package com.ibm.spi;

import com.ibm.cfwk.pkcs.PKCS12PBE;
import com.ibm.cfwk.pki.X509Cert;
import com.ibm.cfwk.pki.X509Chain;
import com.ibm.cfwk.tools.PrivateKeyAndCertificateChain;
import com.ibm.security.x509.X509CertImpl;
import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.Vector;

/* loaded from: input_file:efixes/PQ88973_express_aix/components/prereq.jdk/update.jar:/java/jre/lib/ext/gskikm.jar:com/ibm/spi/PKCS12Spi.class */
public class PKCS12Spi extends KeyStoreSpi {
    private X509Certificate[] x509Cert = null;
    private Key rsaKey = null;
    private Vector aliases = null;
    private boolean validEntry;

    public PKCS12Spi() {
        this.validEntry = false;
        this.validEntry = false;
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration engineAliases() {
        if (this.validEntry) {
            return this.aliases.elements();
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (this.validEntry) {
            return this.aliases.contains(str);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
        this.validEntry = false;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        if (!this.validEntry || !this.aliases.contains(str)) {
            return null;
        }
        return this.x509Cert[this.aliases.indexOf(str)];
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (!this.validEntry || !(certificate instanceof X509Certificate)) {
            return null;
        }
        PublicKey publicKey = ((X509Certificate) certificate).getPublicKey();
        for (int i = 0; i < this.x509Cert.length; i++) {
            try {
                if (publicKey.equals(this.x509Cert[i].getPublicKey())) {
                    return (String) this.aliases.elementAt(i);
                }
            } catch (Exception e) {
                return null;
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        if (this.validEntry) {
            return this.x509Cert;
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        if (this.validEntry) {
            return this.rsaKey;
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return this.validEntry && this.aliases.contains(str) && !this.aliases.elementAt(0).equals(str);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return this.validEntry && this.aliases.elementAt(0).equals(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        throw new KeyStoreException("Method not supported, PKCS#12 cannot contain trusted cert entries");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if (!key.getFormat().equals("PKCS#8")) {
            throw new KeyStoreException("Key does not support PKCS#8 encoding");
        }
        this.rsaKey = key;
        this.aliases = new Vector(certificateArr.length);
        for (Certificate certificate : certificateArr) {
            if (!(certificate instanceof X509Certificate)) {
                throw new KeyStoreException("Chain not X.509");
            }
        }
        this.aliases.add(str);
        for (int i = 1; i < certificateArr.length; i++) {
            String name = ((X509Certificate) certificateArr[i]).getSubjectDN().getName();
            int indexOf = name.indexOf("cn=");
            int i2 = indexOf;
            if (indexOf == -1) {
                int indexOf2 = name.indexOf("CN=");
                i2 = indexOf2;
                if (indexOf2 == -1) {
                    int indexOf3 = name.indexOf("ou=");
                    i2 = indexOf3;
                    if (indexOf3 == -1) {
                        int indexOf4 = name.indexOf("OU=");
                        i2 = indexOf4;
                        if (indexOf4 == -1) {
                            throw new KeyStoreException("Cannot find a suitable friendly name");
                        }
                    }
                }
            }
            if (name.indexOf(", ", i2) == -1) {
                this.aliases.add(name.substring(i2 + 3));
            } else {
                this.aliases.add(name.substring(i2 + 3, name.indexOf(", ", i2)));
            }
        }
        this.x509Cert = (X509Certificate[]) certificateArr;
        this.validEntry = true;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("Method not supported");
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        if (this.validEntry) {
            return this.aliases.size();
        }
        return 0;
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, CertificateException {
        if (!this.validEntry) {
            throw new CertificateException("Nothing to make a PKCS#12 out of.");
        }
        if (this.rsaKey == null || this.x509Cert == null || this.aliases == null) {
            throw new CertificateException("Some components are missing.");
        }
        byte[] bArr = {2, 3, 4};
        String[] strArr = new String[this.aliases.size()];
        for (int i = 0; i < this.aliases.size(); i++) {
            strArr[i] = (String) this.aliases.elementAt(i);
        }
        try {
            X509Cert[] x509CertArr = new X509Cert[this.x509Cert.length];
            for (int i2 = 0; i2 < this.x509Cert.length; i2++) {
                x509CertArr[i2] = new X509Cert(this.x509Cert[i2].getEncoded());
            }
            try {
                outputStream.write(new PrivateKeyAndCertificateChain(this.rsaKey.getEncoded(), new X509Chain(x509CertArr), strArr, bArr).makePKCS12PDU(new String(cArr), PKCS12PBE.SHA1_3DES3, (String) null, 1000));
                outputStream.flush();
            } catch (Exception e) {
                e.printStackTrace();
                throw new CertificateException(new StringBuffer().append("Error during creation of PKCS#12 object: ").append(e.getMessage()).toString());
            }
        } catch (Exception e2) {
            throw new CertificateException(new StringBuffer().append("Error during encoding of X.509 Certificates, ").append(e2.getMessage()).toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, CertificateException {
        if (inputStream == null) {
            return;
        }
        byte[] bArr = new byte[4096];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
        while (true) {
            int read = bufferedInputStream.read(bArr);
            if (read == -1) {
                break;
            } else {
                byteArrayOutputStream.write(bArr, 0, read);
            }
        }
        bufferedInputStream.close();
        byteArrayOutputStream.flush();
        try {
            PrivateKeyAndCertificateChain privateKeyAndCertificateChain = new PrivateKeyAndCertificateChain(byteArrayOutputStream.toByteArray(), new String(cArr));
            X509Cert[] certArray = privateKeyAndCertificateChain.getCertificateChain().getCertArray();
            this.x509Cert = new X509CertImpl[certArray.length];
            for (int i = 0; i < certArray.length; i++) {
                this.x509Cert[i] = new X509CertImpl(certArray[i].getEncoded());
            }
            try {
                this.rsaKey = KeyFactory.getInstance("RSA", "IBMJCE").generatePrivate(new PKCS8EncodedKeySpec(privateKeyAndCertificateChain.getPrivateKey()));
                String[] friendlyNames = privateKeyAndCertificateChain.getFriendlyNames();
                this.aliases = new Vector(friendlyNames.length);
                for (String str : friendlyNames) {
                    this.aliases.add(str);
                }
                this.validEntry = true;
            } catch (Exception e) {
                throw new CertificateException(new StringBuffer().append("Error during encoding of Private Key, ").append(e.getMessage()).toString());
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new CertificateException(new StringBuffer().append("PKCS#12 load error: ").append(e2.getMessage()).toString());
        }
    }
}
