package sun.security.pkcs12;

import com.aof.mcinabox.gamecontroller.definitions.map.KeyMap;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.security.AccessController;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PKCS12Attribute;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.x500.X500Principal;
import javax.xml.datatype.DatatypeConstants;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.EncryptedPrivateKeyInfo;
import sun.security.util.Debug;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;

/* loaded from: input_file:assets/app_runtime/j2re-image/lib/rt.jar:sun/security/pkcs12/PKCS12KeyStore.class */
public final class PKCS12KeyStore extends KeyStoreSpi {
    public static final int VERSION_3 = 3;
    private static final int MAX_ITERATION_COUNT = 5000000;
    private static final int PBE_ITERATION_COUNT = 50000;
    private static final int MAC_ITERATION_COUNT = 100000;
    private static final int SALT_LEN = 20;
    private static ObjectIdentifier PKCS8ShroudedKeyBag_OID;
    private static ObjectIdentifier CertBag_OID;
    private static ObjectIdentifier SecretBag_OID;
    private static ObjectIdentifier PKCS9FriendlyName_OID;
    private static ObjectIdentifier PKCS9LocalKeyId_OID;
    private static ObjectIdentifier PKCS9CertType_OID;
    private static ObjectIdentifier pbeWithSHAAnd40BitRC2CBC_OID;
    private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID;
    private static ObjectIdentifier pbes2_OID;
    private static ObjectIdentifier TrustedKeyUsage_OID;
    private static ObjectIdentifier[] AnyUsage;
    private SecureRandom random;
    private static final String[] KEY_PROTECTION_ALGORITHM = {"keystore.pkcs12.keyProtectionAlgorithm", "keystore.PKCS12.keyProtectionAlgorithm"};
    private static final String[] CORE_ATTRIBUTES = {"1.2.840.113549.1.9.20", "1.2.840.113549.1.9.21", "2.16.840.1.113894.746875.1.1"};
    private static final Debug debug = Debug.getInstance("pkcs12");
    private static final int[] keyBag = {1, 2, DatatypeConstants.MIN_TIMEZONE_OFFSET, 113549, 1, 12, 10, 1, 2};
    private static final int[] certBag = {1, 2, DatatypeConstants.MIN_TIMEZONE_OFFSET, 113549, 1, 12, 10, 1, 3};
    private static final int[] secretBag = {1, 2, DatatypeConstants.MIN_TIMEZONE_OFFSET, 113549, 1, 12, 10, 1, 5};
    private static final int[] pkcs9Name = {1, 2, DatatypeConstants.MIN_TIMEZONE_OFFSET, 113549, 1, 9, 20};
    private static final int[] pkcs9KeyId = {1, 2, DatatypeConstants.MIN_TIMEZONE_OFFSET, 113549, 1, 9, 21};
    private static final int[] pkcs9certType = {1, 2, DatatypeConstants.MIN_TIMEZONE_OFFSET, 113549, 1, 9, 22, 1};
    private static final int[] pbeWithSHAAnd40BitRC2CBC = {1, 2, DatatypeConstants.MIN_TIMEZONE_OFFSET, 113549, 1, 12, 1, 6};
    private static final int[] pbeWithSHAAnd3KeyTripleDESCBC = {1, 2, DatatypeConstants.MIN_TIMEZONE_OFFSET, 113549, 1, 12, 1, 3};
    private static final int[] pbes2 = {1, 2, DatatypeConstants.MIN_TIMEZONE_OFFSET, 113549, 1, 5, 13};
    private static final int[] TrustedKeyUsage = {2, 16, DatatypeConstants.MIN_TIMEZONE_OFFSET, 1, 113894, 746875, 1, 1};
    private static final int[] AnyExtendedKeyUsage = {2, 5, 29, 37, 0};
    private int counter = 0;
    private int privateKeyCount = 0;
    private int secretKeyCount = 0;
    private int certificateCount = 0;
    private Map<String, Entry> entries = Collections.synchronizedMap(new LinkedHashMap());
    private ArrayList<KeyEntry> keyList = new ArrayList<>();
    private LinkedHashMap<X500Principal, X509Certificate> certsMap = new LinkedHashMap<>();
    private ArrayList<CertEntry> certEntries = new ArrayList<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:assets/app_runtime/j2re-image/lib/rt.jar:sun/security/pkcs12/PKCS12KeyStore$CertEntry.class */
    public static class CertEntry extends Entry {
        final X509Certificate cert;
        ObjectIdentifier[] trustedKeyUsage;

        CertEntry(X509Certificate x509Certificate, byte[] bArr, String str) {
            this(x509Certificate, bArr, str, null, null);
        }

        CertEntry(X509Certificate x509Certificate, byte[] bArr, String str, ObjectIdentifier[] objectIdentifierArr, Set<? extends KeyStore.Entry.Attribute> set) {
            super();
            this.date = new Date();
            this.cert = x509Certificate;
            this.keyId = bArr;
            this.alias = str;
            this.trustedKeyUsage = objectIdentifierArr;
            this.attributes = new HashSet();
            if (set != null) {
                this.attributes.addAll(set);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:assets/app_runtime/j2re-image/lib/rt.jar:sun/security/pkcs12/PKCS12KeyStore$Entry.class */
    public static class Entry {
        Date date;
        String alias;
        byte[] keyId;
        Set<KeyStore.Entry.Attribute> attributes;

        private Entry() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:assets/app_runtime/j2re-image/lib/rt.jar:sun/security/pkcs12/PKCS12KeyStore$KeyEntry.class */
    public static class KeyEntry extends Entry {
        private KeyEntry() {
            super();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:assets/app_runtime/j2re-image/lib/rt.jar:sun/security/pkcs12/PKCS12KeyStore$PrivateKeyEntry.class */
    public static class PrivateKeyEntry extends KeyEntry {
        byte[] protectedPrivKey;
        Certificate[] chain;

        private PrivateKeyEntry() {
            super();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:assets/app_runtime/j2re-image/lib/rt.jar:sun/security/pkcs12/PKCS12KeyStore$SecretKeyEntry.class */
    public static class SecretKeyEntry extends KeyEntry {
        byte[] protectedSecretKey;

        private SecretKeyEntry() {
            super();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        byte[] bArr;
        Key key;
        Entry entry = this.entries.get(str.toLowerCase(Locale.ENGLISH));
        if (entry == null || !(entry instanceof KeyEntry)) {
            return null;
        }
        if (entry instanceof PrivateKeyEntry) {
            bArr = ((PrivateKeyEntry) entry).protectedPrivKey;
        } else {
            if (!(entry instanceof SecretKeyEntry)) {
                throw new UnrecoverableKeyException("Error locating key");
            }
            bArr = ((SecretKeyEntry) entry).protectedSecretKey;
        }
        try {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
            byte[] encryptedData = encryptedPrivateKeyInfo.getEncryptedData();
            DerInputStream derInputStream = new DerValue(encryptedPrivateKeyInfo.getAlgorithm().encode()).toDerInputStream();
            ObjectIdentifier oid = derInputStream.getOID();
            AlgorithmParameters parseAlgParameters = parseAlgParameters(oid, derInputStream);
            int i = 0;
            try {
                if (parseAlgParameters != null) {
                    try {
                        i = ((PBEParameterSpec) parseAlgParameters.getParameterSpec(PBEParameterSpec.class)).getIterationCount();
                        if (i > MAX_ITERATION_COUNT) {
                            throw new IOException("PBE iteration count too large");
                        }
                    } catch (InvalidParameterSpecException e) {
                        throw new IOException("Invalid PBE algorithm parameters");
                    }
                }
                while (true) {
                    try {
                        SecretKey pBEKey = getPBEKey(cArr);
                        Cipher cipher = Cipher.getInstance(mapPBEParamsToAlgorithm(oid, parseAlgParameters));
                        cipher.init(2, pBEKey, parseAlgParameters);
                        byte[] doFinal = cipher.doFinal(encryptedData);
                        DerInputStream derInputStream2 = new DerValue(doFinal).toDerInputStream();
                        derInputStream2.getInteger();
                        DerValue[] sequence = derInputStream2.getSequence(2);
                        if (sequence.length < 1 || sequence.length > 2) {
                            throw new IOException("Invalid length for AlgorithmIdentifier");
                        }
                        String name = new AlgorithmId(sequence[0].getOID()).getName();
                        if (entry instanceof PrivateKeyEntry) {
                            key = KeyFactory.getInstance(name).generatePrivate(new PKCS8EncodedKeySpec(doFinal));
                            if (debug != null) {
                                debug.println("Retrieved a protected private key at alias '" + str + "' (" + new AlgorithmId(oid).getName() + " iterations: " + i + ")");
                            }
                        } else {
                            SecretKeySpec secretKeySpec = new SecretKeySpec(derInputStream2.getOctetString(), name);
                            if (name.startsWith("PBE")) {
                                SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(name);
                                key = secretKeyFactory.generateSecret(secretKeyFactory.getKeySpec(secretKeySpec, PBEKeySpec.class));
                            } else {
                                key = secretKeySpec;
                            }
                            if (debug != null) {
                                debug.println("Retrieved a protected secret key at alias '" + str + "' (" + new AlgorithmId(oid).getName() + " iterations: " + i + ")");
                            }
                        }
                        return key;
                    } catch (Exception e2) {
                        if (cArr.length != 0) {
                            throw e2;
                        }
                        cArr = new char[1];
                    }
                }
            } catch (Exception e3) {
                UnrecoverableKeyException unrecoverableKeyException = new UnrecoverableKeyException("Get Key failed: " + e3.getMessage());
                unrecoverableKeyException.initCause(e3);
                throw unrecoverableKeyException;
            }
        } catch (IOException e4) {
            UnrecoverableKeyException unrecoverableKeyException2 = new UnrecoverableKeyException("Private key not stored as PKCS#8 EncryptedPrivateKeyInfo: " + ((Object) e4));
            unrecoverableKeyException2.initCause(e4);
            throw unrecoverableKeyException2;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        Entry entry = this.entries.get(str.toLowerCase(Locale.ENGLISH));
        if (entry == null || !(entry instanceof PrivateKeyEntry) || ((PrivateKeyEntry) entry).chain == null) {
            return null;
        }
        if (debug != null) {
            debug.println("Retrieved a " + ((PrivateKeyEntry) entry).chain.length + "-certificate chain at alias '" + str + KeyMap.KEYMAP_KEY_APOSTROPHE);
        }
        return (Certificate[]) ((PrivateKeyEntry) entry).chain.clone();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        Entry entry = this.entries.get(str.toLowerCase(Locale.ENGLISH));
        if (entry == null) {
            return null;
        }
        if ((entry instanceof CertEntry) && ((CertEntry) entry).trustedKeyUsage != null) {
            if (debug != null) {
                if (Arrays.equals(AnyUsage, ((CertEntry) entry).trustedKeyUsage)) {
                    debug.println("Retrieved a certificate at alias '" + str + "' (trusted for any purpose)");
                } else {
                    debug.println("Retrieved a certificate at alias '" + str + "' (trusted for limited purposes)");
                }
            }
            return ((CertEntry) entry).cert;
        }
        if (!(entry instanceof PrivateKeyEntry) || ((PrivateKeyEntry) entry).chain == null) {
            return null;
        }
        if (debug != null) {
            debug.println("Retrieved a certificate at alias '" + str + KeyMap.KEYMAP_KEY_APOSTROPHE);
        }
        return ((PrivateKeyEntry) entry).chain[0];
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        Entry entry = this.entries.get(str.toLowerCase(Locale.ENGLISH));
        if (entry != null) {
            return new Date(entry.date.getTime());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(cArr);
        try {
            setKeyEntry(str, key, passwordProtection, certificateArr, null);
        } finally {
            try {
                passwordProtection.destroy();
            } catch (DestroyFailedException e) {
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void setKeyEntry(String str, Key key, KeyStore.PasswordProtection passwordProtection, Certificate[] certificateArr, Set<KeyStore.Entry.Attribute> set) throws KeyStoreException {
        SecretKeyEntry secretKeyEntry;
        try {
            if (key instanceof PrivateKey) {
                PrivateKeyEntry privateKeyEntry = new PrivateKeyEntry();
                privateKeyEntry.date = new Date();
                if (!key.getFormat().equals("PKCS#8") && !key.getFormat().equals("PKCS8")) {
                    throw new KeyStoreException("Private key is not encodedas PKCS#8");
                }
                if (debug != null) {
                    debug.println("Setting a protected private key at alias '" + str + KeyMap.KEYMAP_KEY_APOSTROPHE);
                }
                privateKeyEntry.protectedPrivKey = encryptPrivateKey(key.getEncoded(), passwordProtection);
                if (certificateArr != null) {
                    if (certificateArr.length > 1 && !validateChain(certificateArr)) {
                        throw new KeyStoreException("Certificate chain is not valid");
                    }
                    privateKeyEntry.chain = (Certificate[]) certificateArr.clone();
                    this.certificateCount += certificateArr.length;
                    if (debug != null) {
                        debug.println("Setting a " + certificateArr.length + "-certificate chain at alias '" + str + KeyMap.KEYMAP_KEY_APOSTROPHE);
                    }
                }
                this.privateKeyCount++;
                secretKeyEntry = privateKeyEntry;
            } else {
                if (!(key instanceof SecretKey)) {
                    throw new KeyStoreException("Unsupported Key type");
                }
                SecretKeyEntry secretKeyEntry2 = new SecretKeyEntry();
                secretKeyEntry2.date = new Date();
                DerOutputStream derOutputStream = new DerOutputStream();
                DerOutputStream derOutputStream2 = new DerOutputStream();
                derOutputStream2.putInteger(0);
                AlgorithmId.get(key.getAlgorithm()).encode(derOutputStream2);
                derOutputStream2.putOctetString(key.getEncoded());
                derOutputStream.write((byte) 48, derOutputStream2);
                secretKeyEntry2.protectedSecretKey = encryptPrivateKey(derOutputStream.toByteArray(), passwordProtection);
                if (debug != null) {
                    debug.println("Setting a protected secret key at alias '" + str + KeyMap.KEYMAP_KEY_APOSTROPHE);
                }
                this.secretKeyCount++;
                secretKeyEntry = secretKeyEntry2;
            }
            secretKeyEntry.attributes = new HashSet();
            if (set != null) {
                secretKeyEntry.attributes.addAll(set);
            }
            secretKeyEntry.keyId = ("Time " + secretKeyEntry.date.getTime()).getBytes("UTF8");
            secretKeyEntry.alias = str.toLowerCase(Locale.ENGLISH);
            this.entries.put(str.toLowerCase(Locale.ENGLISH), secretKeyEntry);
        } catch (Exception e) {
            throw new KeyStoreException("Key protection  algorithm not found: " + ((Object) e), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        try {
            new EncryptedPrivateKeyInfo(bArr);
            PrivateKeyEntry privateKeyEntry = new PrivateKeyEntry();
            privateKeyEntry.date = new Date();
            if (debug != null) {
                debug.println("Setting a protected private key at alias '" + str + KeyMap.KEYMAP_KEY_APOSTROPHE);
            }
            try {
                privateKeyEntry.keyId = ("Time " + privateKeyEntry.date.getTime()).getBytes("UTF8");
            } catch (UnsupportedEncodingException e) {
            }
            privateKeyEntry.alias = str.toLowerCase(Locale.ENGLISH);
            privateKeyEntry.protectedPrivKey = (byte[]) bArr.clone();
            if (certificateArr != null) {
                if (certificateArr.length > 1 && !validateChain(certificateArr)) {
                    throw new KeyStoreException("Certificate chain is not valid");
                }
                privateKeyEntry.chain = (Certificate[]) certificateArr.clone();
                this.certificateCount += certificateArr.length;
                if (debug != null) {
                    debug.println("Setting a " + privateKeyEntry.chain.length + "-certificate chain at alias '" + str + KeyMap.KEYMAP_KEY_APOSTROPHE);
                }
            }
            this.privateKeyCount++;
            this.entries.put(str.toLowerCase(Locale.ENGLISH), privateKeyEntry);
        } catch (IOException e2) {
            throw new KeyStoreException("Private key is not stored as PKCS#8 EncryptedPrivateKeyInfo: " + ((Object) e2), e2);
        }
    }

    private byte[] getSalt() {
        byte[] bArr = new byte[20];
        if (this.random == null) {
            this.random = new SecureRandom();
        }
        this.random.nextBytes(bArr);
        return bArr;
    }

    private AlgorithmParameters getPBEAlgorithmParameters(String str) throws IOException {
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(getSalt(), 50000);
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(str);
            algorithmParameters.init(pBEParameterSpec);
            return algorithmParameters;
        } catch (Exception e) {
            throw new IOException("getPBEAlgorithmParameters failed: " + e.getMessage(), e);
        }
    }

    private AlgorithmParameters parseAlgParameters(ObjectIdentifier objectIdentifier, DerInputStream derInputStream) throws IOException {
        DerValue derValue;
        AlgorithmParameters algorithmParameters = null;
        try {
            if (derInputStream.available() == 0) {
                derValue = null;
            } else {
                derValue = derInputStream.getDerValue();
                if (derValue.tag == 5) {
                    derValue = null;
                }
            }
            if (derValue != null) {
                algorithmParameters = objectIdentifier.equals((Object) pbes2_OID) ? AlgorithmParameters.getInstance("PBES2") : AlgorithmParameters.getInstance("PBE");
                algorithmParameters.init(derValue.toByteArray());
            }
            return algorithmParameters;
        } catch (Exception e) {
            throw new IOException("parseAlgParameters failed: " + e.getMessage(), e);
        }
    }

    private SecretKey getPBEKey(char[] cArr) throws IOException {
        try {
            PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr);
            SecretKey generateSecret = SecretKeyFactory.getInstance("PBE").generateSecret(pBEKeySpec);
            pBEKeySpec.clearPassword();
            return generateSecret;
        } catch (Exception e) {
            throw new IOException("getSecretKey failed: " + e.getMessage(), e);
        }
    }

    private byte[] encryptPrivateKey(byte[] bArr, KeyStore.PasswordProtection passwordProtection) throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
        AlgorithmParameters pBEAlgorithmParameters;
        try {
            String protectionAlgorithm = passwordProtection.getProtectionAlgorithm();
            if (protectionAlgorithm != null) {
                AlgorithmParameterSpec protectionParameters = passwordProtection.getProtectionParameters();
                if (protectionParameters != null) {
                    pBEAlgorithmParameters = AlgorithmParameters.getInstance(protectionAlgorithm);
                    pBEAlgorithmParameters.init(protectionParameters);
                } else {
                    pBEAlgorithmParameters = getPBEAlgorithmParameters(protectionAlgorithm);
                }
            } else {
                protectionAlgorithm = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: sun.security.pkcs12.PKCS12KeyStore.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    /* renamed from: run */
                    public String run2() {
                        String property = Security.getProperty(PKCS12KeyStore.KEY_PROTECTION_ALGORITHM[0]);
                        if (property == null) {
                            property = Security.getProperty(PKCS12KeyStore.KEY_PROTECTION_ALGORITHM[1]);
                        }
                        return property;
                    }
                });
                if (protectionAlgorithm == null || protectionAlgorithm.isEmpty()) {
                    protectionAlgorithm = "PBEWithSHA1AndDESede";
                }
                pBEAlgorithmParameters = getPBEAlgorithmParameters(protectionAlgorithm);
            }
            ObjectIdentifier mapPBEAlgorithmToOID = mapPBEAlgorithmToOID(protectionAlgorithm);
            if (mapPBEAlgorithmToOID == null) {
                throw new IOException("PBE algorithm '" + protectionAlgorithm + " 'is not supported for key entry protection");
            }
            SecretKey pBEKey = getPBEKey(passwordProtection.getPassword());
            Cipher cipher = Cipher.getInstance(protectionAlgorithm);
            cipher.init(1, pBEKey, pBEAlgorithmParameters);
            byte[] doFinal = cipher.doFinal(bArr);
            AlgorithmId algorithmId = new AlgorithmId(mapPBEAlgorithmToOID, cipher.getParameters());
            if (debug != null) {
                debug.println("  (Cipher algorithm: " + cipher.getAlgorithm() + ")");
            }
            return new EncryptedPrivateKeyInfo(algorithmId, doFinal).getEncoded();
        } catch (Exception e) {
            UnrecoverableKeyException unrecoverableKeyException = new UnrecoverableKeyException("Encrypt Private Key failed: " + e.getMessage());
            unrecoverableKeyException.initCause(e);
            throw unrecoverableKeyException;
        }
    }

    private static ObjectIdentifier mapPBEAlgorithmToOID(String str) throws NoSuchAlgorithmException {
        return str.toLowerCase(Locale.ENGLISH).startsWith("pbewithhmacsha") ? pbes2_OID : AlgorithmId.get(str).getOID();
    }

    private static String mapPBEParamsToAlgorithm(ObjectIdentifier objectIdentifier, AlgorithmParameters algorithmParameters) throws NoSuchAlgorithmException {
        return (!objectIdentifier.equals((Object) pbes2_OID) || algorithmParameters == null) ? objectIdentifier.toString() : algorithmParameters.toString();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        setCertEntry(str, certificate, null);
    }

    private void setCertEntry(String str, Certificate certificate, Set<KeyStore.Entry.Attribute> set) throws KeyStoreException {
        Entry entry = this.entries.get(str.toLowerCase(Locale.ENGLISH));
        if (entry != null && (entry instanceof KeyEntry)) {
            throw new KeyStoreException("Cannot overwrite own certificate");
        }
        CertEntry certEntry = new CertEntry((X509Certificate) certificate, null, str, AnyUsage, set);
        this.certificateCount++;
        this.entries.put(str.toLowerCase(Locale.ENGLISH), certEntry);
        if (debug != null) {
            debug.println("Setting a trusted certificate at alias '" + str + KeyMap.KEYMAP_KEY_APOSTROPHE);
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineDeleteEntry(String str) throws KeyStoreException {
        if (debug != null) {
            debug.println("Removing entry at alias '" + str + KeyMap.KEYMAP_KEY_APOSTROPHE);
        }
        Entry entry = this.entries.get(str.toLowerCase(Locale.ENGLISH));
        if (entry instanceof PrivateKeyEntry) {
            PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) entry;
            if (privateKeyEntry.chain != null) {
                this.certificateCount -= privateKeyEntry.chain.length;
            }
            this.privateKeyCount--;
        } else if (entry instanceof CertEntry) {
            this.certificateCount--;
        } else if (entry instanceof SecretKeyEntry) {
            this.secretKeyCount--;
        }
        this.entries.remove(str.toLowerCase(Locale.ENGLISH));
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return Collections.enumeration(this.entries.keySet());
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return this.entries.containsKey(str.toLowerCase(Locale.ENGLISH));
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        Entry entry = this.entries.get(str.toLowerCase(Locale.ENGLISH));
        return entry != null && (entry instanceof KeyEntry);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        Entry entry = this.entries.get(str.toLowerCase(Locale.ENGLISH));
        return (entry == null || !(entry instanceof CertEntry) || ((CertEntry) entry).trustedKeyUsage == null) ? false : true;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineEntryInstanceOf(String str, Class<? extends KeyStore.Entry> cls) {
        if (cls == KeyStore.TrustedCertificateEntry.class) {
            return engineIsCertificateEntry(str);
        }
        Entry entry = this.entries.get(str.toLowerCase(Locale.ENGLISH));
        return cls == KeyStore.PrivateKeyEntry.class ? entry != null && (entry instanceof PrivateKeyEntry) : cls == KeyStore.SecretKeyEntry.class && entry != null && (entry instanceof SecretKeyEntry);
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        Certificate certificate2 = null;
        Enumeration<String> engineAliases = engineAliases();
        while (engineAliases.hasMoreElements()) {
            String nextElement2 = engineAliases.nextElement2();
            Entry entry = this.entries.get(nextElement2);
            if (entry instanceof PrivateKeyEntry) {
                if (((PrivateKeyEntry) entry).chain != null) {
                    certificate2 = ((PrivateKeyEntry) entry).chain[0];
                }
            } else if ((entry instanceof CertEntry) && ((CertEntry) entry).trustedKeyUsage != null) {
                certificate2 = ((CertEntry) entry).cert;
            }
            if (certificate2 != null && certificate2.equals(certificate)) {
                return nextElement2;
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (cArr == null) {
            throw new IllegalArgumentException("password can't be null");
        }
        DerOutputStream derOutputStream = new DerOutputStream();
        DerOutputStream derOutputStream2 = new DerOutputStream();
        derOutputStream2.putInteger(3);
        derOutputStream.write(derOutputStream2.toByteArray());
        DerOutputStream derOutputStream3 = new DerOutputStream();
        DerOutputStream derOutputStream4 = new DerOutputStream();
        if (this.privateKeyCount > 0 || this.secretKeyCount > 0) {
            if (debug != null) {
                debug.println("Storing " + (this.privateKeyCount + this.secretKeyCount) + " protected key(s) in a PKCS#7 data");
            }
            new ContentInfo(createSafeContent()).encode(derOutputStream4);
        }
        if (this.certificateCount > 0) {
            if (debug != null) {
                debug.println("Storing " + this.certificateCount + " certificate(s) in a PKCS#7 encryptedData");
            }
            new ContentInfo(ContentInfo.ENCRYPTED_DATA_OID, new DerValue(createEncryptedData(cArr))).encode(derOutputStream4);
        }
        DerOutputStream derOutputStream5 = new DerOutputStream();
        derOutputStream5.write((byte) 48, derOutputStream4);
        byte[] byteArray = derOutputStream5.toByteArray();
        new ContentInfo(byteArray).encode(derOutputStream3);
        derOutputStream.write(derOutputStream3.toByteArray());
        derOutputStream.write(calculateMac(cArr, byteArray));
        DerOutputStream derOutputStream6 = new DerOutputStream();
        derOutputStream6.write((byte) 48, derOutputStream);
        outputStream.write(derOutputStream6.toByteArray());
        outputStream.flush();
    }

    @Override // java.security.KeyStoreSpi
    public KeyStore.Entry engineGetEntry(String str, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        if (!engineContainsAlias(str)) {
            return null;
        }
        Entry entry = this.entries.get(str.toLowerCase(Locale.ENGLISH));
        if (protectionParameter == null) {
            if (!engineIsCertificateEntry(str)) {
                throw new UnrecoverableKeyException("requested entry requires a password");
            }
            if ((entry instanceof CertEntry) && ((CertEntry) entry).trustedKeyUsage != null) {
                if (debug != null) {
                    debug.println("Retrieved a trusted certificate at alias '" + str + KeyMap.KEYMAP_KEY_APOSTROPHE);
                }
                return new KeyStore.TrustedCertificateEntry(((CertEntry) entry).cert, getAttributes(entry));
            }
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            if (engineIsCertificateEntry(str)) {
                throw new UnsupportedOperationException("trusted certificate entries are not password-protected");
            }
            if (engineIsKeyEntry(str)) {
                Key engineGetKey = engineGetKey(str, ((KeyStore.PasswordProtection) protectionParameter).getPassword());
                if (engineGetKey instanceof PrivateKey) {
                    return new KeyStore.PrivateKeyEntry((PrivateKey) engineGetKey, engineGetCertificateChain(str), getAttributes(entry));
                }
                if (engineGetKey instanceof SecretKey) {
                    return new KeyStore.SecretKeyEntry((SecretKey) engineGetKey, getAttributes(entry));
                }
            } else if (!engineIsKeyEntry(str)) {
                throw new UnsupportedOperationException("untrusted certificate entries are not password-protected");
            }
        }
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        if (protectionParameter != null && !(protectionParameter instanceof KeyStore.PasswordProtection)) {
            throw new KeyStoreException("unsupported protection parameter");
        }
        KeyStore.PasswordProtection passwordProtection = null;
        if (protectionParameter != null) {
            passwordProtection = (KeyStore.PasswordProtection) protectionParameter;
        }
        if (entry instanceof KeyStore.TrustedCertificateEntry) {
            if (protectionParameter != null && passwordProtection.getPassword() != null) {
                throw new KeyStoreException("trusted certificate entries are not password-protected");
            }
            KeyStore.TrustedCertificateEntry trustedCertificateEntry = (KeyStore.TrustedCertificateEntry) entry;
            setCertEntry(str, trustedCertificateEntry.getTrustedCertificate(), trustedCertificateEntry.getAttributes());
            return;
        }
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            if (passwordProtection == null || passwordProtection.getPassword() == null) {
                throw new KeyStoreException("non-null password required to create PrivateKeyEntry");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            setKeyEntry(str, privateKeyEntry.getPrivateKey(), passwordProtection, privateKeyEntry.getCertificateChain(), privateKeyEntry.getAttributes());
            return;
        }
        if (!(entry instanceof KeyStore.SecretKeyEntry)) {
            throw new KeyStoreException("unsupported entry type: " + entry.getClass().getName());
        }
        if (passwordProtection == null || passwordProtection.getPassword() == null) {
            throw new KeyStoreException("non-null password required to create SecretKeyEntry");
        }
        KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) entry;
        setKeyEntry(str, secretKeyEntry.getSecretKey(), passwordProtection, (Certificate[]) null, secretKeyEntry.getAttributes());
    }

    private Set<KeyStore.Entry.Attribute> getAttributes(Entry entry) {
        ObjectIdentifier[] objectIdentifierArr;
        if (entry.attributes == null) {
            entry.attributes = new HashSet();
        }
        entry.attributes.add(new PKCS12Attribute(PKCS9FriendlyName_OID.toString(), entry.alias));
        byte[] bArr = entry.keyId;
        if (bArr != null) {
            entry.attributes.add(new PKCS12Attribute(PKCS9LocalKeyId_OID.toString(), Debug.toString(bArr)));
        }
        if ((entry instanceof CertEntry) && (objectIdentifierArr = ((CertEntry) entry).trustedKeyUsage) != null) {
            if (objectIdentifierArr.length == 1) {
                entry.attributes.add(new PKCS12Attribute(TrustedKeyUsage_OID.toString(), objectIdentifierArr[0].toString()));
            } else {
                entry.attributes.add(new PKCS12Attribute(TrustedKeyUsage_OID.toString(), Arrays.toString(objectIdentifierArr)));
            }
        }
        return entry.attributes;
    }

    private byte[] generateHash(byte[] bArr) throws IOException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (Exception e) {
            throw new IOException("generateHash failed: " + ((Object) e), e);
        }
    }

    private byte[] calculateMac(char[] cArr, byte[] bArr) throws IOException {
        try {
            byte[] salt = getSalt();
            Mac mac = Mac.getInstance("HmacPBESHA1");
            mac.init(getPBEKey(cArr), new PBEParameterSpec(salt, 100000));
            mac.update(bArr);
            MacData macData = new MacData("SHA1", mac.doFinal(), salt, 100000);
            DerOutputStream derOutputStream = new DerOutputStream();
            derOutputStream.write(macData.getEncoded());
            return derOutputStream.toByteArray();
        } catch (Exception e) {
            throw new IOException("calculateMac failed: " + ((Object) e), e);
        }
    }

    private boolean validateChain(Certificate[] certificateArr) {
        for (int i = 0; i < certificateArr.length - 1; i++) {
            if (!((X509Certificate) certificateArr[i]).getIssuerX500Principal().equals(((X509Certificate) certificateArr[i + 1]).getSubjectX500Principal())) {
                return false;
            }
        }
        return new HashSet(Arrays.asList(certificateArr)).size() == certificateArr.length;
    }

    private byte[] getBagAttributes(String str, byte[] bArr, Set<KeyStore.Entry.Attribute> set) throws IOException {
        return getBagAttributes(str, bArr, null, set);
    }

    private byte[] getBagAttributes(String str, byte[] bArr, ObjectIdentifier[] objectIdentifierArr, Set<KeyStore.Entry.Attribute> set) throws IOException {
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        byte[] bArr4 = null;
        if (str == null && bArr == null && 0 == 0) {
            return null;
        }
        DerOutputStream derOutputStream = new DerOutputStream();
        if (str != null) {
            DerOutputStream derOutputStream2 = new DerOutputStream();
            derOutputStream2.putOID(PKCS9FriendlyName_OID);
            DerOutputStream derOutputStream3 = new DerOutputStream();
            DerOutputStream derOutputStream4 = new DerOutputStream();
            derOutputStream3.putBMPString(str);
            derOutputStream2.write((byte) 49, derOutputStream3);
            derOutputStream4.write((byte) 48, derOutputStream2);
            bArr3 = derOutputStream4.toByteArray();
        }
        if (bArr != null) {
            DerOutputStream derOutputStream5 = new DerOutputStream();
            derOutputStream5.putOID(PKCS9LocalKeyId_OID);
            DerOutputStream derOutputStream6 = new DerOutputStream();
            DerOutputStream derOutputStream7 = new DerOutputStream();
            derOutputStream6.putOctetString(bArr);
            derOutputStream5.write((byte) 49, derOutputStream6);
            derOutputStream7.write((byte) 48, derOutputStream5);
            bArr2 = derOutputStream7.toByteArray();
        }
        if (objectIdentifierArr != null) {
            DerOutputStream derOutputStream8 = new DerOutputStream();
            derOutputStream8.putOID(TrustedKeyUsage_OID);
            DerOutputStream derOutputStream9 = new DerOutputStream();
            DerOutputStream derOutputStream10 = new DerOutputStream();
            for (ObjectIdentifier objectIdentifier : objectIdentifierArr) {
                derOutputStream9.putOID(objectIdentifier);
            }
            derOutputStream8.write((byte) 49, derOutputStream9);
            derOutputStream10.write((byte) 48, derOutputStream8);
            bArr4 = derOutputStream10.toByteArray();
        }
        DerOutputStream derOutputStream11 = new DerOutputStream();
        if (bArr3 != null) {
            derOutputStream11.write(bArr3);
        }
        if (bArr2 != null) {
            derOutputStream11.write(bArr2);
        }
        if (bArr4 != null) {
            derOutputStream11.write(bArr4);
        }
        if (set != null) {
            for (KeyStore.Entry.Attribute attribute : set) {
                String name = attribute.getName();
                if (!CORE_ATTRIBUTES[0].equals(name) && !CORE_ATTRIBUTES[1].equals(name) && !CORE_ATTRIBUTES[2].equals(name)) {
                    derOutputStream11.write(((PKCS12Attribute) attribute).getEncoded());
                }
            }
        }
        derOutputStream.write((byte) 49, derOutputStream11);
        return derOutputStream.toByteArray();
    }

    private byte[] createEncryptedData(char[] cArr) throws CertificateException, IOException {
        Certificate[] certificateArr;
        byte[] bagAttributes;
        DerOutputStream derOutputStream = new DerOutputStream();
        Enumeration<String> engineAliases = engineAliases();
        while (engineAliases.hasMoreElements()) {
            Entry entry = this.entries.get(engineAliases.nextElement2());
            if (entry instanceof PrivateKeyEntry) {
                PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) entry;
                certificateArr = privateKeyEntry.chain != null ? privateKeyEntry.chain : new Certificate[0];
            } else {
                certificateArr = entry instanceof CertEntry ? new Certificate[]{((CertEntry) entry).cert} : new Certificate[0];
            }
            for (int i = 0; i < certificateArr.length; i++) {
                DerOutputStream derOutputStream2 = new DerOutputStream();
                derOutputStream2.putOID(CertBag_OID);
                DerOutputStream derOutputStream3 = new DerOutputStream();
                derOutputStream3.putOID(PKCS9CertType_OID);
                DerOutputStream derOutputStream4 = new DerOutputStream();
                X509Certificate x509Certificate = (X509Certificate) certificateArr[i];
                derOutputStream4.putOctetString(x509Certificate.getEncoded());
                derOutputStream3.write(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream4);
                DerOutputStream derOutputStream5 = new DerOutputStream();
                derOutputStream5.write((byte) 48, derOutputStream3);
                byte[] byteArray = derOutputStream5.toByteArray();
                DerOutputStream derOutputStream6 = new DerOutputStream();
                derOutputStream6.write(byteArray);
                derOutputStream2.write(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream6);
                if (i != 0) {
                    bagAttributes = getBagAttributes(x509Certificate.getSubjectX500Principal().getName(), null, entry.attributes);
                } else if (entry instanceof KeyEntry) {
                    KeyEntry keyEntry = (KeyEntry) entry;
                    bagAttributes = getBagAttributes(keyEntry.alias, keyEntry.keyId, keyEntry.attributes);
                } else {
                    CertEntry certEntry = (CertEntry) entry;
                    bagAttributes = getBagAttributes(certEntry.alias, certEntry.keyId, certEntry.trustedKeyUsage, certEntry.attributes);
                }
                if (bagAttributes != null) {
                    derOutputStream2.write(bagAttributes);
                }
                derOutputStream.write((byte) 48, derOutputStream2);
            }
        }
        DerOutputStream derOutputStream7 = new DerOutputStream();
        derOutputStream7.write((byte) 48, derOutputStream);
        byte[] encryptContent = encryptContent(derOutputStream7.toByteArray(), cArr);
        DerOutputStream derOutputStream8 = new DerOutputStream();
        DerOutputStream derOutputStream9 = new DerOutputStream();
        derOutputStream8.putInteger(0);
        derOutputStream8.write(encryptContent);
        derOutputStream9.write((byte) 48, derOutputStream8);
        return derOutputStream9.toByteArray();
    }

    private byte[] createSafeContent() throws CertificateException, IOException {
        DerOutputStream derOutputStream = new DerOutputStream();
        Enumeration<String> engineAliases = engineAliases();
        while (engineAliases.hasMoreElements()) {
            String nextElement2 = engineAliases.nextElement2();
            Entry entry = this.entries.get(nextElement2);
            if (entry != null && (entry instanceof KeyEntry)) {
                DerOutputStream derOutputStream2 = new DerOutputStream();
                KeyEntry keyEntry = (KeyEntry) entry;
                if (keyEntry instanceof PrivateKeyEntry) {
                    derOutputStream2.putOID(PKCS8ShroudedKeyBag_OID);
                    try {
                        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(((PrivateKeyEntry) keyEntry).protectedPrivKey);
                        DerOutputStream derOutputStream3 = new DerOutputStream();
                        derOutputStream3.write(encryptedPrivateKeyInfo.getEncoded());
                        derOutputStream2.write(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream3);
                    } catch (IOException e) {
                        throw new IOException("Private key not stored as PKCS#8 EncryptedPrivateKeyInfo" + e.getMessage());
                    }
                } else if (keyEntry instanceof SecretKeyEntry) {
                    derOutputStream2.putOID(SecretBag_OID);
                    DerOutputStream derOutputStream4 = new DerOutputStream();
                    derOutputStream4.putOID(PKCS8ShroudedKeyBag_OID);
                    DerOutputStream derOutputStream5 = new DerOutputStream();
                    derOutputStream5.putOctetString(((SecretKeyEntry) keyEntry).protectedSecretKey);
                    derOutputStream4.write(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream5);
                    DerOutputStream derOutputStream6 = new DerOutputStream();
                    derOutputStream6.write((byte) 48, derOutputStream4);
                    byte[] byteArray = derOutputStream6.toByteArray();
                    DerOutputStream derOutputStream7 = new DerOutputStream();
                    derOutputStream7.write(byteArray);
                    derOutputStream2.write(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream7);
                }
                derOutputStream2.write(getBagAttributes(nextElement2, entry.keyId, entry.attributes));
                derOutputStream.write((byte) 48, derOutputStream2);
            }
        }
        DerOutputStream derOutputStream8 = new DerOutputStream();
        derOutputStream8.write((byte) 48, derOutputStream);
        return derOutputStream8.toByteArray();
    }

    private byte[] encryptContent(byte[] bArr, char[] cArr) throws IOException {
        AlgorithmParameters pBEAlgorithmParameters = getPBEAlgorithmParameters("PBEWithSHA1AndRC2_40");
        DerOutputStream derOutputStream = new DerOutputStream();
        new AlgorithmId(pbeWithSHAAnd40BitRC2CBC_OID, pBEAlgorithmParameters).encode(derOutputStream);
        byte[] byteArray = derOutputStream.toByteArray();
        try {
            SecretKey pBEKey = getPBEKey(cArr);
            Cipher cipher = Cipher.getInstance("PBEWithSHA1AndRC2_40");
            cipher.init(1, pBEKey, pBEAlgorithmParameters);
            byte[] doFinal = cipher.doFinal(bArr);
            if (debug != null) {
                debug.println("  (Cipher algorithm: " + cipher.getAlgorithm() + ")");
            }
            DerOutputStream derOutputStream2 = new DerOutputStream();
            derOutputStream2.putOID(ContentInfo.DATA_OID);
            derOutputStream2.write(byteArray);
            DerOutputStream derOutputStream3 = new DerOutputStream();
            derOutputStream3.putOctetString(doFinal);
            derOutputStream2.writeImplicit(DerValue.createTag(Byte.MIN_VALUE, false, (byte) 0), derOutputStream3);
            DerOutputStream derOutputStream4 = new DerOutputStream();
            derOutputStream4.write((byte) 48, derOutputStream2);
            return derOutputStream4.toByteArray();
        } catch (Exception e) {
            throw new IOException("Failed to encrypt safe contents entry: " + ((Object) e), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        byte[] octetString;
        if (inputStream == null) {
            return;
        }
        this.counter = 0;
        DerInputStream derInputStream = new DerValue(inputStream).toDerInputStream();
        if (derInputStream.getInteger() != 3) {
            throw new IOException("PKCS12 keystore not in version 3 format");
        }
        this.entries.clear();
        ContentInfo contentInfo = new ContentInfo(derInputStream);
        if (!contentInfo.getContentType().equals((Object) ContentInfo.DATA_OID)) {
            throw new IOException("public key protected PKCS12 not supported");
        }
        byte[] data = contentInfo.getData();
        DerValue[] sequence = new DerInputStream(data).getSequence(2);
        this.privateKeyCount = 0;
        this.secretKeyCount = 0;
        this.certificateCount = 0;
        for (DerValue derValue : sequence) {
            ContentInfo contentInfo2 = new ContentInfo(new DerInputStream(derValue.toByteArray()));
            ObjectIdentifier contentType = contentInfo2.getContentType();
            if (contentType.equals((Object) ContentInfo.DATA_OID)) {
                if (debug != null) {
                    debug.println("Loading PKCS#7 data");
                }
                octetString = contentInfo2.getData();
            } else {
                if (!contentType.equals((Object) ContentInfo.ENCRYPTED_DATA_OID)) {
                    throw new IOException("public key protected PKCS12 not supported");
                }
                if (cArr == null) {
                    if (debug != null) {
                        debug.println("Warning: skipping PKCS#7 encryptedData - no password was supplied");
                    }
                } else {
                    DerInputStream derInputStream2 = contentInfo2.getContent().toDerInputStream();
                    derInputStream2.getInteger();
                    DerValue[] sequence2 = derInputStream2.getSequence(3);
                    if (sequence2.length != 3) {
                        throw new IOException("Invalid length for EncryptedContentInfo");
                    }
                    sequence2[0].getOID();
                    sequence2[1].toByteArray();
                    if (!sequence2[2].isContextSpecific((byte) 0)) {
                        throw new IOException("unsupported encrypted content type " + ((int) sequence2[2].tag));
                    }
                    sequence2[2].resetTag(sequence2[2].isConstructed() ? (byte) (4 | 32) : (byte) 4);
                    octetString = sequence2[2].getOctetString();
                    DerInputStream derInputStream3 = sequence2[1].toDerInputStream();
                    ObjectIdentifier oid = derInputStream3.getOID();
                    AlgorithmParameters parseAlgParameters = parseAlgParameters(oid, derInputStream3);
                    int i = 0;
                    if (parseAlgParameters != null) {
                        try {
                            i = ((PBEParameterSpec) parseAlgParameters.getParameterSpec(PBEParameterSpec.class)).getIterationCount();
                            if (i > MAX_ITERATION_COUNT) {
                                throw new IOException("PBE iteration count too large");
                            }
                        } catch (InvalidParameterSpecException e) {
                            throw new IOException("Invalid PBE algorithm parameters");
                        }
                    }
                    if (debug != null) {
                        debug.println("Loading PKCS#7 encryptedData (" + new AlgorithmId(oid).getName() + " iterations: " + i + ")");
                    }
                    while (true) {
                        try {
                            SecretKey pBEKey = getPBEKey(cArr);
                            Cipher cipher = Cipher.getInstance(oid.toString());
                            cipher.init(2, pBEKey, parseAlgParameters);
                            octetString = cipher.doFinal(octetString);
                            break;
                        } catch (Exception e2) {
                            if (cArr.length != 0) {
                                throw new IOException("keystore password was incorrect", new UnrecoverableKeyException("failed to decrypt safe contents entry: " + ((Object) e2)));
                            }
                            cArr = new char[1];
                        }
                    }
                }
            }
            loadSafeContents(new DerInputStream(octetString), cArr);
        }
        if (cArr != null && derInputStream.available() > 0) {
            MacData macData = new MacData(derInputStream);
            int iterations = macData.getIterations();
            try {
                if (iterations > MAX_ITERATION_COUNT) {
                    throw new InvalidAlgorithmParameterException("MAC iteration count too large: " + iterations);
                }
                Mac mac = Mac.getInstance("HmacPBE" + macData.getDigestAlgName().toUpperCase(Locale.ENGLISH).replace("-", ""));
                mac.init(getPBEKey(cArr), new PBEParameterSpec(macData.getSalt(), iterations));
                mac.update(data);
                byte[] doFinal = mac.doFinal();
                if (debug != null) {
                    debug.println("Checking keystore integrity (" + mac.getAlgorithm() + " iterations: " + iterations + ")");
                }
                if (!MessageDigest.isEqual(macData.getDigest(), doFinal)) {
                    throw new UnrecoverableKeyException("Failed PKCS12 integrity checking");
                }
            } catch (Exception e3) {
                throw new IOException("Integrity check failed: " + ((Object) e3), e3);
            }
        }
        for (PrivateKeyEntry privateKeyEntry : (PrivateKeyEntry[]) this.keyList.toArray(new PrivateKeyEntry[this.keyList.size()])) {
            if (privateKeyEntry.keyId != null) {
                ArrayList arrayList = new ArrayList();
                X509Certificate findMatchedCertificate = findMatchedCertificate(privateKeyEntry);
                while (true) {
                    X509Certificate x509Certificate = findMatchedCertificate;
                    if (x509Certificate == null) {
                        break;
                    }
                    if (!arrayList.isEmpty()) {
                        Iterator it = arrayList.iterator();
                        while (it.getHasNext()) {
                            if (x509Certificate.equals((X509Certificate) it.next())) {
                                if (debug != null) {
                                    debug.println("Loop detected in certificate chain. Skip adding repeated cert to chain. Subject: " + x509Certificate.getSubjectX500Principal().toString());
                                }
                            }
                        }
                    }
                    arrayList.add(x509Certificate);
                    X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                    if (issuerX500Principal.equals(x509Certificate.getSubjectX500Principal())) {
                        break;
                    } else {
                        findMatchedCertificate = this.certsMap.get(issuerX500Principal);
                    }
                }
                if (arrayList.size() > 0) {
                    privateKeyEntry.chain = (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
                }
            }
        }
        if (debug != null) {
            debug.println("PKCS12KeyStore load: private key count: " + this.privateKeyCount + ". secret key count: " + this.secretKeyCount + ". certificate count: " + this.certificateCount);
        }
        this.certEntries.clear();
        this.certsMap.clear();
        this.keyList.clear();
    }

    private X509Certificate findMatchedCertificate(PrivateKeyEntry privateKeyEntry) {
        CertEntry certEntry = null;
        CertEntry certEntry2 = null;
        Iterator<CertEntry> it = this.certEntries.iterator();
        while (it.getHasNext()) {
            CertEntry next = it.next();
            if (Arrays.equals(privateKeyEntry.keyId, next.keyId)) {
                certEntry = next;
                if (privateKeyEntry.alias.equalsIgnoreCase(next.alias)) {
                    return next.cert;
                }
            } else if (privateKeyEntry.alias.equalsIgnoreCase(next.alias)) {
                certEntry2 = next;
            }
        }
        if (certEntry != null) {
            return certEntry.cert;
        }
        if (certEntry2 != null) {
            return certEntry2.cert;
        }
        return null;
    }

    private void loadSafeContents(DerInputStream derInputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        DerValue[] derValueArr;
        DerValue[] sequence = derInputStream.getSequence(2);
        int length = sequence.length;
        for (int i = 0; i < length; i++) {
            Object obj = null;
            DerInputStream derInputStream2 = sequence[i].toDerInputStream();
            ObjectIdentifier oid = derInputStream2.getOID();
            DerValue derValue = derInputStream2.getDerValue();
            if (!derValue.isContextSpecific((byte) 0)) {
                throw new IOException("unsupported PKCS12 bag value type " + ((int) derValue.tag));
            }
            DerValue derValue2 = derValue.data.getDerValue();
            if (oid.equals((Object) PKCS8ShroudedKeyBag_OID)) {
                PrivateKeyEntry privateKeyEntry = new PrivateKeyEntry();
                privateKeyEntry.protectedPrivKey = derValue2.toByteArray();
                obj = privateKeyEntry;
                this.privateKeyCount++;
            } else if (oid.equals((Object) CertBag_OID)) {
                DerValue[] sequence2 = new DerInputStream(derValue2.toByteArray()).getSequence(2);
                if (sequence2.length != 2) {
                    throw new IOException("Invalid length for CertBag");
                }
                sequence2[0].getOID();
                if (!sequence2[1].isContextSpecific((byte) 0)) {
                    throw new IOException("unsupported PKCS12 cert value type " + ((int) sequence2[1].tag));
                }
                obj = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(sequence2[1].data.getDerValue().getOctetString()));
                this.certificateCount++;
            } else if (oid.equals((Object) SecretBag_OID)) {
                DerValue[] sequence3 = new DerInputStream(derValue2.toByteArray()).getSequence(2);
                if (sequence3.length != 2) {
                    throw new IOException("Invalid length for SecretBag");
                }
                sequence3[0].getOID();
                if (!sequence3[1].isContextSpecific((byte) 0)) {
                    throw new IOException("unsupported PKCS12 secret value type " + ((int) sequence3[1].tag));
                }
                DerValue derValue3 = sequence3[1].data.getDerValue();
                SecretKeyEntry secretKeyEntry = new SecretKeyEntry();
                secretKeyEntry.protectedSecretKey = derValue3.getOctetString();
                obj = secretKeyEntry;
                this.secretKeyCount++;
            } else if (debug != null) {
                debug.println("Unsupported PKCS12 bag type: " + ((Object) oid));
            }
            try {
                derValueArr = derInputStream2.getSet(3);
            } catch (IOException e) {
                derValueArr = null;
            }
            String str = null;
            byte[] bArr = null;
            ObjectIdentifier[] objectIdentifierArr = null;
            HashSet hashSet = new HashSet();
            if (derValueArr != null) {
                for (DerValue derValue4 : derValueArr) {
                    byte[] byteArray = derValue4.toByteArray();
                    DerValue[] sequence4 = new DerInputStream(byteArray).getSequence(2);
                    if (sequence4.length != 2) {
                        throw new IOException("Invalid length for Attribute");
                    }
                    ObjectIdentifier oid2 = sequence4[0].getOID();
                    try {
                        DerValue[] set = new DerInputStream(sequence4[1].toByteArray()).getSet(1);
                        if (oid2.equals((Object) PKCS9FriendlyName_OID)) {
                            str = set[0].getBMPString();
                        } else if (oid2.equals((Object) PKCS9LocalKeyId_OID)) {
                            bArr = set[0].getOctetString();
                        } else if (oid2.equals((Object) TrustedKeyUsage_OID)) {
                            objectIdentifierArr = new ObjectIdentifier[set.length];
                            for (int i2 = 0; i2 < set.length; i2++) {
                                objectIdentifierArr[i2] = set[i2].getOID();
                            }
                        } else {
                            hashSet.add(new PKCS12Attribute(byteArray));
                        }
                    } catch (IOException e2) {
                        throw new IOException("Attribute " + ((Object) oid2) + " should have a value " + e2.getMessage());
                    }
                }
            }
            if (obj instanceof KeyEntry) {
                KeyEntry keyEntry = (KeyEntry) obj;
                if ((obj instanceof PrivateKeyEntry) && bArr == null) {
                    if (this.privateKeyCount == 1) {
                        bArr = "01".getBytes("UTF8");
                    }
                }
                keyEntry.keyId = bArr;
                String str2 = new String(bArr, "UTF8");
                Date date = null;
                if (str2.startsWith("Time ")) {
                    try {
                        date = new Date(Long.parseLong(str2.substring(5)));
                    } catch (Exception e3) {
                        date = null;
                    }
                }
                if (date == null) {
                    date = new Date();
                }
                keyEntry.date = date;
                if (obj instanceof PrivateKeyEntry) {
                    this.keyList.add((PrivateKeyEntry) keyEntry);
                }
                if (keyEntry.attributes == null) {
                    keyEntry.attributes = new HashSet();
                }
                keyEntry.attributes.addAll(hashSet);
                if (str == null) {
                    str = getUnfriendlyName();
                }
                keyEntry.alias = str;
                this.entries.put(str.toLowerCase(Locale.ENGLISH), keyEntry);
            } else if (obj instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) obj;
                if (bArr == null && this.privateKeyCount == 1 && i == 0) {
                    bArr = "01".getBytes("UTF8");
                }
                if (objectIdentifierArr != null) {
                    if (str == null) {
                        str = getUnfriendlyName();
                    }
                    this.entries.put(str.toLowerCase(Locale.ENGLISH), new CertEntry(x509Certificate, bArr, str, objectIdentifierArr, hashSet));
                } else {
                    this.certEntries.add(new CertEntry(x509Certificate, bArr, str));
                }
                X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                if (subjectX500Principal != null && !this.certsMap.containsKey(subjectX500Principal)) {
                    this.certsMap.put(subjectX500Principal, x509Certificate);
                }
            }
        }
    }

    private String getUnfriendlyName() {
        this.counter++;
        return String.valueOf(this.counter);
    }

    static {
        try {
            PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);
            CertBag_OID = new ObjectIdentifier(certBag);
            SecretBag_OID = new ObjectIdentifier(secretBag);
            PKCS9FriendlyName_OID = new ObjectIdentifier(pkcs9Name);
            PKCS9LocalKeyId_OID = new ObjectIdentifier(pkcs9KeyId);
            PKCS9CertType_OID = new ObjectIdentifier(pkcs9certType);
            pbeWithSHAAnd40BitRC2CBC_OID = new ObjectIdentifier(pbeWithSHAAnd40BitRC2CBC);
            pbeWithSHAAnd3KeyTripleDESCBC_OID = new ObjectIdentifier(pbeWithSHAAnd3KeyTripleDESCBC);
            pbes2_OID = new ObjectIdentifier(pbes2);
            TrustedKeyUsage_OID = new ObjectIdentifier(TrustedKeyUsage);
            AnyUsage = new ObjectIdentifier[]{new ObjectIdentifier(AnyExtendedKeyUsage)};
        } catch (IOException e) {
        }
    }
}
