package cn.com.suresec.jcajce.provider.keystore.jks;

import cn.com.suresec.asn1.ASN1InputStream;
import cn.com.suresec.asn1.ASN1Sequence;
import cn.com.suresec.asn1.pkcs.PrivateKeyInfo;
import cn.com.suresec.jce.provider.SuresecProvider;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SealedObject;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import sun.security.pkcs.EncryptedPrivateKeyInfo;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;

/* compiled from: KeyProtector.java */
/* loaded from: classes.dex */
final class a {

    /* renamed from: c, reason: collision with root package name */
    private static final Provider f964c = Security.getProvider("SunJCE");

    /* renamed from: a, reason: collision with root package name */
    protected SecureRandom f965a = new SecureRandom();

    /* renamed from: b, reason: collision with root package name */
    private char[] f966b;

    /* JADX INFO: Access modifiers changed from: package-private */
    public a(char[] cArr) {
        if (cArr == null) {
            throw new IllegalArgumentException("password can't be null");
        }
        this.f966b = cArr;
    }

    private byte[] a(byte[] bArr) throws UnrecoverableKeyException, NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA");
        byte[] bArr2 = new byte[20];
        System.arraycopy(bArr, 0, bArr2, 0, 20);
        int length = (bArr.length - 20) - 20;
        int i = length / 20;
        if (length % 20 != 0) {
            i++;
        }
        byte[] bArr3 = new byte[length];
        System.arraycopy(bArr, 20, bArr3, 0, length);
        byte[] bArr4 = new byte[bArr3.length];
        byte[] bArr5 = new byte[this.f966b.length * 2];
        int i2 = 0;
        for (int i3 = 0; i3 < this.f966b.length; i3++) {
            int i4 = i2 + 1;
            bArr5[i2] = (byte) (this.f966b[i3] >> '\b');
            i2 = i4 + 1;
            bArr5[i4] = (byte) this.f966b[i3];
        }
        byte[] bArr6 = bArr2;
        int i5 = 0;
        int i6 = 0;
        while (i5 < i) {
            messageDigest.update(bArr5);
            messageDigest.update(bArr6);
            bArr6 = messageDigest.digest();
            messageDigest.reset();
            if (i5 < i - 1) {
                System.arraycopy(bArr6, 0, bArr4, i6, bArr6.length);
            } else {
                System.arraycopy(bArr6, 0, bArr4, i6, bArr4.length - i6);
            }
            i5++;
            i6 += 20;
        }
        byte[] bArr7 = new byte[bArr3.length];
        for (int i7 = 0; i7 < bArr7.length; i7++) {
            bArr7[i7] = (byte) (bArr3[i7] ^ bArr4[i7]);
        }
        messageDigest.update(bArr5);
        Arrays.fill(bArr5, (byte) 0);
        messageDigest.update(bArr7);
        byte[] digest = messageDigest.digest();
        messageDigest.reset();
        for (int i8 = 0; i8 < digest.length; i8++) {
            if (digest[i8] != bArr[20 + length + i8]) {
                throw new UnrecoverableKeyException("Cannot recover key");
            }
        }
        return bArr7;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Key a(SealedObject sealedObject) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        try {
            SecretKey generateSecret = SecretKeyFactory.getInstance("PBEwithMD5andRC2", SuresecProvider.PROVIDER_NAME).generateSecret(new PBEKeySpec(this.f966b));
            b bVar = !(sealedObject instanceof b) ? new b(sealedObject) : (b) sealedObject;
            AlgorithmParameters a2 = bVar.a();
            if (a2 == null) {
                throw new UnrecoverableKeyException("Cannot get algorithm parameters");
            }
            Cipher cipher = Cipher.getInstance("PBEwithMD5andRC2", SuresecProvider.PROVIDER_NAME);
            cipher.init(2, generateSecret, a2);
            return (Key) bVar.getObject(cipher);
        } catch (IOException e) {
            throw new UnrecoverableKeyException(e.getMessage());
        } catch (ClassNotFoundException e2) {
            throw new UnrecoverableKeyException(e2.getMessage());
        } catch (NoSuchAlgorithmException e3) {
            throw e3;
        } catch (GeneralSecurityException e4) {
            throw new UnrecoverableKeyException(e4.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Key a(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) throws UnrecoverableKeyException, NoSuchAlgorithmException {
        byte[] doFinal;
        try {
            String objectIdentifier = encryptedPrivateKeyInfo.getAlgorithm().getOID().toString();
            if (!objectIdentifier.equals("1.3.6.1.4.1.42.2.19.1") && !objectIdentifier.equals("1.3.6.1.4.1.42.2.17.1.1")) {
                throw new UnrecoverableKeyException("Unsupported encryption algorithm");
            }
            if (objectIdentifier.equals("1.3.6.1.4.1.42.2.17.1.1")) {
                doFinal = a(encryptedPrivateKeyInfo.getEncryptedData());
            } else {
                byte[] encodedParams = encryptedPrivateKeyInfo.getAlgorithm().getEncodedParams();
                AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("PBE");
                algorithmParameters.init(encodedParams);
                PBEParameterSpec pBEParameterSpec = (PBEParameterSpec) algorithmParameters.getParameterSpec(PBEParameterSpec.class);
                SecretKey generateSecret = SecretKeyFactory.getInstance("PBEwithMD5andRC2", SuresecProvider.PROVIDER_NAME).generateSecret(new PBEKeySpec(this.f966b));
                Cipher cipher = Cipher.getInstance("PBEwithMD5andRC2", SuresecProvider.PROVIDER_NAME);
                cipher.init(2, generateSecret, pBEParameterSpec);
                doFinal = cipher.doFinal(encryptedPrivateKeyInfo.getEncryptedData(), 0, encryptedPrivateKeyInfo.getEncryptedData().length);
            }
            String id = PrivateKeyInfo.getInstance((ASN1Sequence) new ASN1InputStream(doFinal).readObject()).getPrivateKeyAlgorithm().getAlgorithm().getId();
            if ("1.2.840.10045.2.1".equals(id)) {
                id = "SM2";
            }
            return KeyFactory.getInstance(id, SuresecProvider.PROVIDER_NAME).generatePrivate(new PKCS8EncodedKeySpec(doFinal));
        } catch (IOException e) {
            throw new UnrecoverableKeyException(e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new UnrecoverableKeyException(e3.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SealedObject a(Key key) throws Exception {
        byte[] bArr = new byte[8];
        this.f965a.setSeed(System.currentTimeMillis());
        this.f965a.nextBytes(bArr);
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, 20);
        SecretKey generateSecret = SecretKeyFactory.getInstance("PBEwithMD5andRC2", SuresecProvider.PROVIDER_NAME).generateSecret(new PBEKeySpec(this.f966b));
        Cipher cipher = Cipher.getInstance("PBEwithMD5andRC2", SuresecProvider.PROVIDER_NAME);
        cipher.init(1, generateSecret, pBEParameterSpec);
        return new b(key, cipher);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(PrivateKey privateKey) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA");
        byte[] bArr = new byte[this.f966b.length * 2];
        int i = 0;
        for (int i2 = 0; i2 < this.f966b.length; i2++) {
            int i3 = i + 1;
            bArr[i] = (byte) (this.f966b[i2] >> '\b');
            i = i3 + 1;
            bArr[i3] = (byte) this.f966b[i2];
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("plaintext key can't be null");
        }
        if (!"PKCS#8".equalsIgnoreCase(privateKey.getFormat())) {
            throw new KeyStoreException("Cannot get key bytes, not PKCS#8 encoded");
        }
        byte[] encoded = privateKey.getEncoded();
        if (encoded == null) {
            throw new KeyStoreException("Cannot get key bytes, encoding not supported");
        }
        int length = encoded.length / 20;
        if (encoded.length % 20 != 0) {
            length++;
        }
        int i4 = length;
        byte[] bArr2 = new byte[20];
        new SecureRandom().nextBytes(bArr2);
        byte[] bArr3 = new byte[encoded.length];
        int i5 = 0;
        int i6 = 0;
        byte[] bArr4 = bArr2;
        while (i5 < i4) {
            messageDigest.update(bArr);
            messageDigest.update(bArr4);
            bArr4 = messageDigest.digest();
            messageDigest.reset();
            if (i5 < i4 - 1) {
                System.arraycopy(bArr4, 0, bArr3, i6, bArr4.length);
            } else {
                System.arraycopy(bArr4, 0, bArr3, i6, bArr3.length - i6);
            }
            i5++;
            i6 += 20;
        }
        byte[] bArr5 = new byte[encoded.length];
        for (int i7 = 0; i7 < bArr5.length; i7++) {
            bArr5[i7] = (byte) (encoded[i7] ^ bArr3[i7]);
        }
        byte[] bArr6 = new byte[bArr2.length + bArr5.length + 20];
        System.arraycopy(bArr2, 0, bArr6, 0, bArr2.length);
        int length2 = bArr2.length + 0;
        System.arraycopy(bArr5, 0, bArr6, length2, bArr5.length);
        int length3 = length2 + bArr5.length;
        messageDigest.update(bArr);
        Arrays.fill(bArr, (byte) 0);
        this.f966b = null;
        messageDigest.update(encoded);
        byte[] digest = messageDigest.digest();
        messageDigest.reset();
        System.arraycopy(digest, 0, bArr6, length3, digest.length);
        try {
            return new EncryptedPrivateKeyInfo(new AlgorithmId(new ObjectIdentifier("1.3.6.1.4.1.42.2.17.1.1")), bArr6).getEncoded();
        } catch (IOException e) {
            throw new KeyStoreException(e.getMessage());
        }
    }
}
