package com.ibm.security.pkcs12;

import com.ibm.misc.Debug;
import com.ibm.security.pkcs5.PKCS5;
import com.ibm.security.pkcs7.Content;
import com.ibm.security.pkcs7.ContentInfo;
import com.ibm.security.pkcs7.EncryptedContentInfo;
import com.ibm.security.pkcs7.EncryptedData;
import com.ibm.security.pkcs8.EncryptedPrivateKeyInfo;
import com.ibm.security.pkcs8.PrivateKeyInfo;
import com.ibm.security.pkcsutil.PKCSAttribute;
import com.ibm.security.pkcsutil.PKCSAttributes;
import com.ibm.security.pkcsutil.PKCSException;
import com.ibm.security.pkcsutil.PKCSOID;
import com.ibm.security.pkcsutil.SmudgedChars;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.x509.AlgorithmId;
import java.io.IOException;
import java.io.OutputStream;
import java.security.AlgorithmParameters;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.util.Arrays;
import java.util.Vector;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import sun.tools.java.RuntimeConstants;

/* loaded from: input_file:efixes/PQ87578_win/components/prereq.jdk/update.jar:/java/jre/lib/security.jar:com/ibm/security/pkcs12/PFX.class */
public final class PFX extends BasicPFX implements Cloneable {
    private Cipher cipher;
    private Vector unprotectedBags;
    private Vector protectedBags;
    SmudgedChars savedPasswd;
    private static Debug debug = Debug.getInstance("ibmpkcs");
    private static String className = "com.ibm.security.pkcs12.PFX";

    public PFX() {
        this.unprotectedBags = new Vector();
        this.protectedBags = new Vector();
        this.savedPasswd = null;
        if (debug != null) {
            debug.entry(16384L, className, "PFX");
            debug.exit(16384L, className, "PFX");
        }
    }

    public PFX(String str) {
        super(str);
        this.unprotectedBags = new Vector();
        this.protectedBags = new Vector();
        this.savedPasswd = null;
        if (debug != null) {
            debug.entry(16384L, className, "PFX", str);
            debug.exit(16384L, className, "PFX");
        }
    }

    public PFX(String str, boolean z) throws IOException {
        super(str, z);
        this.unprotectedBags = new Vector();
        this.protectedBags = new Vector();
        this.savedPasswd = null;
        if (debug != null) {
            debug.entry(16384L, (Object) className, "PFX", new Object[]{str, new Boolean(z)});
            debug.exit(16384L, className, "PFX");
        }
    }

    public PFX(String str, boolean z, String str2) throws IOException {
        super(str, z, str2);
        this.unprotectedBags = new Vector();
        this.protectedBags = new Vector();
        this.savedPasswd = null;
        if (debug != null) {
            debug.entry(16384L, (Object) className, "PFX", new Object[]{str, new Boolean(z), str2});
            debug.exit(16384L, className, "PFX");
        }
    }

    public PFX(byte[] bArr) throws IOException {
        this.unprotectedBags = new Vector();
        this.protectedBags = new Vector();
        this.savedPasswd = null;
        if (debug != null) {
            debug.entry(16384L, className, "PFX", bArr);
        }
        decode(bArr);
        if (debug != null) {
            debug.exit(16384L, className, "PFX");
        }
    }

    public PFX(byte[] bArr, String str) throws IOException {
        super(str);
        this.unprotectedBags = new Vector();
        this.protectedBags = new Vector();
        this.savedPasswd = null;
        if (debug != null) {
            debug.entry(16384L, className, "PFX", bArr, str);
        }
        decode(bArr);
        if (debug != null) {
            debug.exit(16384L, className, "PFX");
        }
    }

    public synchronized void addCRL(CRL crl, String str, byte[] bArr) throws PKCSException {
        if (debug != null) {
            debug.entry(16384L, (Object) className, "addCRL", new Object[]{crl, str, bArr});
        }
        if (crl == null) {
            if (debug != null) {
                debug.text(16384L, className, "addCRL", "CRL must be specified.");
            }
            throw new PKCSException("CRL must be specified.");
        }
        if (bArr == null || bArr.length == 0) {
            if (debug != null) {
                debug.text(16384L, className, "addCRL", "Local key id must be specified.");
            }
            throw new PKCSException("Local key id must be specified.");
        }
        addInfo(new CrlBag(crl, this.provider), str, bArr);
        if (debug != null) {
            debug.exit(16384L, className, "addCRL");
        }
    }

    public synchronized void addCertificate(Certificate certificate, String str, byte[] bArr) throws PKCSException {
        if (debug != null) {
            debug.entry(16384L, (Object) className, "addCertificate", new Object[]{certificate, str, bArr});
        }
        if (certificate == null) {
            if (debug != null) {
                debug.text(16384L, className, "addCertificate", "Certificate must be specified.");
            }
            throw new PKCSException("Certificate must be specified.");
        }
        if (bArr == null || bArr.length == 0) {
            if (debug != null) {
                debug.text(16384L, className, "addCertificate", "Local key id must be specified.");
            }
            throw new PKCSException("Local key id must be specified.");
        }
        addInfo(new CertBag(certificate, this.provider), str, bArr);
        if (debug != null) {
            debug.exit(16384L, className, "addCertificate");
        }
    }

    private synchronized void addInfo(Bag bag, String str, byte[] bArr) throws PKCSException {
        if (debug != null) {
            debug.entry(16384L, (Object) className, "addInfo", new Object[]{bag, str, bArr});
        }
        try {
            PKCSAttributes pKCSAttributes = new PKCSAttributes(new PKCSAttribute[]{new PKCSAttribute(PKCSOID.LOCAL_KEY_ID_OID, bArr, this.provider)}, this.provider);
            if (str != null && str.length() != 0) {
                pKCSAttributes = pKCSAttributes.addAttribute(new PKCSAttribute(PKCSOID.FRIENDLY_NAME_OID, str, this.provider));
            }
            this.unprotectedBags.add(new SafeBag(bag, pKCSAttributes, this.provider));
            if (debug != null) {
                debug.exit(16384L, className, "addInfo");
            }
        } catch (IOException e) {
            if (debug != null) {
                debug.exception(16384L, className, "addInfo", e);
            }
            throw new PKCSException(e, new StringBuffer("Unable to add private information (").append(e.toString()).append(RuntimeConstants.SIG_ENDMETHOD).toString());
        }
    }

    public synchronized void addPrivateKey(PrivateKey privateKey, String str, byte[] bArr) throws PKCSException, IOException {
        if (debug != null) {
            debug.entry(16384L, (Object) className, "addPrivateKey", new Object[]{privateKey, str, bArr});
        }
        if (privateKey == null) {
            if (debug != null) {
                debug.text(16384L, className, "addPrivateKey", "Private key must be specified.");
            }
            throw new PKCSException("Private key must be specified.");
        }
        if (bArr == null || bArr.length == 0) {
            if (debug != null) {
                debug.text(16384L, className, "addPrivateKey", "Local key id must be specified.");
            }
            throw new PKCSException("Local key id must be specified.");
        }
        addInfo(new KeyBag(new PrivateKeyInfo(privateKey.getEncoded(), this.provider), this.provider), str, bArr);
        if (debug != null) {
            debug.exit(16384L, className, "addPrivateKey");
        }
    }

    public synchronized void addShroudedKey(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, String str, byte[] bArr) throws PKCSException {
        if (debug != null) {
            debug.entry(16384L, (Object) className, "addShroudedKey", new Object[]{encryptedPrivateKeyInfo, str, bArr});
        }
        if (encryptedPrivateKeyInfo == null) {
            if (debug != null) {
                debug.text(16384L, className, "addShroudedKey", "Shrouded key must be specified.");
            }
            throw new PKCSException("Shrouded key must be specified.");
        }
        if (bArr == null || bArr.length == 0) {
            if (debug != null) {
                debug.text(16384L, className, "addShroudedKey", "Local key id must be specified.");
            }
            throw new PKCSException("Local key id must be specified.");
        }
        addInfo(new ShroudedKeyBag(encryptedPrivateKeyInfo, this.provider), str, bArr);
        if (debug != null) {
            debug.exit(16384L, className, "addShroudedKey");
        }
    }

    public Object clone() {
        try {
            if (debug != null) {
                debug.entry(16384L, className, "clone");
            }
            DerOutputStream derOutputStream = new DerOutputStream();
            encode(derOutputStream);
            PFX pfx = new PFX(derOutputStream.toByteArray(), this.provider);
            if (debug != null) {
                debug.exit(16384L, className, "clone_1", pfx);
            }
            return pfx;
        } catch (Exception unused) {
            if (debug == null) {
                return null;
            }
            debug.exit(16384L, className, "clone_2", (Object) null);
            return null;
        }
    }

    @Override // com.ibm.security.pkcs12.BasicPFX, com.ibm.security.pkcsutil.PKCSDerObject
    protected void decode(DerValue derValue) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "decode", derValue);
        }
        super.decode(derValue);
        if (debug != null) {
            debug.exit(16384L, className, "decode");
        }
    }

    @Override // com.ibm.security.pkcs12.BasicPFX, com.ibm.security.pkcsutil.PKCSDerObject
    public void encode(OutputStream outputStream) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "encode", outputStream);
        }
        super.encode(outputStream);
        if (debug != null) {
            debug.exit(16384L, className, "encode");
        }
    }

    @Override // com.ibm.security.pkcs12.BasicPFX, com.ibm.security.pkcsutil.PKCSDerObject
    public boolean equals(Object obj) {
        if (debug != null) {
            debug.entry(16384L, className, "equals", obj);
            debug.exit(16384L, className, "equals", super.equals(obj));
        }
        return super.equals(obj);
    }

    protected void finalize() {
        if (debug != null) {
            debug.entry(16384L, className, "finalize");
            debug.exit(16384L, className, "finalize");
        }
        this.savedPasswd = null;
    }

    public CRL[] getCRLs(char[] cArr) throws IOException, PKCSException {
        if (debug != null) {
            debug.entry(16384L, className, "getCRLs", cArr);
            debug.exit(16384L, className, "getCRLs", super.getCRLs(cArr, null, null, false));
        }
        return super.getCRLs(cArr, null, null, false);
    }

    public Certificate[] getCertificates(char[] cArr) throws IOException, PKCSException {
        if (debug != null) {
            debug.entry(16384L, className, "getCertificates", cArr);
            debug.exit(16384L, className, "getCertificates", super.getCertificates(cArr, null, null, false));
        }
        return super.getCertificates(cArr, null, null, false);
    }

    @Override // com.ibm.security.pkcs12.BasicPFX
    public Certificate[] getCertificatesByFriendlyName(char[] cArr, String str) throws PKCSException {
        if (debug != null) {
            debug.entry(16384L, className, "getCertificatesByFriendlyName", cArr, str);
            debug.exit(16384L, className, "getCertificatesByFriendlyName", super.getCertificatesByFriendlyName(cArr, str));
        }
        return super.getCertificatesByFriendlyName(cArr, str);
    }

    @Override // com.ibm.security.pkcs12.BasicPFX
    public String[] getFriendlyNames(char[] cArr) throws PKCSException {
        if (debug != null) {
            debug.entry(16384L, className, "getFriendlyNames", cArr);
            debug.exit(16384L, className, "getFriendlyNames", super.getFriendlyNames(cArr));
        }
        return super.getFriendlyNames(cArr);
    }

    @Override // com.ibm.security.pkcs12.BasicPFX
    public MacData getMacData() {
        if (debug != null) {
            debug.entry(16384L, className, "getMacData");
            debug.exit(16384L, className, "getMacData", super.getMacData());
        }
        return super.getMacData();
    }

    public PrivateKeyInfo[] getPrivateKeys(char[] cArr) throws IOException, PKCSException {
        if (debug != null) {
            debug.entry(16384L, className, "getPrivateKeys", cArr);
            debug.exit(16384L, className, "getPrivateKeys", super.getPrivateKeys(cArr, null, null, false));
        }
        return super.getPrivateKeys(cArr, null, null, false);
    }

    @Override // com.ibm.security.pkcs12.BasicPFX
    public PrivateKeyInfo[] getPrivateKeysByFriendlyName(char[] cArr, String str) throws PKCSException {
        if (debug != null) {
            debug.entry(16384L, className, "getPrivateKeysByFriendlyName", cArr, str);
            debug.exit(16384L, className, "getPrivateKeysByFriendlyName", super.getPrivateKeysByFriendlyName(cArr, str));
        }
        return super.getPrivateKeysByFriendlyName(cArr, str);
    }

    private char[] getSavedPassword() {
        if (debug != null) {
            debug.entry(8192L, className, "getSavedPassword");
        }
        if (this.savedPasswd != null) {
            if (debug != null) {
                debug.exit(8192L, className, "getSavedPassword_2", this.savedPasswd.getClearText());
            }
            return this.savedPasswd.getClearText();
        }
        if (debug == null) {
            return null;
        }
        debug.exit(8192L, className, "getSavedPassword_1", (Object) null);
        return null;
    }

    public EncryptedPrivateKeyInfo[] getShroudedKeys(char[] cArr) throws IOException, PKCSException {
        if (debug != null) {
            debug.entry(16384L, className, "getShroudedKeys", cArr);
            debug.exit(16384L, className, "getShroudedKeys", super.getShroudedKeys(cArr, null, null, false));
        }
        return super.getShroudedKeys(cArr, null, null, false);
    }

    @Override // com.ibm.security.pkcs12.BasicPFX
    public EncryptedPrivateKeyInfo[] getShroudedKeysByFriendlyName(char[] cArr, String str) throws PKCSException {
        if (debug != null) {
            debug.entry(16384L, className, "getShroudedKeysByFriendlyName", cArr, str);
            debug.exit(16384L, className, "getShroudedKeysByFriendlyName", super.getShroudedKeysByFriendlyName(cArr, str));
        }
        return super.getShroudedKeysByFriendlyName(cArr, str);
    }

    public synchronized void protect(String str, char[] cArr) throws NoSuchAlgorithmException, IOException, PKCSException {
        if (debug != null) {
            debug.entry(16384L, className, "protect", str, cArr);
        }
        if (cArr == null || cArr.length == 0) {
            if (debug != null) {
                debug.text(16384L, className, "protect", "Password must be specified.");
            }
            throw new PKCSException("Password must be specified.");
        }
        if (getSavedPassword() != null) {
            boolean z = false;
            if (getSavedPassword().length != cArr.length) {
                z = true;
            } else {
                char[] savedPassword = getSavedPassword();
                int i = 0;
                while (true) {
                    if (i >= cArr.length) {
                        break;
                    }
                    if (savedPassword[i] != cArr[i]) {
                        z = true;
                        break;
                    }
                    i++;
                }
                Arrays.fill(savedPassword, ' ');
            }
            if (z) {
                for (int i2 = 0; i2 < this.protectedBags.size(); i2++) {
                    this.unprotectedBags.add(this.protectedBags.elementAt(i2));
                }
                this.protectedBags.clear();
                this.authSafeContents = null;
            }
        }
        if (this.unprotectedBags.size() == 0) {
            if (debug != null) {
                debug.exit(16384L, className, "protect_1");
                return;
            }
            return;
        }
        SafeBag[] safeBagArr = new SafeBag[this.unprotectedBags.size()];
        for (int i3 = 0; i3 < this.unprotectedBags.size(); i3++) {
            safeBagArr[i3] = (SafeBag) this.unprotectedBags.elementAt(i3);
        }
        super.addSafeBagsWithPasswordPrivacy(safeBagArr, str, cArr);
        for (int i4 = 0; i4 < this.unprotectedBags.size(); i4++) {
            this.protectedBags.add(this.unprotectedBags.elementAt(i4));
        }
        this.unprotectedBags.clear();
        super.applyMac(cArr, 1);
        setSavedPassword((char[]) cArr.clone());
        if (debug != null) {
            debug.exit(16384L, className, "protect_2");
        }
    }

    @Override // com.ibm.security.pkcs12.BasicPFX
    ContentInfo protectWithPasswordPrivacy(byte[] bArr, String str, String str2, char[] cArr) throws IOException, PKCSException, NoSuchAlgorithmException {
        SecureRandom secureRandom;
        if (debug != null) {
            debug.entry(16384L, (Object) className, "protectWithPasswordPrivacy", new Object[]{bArr, str, str2, cArr});
        }
        if (this.cipher == null) {
            String stringBuffer = new StringBuffer("PBEWith").append(str).append("And").append(str2).toString();
            try {
                SecretKey generateSecret = (this.provider != null ? SecretKeyFactory.getInstance("PBEWithSha1AndRC2", this.provider) : SecretKeyFactory.getInstance("PBEWithSha1AndRC2")).generateSecret(new PBEKeySpec(cArr));
                int i = 8;
                if (str2.toUpperCase().indexOf(PKCS5.CIPHER_ALGORITHM_DES) != -1) {
                    i = 20;
                }
                byte[] bArr2 = new byte[i];
                try {
                    secureRandom = this.provider != null ? SecureRandom.getInstance("IBMSecureRandom", this.provider) : SecureRandom.getInstance("IBMSecureRandom");
                } catch (NoSuchAlgorithmException e) {
                    if (debug != null) {
                        debug.exception(16384L, className, "protectWithPasswordPrivacy", e);
                    }
                    secureRandom = new SecureRandom();
                } catch (NoSuchProviderException e2) {
                    if (debug != null) {
                        debug.exception(16384L, className, "protectWithPasswordPrivacy", e2);
                    }
                    throw new PKCSException(e2, new StringBuffer("Provider ").append(this.provider).append(" not found").toString());
                }
                secureRandom.nextBytes(bArr2);
                PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr2, 1);
                try {
                    AlgorithmParameters algorithmParameters = this.provider != null ? AlgorithmParameters.getInstance("PBE", this.provider) : AlgorithmParameters.getInstance("PBE");
                    algorithmParameters.init(pBEParameterSpec);
                    try {
                        if (this.provider != null) {
                            this.cipher = Cipher.getInstance(stringBuffer, this.provider);
                        } else {
                            this.cipher = Cipher.getInstance(stringBuffer);
                        }
                        this.cipher.init(1, generateSecret, algorithmParameters);
                    } catch (Exception e3) {
                        if (debug != null) {
                            debug.exception(16384L, className, "protectWithPasswordPrivacy", e3);
                        }
                        throw new PKCSException(e3, new StringBuffer("Unable to encrypt bag contents (").append(e3.toString()).append(RuntimeConstants.SIG_ENDMETHOD).toString());
                    }
                } catch (Exception e4) {
                    if (debug != null) {
                        debug.exception(16384L, className, "protectWithPasswordPrivacy", e4);
                    }
                    throw new PKCSException(e4, new StringBuffer("Unable to encrypt bag contents (").append(e4.toString()).append(RuntimeConstants.SIG_ENDMETHOD).toString());
                }
            } catch (Exception e5) {
                if (debug != null) {
                    debug.exception(16384L, className, "protectWithPasswordPrivacy", e5);
                }
                throw new PKCSException(e5, new StringBuffer("Unable to encrypt bag contents (").append(e5.toString()).append(RuntimeConstants.SIG_ENDMETHOD).toString());
            }
        }
        try {
            byte[] doFinal = this.cipher.doFinal(bArr);
            AlgorithmParameters parameters = this.cipher.getParameters();
            byte[] bArr3 = null;
            if (parameters != null) {
                bArr3 = parameters.getEncoded();
            }
            try {
                AlgorithmId algorithmId = AlgorithmId.get(this.cipher.getAlgorithm());
                EncryptedData encryptedData = new EncryptedData(new EncryptedContentInfo(PKCSOID.DATA_OID, bArr3 != null ? new AlgorithmId(algorithmId.getOID(), bArr3, this.provider) : algorithmId, doFinal, this.provider), (PKCSAttributes) null, this.provider);
                if (debug != null) {
                    debug.exit(16384L, className, "protectWithPasswordPrivacy", new ContentInfo((Content) encryptedData, this.provider));
                }
                return new ContentInfo((Content) encryptedData, this.provider);
            } catch (NoSuchAlgorithmException e6) {
                if (debug != null) {
                    debug.exception(16384L, className, "protectWithPasswordPrivacy", e6);
                }
                throw new PKCSException(e6, new StringBuffer("Unsupported password-based encryption algorithm: ").append(this.cipher.getAlgorithm()).toString());
            }
        } catch (Exception e7) {
            if (debug != null) {
                debug.exception(16384L, className, "protectWithPasswordPrivacy", e7);
            }
            throw new PKCSException(e7, new StringBuffer("Unable to encrypt bag contents (").append(e7.toString()).append(RuntimeConstants.SIG_ENDMETHOD).toString());
        }
    }

    private void setSavedPassword(char[] cArr) {
        if (debug != null) {
            debug.entry(8192L, className, "setSavedPassword", cArr);
        }
        this.savedPasswd = new SmudgedChars(cArr, this.provider);
        if (debug != null) {
            debug.exit(8192L, className, "setSavedPassword");
        }
    }

    @Override // com.ibm.security.pkcs12.BasicPFX, com.ibm.security.pkcsutil.PKCSDerObject
    public String toString() {
        if (debug != null) {
            debug.entry(16384L, className, "toString");
            debug.exit(16384L, className, "toString", super.toString());
        }
        return super.toString();
    }

    @Override // com.ibm.security.pkcs12.BasicPFX
    public boolean verifyMac(char[] cArr) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "verifyMac", cArr);
            debug.exit(16384L, className, "verifyMac", super.verifyMac(cArr));
        }
        return super.verifyMac(cArr);
    }
}
