package com.ibm.security.cmskeystore;

import com.ibm.security.pkcsutil.PKCSException;
import com.ibm.security.sequence.Sequence;
import com.ibm.security.sequence.SequenceFactory;
import com.ibm.security.sequence.bytes.ByteSequence;
import com.ibm.security.sequence.bytes.ByteSequenceFactory;
import com.ibm.security.sequence.bytes.ByteSequenceIterator;
import java.io.BufferedOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.nio.channels.FileChannel;
import java.nio.channels.OverlappingFileLockException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Set;
import java.util.TreeSet;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:wasJars/ibmcmsprovider.jar:com/ibm/security/cmskeystore/CMSKeyStoreSpi.class */
public class CMSKeyStoreSpi extends KeyStoreSpi {
    private static final int FIXED_RECORD_LENGTH = 5000;
    private static final IntableByteSequence ZERO = IntableByteSequenceFactory.newIntableByteSequence(ByteSequenceFactory.newConstantByteSequence((byte) 0, 4));
    private static final IntableByteSequence ZERO_MD5_HASH = IntableByteSequenceFactory.newIntableByteSequence(ByteSequenceFactory.newConstantByteSequence((byte) 0, 16));
    private static final IntableByteSequence FIXED_RECORD_LENGTH_SEQUENCE = IntableByteSequenceFactory.newIntableByteSequence(5000);
    private static final IntableByteSequence CA_RECORD_NUMBER = IntableByteSequenceFactory.newIntableByteSequence(CACertificates.CACERTS.size());
    private static final ByteSequence UNUSED_FILE_LABEL = ByteSequenceFactory.newConstantByteSequence((byte) 0, 24);
    private static final String STASH_FILE_EXT = ".sth";
    private QueryableKeyDatabase cmsKeyDatabase;
    private Set<String> aliases;
    private String storePassword;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:wasJars/ibmcmsprovider.jar:com/ibm/security/cmskeystore/CMSKeyStoreSpi$PEFromCBHandler.class */
    public static final class PEFromCBHandler implements PasswordExtractor {
        private KeyStore.CallbackHandlerProtection callbackProtection;
        private Callback[] callbacks;
        private static final String prompt = "Please Enter the KeyStore Password:";

        private PEFromCBHandler() {
            this.callbackProtection = null;
            this.callbacks = null;
        }

        PEFromCBHandler(KeyStore.CallbackHandlerProtection callbackHandlerProtection) {
            this.callbackProtection = null;
            this.callbacks = null;
            this.callbackProtection = callbackHandlerProtection;
            this.callbacks = new Callback[1];
        }

        @Override // com.ibm.security.cmskeystore.CMSKeyStoreSpi.PasswordExtractor
        public char[] getPassword() throws IOException {
            char[] password;
            if (this.callbacks[0] == null) {
                CallbackHandler callbackHandler = this.callbackProtection.getCallbackHandler();
                PasswordCallback passwordCallback = new PasswordCallback(prompt, false);
                this.callbacks[0] = passwordCallback;
                try {
                    callbackHandler.handle(this.callbacks);
                    password = passwordCallback.getPassword();
                } catch (UnsupportedCallbackException e) {
                    throw new RuntimeException(e);
                }
            } else {
                password = ((PasswordCallback) this.callbacks[0]).getPassword();
            }
            return password;
        }

        @Override // com.ibm.security.cmskeystore.CMSKeyStoreSpi.PasswordExtractor
        public void destroyPassword() {
            if (this.callbacks[0] != null) {
                ((PasswordCallback) this.callbacks[0]).clearPassword();
                this.callbacks[0] = null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:wasJars/ibmcmsprovider.jar:com/ibm/security/cmskeystore/CMSKeyStoreSpi$PEFromPwdProtection.class */
    public static final class PEFromPwdProtection implements PasswordExtractor {
        KeyStore.PasswordProtection protParam;

        private PEFromPwdProtection() {
        }

        PEFromPwdProtection(KeyStore.PasswordProtection passwordProtection) {
            this.protParam = passwordProtection;
        }

        @Override // com.ibm.security.cmskeystore.CMSKeyStoreSpi.PasswordExtractor
        public char[] getPassword() {
            return this.protParam.getPassword();
        }

        @Override // com.ibm.security.cmskeystore.CMSKeyStoreSpi.PasswordExtractor
        public void destroyPassword() throws DestroyFailedException {
            this.protParam.destroy();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:wasJars/ibmcmsprovider.jar:com/ibm/security/cmskeystore/CMSKeyStoreSpi$PEFromStashedPwdProtection.class */
    public static final class PEFromStashedPwdProtection implements PasswordExtractor {
        StashedPasswordProtection protParam;

        private PEFromStashedPwdProtection() {
        }

        PEFromStashedPwdProtection(StashedPasswordProtection stashedPasswordProtection) {
            this.protParam = stashedPasswordProtection;
        }

        @Override // com.ibm.security.cmskeystore.CMSKeyStoreSpi.PasswordExtractor
        public char[] getPassword() throws IOException {
            return this.protParam.getPassword();
        }

        @Override // com.ibm.security.cmskeystore.CMSKeyStoreSpi.PasswordExtractor
        public void destroyPassword() throws DestroyFailedException {
            this.protParam.destroy();
        }
    }

    /* loaded from: input_file:wasJars/ibmcmsprovider.jar:com/ibm/security/cmskeystore/CMSKeyStoreSpi$PasswordExtractor.class */
    interface PasswordExtractor {
        char[] getPassword() throws IOException;

        void destroyPassword() throws DestroyFailedException;
    }

    static PasswordExtractor newPasswordExtractor(KeyStore.ProtectionParameter protectionParameter) {
        if (protectionParameter instanceof KeyStore.CallbackHandlerProtection) {
            return new PEFromCBHandler((KeyStore.CallbackHandlerProtection) protectionParameter);
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return new PEFromPwdProtection((KeyStore.PasswordProtection) protectionParameter);
        }
        if (protectionParameter instanceof StashedPasswordProtection) {
            return new PEFromStashedPwdProtection((StashedPasswordProtection) protectionParameter);
        }
        return null;
    }

    private void rebuildAliasesList() throws IOException {
        if (this.cmsKeyDatabase == null) {
            return;
        }
        this.aliases = null;
        this.aliases = new TreeSet(new Comparator<String>() { // from class: com.ibm.security.cmskeystore.CMSKeyStoreSpi.1
            @Override // java.util.Comparator
            public int compare(String str, String str2) {
                return str.compareToIgnoreCase(str2);
            }
        });
        Iterator<Record> it = this.cmsKeyDatabase.getRecords().iterator();
        while (it.hasNext()) {
            Buffer label = it.next().getLabel();
            byte[] bArr = new byte[label.getHeader().toInt()];
            label.getContent().getInputStream().read(bArr);
            this.aliases.add(new String(bArr, "UTF-8"));
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws UnrecoverableKeyException {
        if (!engineContainsAlias(str)) {
            return null;
        }
        try {
            if (!this.cmsKeyDatabase.checkPassword(cArr)) {
                throw new UnrecoverableKeyException("Incorrect Password.");
            }
            Record recordByLabel = this.cmsKeyDatabase.getRecordByLabel(getCorrectCaseLabel(str));
            if (recordByLabel == null) {
                return null;
            }
            RecordEncoding encoding = recordByLabel.getEncoding();
            if (!encoding.isPrivateKeyPresent()) {
                return null;
            }
            try {
                return encoding.getPrivateKey(cArr);
            } catch (Exception e) {
                throw new UnrecoverableKeyException("Error occured while extracting the private key: " + e.getMessage());
            }
        } catch (NullPointerException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new UnrecoverableKeyException("Error occured while checking the password validity: " + e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        if (!engineContainsAlias(str)) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        try {
            Record recordByLabel = this.cmsKeyDatabase.getRecordByLabel(getCorrectCaseLabel(str));
            int i = 0 + 1;
            arrayList.add(0, recordByLabel.getEncoding().getCertificate());
            while (true) {
                Record issuerRecord = this.cmsKeyDatabase.getIssuerRecord(recordByLabel);
                if (issuerRecord == null || issuerRecord.getSubjectNameHash().equals(recordByLabel.getSubjectNameHash())) {
                    break;
                }
                recordByLabel = issuerRecord;
                int i2 = i;
                i++;
                arrayList.add(i2, recordByLabel.getEncoding().getCertificate());
            }
            return (Certificate[]) arrayList.toArray(new Certificate[i]);
        } catch (Exception e) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        Record recordByLabel;
        if (!engineContainsAlias(str) || (recordByLabel = this.cmsKeyDatabase.getRecordByLabel(getCorrectCaseLabel(str))) == null) {
            return null;
        }
        try {
            return recordByLabel.getEncoding().getCertificate();
        } catch (Exception e) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if (!key.getFormat().equals("PKCS#8")) {
            throw new KeyStoreException("This keystore allows only PKCS#8 encoded private keys");
        }
        if (cArr != null) {
            try {
                if (!this.cmsKeyDatabase.checkPassword(cArr)) {
                    throw new KeyStoreException("Invalid password provided. Password must be null or the same as the KeyStore password.");
                }
            } catch (Exception e) {
                throw new KeyStoreException("Error occurred while checking the password validity.", e);
            }
        }
        if (certificateArr == null) {
            throw new KeyStoreException("Certificate chain must be provided for this keystore");
        }
        for (Certificate certificate : certificateArr) {
            if (!(certificate instanceof X509Certificate)) {
                throw new KeyStoreException("One of the chain elements is not an X509Certificate");
            }
        }
        RecordDataHashGenerator newRecordDataHashGenerator = RecordDataHashGeneratorFactory.newRecordDataHashGenerator();
        ArrayList arrayList = new ArrayList(certificateArr.length);
        boolean isDefault = key instanceof CMSPrivateKey ? ((CMSPrivateKey) key).isDefault() : false;
        for (int length = certificateArr.length - 1; length > 0; length--) {
            if (engineGetCertificateAlias(certificateArr[length]) == null) {
                X500Principal subjectX500Principal = ((X509Certificate) certificateArr[length]).getSubjectX500Principal();
                if (subjectX500Principal == null || subjectX500Principal.toString().equals("")) {
                    throw new KeyStoreException("The Subject DN of certificate #" + length + " is not in X.500 form");
                }
                String x500Principal = subjectX500Principal.toString();
                if (engineContainsAlias(x500Principal)) {
                    throw new KeyStoreException("A signer certificate with alias: " + x500Principal + " already exists but it contains a different public key");
                }
                try {
                    int nextRecordID = this.cmsKeyDatabase.getNextRecordID();
                    byte[] bytes = x500Principal.getBytes("UTF-8");
                    ByteSequence append = IntableByteSequenceFactory.newIntableByteSequence(bytes.length).append(ByteSequenceFactory.newByteSequence(bytes));
                    X509Certificate x509Certificate = (X509Certificate) certificateArr[length];
                    arrayList.add(RecordFactory.newRecord(RecordFlag.CREATED.append(IntableByteSequenceFactory.newIntableByteSequence(nextRecordID)).append(RecordEncodingFactory.newRecordEncoding(nextRecordID, x509Certificate, x500Principal, true)).append(BufferFactory.newBuffer(append.getInputStream())).append(ZERO).append(newRecordDataHashGenerator.generateCertificateSignatureHash(x509Certificate)).append(newRecordDataHashGenerator.generateTBSCertificateHash(x509Certificate)).append(newRecordDataHashGenerator.generateSubjectNameHash(x509Certificate)).append(newRecordDataHashGenerator.generateSubjectPublicKeyInfoHash(x509Certificate)).append(newRecordDataHashGenerator.generateIssuerAndSerialNumberHash(x509Certificate)).getInputStream(), 5000));
                } catch (Exception e2) {
                    throw new KeyStoreException("Error occurred while adding the certificate chain to KeyStore.", e2);
                }
            }
        }
        try {
            byte[] bytes2 = str.getBytes("UTF-8");
            ByteSequence append2 = IntableByteSequenceFactory.newIntableByteSequence(bytes2.length).append(ByteSequenceFactory.newByteSequence(bytes2));
            int nextRecordID2 = this.cmsKeyDatabase.getNextRecordID();
            X509Certificate x509Certificate2 = (X509Certificate) certificateArr[0];
            arrayList.add(RecordFactory.newRecord(RecordFlag.CREATED.append(IntableByteSequenceFactory.newIntableByteSequence(nextRecordID2)).append(RecordEncodingFactory.newKeyRecordEncoding(nextRecordID2, x509Certificate2, (PrivateKey) key, this.storePassword.toCharArray(), str, isDefault)).append(BufferFactory.newBuffer(append2.getInputStream())).append(ZERO).append(newRecordDataHashGenerator.generateCertificateSignatureHash(x509Certificate2)).append(newRecordDataHashGenerator.generateTBSCertificateHash(x509Certificate2)).append(newRecordDataHashGenerator.generateSubjectNameHash(x509Certificate2)).append(newRecordDataHashGenerator.generateSubjectPublicKeyInfoHash(x509Certificate2)).append(newRecordDataHashGenerator.generateIssuerAndSerialNumberHash(x509Certificate2)).getInputStream(), 5000));
            if (engineContainsAlias(str)) {
                engineDeleteEntry(str);
            }
            String engineGetCertificateAlias = engineGetCertificateAlias(certificateArr[0]);
            if (engineGetCertificateAlias != null && !engineGetCertificateAlias.equalsIgnoreCase(str)) {
                engineDeleteEntry(engineGetCertificateAlias);
            }
            if (isDefault) {
                try {
                    String defaultKeyAlias = getDefaultKeyAlias();
                    if (defaultKeyAlias != null) {
                        Record recordByLabel = this.cmsKeyDatabase.getRecordByLabel(defaultKeyAlias);
                        int i = recordByLabel.getRecordId().toInt();
                        X509Certificate x509Certificate3 = (X509Certificate) recordByLabel.getEncoding().getCertificate();
                        PrivateKey privateKey = recordByLabel.getEncoding().getPrivateKey(this.storePassword.toCharArray());
                        RecordDataHashGenerator newRecordDataHashGenerator2 = RecordDataHashGeneratorFactory.newRecordDataHashGenerator();
                        arrayList.add(RecordFactory.newRecord(RecordFlag.CREATED.append(recordByLabel.getRecordId()).append(RecordEncodingFactory.newKeyRecordEncoding(i, x509Certificate3, privateKey, this.storePassword.toCharArray(), defaultKeyAlias, false)).append(recordByLabel.getLabel()).append(ZERO).append(newRecordDataHashGenerator2.generateCertificateSignatureHash(x509Certificate3)).append(newRecordDataHashGenerator2.generateTBSCertificateHash(x509Certificate3)).append(newRecordDataHashGenerator2.generateSubjectNameHash(x509Certificate3)).append(newRecordDataHashGenerator2.generateSubjectPublicKeyInfoHash(x509Certificate3)).append(newRecordDataHashGenerator2.generateIssuerAndSerialNumberHash(x509Certificate3)).getInputStream(), 5000));
                        engineDeleteEntry(defaultKeyAlias);
                    }
                } catch (Exception e3) {
                    throw new KeyStoreException("Error occurred while updating the old default certificate.");
                }
            }
            try {
                Sequence<Record> append3 = this.cmsKeyDatabase.getRecords().append(SequenceFactory.newSequence(arrayList));
                ByteSequence append4 = MagicNumberValidatorFactory.MAGIC_NUMBER.append(this.cmsKeyDatabase.getHeader().getMajorVersionNumber()).append(this.cmsKeyDatabase.getHeader().getMinorVersionNumber()).append(ZERO).append(FileType.X509KEY).append(FIXED_RECORD_LENGTH_SEQUENCE).append(IntableByteSequenceFactory.newIntableByteSequence(append3.length())).append(UNUSED_FILE_LABEL).append(this.cmsKeyDatabase.getHeader().getPasswordHeaderHash()).append(this.cmsKeyDatabase.getHeader().getPasswordDatabaseHash());
                Iterator<Record> it = append3.iterator();
                while (it.hasNext()) {
                    append4 = append4.append(it.next());
                }
                this.cmsKeyDatabase = QueryableKeyDatabaseFactory.newQueryableKeyDatabase(KeyDatabaseFactory.newKeyDatabase(append4.getInputStream()));
                updateHeaderHashes();
                rebuildAliasesList();
            } catch (Exception e4) {
                throw new KeyStoreException(e4);
            }
        } catch (Exception e5) {
            throw new KeyStoreException("Error occurred while adding the End Entity certificate to KeyStore.", e5);
        }
    }

    private String getDefaultKeyAlias() throws UnsupportedEncodingException, IOException {
        for (Record record : this.cmsKeyDatabase.getKeyRecords()) {
            if (record.getEncoding().isDefaultKey()) {
                Buffer label = record.getLabel();
                byte[] bArr = new byte[label.getHeader().toInt()];
                label.getContent().getInputStream().read(bArr);
                return new String(bArr, "UTF-8");
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("CMS cannot accept externally encoded PKCS#8 objects");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        try {
            if (!(certificate instanceof X509Certificate)) {
                throw new KeyStoreException("Only X509 Certificates are expected.");
            }
            if (engineContainsAlias(str)) {
                if (!engineIsCertificateEntry(str)) {
                    throw new KeyStoreException("Alias already exists and is associated with key entry.");
                }
                engineDeleteEntry(str);
            }
            boolean z = true;
            if (certificate instanceof CMSCertificate) {
                z = ((CMSCertificate) certificate).isTrusted();
            }
            String engineGetCertificateAlias = engineGetCertificateAlias(certificate);
            if (engineGetCertificateAlias != null) {
                engineDeleteEntry(engineGetCertificateAlias);
            }
            int nextRecordID = this.cmsKeyDatabase.getNextRecordID();
            byte[] bytes = str.getBytes("UTF-8");
            RecordDataHashGenerator newRecordDataHashGenerator = RecordDataHashGeneratorFactory.newRecordDataHashGenerator();
            ByteSequence append = IntableByteSequenceFactory.newIntableByteSequence(bytes.length).append(ByteSequenceFactory.newByteSequence(bytes));
            X509Certificate x509Certificate = (X509Certificate) certificate;
            try {
                Sequence<Record> append2 = this.cmsKeyDatabase.getRecords().append(SequenceFactory.newSequence(RecordFactory.newRecord(RecordFlag.CREATED.append(IntableByteSequenceFactory.newIntableByteSequence(nextRecordID)).append(RecordEncodingFactory.newRecordEncoding(nextRecordID, x509Certificate, str, z)).append(BufferFactory.newBuffer(append.getInputStream())).append(ZERO).append(newRecordDataHashGenerator.generateCertificateSignatureHash(x509Certificate)).append(newRecordDataHashGenerator.generateTBSCertificateHash(x509Certificate)).append(newRecordDataHashGenerator.generateSubjectNameHash(x509Certificate)).append(newRecordDataHashGenerator.generateSubjectPublicKeyInfoHash(x509Certificate)).append(newRecordDataHashGenerator.generateIssuerAndSerialNumberHash(x509Certificate)).getInputStream(), 5000)));
                ByteSequence append3 = MagicNumberValidatorFactory.MAGIC_NUMBER.append(this.cmsKeyDatabase.getHeader().getMajorVersionNumber()).append(this.cmsKeyDatabase.getHeader().getMinorVersionNumber()).append(ZERO).append(FileType.X509KEY).append(FIXED_RECORD_LENGTH_SEQUENCE).append(IntableByteSequenceFactory.newIntableByteSequence(append2.length())).append(UNUSED_FILE_LABEL).append(this.cmsKeyDatabase.getHeader().getPasswordHeaderHash()).append(this.cmsKeyDatabase.getHeader().getPasswordDatabaseHash());
                Iterator<Record> it = append2.iterator();
                while (it.hasNext()) {
                    append3 = append3.append(it.next());
                }
                this.cmsKeyDatabase = QueryableKeyDatabaseFactory.newQueryableKeyDatabase(KeyDatabaseFactory.newKeyDatabase(append3.getInputStream()));
                updateHeaderHashes();
                rebuildAliasesList();
            } catch (Exception e) {
                throw new KeyStoreException(e);
            }
        } catch (Exception e2) {
            throw new KeyStoreException("Key Insertion Failed: " + e2.getMessage(), e2);
        }
    }

    private void updateHeaderHashes() throws NoSuchAlgorithmException, IOException {
        FileHeader header = this.cmsKeyDatabase.getHeader();
        ByteSequence append = header.getSubSequence(0, header.length() - (2 * header.getPasswordHeaderHash().length())).append(FileHeaderHashGeneratorFactory.newFileHeaderHashGenerator(header).generateHash(header, this.storePassword)).append(header.getPasswordDatabaseHash());
        Iterator<Record> it = this.cmsKeyDatabase.getRecords().iterator();
        while (it.hasNext()) {
            append = append.append(it.next());
        }
        KeyDatabase newKeyDatabase = KeyDatabaseFactory.newKeyDatabase(append.getInputStream());
        ByteSequence generateHash = DatabaseHashGeneratorFactory.newDatabaseHashGenerator(header).generateHash(newKeyDatabase, this.storePassword);
        FileHeader header2 = newKeyDatabase.getHeader();
        ByteSequence append2 = header2.getSubSequence(0, header2.length() - header2.getPasswordDatabaseHash().length()).append(generateHash);
        Iterator<Record> it2 = newKeyDatabase.getRecords().iterator();
        while (it2.hasNext()) {
            append2 = append2.append(it2.next());
        }
        this.cmsKeyDatabase = QueryableKeyDatabaseFactory.newQueryableKeyDatabase(KeyDatabaseFactory.newKeyDatabase(append2.getInputStream()));
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        try {
            if (engineContainsAlias(str)) {
                Record recordByLabel = this.cmsKeyDatabase.getRecordByLabel(getCorrectCaseLabel(str));
                Sequence<Record> records = this.cmsKeyDatabase.getRecords();
                int indexOf = records.indexOf(recordByLabel);
                Sequence<Record> append = records.getSubSequence(0, indexOf).append(records.getSubSequence(indexOf + 1, records.length()));
                ByteSequence append2 = MagicNumberValidatorFactory.MAGIC_NUMBER.append(this.cmsKeyDatabase.getHeader().getMajorVersionNumber()).append(this.cmsKeyDatabase.getHeader().getMinorVersionNumber()).append(ZERO).append(FileType.X509KEY).append(FIXED_RECORD_LENGTH_SEQUENCE).append(IntableByteSequenceFactory.newIntableByteSequence(append.length())).append(UNUSED_FILE_LABEL).append(this.cmsKeyDatabase.getHeader().getPasswordHeaderHash()).append(this.cmsKeyDatabase.getHeader().getPasswordDatabaseHash());
                Iterator<Record> it = append.iterator();
                while (it.hasNext()) {
                    append2 = append2.append(it.next());
                }
                this.cmsKeyDatabase = QueryableKeyDatabaseFactory.newQueryableKeyDatabase(KeyDatabaseFactory.newKeyDatabase(append2.getInputStream()));
                updateHeaderHashes();
                rebuildAliasesList();
            }
        } catch (Exception e) {
            throw new KeyStoreException(e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return Collections.enumeration(this.aliases);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return this.aliases.contains(str);
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.aliases.size();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        Record recordByLabel = this.cmsKeyDatabase.getRecordByLabel(getCorrectCaseLabel(str));
        if (recordByLabel == null) {
            return false;
        }
        return recordByLabel.getEncoding().isPrivateKeyPresent();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return engineContainsAlias(str) && !engineIsKeyEntry(str);
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        Record recordByPublicKeyInfo;
        if (!(certificate instanceof X509Certificate) || (recordByPublicKeyInfo = this.cmsKeyDatabase.getRecordByPublicKeyInfo(certificate)) == null) {
            return null;
        }
        Buffer label = recordByPublicKeyInfo.getLabel();
        byte[] bArr = new byte[label.getHeader().toInt()];
        try {
            label.getContent().getInputStream().read(bArr);
            return new String(bArr, "UTF-8");
        } catch (Throwable th) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException {
        if (outputStream == null) {
            throw new NullPointerException();
        }
        if (cArr != null) {
            try {
                String str = new String(cArr);
                if (!this.storePassword.equals(str)) {
                    updateEncryptedRecords(this.storePassword.toCharArray(), str.toCharArray());
                    this.storePassword = str;
                    updateHeaderHashes();
                }
            } catch (Exception e) {
                throw new IOException(e.getMessage());
            }
        }
        ByteSequenceIterator iterator = this.cmsKeyDatabase.getIterator();
        while (iterator.hasNextByte()) {
            outputStream.write(iterator.getNextByte());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v28, types: [com.ibm.security.sequence.bytes.ByteSequence] */
    private void updateEncryptedRecords(char[] cArr, char[] cArr2) throws IOException, PKCSException, CertificateEncodingException, CertificateException, NoSuchAlgorithmException {
        Sequence<Record> keyRecords = this.cmsKeyDatabase.getKeyRecords();
        HashMap hashMap = new HashMap(keyRecords.length());
        for (Record record : keyRecords) {
            Buffer label = record.getLabel();
            byte[] bArr = new byte[label.getHeader().toInt()];
            label.getContent().getInputStream().read(bArr);
            String str = new String(bArr, "UTF-8");
            RecordEncoding encoding = record.getEncoding();
            hashMap.put(Integer.valueOf(record.getRecordId().toInt()), RecordFactory.newRecord(record.getRecordFlag().append(record.getRecordId()).append(RecordEncodingFactory.newKeyRecordEncoding(record.getRecordId().toInt(), encoding.getCertificate(), encoding.getPrivateKey(cArr), cArr2, str, encoding.isDefaultKey())).append(record.getLabel()).append(ZERO).append(record.getSignatureHash()).append(record.getUnsignedCertHash()).append(record.getSubjectNameHash()).append(record.getSubjectPublicKeyInfoHash()).append(record.getIssuerAndSerialNumberHash()).getInputStream(), 5000));
        }
        FileHeader header = this.cmsKeyDatabase.getHeader();
        for (Record record2 : this.cmsKeyDatabase.getRecords()) {
            Record record3 = (Record) hashMap.get(Integer.valueOf(record2.getRecordId().toInt()));
            header = record3 != null ? header.append(record3) : header.append(record2);
        }
        this.cmsKeyDatabase = QueryableKeyDatabaseFactory.newQueryableKeyDatabase(KeyDatabaseFactory.newKeyDatabase(header.getInputStream()));
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException {
        if (cArr == null) {
            throw new IllegalArgumentException("Password is requird to create a new or load an existing KeyStore");
        }
        this.cmsKeyDatabase = null;
        this.storePassword = new String(cArr);
        if (inputStream == null) {
            try {
                ByteSequence append = MagicNumberValidatorFactory.MAGIC_NUMBER.append(VersionNumber.THREE).append(VersionNumber.TWO).append(ZERO).append(FileType.X509KEY).append(FIXED_RECORD_LENGTH_SEQUENCE).append(CA_RECORD_NUMBER).append(UNUSED_FILE_LABEL).append(ZERO_MD5_HASH).append(ZERO_MD5_HASH);
                FileHeader newFileHeader = FileHeaderFactory.newFileHeader(append.getInputStream());
                ByteSequence append2 = append.getSubSequence(0, append.length() - (2 * ZERO_MD5_HASH.length())).append(FileHeaderHashGeneratorFactory.newFileHeaderHashGenerator(newFileHeader).generateHash(newFileHeader, this.storePassword)).append(ZERO_MD5_HASH);
                ByteSequence byteSequence = append2;
                Iterator<String> aliases = CACertificates.getAliases();
                int i = 0;
                RecordDataHashGenerator newRecordDataHashGenerator = RecordDataHashGeneratorFactory.newRecordDataHashGenerator();
                while (aliases.hasNext()) {
                    String next = aliases.next();
                    byte[] bytes = next.getBytes("UTF-8");
                    ByteSequence append3 = IntableByteSequenceFactory.newIntableByteSequence(bytes.length).append(ByteSequenceFactory.newByteSequence(bytes));
                    X509Certificate x509Certificate = (X509Certificate) CACertificates.getCACertificate(next);
                    i++;
                    byteSequence = byteSequence.append(RecordFactory.newRecord(RecordFlag.CREATED.append(IntableByteSequenceFactory.newIntableByteSequence(i)).append(RecordEncodingFactory.newRecordEncoding(i, x509Certificate, next, true)).append(BufferFactory.newBuffer(append3.getInputStream())).append(ZERO).append(newRecordDataHashGenerator.generateCertificateSignatureHash(x509Certificate)).append(newRecordDataHashGenerator.generateTBSCertificateHash(x509Certificate)).append(newRecordDataHashGenerator.generateSubjectNameHash(x509Certificate)).append(newRecordDataHashGenerator.generateSubjectPublicKeyInfoHash(x509Certificate)).append(newRecordDataHashGenerator.generateIssuerAndSerialNumberHash(x509Certificate)).getInputStream(), 5000));
                }
                ByteSequence append4 = append2.getSubSequence(0, append2.length() - ZERO_MD5_HASH.length()).append(DatabaseHashGeneratorFactory.newDatabaseHashGenerator(newFileHeader).generateHash(KeyDatabaseFactory.newKeyDatabase(byteSequence.getInputStream()), this.storePassword));
                this.cmsKeyDatabase = QueryableKeyDatabaseFactory.newQueryableKeyDatabase(KeyDatabaseFactory.newKeyDatabase(append4.append(byteSequence.getSubSequence(append4.length(), byteSequence.length() - 1)).getInputStream()));
            } catch (IOException e) {
                throw e;
            } catch (Exception e2) {
                throw new RuntimeException(e2);
            }
        } else {
            try {
                this.cmsKeyDatabase = QueryableKeyDatabaseFactory.newQueryableKeyDatabase(KeyDatabaseFactory.newKeyDatabase(inputStream));
                if (cArr != null && !this.cmsKeyDatabase.checkKeyStoreIntegrity(cArr)) {
                    throw new IOException("Incorrect Password.");
                }
            } catch (RuntimeException e3) {
                throw new RuntimeException("Invalid KeyStore Format.", e3);
            }
        }
        rebuildAliasesList();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineEntryInstanceOf(String str, Class<? extends KeyStore.Entry> cls) {
        if (engineIsKeyEntry(str)) {
            return cls.isAssignableFrom(KeyStore.PrivateKeyEntry.class);
        }
        if (engineIsCertificateEntry(str)) {
            return cls.isAssignableFrom(KeyStore.TrustedCertificateEntry.class);
        }
        return false;
    }

    private String getCorrectCaseLabel(String str) {
        for (String str2 : this.aliases) {
            if (str.equalsIgnoreCase(str2)) {
                return str2;
            }
        }
        return str;
    }

    @Override // java.security.KeyStoreSpi
    public KeyStore.Entry engineGetEntry(String str, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException, UnrecoverableEntryException {
        KeyStore.Entry trustedCertificateEntry;
        try {
            if (!engineContainsAlias(str)) {
                return null;
            }
            RecordEncoding encoding = this.cmsKeyDatabase.getRecordByLabel(getCorrectCaseLabel(str)).getEncoding();
            if (encoding.isPrivateKeyPresent()) {
                if (protectionParameter != null) {
                    PasswordExtractor newPasswordExtractor = newPasswordExtractor(protectionParameter);
                    if (newPasswordExtractor == null) {
                        throw new UnrecoverableEntryException("Invalid Protection Parameter.");
                    }
                    char[] password = newPasswordExtractor.getPassword();
                    if (password != null && !this.cmsKeyDatabase.checkPassword(password)) {
                        throw new UnrecoverableEntryException("Incorrect password provided.");
                    }
                }
                PrivateKey privateKey = encoding.getPrivateKey(this.storePassword.toCharArray());
                trustedCertificateEntry = new KeyStore.PrivateKeyEntry(CMSPrivateKeyFactory.newCMSPrivateKey(privateKey, encoding.isDefaultKey()), engineGetCertificateChain(str));
            } else {
                trustedCertificateEntry = new KeyStore.TrustedCertificateEntry(new CMSCertificate(encoding.getCertificate(), encoding.isTrusted()));
            }
            return trustedCertificateEntry;
        } catch (UnrecoverableEntryException e) {
            throw e;
        } catch (Exception e2) {
            throw new KeyStoreException(e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, IllegalArgumentException {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("CMS KeyStore requires LoadStoreParameter to load.");
        }
        if (!(loadStoreParameter instanceof CMSLoadParameter) || (loadStoreParameter instanceof CMSStoreParameter)) {
            throw new IllegalArgumentException("The provided LoadStoreParameter is not recognized");
        }
        CMSLoadParameter cMSLoadParameter = (CMSLoadParameter) loadStoreParameter;
        PasswordExtractor newPasswordExtractor = newPasswordExtractor(cMSLoadParameter.getProtectionParameter());
        if (newPasswordExtractor == null) {
            throw new IllegalArgumentException("Invalid Protection Parameter.");
        }
        FileInputStream fileInputStream = null;
        if (cMSLoadParameter.getKeyStoreFile() != null) {
            fileInputStream = new FileInputStream(cMSLoadParameter.getKeyStoreFile());
        }
        engineLoad(fileInputStream, newPasswordExtractor.getPassword());
        if (fileInputStream != null) {
            fileInputStream.close();
        }
        cMSLoadParameter.setPasswordExpiry(this.cmsKeyDatabase.getHeader().getPasswordExpirationTime().toInt());
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException, IllegalArgumentException {
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            if (!(entry instanceof KeyStore.TrustedCertificateEntry)) {
                throw new KeyStoreException("Invalid Key Entry.");
            }
            engineSetCertificateEntry(str, ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate());
            return;
        }
        if (protectionParameter != null) {
            PasswordExtractor newPasswordExtractor = newPasswordExtractor(protectionParameter);
            if (newPasswordExtractor == null) {
                throw new IllegalArgumentException("Invalid Protection Parameter.");
            }
            try {
                char[] password = newPasswordExtractor.getPassword();
                if (password != null && !this.cmsKeyDatabase.checkPassword(password)) {
                    throw new KeyStoreException("The password supplied throug the ProtectionParameter interface is invalid, it must match the KeyStore password or null");
                }
            } catch (Exception e) {
                throw new KeyStoreException(e);
            }
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
        engineSetKeyEntry(str, privateKeyEntry.getPrivateKey(), this.storePassword.toCharArray(), privateKeyEntry.getCertificateChain());
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, IllegalArgumentException {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("CMS KeyStore requires LoadStoreParameter to store.");
        }
        if (!(loadStoreParameter instanceof CMSStoreParameter)) {
            throw new IllegalArgumentException("The given LoadStoreParameter is not recognized");
        }
        CMSStoreParameter cMSStoreParameter = (CMSStoreParameter) loadStoreParameter;
        KeyStore.ProtectionParameter protectionParameter = cMSStoreParameter.getProtectionParameter();
        char[] cArr = null;
        if (protectionParameter != null) {
            PasswordExtractor newPasswordExtractor = newPasswordExtractor(protectionParameter);
            if (newPasswordExtractor == null) {
                throw new IllegalArgumentException("Invalid Protection Parameter.");
            }
            cArr = newPasswordExtractor.getPassword();
        }
        setPasswordExpiry(cMSStoreParameter.getPasswordExpiry());
        FileOutputStream fileOutputStream = new FileOutputStream(cMSStoreParameter.getKeyStoreFile(), true);
        FileChannel channel = fileOutputStream.getChannel();
        try {
            if (channel.tryLock() == null) {
                throw new IOException("Unable to acquire file lock for " + cMSStoreParameter.getKeyStoreFile());
            }
            channel.truncate(0L);
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(fileOutputStream);
            engineStore(bufferedOutputStream, cArr);
            bufferedOutputStream.close();
            if (cMSStoreParameter.isStashPassword()) {
                String absolutePath = cMSStoreParameter.getKeyStoreFile().getAbsolutePath();
                int lastIndexOf = absolutePath.lastIndexOf(46);
                if (lastIndexOf == -1) {
                    lastIndexOf = absolutePath.length();
                }
                stashKeyDbPwd(absolutePath.subSequence(0, lastIndexOf) + STASH_FILE_EXT);
            }
        } catch (OverlappingFileLockException e) {
            throw new IOException("Unable to acquire file lock for " + cMSStoreParameter.getKeyStoreFile());
        }
    }

    private void setPasswordExpiry(int i) throws IOException {
        try {
            Sequence<Record> records = this.cmsKeyDatabase.getRecords();
            ByteSequence append = MagicNumberValidatorFactory.MAGIC_NUMBER.append(this.cmsKeyDatabase.getHeader().getMajorVersionNumber()).append(this.cmsKeyDatabase.getHeader().getMinorVersionNumber()).append(IntableByteSequenceFactory.newIntableByteSequence(i)).append(FileType.X509KEY).append(FIXED_RECORD_LENGTH_SEQUENCE).append(IntableByteSequenceFactory.newIntableByteSequence(records.length())).append(UNUSED_FILE_LABEL).append(this.cmsKeyDatabase.getHeader().getPasswordHeaderHash()).append(this.cmsKeyDatabase.getHeader().getPasswordDatabaseHash());
            Iterator<Record> it = records.iterator();
            while (it.hasNext()) {
                append = append.append(it.next());
            }
            this.cmsKeyDatabase = QueryableKeyDatabaseFactory.newQueryableKeyDatabase(KeyDatabaseFactory.newKeyDatabase(append.getInputStream()));
            updateHeaderHashes();
        } catch (Exception e) {
            throw new IOException(e.toString());
        }
    }

    private void stashKeyDbPwd(String str) throws IOException {
        byte[] bArr = new byte[129];
        byte[] bytes = this.storePassword.getBytes("UTF-8");
        for (int i = 0; i < 129; i++) {
            if (i < bytes.length) {
                bArr[i] = bytes[i];
            } else if (i == bytes.length) {
                bArr[i] = 0;
            } else {
                bArr[i] = (byte) i;
            }
        }
        ByteSequence xor = ByteSequenceXorFactory.newByteSequenceXor().xor(ByteSequenceFactory.newByteSequence(bArr), ByteSequenceFactory.newConstantByteSequence((byte) -11, 129));
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        ByteSequenceIterator iterator = xor.getIterator();
        while (iterator.hasNextByte()) {
            fileOutputStream.write(iterator.getNextByte());
        }
        fileOutputStream.close();
    }
}
