package com.cht.kms.client.pkcs;

import com.cht.kms.client.util.PEMWriter;
import com.cht.org.bouncycastle.asn1.ASN1Encodable;
import com.cht.org.bouncycastle.asn1.DERNull;
import com.cht.org.bouncycastle.asn1.DERPrintableString;
import com.cht.org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import com.cht.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import com.cht.org.bouncycastle.asn1.x500.X500NameBuilder;
import com.cht.org.bouncycastle.asn1.x500.style.BCStyle;
import com.cht.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import com.cht.org.bouncycastle.asn1.x509.Extension;
import com.cht.org.bouncycastle.asn1.x509.ExtensionsGenerator;
import com.cht.org.bouncycastle.asn1.x509.KeyUsage;
import com.cht.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import com.cht.org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import com.cht.org.bouncycastle.crypto.util.PrivateKeyFactory;
import com.cht.org.bouncycastle.operator.OperatorCreationException;
import com.cht.org.bouncycastle.operator.bc.BcECContentSignerBuilder;
import com.cht.org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import com.cht.org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import java.util.Enumeration;

/* loaded from: input_file:com/cht/kms/client/pkcs/PFXKeyStore.class */
public class PFXKeyStore {
    private String storefile;
    private KeyStore ks;
    private String alias;

    /* JADX INFO: Access modifiers changed from: protected */
    public PFXKeyStore(String str, KeyStore keyStore, String str2) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        if (!"PKCS12".equalsIgnoreCase(keyStore.getType())) {
            throw new UnsupportedOperationException(keyStore.getType() + " KeyStore not available");
        }
        this.storefile = str;
        this.ks = keyStore;
        this.alias = str2;
    }

    public static PFXKeyStore load(String str, char[] cArr) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, InvalidKeySpecException {
        FileInputStream fileInputStream = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            FileInputStream fileInputStream2 = new FileInputStream(str);
            keyStore.load(fileInputStream2, cArr);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.getKey(nextElement, cArr) instanceof PrivateKey) {
                    PFXKeyStore pFXKeyStore = new PFXKeyStore(str, keyStore, nextElement);
                    if (fileInputStream2 != null) {
                        fileInputStream2.close();
                    }
                    return pFXKeyStore;
                }
            }
            throw new UnrecoverableKeyException("PrivateKey not found");
        } catch (Throwable th) {
            if (0 != 0) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public String generateCertreq(char[] cArr) throws IOException, OperatorCreationException, UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException, InvalidKeySpecException {
        KeyPair key = getKey(cArr);
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, new DERPrintableString(this.alias));
        PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder = new PKCS10CertificationRequestBuilder(x500NameBuilder.build(), SubjectPublicKeyInfo.getInstance(key.getPublic().getEncoded()));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(128));
        pKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        return PEMWriter.writeObject(pKCS10CertificationRequestBuilder.build(key.getPublic() instanceof RSAPublicKey ? new BcRSAContentSignerBuilder(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption, DERNull.INSTANCE), new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE)).build(PrivateKeyFactory.createKey(key.getPrivate().getEncoded())) : new BcECContentSignerBuilder(new AlgorithmIdentifier(X9ObjectIdentifiers.ecdsa_with_SHA256, DERNull.INSTANCE), new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)).build(PrivateKeyFactory.createKey(key.getPrivate().getEncoded()))));
    }

    public void importCert(char[] cArr, X509Certificate x509Certificate) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException {
        importCert(cArr, new X509Certificate[]{x509Certificate});
    }

    public void importCert(char[] cArr, X509Certificate[] x509CertificateArr) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException {
        if (!this.ks.getCertificate(this.alias).getPublicKey().equals(x509CertificateArr[0].getPublicKey())) {
            throw new KeyStoreException("Public keys in reply and keystore don't match");
        }
        this.ks.setKeyEntry(this.alias, this.ks.getKey(this.alias, cArr), cArr, x509CertificateArr);
    }

    public void store(char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        store(this.storefile, cArr);
    }

    public void store(OutputStream outputStream, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        this.ks.store(outputStream, cArr);
    }

    public void store(String str, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        store(this.ks, str, cArr);
    }

    public KeyPair getKey(char[] cArr) throws UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException, InvalidKeySpecException {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.ks.getEntry(this.alias, new KeyStore.PasswordProtection(cArr));
        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
    }

    public X509Certificate getCertificate() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        return (X509Certificate) this.ks.getCertificate(this.alias);
    }

    public Certificate[] getCertificateChain() throws KeyStoreException {
        return this.ks.getCertificateChain(this.alias);
    }

    public String getAlias() {
        return this.alias;
    }

    public Date getCreationDate() throws KeyStoreException {
        return this.ks.getCreationDate(this.alias);
    }

    public static void changePassword(String str, char[] cArr, char[] cArr2) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, InvalidKeySpecException {
        PFXKeyStore load = load(str, cArr);
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
        keyStore.setKeyEntry(load.getAlias(), load.ks.getKey(load.getAlias(), cArr), cArr2, load.getCertificateChain());
        store(keyStore, str, cArr2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void store(KeyStore keyStore, String str, char[] cArr) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException {
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(str);
            keyStore.store(fileOutputStream, cArr);
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }
}
