }
                                    if (dERObjectIdentifier.equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName)) {
                                        str = ((DERBMPString) dERObject).getString();
                                        this.keys.put(str, unwrapKey);
                                    } else if (dERObjectIdentifier.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) {
                                        aSN1OctetString = (ASN1OctetString) dERObject;
                                    }
                                }
                            }
                            if (aSN1OctetString != null) {
                                String str2 = new String(Hex.encode(aSN1OctetString.getOctets()));
                                if (str == null) {
                                    this.keys.put(str2, unwrapKey);
                                } else {
                                    this.localIds.put(str, str2);
                                }
                            } else {
                                z = true;
                                this.keys.put("unmarked", unwrapKey);
                            }
                        } else if (safeBag.getBagId().equals(PKCSObjectIdentifiers.certBag)) {
                            vector.addElement(safeBag);
                        } else {
                            System.out.println(new StringBuffer().append("extra in data ").append(safeBag.getBagId()).toString());
                            System.out.println(ASN1Dump.dumpAsString(safeBag));
                        }
                    }
                } else if (contentInfo[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) {
                    EncryptedData encryptedData = new EncryptedData((ASN1Sequence) contentInfo[i].getContent());
                    ASN1Sequence aSN1Sequence3 = (ASN1Sequence) ASN1Object.fromByteArray(cryptData(false, encryptedData.getEncryptionAlgorithm(), cArr, z2, encryptedData.getContent().getOctets()));
                    for (int i3 = 0; i3 != aSN1Sequence3.size(); i3++) {
                        SafeBag safeBag2 = new SafeBag((ASN1Sequence) aSN1Sequence3.getObjectAt(i3));
                        if (safeBag2.getBagId().equals(PKCSObjectIdentifiers.certBag)) {
                            vector.addElement(safeBag2);
                        } else if (safeBag2.getBagId().equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag)) {
                            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo2 = new EncryptedPrivateKeyInfo((ASN1Sequence) safeBag2.getBagValue());
                            PrivateKey unwrapKey2 = unwrapKey(encryptedPrivateKeyInfo2.getEncryptionAlgorithm(), encryptedPrivateKeyInfo2.getEncryptedData(), cArr, z2);
                            PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier2 = (PKCS12BagAttributeCarrier) unwrapKey2;
                            String str3 = null;
                            ASN1OctetString aSN1OctetString2 = null;
                            Enumeration objects2 = safeBag2.getBagAttributes().getObjects();
                            while (objects2.hasMoreElements()) {
                                ASN1Sequence aSN1Sequence4 = (ASN1Sequence) objects2.nextElement();
                                DERObjectIdentifier dERObjectIdentifier2 = (DERObjectIdentifier) aSN1Sequence4.getObjectAt(0);
                                ASN1Set aSN1Set2 = (ASN1Set) aSN1Sequence4.getObjectAt(1);
                                DERObject dERObject2 = null;
                                if (aSN1Set2.size() > 0) {
                                    dERObject2 = (DERObject) aSN1Set2.getObjectAt(0);
                                    pKCS12BagAttributeCarrier2.setBagAttribute(dERObjectIdentifier2, dERObject2);
                                }
                                if (dERObjectIdentifier2.equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName)) {
                                    str3 = ((DERBMPString) dERObject2).getString();
                                    this.keys.put(str3, unwrapKey2);
                                } else if (dERObjectIdentifier2.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) {
                                    aSN1OctetString2 = (ASN1OctetString) dERObject2;
                                }
                            }
                            String str4 = new String(Hex.encode(aSN1OctetString2.getOctets()));
                            if (str3 == null) {
                                this.keys.put(str4, unwrapKey2);
                            } else {
                                this.localIds.put(str3, str4);
                            }
                        } else if (safeBag2.getBagId().equals(PKCSObjectIdentifiers.keyBag)) {
                            PrivateKey createPrivateKeyFromPrivateKeyInfo = JDKKeyFactory.createPrivateKeyFromPrivateKeyInfo(new PrivateKeyInfo((ASN1Sequence) safeBag2.getBagValue()));
                            PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier3 = (PKCS12BagAttributeCarrier) createPrivateKeyFromPrivateKeyInfo;
                            String str5 = null;
                            ASN1OctetString aSN1OctetString3 = null;
                            Enumeration objects3 = safeBag2.getBagAttributes().getObjects();
                            while (objects3.hasMoreElements()) {
                                ASN1Sequence aSN1Sequence5 = (ASN1Sequence) objects3.nextElement();
                                DERObjectIdentifier dERObjectIdentifier3 = (DERObjectIdentifier) aSN1Sequence5.getObjectAt(0);
                                ASN1Set aSN1Set3 = (ASN1Set) aSN1Sequence5.getObjectAt(1);
                                DERObject dERObject3 = null;
                                if (aSN1Set3.size() > 0) {
                                    dERObject3 = (DERObject) aSN1Set3.getObjectAt(0);
                                    pKCS12BagAttributeCarrier3.setBagAttribute(dERObjectIdentifier3, dERObject3);
                                }
                                if (dERObjectIdentifier3.equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName)) {
                                    str5 = ((DERBMPString) dERObject3).getString();
                                    this.keys.put(str5, createPrivateKeyFromPrivateKeyInfo);
                                } else if (dERObjectIdentifier3.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) {
                                    aSN1OctetString3 = (ASN1OctetString) dERObject3;
                                }
                            }
                            String str6 = new String(Hex.encode(aSN1OctetString3.getOctets()));
                            if (str5 == null) {
                                this.keys.put(str6, createPrivateKeyFromPrivateKeyInfo);
                            } else {
                                this.localIds.put(str5, str6);
                            }
                        } else {
                            System.out.println(new StringBuffer().append("extra in encryptedData ").append(safeBag2.getBagId()).toString());
                            System.out.println(ASN1Dump.dumpAsString(safeBag2));
                        }
                    }
                } else {
                    System.out.println(new StringBuffer().append("extra ").append(contentInfo[i].getContentType().getId()).toString());
                    System.out.println(new StringBuffer().append("extra ").append(ASN1Dump.dumpAsString(contentInfo[i].getContent())).toString());
                }
            }
        }
        this.certs = new IgnoresCaseHashtable(null);
        this.chainCerts = new Hashtable();
        this.keyCerts = new Hashtable();
        for (int i4 = 0; i4 != vector.size(); i4++) {
            SafeBag safeBag3 = (SafeBag) vector.elementAt(i4);
            CertBag certBag = new CertBag((ASN1Sequence) safeBag3.getBagValue());
            if (!certBag.getCertId().equals(PKCSObjectIdentifiers.x509Certificate)) {
                throw new RuntimeException(new StringBuffer().append("Unsupported certificate type: ").append(certBag.getCertId()).toString());
            }
            try {
                Certificate generateCertificate = this.certFact.generateCertificate(new ByteArrayInputStream(((ASN1OctetString) certBag.getCertValue()).getOctets()));
                ASN1OctetString aSN1OctetString4 = null;
                String str7 = null;
                if (safeBag3.getBagAttributes() != null) {
                    Enumeration objects4 = safeBag3.getBagAttributes().getObjects();
                    while (objects4.hasMoreElements()) {
                        ASN1Sequence aSN1Sequence6 = (ASN1Sequence) objects4.nextElement();
                        DERObjectIdentifier dERObjectIdentifier4 = (DERObjectIdentifier) aSN1Sequence6.getObjectAt(0);
                        DERObject dERObject4 = (DERObject) ((ASN1Set) aSN1Sequence6.getObjectAt(1)).getObjectAt(0);
                        if (generateCertificate instanceof PKCS12BagAttributeCarrier) {
                            ((PKCS12BagAttributeCarrier) generateCertificate).setBagAttribute(dERObjectIdentifier4, dERObject4);
                        }
                        if (dERObjectIdentifier4.equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName)) {
                            str7 = ((DERBMPString) dERObject4).getString();
                        } else if (dERObjectIdentifier4.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) {
                            aSN1OctetString4 = (ASN1OctetString) dERObject4;
                        }
                    }
                }
                this.chainCerts.put(new CertId(this, generateCertificate.getPublicKey()), generateCertificate);
                if (!z) {
                    if (aSN1OctetString4 != null) {
                        this.keyCerts.put(new String(Hex.encode(aSN1OctetString4.getOctets())), generateCertificate);
                    }
                    if (str7 != null) {
                        this.certs.put(str7, generateCertificate);
                    }
                } else if (this.keyCerts.isEmpty()) {
                    String str8 = new String(Hex.encode(createSubjectKeyId(generateCertificate.getPublicKey()).getKeyIdentifier()));
                    this.keyCerts.put(str8, generateCertificate);
                    this.keys.put(str8, this.keys.remove("unmarked"));
                }
            } catch (Exception e3) {
                throw new RuntimeException(e3.toString());
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException {
        if (cArr == null) {
            throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Enumeration keys = this.keys.keys();
        while (keys.hasMoreElements()) {
            byte[] bArr = new byte[20];
            this.random.nextBytes(bArr);
            String str = (String) keys.nextElement();
            PrivateKey privateKey = (PrivateKey) this.keys.get(str);
            PKCS12PBEParams pKCS12PBEParams = new PKCS12PBEParams(bArr, 1024);
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(KEY_ALGORITHM, pKCS12PBEParams.getDERObject()), wrapKey(KEY_ALGORITHM.getId(), privateKey, pKCS12PBEParams, cArr));
            boolean z = false;
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            if (privateKey instanceof PKCS12BagAttributeCarrier) {
                PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier = (PKCS12BagAttributeCarrier) privateKey;
                DERBMPString dERBMPString = (DERBMPString) pKCS12BagAttributeCarrier.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName);
                if (dERBMPString == null || !dERBMPString.getString().equals(str)) {
                    pKCS12BagAttributeCarrier.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str));
                }
                if (pKCS12BagAttributeCarrier.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId) == null) {
                    pKCS12BagAttributeCarrier.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, createSubjectKeyId(engineGetCertificate(str).getPublicKey()));
                }
                Enumeration bagAttributeKeys = pKCS12BagAttributeCarrier.getBagAttributeKeys();
                while (bagAttributeKeys.hasMoreElements()) {
                    DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) bagAttributeKeys.nextElement();
                    ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
                    aSN1EncodableVector3.add(dERObjectIdentifier);
                    aSN1EncodableVector3.add(new DERSet(pKCS12BagAttributeCarrier.getBagAttribute(dERObjectIdentifier)));
                    z = true;
                    aSN1EncodableVector2.add(new DERSequence(aSN1EncodableVector3));
                }
            }
            if (!z) {
                ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
                Certificate engineGetCertificate = engineGetCertificate(str);
                aSN1EncodableVector4.add(PKCSObjectIdentifiers.pkcs_9_at_localKeyId);
                aSN1EncodableVector4.add(new DERSet(createSubjectKeyId(engineGetCertificate.getPublicKey())));
                aSN1EncodableVector2.add(new DERSequence(aSN1EncodableVector4));
                ASN1EncodableVector aSN1EncodableVector5 = new ASN1EncodableVector();
                aSN1EncodableVector5.add(PKCSObjectIdentifiers.pkcs_9_at_friendlyName);
                aSN1EncodableVector5.add(new DERSet(new DERBMPString(str)));
                aSN1EncodableVector2.add(new DERSequence(aSN1EncodableVector5));
            }
            aSN1EncodableVector.add(new SafeBag(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, encryptedPrivateKeyInfo.getDERObject(), new DERSet(aSN1EncodableVector2)));
        }
        BERConstructedOctetString bERConstructedOctetString = new BERConstructedOctetString(new DERSequence(aSN1EncodableVector).getDEREncoded());
        byte[] bArr2 = new byte[20];
        this.random.nextBytes(bArr2);
        ASN1EncodableVector aSN1EncodableVector6 = new ASN1EncodableVector();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(CERT_ALGORITHM, new PKCS12PBEParams(bArr2, 1024).getDERObject());
        Hashtable hashtable = new Hashtable();
        Enumeration keys2 = this.keys.keys();
        while (keys2.hasMoreElements()) {
            try {
                String str2 = (String) keys2.nextElement();
                Certificate engineGetCertificate2 = engineGetCertificate(str2);
                boolean z2 = false;
                CertBag certBag = new CertBag(PKCSObjectIdentifiers.x509Certificate, new DEROctetString(engineGetCertificate2.getEncoded()));
                ASN1EncodableVector aSN1EncodableVector7 = new ASN1EncodableVector();
                if (engineGetCertificate2 instanceof PKCS12BagAttributeCarrier) {
                    PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier2 = (PKCS12BagAttributeCarrier) engineGetCertificate2;
                    DERBMPString dERBMPString2 = (DERBMPString) pKCS12BagAttributeCarrier2.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName);
                    if (dERBMPString2 == null || !dERBMPString2.getString().equals(str2)) {
                        pKCS12BagAttributeCarrier2.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str2));
                    }
                    if (pKCS12BagAttributeCarrier2.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId) == null) {
                        pKCS12BagAttributeCarrier2.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, createSubjectKeyId(engineGetCertificate2.getPublicKey()));
                    }
                    Enumeration bagAttributeKeys2 = pKCS12BagAttributeCarrier2.getBagAttributeKeys();
                    while (bagAttributeKeys2.hasMoreElements()) {
                        DERObjectIdentifier dERObjectIdentifier2 = (DERObjectIdentifier) bagAttributeKeys2.nextElement();
                        ASN1EncodableVector aSN1EncodableVector8 = new ASN1EncodableVector();
                        aSN1EncodableVector8.add(dERObjectIdentifier2);
                        aSN1EncodableVector8.add(new DERSet(pKCS12BagAttributeCarrier2.getBagAttribute(dERObjectIdentifier2)));
                        aSN1EncodableVector7.add(new DERSequence(aSN1EncodableVector8));
                        z2 = true;
                    }
                }
                if (!z2) {
                    ASN1EncodableVector aSN1EncodableVector9 = new ASN1EncodableVector();
                    aSN1EncodableVector9.add(PKCSObjectIdentifiers.pkcs_9_at_localKeyId);
                    aSN1EncodableVector9.add(new DERSet(createSubjectKeyId(engineGetCertificate2.getPublicKey())));
                    aSN1EncodableVector7.add(new DERSequence(aSN1EncodableVector9));
                    ASN1EncodableVector aSN1EncodableVector10 = new ASN1EncodableVector();
                    aSN1EncodableVector10.add(PKCSObjectIdentifiers.pkcs_9_at_friendlyName);
                    aSN1EncodableVector10.add(new DERSet(new DERBMPString(str2)));
                    aSN1EncodableVector7.add(new DERSequence(aSN1EncodableVector10));
                }
                aSN1EncodableVector6.add(new SafeBag(PKCSObjectIdentifiers.certBag, certBag.getDERObject(), new DERSet(aSN1EncodableVector7)));
                hashtable.put(engineGetCertificate2, engineGetCertificate2);
            } catch (CertificateEncodingException e) {
                throw new IOException(new StringBuffer().append("Error encoding certificate: ").append(e.toString()).toString());
            }
        }
        Enumeration keys3 = this.certs.keys();
        while (keys3.hasMoreElements()) {
            try {
                String str3 = (String) keys3.nextElement();
                Certificate certificate = (Certificate) this.certs.get(str3);
                boolean z3 = false;
                if (this.keys.get(str3) == null) {
                    CertBag certBag2 = new CertBag(PKCSObjectIdentifiers.x509Certificate, new DEROctetString(certificate.getEncoded()));
                    ASN1EncodableVector aSN1EncodableVector11 = new ASN1EncodableVector();
                    if (certificate instanceof PKCS12BagAttributeCarrier) {
                        PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier3 = (PKCS12BagAttributeCarrier) certificate;
                        DERBMPString dERBMPString3 = (DERBMPString) pKCS12BagAttributeCarrier3.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName);
                        if (dERBMPString3 == null || !dERBMPString3.getString().equals(str3)) {
                            pKCS12BagAttributeCarrier3.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str3));
                        }
                        Enumeration bagAttributeKeys3 = pKCS12BagAttributeCarrier3.getBagAttributeKeys();
                        while (bagAttributeKeys3.hasMoreElements()) {
                            DERObjectIdentifier dERObjectIdentifier3 = (DERObjectIdentifier) bagAttributeKeys3.nextElement();
                            ASN1EncodableVector aSN1EncodableVector12 = new ASN1EncodableVector();
                            aSN1EncodableVector12.add(dERObjectIdentifier3);
                            aSN1EncodableVector12.add(new DERSet(pKCS12BagAttributeCarrier3.getBagAttribute(dERObjectIdentifier3)));
                            aSN1EncodableVector11.add(new DERSequence(aSN1EncodableVector12));
                            z3 = true;
                        }
                    }
                    if (!z3) {
                        ASN1EncodableVector aSN1EncodableVector13 = new ASN1EncodableVector();
                        aSN1EncodableVector13.add(PKCSObjectIdentifiers.pkcs_9_at_friendlyName);
                        aSN1EncodableVector13.add(new DERSet(new DERBMPString(str3)));
                        aSN1EncodableVector11.add(new DERSequence(aSN1EncodableVector13));
                    }
                    aSN1EncodableVector6.add(new SafeBag(PKCSObjectIdentifiers.certBag, certBag2.getDERObject(), new DERSet(aSN1EncodableVector11)));
                    hashtable.put(certificate, certificate);
                }
            } catch (CertificateEncodingException e2) {
                throw new IOException(new StringBuffer().append("Error encoding certificate: ").append(e2.toString()).toString());
            }
        }
        Enumeration keys4 = this.chainCerts.keys();
        while (keys4.hasMoreElements()) {
            try {
                Certificate certificate2 = (Certificate) this.chainCerts.get((CertId) keys4.nextElement());
                if (hashtable.get(certificate2) == null) {
                    CertBag certBag3 = new CertBag(PKCSObjectIdentifiers.x509Certificate, new DEROctetString(certificate2.getEncoded()));
                    ASN1EncodableVector aSN1EncodableVector14 = new ASN1EncodableVector();
                    if (certificate2 instanceof PKCS12BagAttributeCarrier) {
                        PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier4 = (PKCS12BagAttributeCarrier) certificate2;
                        Enumeration bagAttributeKeys4 = pKCS12BagAttributeCarrier4.getBagAttributeKeys();
                        while (bagAttributeKeys4.hasMoreElements()) {
                            DERObjectIdentifier dERObjectIdentifier4 = (DERObjectIdentifier) bagAttributeKeys4.nextElement();
                            ASN1EncodableVector aSN1EncodableVector15 = new ASN1EncodableVector();
                            aSN1EncodableVector15.add(dERObjectIdentifier4);
                            aSN1EncodableVector15.add(new DERSet(pKCS12BagAttributeCarrier4.getBagAttribute(dERObjectIdentifier4)));
                            aSN1EncodableVector14.add(new DERSequence(aSN1EncodableVector15));
                        }
                    }
                    aSN1EncodableVector6.add(new SafeBag(PKCSObjectIdentifiers.certBag, certBag3.getDERObject(), new DERSet(aSN1EncodableVector14)));
                }
            } catch (CertificateEncodingException e3) {
                throw new IOException(new StringBuffer().append("Error encoding certificate: ").append(e3.toString()).toString());
            }
        }
        AuthenticatedSafe authenticatedSafe = new AuthenticatedSafe(new ContentInfo[]{new ContentInfo(PKCSObjectIdentifiers.data, bERConstructedOctetString), new ContentInfo(PKCSObjectIdentifiers.encryptedData, new EncryptedData(PKCSObjectIdentifiers.data, algorithmIdentifier, new BERConstructedOctetString(cryptData(true, algorithmIdentifier, cArr, false, new DERSequence(aSN1EncodableVector6).getDEREncoded()))).getDERObject())});
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new BEROutputStream(byteArrayOutputStream).writeObject(authenticatedSafe);
        ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.data, new BERConstructedOctetString(byteArrayOutputStream.toByteArray()));
        byte[] bArr3 = new byte[20];
        this.random.nextBytes(bArr3);
        try {
            new BEROutputStream(outputStream).writeObject(new Pfx(contentInfo, new MacData(new DigestInfo(new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1, new DERNull()), calculatePbeMac(X509ObjectIdentifiers.id_SHA1, bArr3, 1024, cArr, false, ((ASN1OctetString) contentInfo.getContent()).getOctets())), bArr3, 1024)));
        } catch (Exception e4) {
            throw new IOException(new StringBuffer().append("error constructing MAC: ").append(e4.toString()).toString());
        }
    }

    private static byte[] calculatePbeMac(DERObjectIdentifier dERObjectIdentifier, byte[] bArr, int i, char[] cArr, boolean z, byte[] bArr2) throws Exception {
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(dERObjectIdentifier.getId(), "BC");
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, i);
        JCEPBEKey jCEPBEKey = (JCEPBEKey) secretKeyFactory.generateSecret(new PBEKeySpec(cArr));
        jCEPBEKey.setTryWrongPKCS12Zero(z);
        Mac mac = Mac.getInstance(dERObjectIdentifier.getId(), "BC");
        mac.init(jCEPBEKey, pBEParameterSpec);
        mac.update(bArr2);
        return mac.doFinal();
    }
}
