package iaik.me.keymgmt;

import iaik.me.asn1.ASN1;
import iaik.me.asn1.Name;
import iaik.me.security.BigInteger;
import iaik.me.security.Cipher;
import iaik.me.security.CryptoException;
import iaik.me.security.Mac;
import iaik.me.security.PBE;
import iaik.me.security.PrivateKey;
import iaik.me.security.SecureRandom;
import iaik.me.utils.CryptoUtils;
import iaik.me.x509.X509Certificate;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.Vector;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_jce_me4se-3.05.jar:iaik/me/keymgmt/PKCS12.class */
public class PKCS12 {
    private Vector f;
    private PrivateKey a;
    private char[] b;
    private KeyAndCert d;
    private byte[] e;
    private ASN1 c;
    private static final String g = "1.2.840.113549.1.9.22.1";
    private static final String h = "1.2.840.113549.1.9.21";
    private static final String i = "1.2.840.113549.1.9.20";
    private static final String n = "1.2.840.113549.1.12.10.1.3";
    private static final String l = "1.2.840.113549.1.12.10.1.2";
    private static final String m = "1.2.840.113549.1.12.10.1.1";
    private static final String j = "1.2.840.113549.1.7.6";
    private static final String k = "1.2.840.113549.1.7.1";
    private static final boolean o = false;

    public boolean verify(char[] cArr) {
        if (this.c == null) {
            return false;
        }
        try {
            ASN1 elementAt = this.c.getElementAt(0);
            byte[] gvByteArray = this.c.getElementAt(1).gvByteArray();
            int gvInt = this.c.getSize() > 2 ? this.c.getElementAt(2).gvInt() : 1;
            String gvAlgorithm = elementAt.getElementAt(0).gvAlgorithm();
            byte[] gvByteArray2 = elementAt.getElementAt(1).gvByteArray();
            Mac mac = PBE.getInstance(gvAlgorithm).getMac(cArr, gvByteArray, gvInt, null);
            mac.update(this.e);
            return CryptoUtils.equalsBlock(gvByteArray2, mac.doFinal());
        } catch (Exception e) {
            return false;
        }
    }

    private static void e(ASN1 asn1) throws IOException {
        if (asn1 == null) {
            return;
        }
        Enumeration elements = asn1.gvVector().elements();
        while (elements.hasMoreElements()) {
            ASN1 asn12 = (ASN1) elements.nextElement();
            String gvString = asn12.getElementAt(0).gvString();
            Vector gvVector = asn12.getElementAt(1).gvVector();
            if (gvVector.size() > 0) {
            }
            if (!gvString.equals(i)) {
                gvString.equals(h);
            }
        }
    }

    private void d(ASN1 asn1) throws IOException {
        if (asn1.getType() != 16 || asn1.getElementAt(0).getType() != 2) {
            throw new IOException("ASN.1 format error: not a PKCS#12 structure!");
        }
        if (asn1.getElementAt(0).gvInt() < 3) {
            throw new IOException("Version must be 3 or later");
        }
        ASN1 elementAt = asn1.getElementAt(1);
        if (asn1.getSize() > 2) {
            this.c = asn1.getElementAt(2);
        }
        if (!elementAt.getElementAt(0).gvString().equals(k)) {
            throw new IOException("Outer layer must be PKCS#7 data");
        }
        this.e = elementAt.getElementAt(1).gvASN1().gvByteArray();
    }

    private void c(ASN1 asn1, ASN1 asn12) throws IOException, CryptoException {
        e(asn12);
        this.a = new EncryptedPrivateKey(asn1).decrypt(this.b);
    }

    private void c(ASN1 asn1) throws IOException, CryptoException {
        Enumeration elements = asn1.gvVector().elements();
        while (elements.hasMoreElements()) {
            ASN1 asn12 = (ASN1) elements.nextElement();
            String gvObjectId = asn12.getElementAt(0).gvObjectId();
            ASN1 gvASN1 = asn12.getElementAt(1).gvASN1();
            ASN1 asn13 = null;
            if (asn12.getSize() > 2) {
                asn13 = asn12.getElementAt(2);
            }
            if (gvObjectId.equals(m)) {
                b(gvASN1, asn13);
            } else if (gvObjectId.equals(l)) {
                c(gvASN1, asn13);
            } else if (gvObjectId.equals(n)) {
                a(gvASN1, asn13);
            }
        }
    }

    private void b(ASN1 asn1, ASN1 asn12) throws IOException {
        e(asn12);
        this.a = new PrivateKey(asn1);
    }

    private void b(ASN1 asn1) throws IOException, CryptoException {
        asn1.getElementAt(0).gvInt();
        ASN1 elementAt = asn1.getElementAt(1);
        String gvString = elementAt.getElementAt(0).gvString();
        if (!gvString.equals(k)) {
            throw new IOException(new StringBuffer("Contained content type must be data: ").append(gvString).toString());
        }
        ASN1 elementAt2 = elementAt.getElementAt(1);
        String gvString2 = elementAt2.getElementAt(0).gvString();
        ASN1 elementAt3 = elementAt2.getElementAt(1);
        Cipher cipher = PBE.getInstance(gvString2).getCipher(2, this.b, elementAt3.getElementAt(0).gvByteArray(), elementAt3.getElementAt(1).gvInt(), null);
        ASN1 elementAt4 = elementAt.getElementAt(2);
        elementAt4.setImplicitTag(4);
        c(new ASN1(cipher.doFinal(elementAt4.gvASN1().gvByteArray()), 0, false));
    }

    private void a(ASN1 asn1) throws IOException, CryptoException {
        c(new ASN1(asn1.gvByteArray(), 0, false));
    }

    private void a(ASN1 asn1, ASN1 asn12) throws IOException {
        e(asn12);
        if (asn1.getElementAt(0).gvString().equals(g)) {
            this.f.addElement(new X509Certificate(asn1.getElementAt(1).gvASN1().gvByteArray()));
        }
    }

    private static String a(X509Certificate x509Certificate) {
        Name subjectDN = x509Certificate.getSubjectDN();
        String rdn = subjectDN.getRDN(ASN1.OID_NAME_CN);
        if (rdn == null) {
            rdn = subjectDN.getRDN(ASN1.OID_NAME_EMAIL);
            if (rdn == null) {
                rdn = subjectDN.toString();
            }
        }
        return rdn;
    }

    public byte[] encrypt(char[] cArr, String str, int i2) throws CryptoException {
        if (str == null) {
            str = PBE.OID_PKCS12_DES_EDE_168_SHA;
        }
        PrivateKey privateKey = this.d.getPrivateKey();
        X509Certificate[] certificateChain = this.d.getCertificateChain();
        ASN1 asn1 = new ASN1(17, new Vector(1));
        byte[] bArr = new byte[8];
        SecureRandom.getDefault().nextBytes(bArr);
        asn1.addElement(new ASN1(4, bArr));
        ASN1 makeSequence = ASN1.makeSequence(2);
        makeSequence.addElement(new ASN1(6, h));
        makeSequence.addElement(asn1);
        ASN1 asn12 = new ASN1(17, new Vector(1));
        asn12.addElement(new ASN1(30, a(certificateChain[0])));
        ASN1 makeSequence2 = ASN1.makeSequence(2);
        makeSequence2.addElement(new ASN1(6, i));
        makeSequence2.addElement(asn12);
        ASN1 asn13 = new ASN1(17, new Vector(2));
        asn13.addElement(makeSequence2);
        asn13.addElement(makeSequence);
        ASN1 makeSequence3 = ASN1.makeSequence(certificateChain.length + 1);
        ASN1 encrypt = EncryptedPrivateKey.encrypt(privateKey, cArr, str, 1);
        ASN1 makeSequence4 = ASN1.makeSequence(3);
        makeSequence4.addElement(new ASN1(6, l));
        makeSequence4.addElement(new ASN1(Integer.MIN_VALUE, encrypt));
        makeSequence4.addElement(asn13);
        makeSequence3.addElement(makeSequence4);
        for (int i3 = 0; i3 < certificateChain.length; i3++) {
            ASN1 makeSequence5 = ASN1.makeSequence(2);
            makeSequence5.addElement(new ASN1(6, g));
            makeSequence5.addElement(new ASN1(Integer.MIN_VALUE, new ASN1(4, certificateChain[i3].getEncoded())));
            ASN1 makeSequence6 = ASN1.makeSequence(3);
            makeSequence6.addElement(new ASN1(6, n));
            makeSequence6.addElement(new ASN1(Integer.MIN_VALUE, makeSequence5));
            if (i3 == 0) {
                makeSequence6.addElement(asn13);
            }
            makeSequence3.addElement(makeSequence6);
        }
        byte[] encoded = makeSequence3.getEncoded();
        PBE pbe = PBE.getInstance(str);
        byte[] doFinal = pbe.getCipher(1, cArr, null, i2, null).doFinal(encoded);
        ASN1 makeSequence7 = ASN1.makeSequence(2);
        makeSequence7.addElement(new ASN1(4, pbe.getSalt()));
        makeSequence7.addElement(new ASN1(2, BigInteger.valueOf(pbe.getIterationCount())));
        ASN1 makeSequence8 = ASN1.makeSequence(3);
        makeSequence8.addElement(new ASN1(6, k));
        makeSequence8.addElement(ASN1.makeAlgorithmId(str, makeSequence7));
        makeSequence8.addElement(new ASN1(Integer.MIN_VALUE, new ASN1(4, (Object) doFinal, true)));
        ASN1 makeSequence9 = ASN1.makeSequence(2);
        makeSequence9.addElement(new ASN1(2, BigInteger.ZERO));
        makeSequence9.addElement(makeSequence8);
        ASN1 makeSequence10 = ASN1.makeSequence(2);
        makeSequence10.addElement(new ASN1(6, j));
        makeSequence10.addElement(new ASN1(Integer.MIN_VALUE, makeSequence9));
        ASN1 makeSequence11 = ASN1.makeSequence(1);
        makeSequence11.addElement(makeSequence10);
        this.e = makeSequence11.getEncoded();
        ASN1 makeSequence12 = ASN1.makeSequence(2);
        makeSequence12.addElement(new ASN1(6, k));
        makeSequence12.addElement(new ASN1(Integer.MIN_VALUE, new ASN1(4, this.e)));
        PBE pbe2 = PBE.getInstance(ASN1.OID_SHA);
        Mac mac = pbe2.getMac(cArr, null, i2, null);
        mac.update(this.e);
        byte[] doFinal2 = mac.doFinal();
        ASN1 makeSequence13 = ASN1.makeSequence(2);
        makeSequence13.addElement(ASN1.makeAlgorithmId(ASN1.OID_SHA, null));
        makeSequence13.addElement(new ASN1(4, doFinal2));
        this.c = ASN1.makeSequence(3);
        this.c.addElement(makeSequence13);
        this.c.addElement(new ASN1(4, pbe2.getSalt()));
        this.c.addElement(new ASN1(2, BigInteger.valueOf(pbe2.getIterationCount())));
        ASN1 makeSequence14 = ASN1.makeSequence(3);
        makeSequence14.addElement(new ASN1(2, BigInteger.valueOf(3L)));
        makeSequence14.addElement(makeSequence12);
        makeSequence14.addElement(this.c);
        return makeSequence14.getEncoded();
    }

    public byte[] encrypt(char[] cArr) throws CryptoException {
        return encrypt(cArr, null, 0);
    }

    public KeyAndCert decrypt(char[] cArr) throws CryptoException {
        X509Certificate[] x509CertificateArr;
        try {
            try {
                this.b = cArr;
                this.f = new Vector();
                this.a = null;
                Enumeration elements = new ASN1(this.e).gvVector().elements();
                while (elements.hasMoreElements()) {
                    ASN1 asn1 = (ASN1) elements.nextElement();
                    String gvString = asn1.getElementAt(0).gvString();
                    ASN1 gvASN1 = asn1.getElementAt(1).gvASN1();
                    if (gvString.equals(k)) {
                        a(gvASN1);
                    } else {
                        if (!gvString.equals(j)) {
                            throw new IOException(new StringBuffer("Unsupported PKCS#7 type: ").append(gvString).toString());
                        }
                        b(gvASN1);
                    }
                }
                if (this.a == null || this.f.size() == 0) {
                    throw new CryptoException("No private key or certificate found!");
                }
                try {
                    x509CertificateArr = X509Certificate.arrangeCertificateChain(this.a.getPublicKey(), this.f);
                } catch (CryptoException unused) {
                    x509CertificateArr = new X509Certificate[this.f.size()];
                    this.f.copyInto(x509CertificateArr);
                }
                this.d = new KeyAndCert(x509CertificateArr, this.a);
                return this.d;
            } finally {
                this.b = null;
                this.a = null;
                this.f = null;
            }
        } catch (IOException e) {
            throw new CryptoException(new StringBuffer("Parsing error: ").append(e.toString()).toString());
        }
    }

    public PKCS12(InputStream inputStream) throws IOException {
        d(new ASN1(inputStream, 0, true));
    }

    public PKCS12(KeyAndCert keyAndCert) {
        this.d = keyAndCert;
    }

    static {
        ASN1.register(k, "PKCS#7 data");
        ASN1.register(j, "PKCS#7 encrypted data");
        ASN1.register(m, "PKCS#12 key bag");
        ASN1.register(l, "PKCS#12 shrouded key bag");
        ASN1.register(n, "PKCS#12 cert bag");
        ASN1.register(i, "PKCS#9 friendly name");
        ASN1.register(h, "PKCS#9 local id");
        ASN1.register(g, "PKCS#9 X.509 certificate");
    }
}
