package com.ibm.crypto.provider;

import com.ibm.security.pkcs12.PFX;
import com.ibm.security.pkcs8.EncryptedPrivateKeyInfo;
import com.ibm.security.pkcs8.PrivateKeyInfo;
import com.ibm.security.pkcsutil.PKCSOID;
import com.ibm.security.util.DerInputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.x509.AlgorithmId;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;

/* loaded from: input_file:wlp/lib/com.ibm.crypto.ibmkeycert_1.0.jar:com/ibm/crypto/provider/PKCS12KeyStoreV2.class */
public class PKCS12KeyStoreV2 extends KeyStoreSpi {
    private static Date a;
    private static volatile int b;
    private java.security.SecureRandom c;
    private Map<String, Object> d = new HashMap();
    private CertificateFactory e = null;
    private static Class f;
    private static String[] z;

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo;
        Object obj = this.d.get(str.toLowerCase());
        if (obj == null || !(obj instanceof kb) || (encryptedPrivateKeyInfo = ((kb) obj).b) == null) {
            return null;
        }
        byte[] encryptedData = encryptedPrivateKeyInfo.getEncryptedData();
        AlgorithmId algorithmId = encryptedPrivateKeyInfo.getAlgorithmId();
        AlgorithmParameters algParameters = algorithmId.getAlgParameters();
        try {
            SecretKey a2 = a(cArr);
            Cipher cipher = Cipher.getInstance(algorithmId.getName());
            cipher.init(2, a2, algParameters);
            byte[] doFinal = cipher.doFinal(encryptedData);
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(doFinal);
            DerInputStream derInputStream = new DerValue(doFinal).toDerInputStream();
            derInputStream.getInteger();
            return KeyFactory.getInstance(new AlgorithmId(derInputStream.getSequence(2)[0].getOID()).getName()).generatePrivate(pKCS8EncodedKeySpec);
        } catch (Exception e) {
            e.printStackTrace();
            UnrecoverableKeyException unrecoverableKeyException = new UnrecoverableKeyException(z[1] + e.getMessage());
            unrecoverableKeyException.initCause(e);
            throw unrecoverableKeyException;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        Certificate[] certificateArr = null;
        Object obj = this.d.get(str.toLowerCase());
        if (obj != null && (obj instanceof kb) && ((kb) obj).d != null) {
            certificateArr = (Certificate[]) ((kb) obj).d.clone();
        }
        if (certificateArr != null && this.e != null && certificateArr[0] != null && f != null && !f.isInstance(certificateArr[0])) {
            for (int i = 0; i < certificateArr.length; i++) {
                if (certificateArr[i] != null) {
                    Certificate certificate = certificateArr[i];
                    try {
                        certificateArr[i] = this.e.generateCertificate(new ByteArrayInputStream(certificateArr[i].getEncoded()));
                    } catch (Exception e) {
                        certificateArr[i] = certificate;
                    }
                }
            }
        }
        return certificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        Object obj = this.d.get(str.toLowerCase());
        if (obj == null || !(obj instanceof kb) || ((kb) obj).d == null) {
            return null;
        }
        return ((kb) obj).d[0];
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        Object obj = this.d.get(str.toLowerCase());
        Date date = null;
        if (obj != null && (obj instanceof kb)) {
            date = ((kb) obj).a;
        }
        return date != null ? date : new Date(0L);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        synchronized (this.d) {
            try {
                kb kbVar = new kb(this);
                if (!(key instanceof PrivateKey)) {
                    throw new KeyStoreException(z[21]);
                }
                if (!key.getFormat().equals(z[23]) && !key.getFormat().equals(z[22])) {
                    throw new KeyStoreException(z[20]);
                }
                kbVar.b = a(key.getEncoded(), cArr);
                if (certificateArr != null) {
                    if (certificateArr.length > 1 && !a(certificateArr)) {
                        throw new KeyStoreException(z[18]);
                    }
                    kbVar.d = (Certificate[]) certificateArr.clone();
                }
                kbVar.c = (z[7] + new Date().getTime()).getBytes(z[6]);
                this.d.put(str.toLowerCase(), kbVar);
            } catch (Exception e) {
                KeyStoreException keyStoreException = new KeyStoreException(z[19] + e);
                keyStoreException.initCause(e);
                throw keyStoreException;
            }
        }
    }

    private EncryptedPrivateKeyInfo a(byte[] bArr, char[] cArr) throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
        try {
            AlgorithmParameters a2 = a(z[3]);
            SecretKey a3 = a(cArr);
            Cipher cipher = Cipher.getInstance(z[30]);
            cipher.init(1, a3, a2);
            return new EncryptedPrivateKeyInfo(new AlgorithmId(PKCSOID.PBEWITHSHAAND3KEYTRIPLEDESCBC_OID, a2.getEncoded()), cipher.doFinal(bArr));
        } catch (Exception e) {
            UnrecoverableKeyException unrecoverableKeyException = new UnrecoverableKeyException(z[29] + e.getMessage());
            unrecoverableKeyException.initCause(e);
            throw unrecoverableKeyException;
        }
    }

    private AlgorithmParameters a(String str) throws IOException {
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(a(), 1024);
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(str);
            algorithmParameters.init(pBEParameterSpec);
            return algorithmParameters;
        } catch (Exception e) {
            IOException iOException = new IOException(z[8] + e.getMessage());
            iOException.initCause(e);
            throw iOException;
        }
    }

    private byte[] a() {
        byte[] bArr = new byte[20];
        if (this.c == null) {
            this.c = new java.security.SecureRandom();
        }
        return this.c.generateSeed(20);
    }

    private SecretKey a(char[] cArr) throws IOException {
        try {
            return SecretKeyFactory.getInstance(z[3]).generateSecret(new PBEKeySpec(cArr));
        } catch (Exception e) {
            IOException iOException = new IOException(z[2] + e.getMessage());
            iOException.initCause(e);
            throw iOException;
        }
    }

    private boolean a(Certificate[] certificateArr) {
        for (int i = 0; i < certificateArr.length - 1; i++) {
            if (!((X509Certificate) certificateArr[i]).getIssuerX500Principal().equals(((X509Certificate) certificateArr[i + 1]).getSubjectX500Principal())) {
                return false;
            }
        }
        return true;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException(z[0]);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Object obj = this.d.get(str.toLowerCase());
        if (obj != null && (obj instanceof kb)) {
            throw new KeyStoreException(z[25]);
        }
        throw new KeyStoreException(z[24]);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        synchronized (this.d) {
            this.d.remove(str.toLowerCase());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration engineAliases() {
        return Collections.enumeration(this.d.keySet());
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return this.d.containsKey(str.toLowerCase());
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.d.size();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        boolean z2 = false;
        Object obj = this.d.get(str.toLowerCase());
        if (obj != null && (obj instanceof kb)) {
            z2 = true;
        }
        return z2;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        Enumeration enumeration = Collections.enumeration(this.d.keySet());
        while (enumeration.hasMoreElements()) {
            String str = (String) enumeration.nextElement();
            Object obj = this.d.get(str);
            if ((obj instanceof kb) && ((kb) obj).d != null && ((kb) obj).d[0].equals(certificate)) {
                return str;
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        synchronized (this.d) {
            if (cArr == null) {
                throw new IllegalArgumentException(z[26]);
            }
            try {
                PFX pfx = new PFX();
                Enumeration enumeration = Collections.enumeration(this.d.keySet());
                while (enumeration.hasMoreElements()) {
                    String str = (String) enumeration.nextElement();
                    Object obj = this.d.get(str);
                    if (obj instanceof kb) {
                        pfx.addShroudedKey(((kb) obj).b, str, ((kb) obj).c);
                        Certificate[] certificateArr = ((kb) obj).d;
                        if (certificateArr != null) {
                            for (Certificate certificate : certificateArr) {
                                pfx.addCertificate(certificate, str, ((kb) obj).c);
                            }
                        }
                    }
                }
                pfx.protect(z[28], cArr);
                pfx.encode(outputStream);
            } catch (Exception e) {
                throw new IOException(z[27] + e.getMessage());
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        synchronized (this.d) {
            if (inputStream == null || cArr == null) {
                return;
            }
            byte[] bArr = new byte[inputStream.available()];
            inputStream.read(bArr);
            PFX pfx = new PFX(bArr);
            if (!pfx.verifyMac(cArr)) {
                throw new IOException(z[5]);
            }
            try {
                EncryptedPrivateKeyInfo[] shroudedKeys = pfx.getShroudedKeys(cArr);
                if (shroudedKeys != null) {
                    for (EncryptedPrivateKeyInfo encryptedPrivateKeyInfo : shroudedKeys) {
                        try {
                            kb kbVar = new kb(this);
                            kbVar.b = encryptedPrivateKeyInfo;
                            kbVar.c = pfx.getLocalKeyIdOfShroudedKey(kbVar.b, cArr);
                            String str = new String(kbVar.c, z[6]);
                            Date date = null;
                            if (str.startsWith(z[7])) {
                                try {
                                    date = new Date(Long.parseLong(str.substring(5)));
                                } catch (Exception e) {
                                    date = null;
                                }
                            }
                            if (date == null) {
                                date = new Date(0L);
                            }
                            kbVar.a = date;
                            Certificate[] a2 = a(kbVar.b, kbVar.c, cArr, pfx);
                            if (a2 != null) {
                                kbVar.d = (Certificate[]) a2.clone();
                            }
                            String friendlyNameOfShroudedKey = pfx.getFriendlyNameOfShroudedKey(kbVar.b, cArr);
                            if (friendlyNameOfShroudedKey == null) {
                                friendlyNameOfShroudedKey = kbVar.d == null ? c() : ((X509Certificate) kbVar.d[0]).getSerialNumber().toString() + ((X509Certificate) kbVar.d[0]).getSubjectDN().toString() + ((X509Certificate) kbVar.d[0]).getIssuerDN().toString();
                            }
                            this.d.put(friendlyNameOfShroudedKey.toLowerCase(), kbVar);
                        } catch (Exception e2) {
                            throw new IOException(z[4] + e2.getMessage());
                        }
                    }
                }
            } catch (Exception e3) {
                throw new IOException(z[4] + e3.getMessage());
            }
        }
    }

    private PrivateKey a(PrivateKey privateKey) throws Exception {
        return KeyFactory.getInstance(privateKey.getAlgorithm(), z[17]).generatePrivate(new PKCS8EncodedKeySpec(privateKey.getEncoded()));
    }

    private Certificate[] a(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, byte[] bArr, char[] cArr, PFX pfx) throws Exception {
        Certificate certificate = null;
        Certificate[] certificatesByLocalKeyId = pfx.getCertificatesByLocalKeyId(cArr, bArr);
        if (certificatesByLocalKeyId != null) {
            String algorithm = encryptedPrivateKeyInfo.getAlgorithm();
            int length = certificatesByLocalKeyId.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Certificate certificate2 = certificatesByLocalKeyId[i];
                Signature signature = null;
                if (algorithm.equalsIgnoreCase(z[15]) || algorithm.equalsIgnoreCase(z[13])) {
                    signature = Signature.getInstance(z[11], z[17]);
                } else if (algorithm.equalsIgnoreCase(z[9])) {
                    signature = Signature.getInstance(z[16], z[17]);
                } else if (algorithm.equalsIgnoreCase(z[14])) {
                    signature = Signature.getInstance(z[12], z[17]);
                }
                signature.initSign(a(new PrivateKeyInfo(encryptedPrivateKeyInfo.decrypt(cArr))));
                signature.update(z[10].getBytes());
                byte[] sign = signature.sign();
                signature.initVerify(certificate2.getPublicKey());
                signature.update(z[10].getBytes());
                if (signature.verify(sign)) {
                    certificate = certificate2;
                    break;
                }
                i++;
            }
        }
        if (certificate == null) {
            return null;
        }
        try {
            certificate.verify(certificate.getPublicKey());
            return new Certificate[]{certificatesByLocalKeyId[0]};
        } catch (Exception e) {
            boolean z2 = false;
            int i2 = 0;
            Certificate certificate3 = certificatesByLocalKeyId[0];
            LinkedList linkedList = new LinkedList();
            linkedList.add(certificatesByLocalKeyId[0]);
            Principal issuerDN = ((X509Certificate) certificate3).getIssuerDN();
            while (!z2 && i2 < certificatesByLocalKeyId.length) {
                Principal subjectDN = ((X509Certificate) certificatesByLocalKeyId[i2]).getSubjectDN();
                if (subjectDN.equals(issuerDN)) {
                    linkedList.add(certificatesByLocalKeyId[i2]);
                    issuerDN = ((X509Certificate) certificatesByLocalKeyId[i2]).getIssuerDN();
                    if (subjectDN.equals(issuerDN)) {
                        z2 = true;
                    }
                    i2 = -1;
                }
                i2++;
            }
            Certificate[] certificateArr = new Certificate[linkedList.size()];
            for (int i3 = 0; i3 < certificateArr.length; i3++) {
                certificateArr[i3] = (Certificate) linkedList.get(i3);
            }
            linkedList.clear();
            return certificateArr;
        }
    }

    private String c() {
        b++;
        return String.valueOf(b);
    }

    private static char[] z(String str) {
        char[] charArray = str.toCharArray();
        if (charArray.length < 2) {
            charArray[0] = (char) (charArray[0] ^ 16);
        }
        return charArray;
    }

    private static String z(char[] cArr) {
        char c;
        int length = cArr.length;
        char[] cArr2 = cArr;
        int i = 0;
        while (true) {
            int i2 = length;
            cArr2 = cArr2;
            length = i2;
            if (i2 <= i) {
                return new String(cArr2).intern();
            }
            int i3 = i;
            char c2 = cArr2[i3];
            switch (i % 5) {
                case 0:
                    c = 'b';
                    break;
                case 1:
                    c = '!';
                    break;
                case 2:
                    c = 1;
                    break;
                case 3:
                    c = 'Q';
                    break;
                default:
                    c = 16;
                    break;
            }
            cArr2[i3] = (char) (c2 ^ c);
            i++;
        }
    }
}
