package com.formosoft.jpki.pkcs12;

import com.formosoft.jpki.InvalidFormatException;
import com.formosoft.jpki.UnexpectedException;
import com.formosoft.jpki.asn1.ASN1AnyType;
import com.formosoft.jpki.asn1.ASN1InputStream;
import com.formosoft.jpki.asn1.ASN1Integer;
import com.formosoft.jpki.asn1.ASN1OctetString;
import com.formosoft.jpki.asn1.ASN1OutputStream;
import com.formosoft.jpki.asn1.ASN1ParseException;
import com.formosoft.jpki.asn1.ASN1Sequence;
import com.formosoft.jpki.asn1.ASN1SetOf;
import com.formosoft.jpki.asn1.ASN1Tag;
import com.formosoft.jpki.asn1.DERInputStream;
import com.formosoft.jpki.oid.OIDFactory;
import com.formosoft.jpki.oid.ObjectIdentifier;
import com.formosoft.jpki.pkcs5.InvalidPBEParameterException;
import com.formosoft.jpki.pkcs5.PKCS5Factory;
import com.formosoft.jpki.pkcs7.DigestInfo;
import com.formosoft.jpki.pkcs7.EncryptedContentInfo;
import com.formosoft.jpki.pkcs7.PKCS7;
import com.formosoft.jpki.pkcs8.PKCS8Generator;
import com.formosoft.jpki.pkcs8.PrivateKeyInfo;
import com.formosoft.jpki.util.HMAC;
import com.formosoft.jpki.util.JCAAlgorithm;
import com.formosoft.jpki.x501.Attribute;
import com.formosoft.jpki.x509.X509CRL;
import com.formosoft.jpki.x509.X509Certificate;
import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Random;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

/* loaded from: input_file:com/formosoft/jpki/pkcs12/PKCS12.class */
public class PKCS12 extends ASN1Sequence {
    private static final ObjectIdentifier fnameBag = OIDFactory.getObjectIdentifier("1.2.840.113549.1.9.20");
    private static final ObjectIdentifier lkeyBag = OIDFactory.getObjectIdentifier("1.2.840.113549.1.9.21");
    protected static Random rand = new Random();
    public static final int KEY_ID = 1;
    public static final int IV_ID = 2;
    public static final int MAC_ID = 3;
    public static final int MAC_KEY_LENGTH = 20;
    public static final int SALT_LEN = 8;
    private ASN1Integer version;
    private PKCS7 authSafe;
    private MacData macData;
    protected boolean unpacked;
    protected List keyList;
    protected List certList;
    protected List crlList;

    public PKCS12(ASN1InputStream aSN1InputStream) throws IOException, ASN1ParseException {
        super(aSN1InputStream, TAG);
        this.unpacked = false;
    }

    public PKCS12(ASN1InputStream aSN1InputStream, ASN1Tag aSN1Tag) throws IOException, ASN1ParseException {
        super(aSN1InputStream, aSN1Tag);
        this.unpacked = false;
    }

    public PKCS12(ASN1Tag aSN1Tag, ASN1InputStream aSN1InputStream) throws IOException, ASN1ParseException {
        super(aSN1Tag, aSN1InputStream, TAG);
        this.unpacked = false;
    }

    @Override // com.formosoft.jpki.asn1.ASN1Sequence, com.formosoft.jpki.asn1.ASN1Object
    protected void parseContent(ASN1InputStream aSN1InputStream) throws IOException, ASN1ParseException {
        this.version = new ASN1Integer(aSN1InputStream);
        this.authSafe = new PKCS7(aSN1InputStream);
        this.macData = new MacData(aSN1InputStream);
    }

    @Override // com.formosoft.jpki.asn1.ASN1Sequence
    public void getEncodedContent(ASN1OutputStream aSN1OutputStream) throws IOException {
        this.version.getEncoded(aSN1OutputStream);
        this.authSafe.getEncoded(aSN1OutputStream);
        this.macData.getEncoded(aSN1OutputStream);
    }

    public static void setRandom(Random random) {
        if (random == null) {
            return;
        }
        rand = random;
    }

    protected PKCS12(PKCS7 pkcs7, MacData macData) {
        this(3, pkcs7, macData);
    }

    protected PKCS12(int i, PKCS7 pkcs7, MacData macData) {
        this.unpacked = false;
        this.version = new ASN1Integer(i);
        this.authSafe = pkcs7;
        this.macData = macData;
    }

    public PKCS12(byte[] bArr) throws IOException, ASN1ParseException {
        this(new DERInputStream(bArr));
    }

    public PKCS12(PKCS7 pkcs7, char[] cArr) {
        this(3, pkcs7, cArr);
    }

    public PKCS12(int i, PKCS7 pkcs7, char[] cArr) {
        this.unpacked = false;
        try {
            this.version = new ASN1Integer(i);
            this.authSafe = pkcs7;
            this.macData = getMacData("SHA1", this.authSafe, cArr);
        } catch (NoSuchAlgorithmException e) {
            throw new UnexpectedException(e);
        }
    }

    public PKCS12(PrivateKeyInfo privateKeyInfo, List list, char[] cArr) {
        this(privateKeyInfo, list, cArr, cArr);
    }

    public PKCS12(PrivateKeyInfo privateKeyInfo, List list, char[] cArr, char[] cArr2) {
        this.unpacked = false;
        try {
            rand.nextBytes(new byte[20]);
            ArrayList arrayList = null;
            X509Certificate x509Certificate = null;
            try {
                PrivateKey privateKey = privateKeyInfo.getPrivateKey();
                if (privateKey instanceof RSAPrivateCrtKey) {
                    RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
                    BigInteger modulus = rSAPrivateCrtKey.getModulus();
                    BigInteger publicExponent = rSAPrivateCrtKey.getPublicExponent();
                    int i = 0;
                    while (true) {
                        if (i >= list.size()) {
                            break;
                        }
                        X509Certificate x509Certificate2 = (X509Certificate) list.get(i);
                        PublicKey publicKey = x509Certificate2.getPublicKey();
                        if (publicKey instanceof RSAPublicKey) {
                            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
                            BigInteger modulus2 = rSAPublicKey.getModulus();
                            BigInteger publicExponent2 = rSAPublicKey.getPublicExponent();
                            if (modulus2.equals(modulus) && publicExponent2.equals(publicExponent)) {
                                x509Certificate = x509Certificate2;
                                break;
                            }
                        }
                        i++;
                    }
                    if (x509Certificate != null) {
                        Attribute attribute = new Attribute(lkeyBag, new ASN1AnyType(ASN1SetOf.TAG, new ASN1OctetString(MessageDigest.getInstance("SHA1").digest(x509Certificate.getEncoded())).getEncoded()));
                        arrayList = new ArrayList();
                        arrayList.add(attribute);
                    }
                }
            } catch (NoSuchAlgorithmException e) {
            }
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(new SafeBag(new PKCS8Generator(privateKeyInfo, rand).encrypt(cArr2), arrayList));
            PKCS7 pkcs7 = new PKCS7(new ASN1OctetString(new SafeContents(arrayList2).getEncoded()));
            ArrayList arrayList3 = new ArrayList();
            if (list != null) {
                for (int i2 = 0; i2 < list.size(); i2++) {
                    X509Certificate x509Certificate3 = (X509Certificate) list.get(i2);
                    CertBag certBag = new CertBag(x509Certificate3);
                    arrayList3.add(x509Certificate3 == x509Certificate ? new SafeBag(certBag, arrayList) : new SafeBag(certBag, (List) null));
                }
            }
            PKCS7 pkcs72 = new PKCS7(new ASN1OctetString(new AuthenticatedSafe(new PKCS7[]{new PKCS7(new ASN1OctetString(new SafeContents(arrayList3).getEncoded())), pkcs7}).getEncoded()));
            this.version = new ASN1Integer(3);
            this.authSafe = pkcs72;
            this.macData = getMacData("SHA1", this.authSafe, cArr);
        } catch (NoSuchAlgorithmException e2) {
            throw new UnexpectedException(e2);
        }
    }

    public int getVersion() {
        return this.version.getInteger().intValue();
    }

    public PKCS7 getAuthSafe() {
        return this.authSafe;
    }

    public MacData getMacData() {
        return this.macData;
    }

    protected MacData getMacData(String str, PKCS7 pkcs7, char[] cArr) throws NoSuchAlgorithmException {
        ObjectIdentifier objectIdentifier = JCAAlgorithm.getObjectIdentifier(str);
        if (objectIdentifier == null) {
            throw new NoSuchAlgorithmException(str);
        }
        byte[] data = pkcs7.getData();
        byte[] bArr = new byte[MessageDigest.getInstance(str).getDigestLength()];
        rand.nextBytes(bArr);
        HMAC hmac = new HMAC(str, PBEPasswordToKeyBytes(str, cArr, bArr, 1024, 20, 3));
        hmac.update(data);
        return new MacData(new DigestInfo(objectIdentifier, hmac.mac()), bArr, 1024);
    }

    public static byte[] PBEPasswordToKeyBytes(String str, char[] cArr, byte[] bArr, int i, int i2, int i3) throws NoSuchAlgorithmException {
        byte[] bArr2 = null;
        if (cArr != null) {
            bArr2 = new byte[(cArr.length * 2) + 2];
            for (int i4 = 0; i4 < cArr.length; i4++) {
                bArr2[i4 * 2] = (byte) (cArr[i4] >> '\b');
                bArr2[(i4 * 2) + 1] = (byte) cArr[i4];
            }
        }
        bArr2[cArr.length * 2] = 0;
        bArr2[(cArr.length * 2) + 1] = 0;
        int digestLength = MessageDigest.getInstance(str).getDigestLength();
        byte[] bArr3 = new byte[64];
        Arrays.fill(bArr3, (byte) i3);
        int length = 64 * (((bArr.length + 64) - 1) / 64);
        int length2 = (bArr2 == null || bArr2.length == 0) ? 0 : 64 * (((cArr.length + 64) - 1) / 64);
        byte[] bArr4 = new byte[length + length2];
        for (int i5 = 0; i5 < length; i5++) {
            bArr4[i5] = bArr[i5 % bArr.length];
        }
        for (int i6 = 0; i6 < length2; i6++) {
            bArr4[i6 + length] = bArr2[i6 % bArr2.length];
        }
        byte[] bArr5 = new byte[i2];
        int i7 = 0;
        BigInteger bigInteger = new BigInteger("1");
        while (true) {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(bArr3);
            messageDigest.update(bArr4);
            byte[] digest = messageDigest.digest();
            for (int i8 = 1; i8 < i; i8++) {
                digest = MessageDigest.getInstance(str).digest(digest);
            }
            int i9 = i2 - i7;
            if (i9 > digest.length) {
                i9 = digest.length;
            }
            System.arraycopy(digest, 0, bArr5, i7, i9);
            i7 += i9;
            if (i7 >= i2) {
                return bArr5;
            }
            byte[] bArr6 = new byte[64];
            for (int i10 = 0; i10 < 64; i10++) {
                bArr6[i10] = digest[i10 % digestLength];
            }
            BigInteger add = new BigInteger(1, bArr6).add(bigInteger);
            int i11 = 0;
            while (true) {
                int i12 = i11;
                if (i12 < bArr4.length) {
                    byte[] bArr7 = new byte[64];
                    System.arraycopy(bArr4, i12, bArr7, 0, 64);
                    byte[] byteArray = new BigInteger(1, bArr7).add(add).toByteArray();
                    if (byteArray.length == 64) {
                        System.arraycopy(byteArray, 0, bArr4, i12, 64);
                    } else if (byteArray.length > 64) {
                        System.arraycopy(byteArray, 1, bArr4, i12, 64);
                    } else {
                        int length3 = i12 + (64 - byteArray.length);
                        Arrays.fill(bArr4, i12, length3, (byte) 0);
                        System.arraycopy(bArr4, length3 + 1, byteArray, 0, byteArray.length);
                    }
                    i11 = i12 + 64;
                }
            }
        }
    }

    public boolean verify(char[] cArr) throws NoSuchAlgorithmException {
        if (this.macData == null) {
            return false;
        }
        ObjectIdentifier algorithm = this.macData.getMac().getDigestAlgorithm().getAlgorithm();
        String algorithm2 = JCAAlgorithm.getAlgorithm(algorithm);
        if (algorithm2 == null) {
            throw new NoSuchAlgorithmException(algorithm.getObjectID());
        }
        byte[] salt = this.macData.getSalt();
        int iteration = this.macData.getIteration();
        byte[] data = this.authSafe.getData();
        HMAC hmac = new HMAC(algorithm2, PBEPasswordToKeyBytes(algorithm2, cArr, salt, iteration, 20, 3));
        hmac.update(data);
        return Arrays.equals(hmac.mac(), this.macData.getMac().getDigest());
    }

    public AuthenticatedSafe getAuthenticatedSafe() throws InvalidFormatException {
        try {
            int type = this.authSafe.getType();
            if (type == 1) {
                return new AuthenticatedSafe(this.authSafe.getData());
            }
            if (type == 2) {
                return new AuthenticatedSafe(this.authSafe.getSignedData().getContentInfo().getData());
            }
            throw new InvalidFormatException("Invalid contenType");
        } catch (ASN1ParseException e) {
            throw new InvalidFormatException(e);
        } catch (IOException e2) {
            throw new InvalidFormatException(e2);
        }
    }

    private void unpack(SafeContents safeContents, char[] cArr) throws NoSuchAlgorithmException, InvalidFormatException {
        for (int i = 0; i < safeContents.size(); i++) {
            SafeBag contentInfo = safeContents.getContentInfo(i);
            switch (contentInfo.getType()) {
                case 1:
                    this.keyList.add(contentInfo.getPrivateKeyInfo());
                    break;
                case 2:
                    this.keyList.add(contentInfo.getPKCS8().getPrivateKeyInfo(cArr));
                    break;
                case 3:
                    X509Certificate x509Certificate = contentInfo.getX509Certificate();
                    if (x509Certificate != null) {
                        this.certList.add(x509Certificate);
                        break;
                    } else {
                        break;
                    }
                case 4:
                    X509CRL x509crl = contentInfo.getX509CRL();
                    if (x509crl != null) {
                        this.crlList.add(x509crl);
                        break;
                    } else {
                        break;
                    }
                case 5:
                    contentInfo.getSecretBag();
                    break;
                case 6:
                    unpack(contentInfo.getSafeContents(), cArr);
                    break;
            }
        }
    }

    public void unpack(char[] cArr) throws NoSuchAlgorithmException, InvalidFormatException {
        if (this.unpacked) {
            return;
        }
        this.keyList = new ArrayList();
        this.certList = new ArrayList();
        this.crlList = new ArrayList();
        AuthenticatedSafe authenticatedSafe = getAuthenticatedSafe();
        for (int i = 0; i < authenticatedSafe.size(); i++) {
            try {
                PKCS7 contentInfo = authenticatedSafe.getContentInfo(i);
                SafeContents safeContents = null;
                switch (contentInfo.getType()) {
                    case 1:
                        safeContents = new SafeContents(contentInfo.getData());
                        break;
                    case 2:
                        throw new InvalidFormatException("AuthenticatedSafe content type incorrect: signed data");
                    case 3:
                        throw new RuntimeException("Encrypted SafeContents not support yet");
                    case 4:
                        throw new InvalidFormatException("AuthenticatedSafe content type incorrect: signed enveloped data");
                    case 5:
                        throw new InvalidFormatException("AuthenticatedSafe content type incorrect: digested data");
                    case 6:
                        EncryptedContentInfo encryptedContentInfo = contentInfo.getEncryptedData().getEncryptedContentInfo();
                        encryptedContentInfo.getEncryptedContent();
                        safeContents = new SafeContents(PKCS5Factory.decrypt(encryptedContentInfo.getEncryptionAlgorithm().getAlgorithm(), encryptedContentInfo.getEncryptedContent(), cArr, encryptedContentInfo.getEncryptionAlgorithm().getParameter().getEncoded()));
                        break;
                }
                unpack(safeContents, cArr);
            } catch (ASN1ParseException e) {
                throw new InvalidFormatException(e);
            } catch (InvalidPBEParameterException e2) {
                throw new InvalidFormatException(e2);
            } catch (IOException e3) {
                throw new InvalidFormatException(e3);
            } catch (BadPaddingException e4) {
                throw new InvalidFormatException(e4);
            } catch (IllegalBlockSizeException e5) {
                throw new InvalidFormatException(e5);
            }
        }
        this.unpacked = true;
    }

    public List getPrivateKeys() {
        return this.keyList;
    }

    public List getCertificates() {
        return this.certList;
    }

    public List getCRLs() {
        return this.crlList;
    }
}
