package com.koalii.cert;

import com.koalii.bc.asn1.ASN1InputStream;
import com.koalii.bc.asn1.ASN1Object;
import com.koalii.bc.asn1.ASN1OctetString;
import com.koalii.bc.asn1.ASN1Sequence;
import com.koalii.bc.asn1.DERObjectIdentifier;
import com.koalii.bc.asn1.DEROctetString;
import com.koalii.bc.asn1.DERTaggedObject;
import com.koalii.bc.asn1.pkcs.AuthenticatedSafe;
import com.koalii.bc.asn1.pkcs.CertBag;
import com.koalii.bc.asn1.pkcs.ContentInfo;
import com.koalii.bc.asn1.pkcs.EncryptedData;
import com.koalii.bc.asn1.pkcs.EncryptedPrivateKeyInfo;
import com.koalii.bc.asn1.pkcs.PKCS12PBEParams;
import com.koalii.bc.asn1.pkcs.PKCSObjectIdentifiers;
import com.koalii.bc.asn1.pkcs.Pfx;
import com.koalii.bc.asn1.pkcs.PrivateKeyInfo;
import com.koalii.bc.asn1.pkcs.SafeBag;
import com.koalii.bc.asn1.x509.AlgorithmIdentifier;
import com.koalii.bc.crypto.CipherParameters;
import com.koalii.bc.crypto.PBEParametersGenerator;
import com.koalii.bc.crypto.digests.SHA1Digest;
import com.koalii.bc.crypto.engines.DESedeEngine;
import com.koalii.bc.crypto.engines.RC2Engine;
import com.koalii.bc.crypto.generators.PKCS12ParametersGenerator;
import com.koalii.bc.crypto.modes.CBCBlockCipher;
import com.koalii.bc.crypto.paddings.PaddedBufferedBlockCipher;
import com.koalii.bc.jce.provider.JCERSAPrivateCrtKey;
import com.koalii.bc.util.Strings;
import com.koalii.crypto.DESUtil;
import com.koalii.crypto.RSAUtil;
import com.koalii.crypto.SignUtil;
import com.koalii.util.AlgorithmUtil;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Hashtable;

/* loaded from: input_file:com/koalii/cert/PfxStore.class */
public class PfxStore extends SecretStore {
    static final String pkcs_7 = "1.2.840.113549.1.7";
    static final String pkcs_12 = "1.2.840.113549.1.12";
    static final String bagtypes = "1.2.840.113549.1.12.10.1";
    private static IgnoresCaseHashtable keys = new IgnoresCaseHashtable(null);
    private static Hashtable localIds = new Hashtable();
    static final DERObjectIdentifier data = new DERObjectIdentifier(AlgorithmUtil.ID_PKCS7_DATA);
    static final DERObjectIdentifier encryptedData = new DERObjectIdentifier("1.2.840.113549.1.7.6");
    static final DERObjectIdentifier keyBag = new DERObjectIdentifier("1.2.840.113549.1.12.10.1.1");
    static final DERObjectIdentifier pkcs8ShroudedKeyBag = new DERObjectIdentifier("1.2.840.113549.1.12.10.1.2");
    static final DERObjectIdentifier certBag = new DERObjectIdentifier("1.2.840.113549.1.12.10.1.3");

    /* loaded from: input_file:com/koalii/cert/PfxStore$IgnoresCaseHashtable.class */
    private static class IgnoresCaseHashtable {
        private Hashtable orig;
        private Hashtable keys;

        private IgnoresCaseHashtable() {
            this.orig = new Hashtable();
            this.keys = new Hashtable();
        }

        public void put(String str, Object obj) {
            String lowerCase = Strings.toLowerCase(str);
            String str2 = (String) this.keys.get(lowerCase);
            if (str2 != null) {
                this.orig.remove(str2);
            }
            this.keys.put(lowerCase, str);
            this.orig.put(str, obj);
        }

        public Enumeration keys() {
            return this.orig.keys();
        }

        public Object remove(String str) {
            String str2 = (String) this.keys.remove(Strings.toLowerCase(str));
            if (str2 == null) {
                return null;
            }
            return this.orig.remove(str2);
        }

        public Object get(String str) {
            String str2 = (String) this.keys.get(Strings.toLowerCase(str));
            if (str2 == null) {
                return null;
            }
            return this.orig.get(str2);
        }

        public Enumeration elements() {
            return this.orig.elements();
        }

        IgnoresCaseHashtable(IgnoresCaseHashtable ignoresCaseHashtable) {
            this();
        }
    }

    public PfxStore() {
    }

    public PfxStore(String str, String str2) throws Exception {
        setCertAndKey_ex(str, str2);
    }

    @Override // com.koalii.cert.SecretStore
    public String getAlgorithm() {
        return this.privKey != null ? this.privKey.getAlgorithm() : "";
    }

    public void setCertAndKey(String str, String str2) throws SecretStoreException {
        if (str2 == null || str2.length() <= 0) {
            throw new SecretStoreException("Password cannot be empty");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(new FileInputStream(str), str2.toCharArray());
            String nextElement = keyStore.aliases().nextElement();
            if (!keyStore.isKeyEntry(nextElement)) {
                throw new SecretStoreException("No key is found in pfx file");
            }
            try {
                this.privKey = (PrivateKey) keyStore.getKey(nextElement, str2.toCharArray());
                this.signCert = (X509Certificate) keyStore.getCertificate(nextElement);
            } catch (Exception e) {
                throw new SecretStoreException(e);
            }
        } catch (Exception e2) {
            throw new SecretStoreException(new StringBuffer("load pfx file ").append(str).append(" - ").append(e2).toString());
        }
    }

    public void setCertAndKey_ex(String str, String str2) throws Exception {
        if (str2 == null || str2.length() <= 0) {
            throw new SecretStoreException("Password cannot be empty");
        }
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
        bufferedInputStream.mark(10);
        if (bufferedInputStream.read() != 48) {
            throw new IOException("stream does not represent a PKCS12 key store");
        }
        bufferedInputStream.reset();
        ContentInfo authSafe = new Pfx((ASN1Sequence) new ASN1InputStream(bufferedInputStream).readObject()).getAuthSafe();
        byte[] PKCS12PasswordToBytes = PBEParametersGenerator.PKCS12PasswordToBytes(str2.toCharArray());
        if (authSafe.getContentType().equals(PKCSObjectIdentifiers.data)) {
            ContentInfo[] contentInfo = new AuthenticatedSafe((ASN1Sequence) new ASN1InputStream(((ASN1OctetString) authSafe.getContent()).getOctets()).readObject()).getContentInfo();
            for (int i = 0; i != contentInfo.length; i++) {
                if (contentInfo[i].getContentType().equals(PKCSObjectIdentifiers.data)) {
                    ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(((ASN1OctetString) contentInfo[i].getContent()).getOctets()).readObject();
                    for (int i2 = 0; i2 != aSN1Sequence.size(); i2++) {
                        SafeBag safeBag = new SafeBag((ASN1Sequence) aSN1Sequence.getObjectAt(i2));
                        if (safeBag.getBagId().equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag)) {
                            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo((ASN1Sequence) safeBag.getBagValue());
                            this.privKey = unwrapKey(encryptedPrivateKeyInfo.getEncryptionAlgorithm(), encryptedPrivateKeyInfo.getEncryptedData(), PKCS12PasswordToBytes);
                        }
                    }
                } else if (contentInfo[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) {
                    EncryptedData encryptedData2 = new EncryptedData((ASN1Sequence) contentInfo[i].getContent());
                    ASN1Sequence aSN1Sequence2 = (ASN1Sequence) ASN1Object.fromByteArray(cryptData(false, encryptedData2.getEncryptionAlgorithm(), PKCS12PasswordToBytes, encryptedData2.getContent().getOctets()));
                    for (int i3 = 0; i3 != aSN1Sequence2.size(); i3++) {
                        SafeBag safeBag2 = new SafeBag((ASN1Sequence) aSN1Sequence2.getObjectAt(i3));
                        if (safeBag2.getBagId().equals(PKCSObjectIdentifiers.certBag)) {
                            this.signCert = X509CertParser.parseCert(((DEROctetString) ((DERTaggedObject) ((ASN1Sequence) new CertBag((ASN1Sequence) ASN1Object.fromByteArray(safeBag2.getEncoded())).getCertValue()).getObjectAt(1)).getObject()).getOctets())[0];
                        }
                    }
                }
            }
        }
    }

    private byte[] cryptData(boolean z, AlgorithmIdentifier algorithmIdentifier, byte[] bArr, byte[] bArr2) throws Exception {
        String id = algorithmIdentifier.getObjectId().getId();
        byte[] bArr3 = null;
        PKCS12PBEParams pKCS12PBEParams = new PKCS12PBEParams((ASN1Sequence) algorithmIdentifier.getParameters());
        if (PKCSObjectIdentifiers.pbewithSHAAnd40BitRC2_CBC.getId().equals(id)) {
            PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
            pKCS12ParametersGenerator.init(bArr, pKCS12PBEParams.getIV(), pKCS12PBEParams.getIterations().intValue());
            CipherParameters generateDerivedParameters = pKCS12ParametersGenerator.generateDerivedParameters(40, 64);
            CBCBlockCipher cBCBlockCipher = new CBCBlockCipher(new RC2Engine());
            cBCBlockCipher.init(true, generateDerivedParameters);
            PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(cBCBlockCipher);
            paddedBufferedBlockCipher.init(false, generateDerivedParameters);
            bArr3 = DESUtil.decrypt(generateDerivedParameters, bArr2, paddedBufferedBlockCipher);
        }
        return bArr3;
    }

    public static PrivateKey unwrapKey(AlgorithmIdentifier algorithmIdentifier, byte[] bArr, byte[] bArr2) throws Exception {
        String id = algorithmIdentifier.getObjectId().getId();
        PKCS12PBEParams pKCS12PBEParams = new PKCS12PBEParams((ASN1Sequence) algorithmIdentifier.getParameters());
        byte[] bArr3 = null;
        if (PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC.getId().equals(id)) {
            PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
            pKCS12ParametersGenerator.init(bArr2, pKCS12PBEParams.getIV(), pKCS12PBEParams.getIterations().intValue());
            CipherParameters generateDerivedParameters = pKCS12ParametersGenerator.generateDerivedParameters(X509CertVerifier.CertUsage_Sign, 64);
            CBCBlockCipher cBCBlockCipher = new CBCBlockCipher(new DESedeEngine());
            cBCBlockCipher.init(true, generateDerivedParameters);
            PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(cBCBlockCipher);
            paddedBufferedBlockCipher.init(false, generateDerivedParameters);
            bArr3 = DESUtil.decrypt(generateDerivedParameters, bArr, paddedBufferedBlockCipher);
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr3));
        JCERSAPrivateCrtKey jCERSAPrivateCrtKey = new JCERSAPrivateCrtKey(PrivateKeyInfo.getInstance((ASN1Sequence) aSN1InputStream.readObject()));
        aSN1InputStream.close();
        return jCERSAPrivateCrtKey;
    }

    protected boolean isMatched() {
        if (this.signCert == null || this.privKey == null) {
            return false;
        }
        byte[] bytes = new String("123456").getBytes();
        try {
            return SignUtil.verify(bytes, SignUtil.sign(bytes, this.privKey), this.signCert.getPublicKey());
        } catch (Exception e) {
            return false;
        }
    }

    @Override // com.koalii.cert.SecretStore
    public byte[] encryptData(byte[] bArr) throws SecretStoreException {
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        try {
            return RSAUtil.privKeyEncrypt(this.privKey, bArr);
        } catch (Exception e) {
            throw new SecretStoreException(e);
        }
    }

    @Override // com.koalii.cert.SecretStore
    public byte[] decryptData(byte[] bArr) throws SecretStoreException {
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        try {
            return RSAUtil.privKeyDecrypt(this.privKey, bArr);
        } catch (Exception e) {
            throw new SecretStoreException(e);
        }
    }

    @Override // com.koalii.cert.SecretStore
    public byte[] signData(byte[] bArr) throws SecretStoreException {
        try {
            return SignUtil.sha1WithRsaSign(bArr, this.privKey);
        } catch (Exception e) {
            throw new SecretStoreException(e);
        }
    }

    public void toPfxFile(String str, String str2) throws SecretStoreException {
        try {
            Certificate[] certificateArr = {this.signCert};
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, null);
            keyStore.setKeyEntry("koalii", this.privKey, str2.toCharArray(), certificateArr);
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            keyStore.store(fileOutputStream, str2.toCharArray());
            fileOutputStream.close();
        } catch (Exception e) {
            throw new SecretStoreException(new StringBuffer("Save cert and key to pfx file - ").append(e).toString());
        }
    }
}
