package com.isnetworks.provider.pki;

import com.isnetworks.provider.asn1.AsnInteger;
import com.isnetworks.provider.asn1.DecodeException;
import com.isnetworks.provider.asn1.EncodeException;
import com.isnetworks.provider.asn1.OctetString;
import com.isnetworks.provider.asn1.pkcs12.AuthenticatedSafe;
import com.isnetworks.provider.asn1.pkcs12.CertBag;
import com.isnetworks.provider.asn1.pkcs12.Identifiers;
import com.isnetworks.provider.asn1.pkcs12.MacData;
import com.isnetworks.provider.asn1.pkcs12.PFX;
import com.isnetworks.provider.asn1.pkcs12.PKCS8ShroudedKeyBag;
import com.isnetworks.provider.asn1.pkcs12.SafeBag;
import com.isnetworks.provider.asn1.pkcs12.SafeContents;
import com.isnetworks.provider.asn1.pkcs7.ContentInfo;
import com.isnetworks.provider.asn1.pkcs7.Data;
import com.isnetworks.provider.asn1.pkcs9.LocalKeyId;
import com.isnetworks.provider.pkcs7.EncryptedDataContentInfo;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;

/* loaded from: input_file:com/isnetworks/provider/pki/PKCS12Wrapper.class */
public class PKCS12Wrapper {
    private PFX mPFX;
    private static final String DEFAULT_PBE_HMAC_ALGORITHM = "PBEWithHmacSHA1";

    public PKCS12Wrapper(PFX pfx) {
        this.mPFX = pfx;
    }

    public PKCS12Wrapper(byte[] bArr) throws PKIException {
        try {
            this.mPFX = new PFX("pfx");
            this.mPFX.decode(bArr);
        } catch (DecodeException e) {
            throw new PKIException("Unable to decode PKCS12", e);
        }
    }

    public PKCS12Wrapper(PrivateKey privateKey, Certificate certificate, char[] cArr) throws PKIException {
        this(privateKey, certificate, cArr, true);
    }

    public PKCS12Wrapper(PrivateKey privateKey, Certificate certificate, char[] cArr, boolean z) throws PKIException {
        this.mPFX = new PFX("pfx");
        this.mPFX.getVersion().setValue(AsnInteger.makeValue(3));
        addPrivateKey(privateKey, cArr);
        if (z) {
            addCertificate(certificate, cArr);
        } else {
            addCertificate(certificate);
        }
        createMAC(cArr);
    }

    public boolean hasMAC() {
        return !this.mPFX.getMacData().isDefaultValue();
    }

    public boolean verifyMAC(char[] cArr) throws PKIException {
        try {
            MacData macData = this.mPFX.getMacData();
            String stringBuffer = new StringBuffer().append("PBEWithHmac").append(AlgorithmMapperKojak.getJavaAlgorithm(macData.getMac().getDigestAlgorithm())).toString();
            Mac mac = Mac.getInstance(stringBuffer);
            int intValue = ((BigInteger) macData.getIterations().getDefaultValue()).intValue();
            if (!macData.getIterations().isDefaultValue()) {
                intValue = macData.getIterations().getIntValue();
            }
            mac.init(SecretKeyFactory.getInstance(stringBuffer).generateSecret(new PBEKeySpec(cArr)), new PBEParameterSpec((byte[]) macData.getMacSalt().getValue(), intValue));
            byte[] doFinal = mac.doFinal((byte[]) this.mPFX.getAuthSafe().getContent().getActual().getValue());
            return Arrays.equals(doFinal, (byte[]) macData.getMac().getDigest().getValue());
        } catch (InvalidAlgorithmParameterException e) {
            throw new PKIException("MAC didn't like the PBEParameterSpec", e);
        } catch (InvalidKeyException e2) {
            throw new PKIException("MAC didn't like the key from the SecretKeyFactory", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new PKIException("Couldn't find HMac algorithm", e3);
        } catch (InvalidKeySpecException e4) {
            throw new PKIException("SecretKeyFactory didn't like the PBEKeySpec", e4);
        }
    }

    public PrivateKey getPrivateKey(char[] cArr) throws PKIException {
        try {
            SafeBag safeBagInData = this.mPFX.getAuthenticatedSafe().getSafeBagInData(Identifiers.pkcs8ShroudedKeyBag);
            if (safeBagInData == null) {
                return null;
            }
            return new EncryptedPrivateKeyInfoWrapper((PKCS8ShroudedKeyBag) safeBagInData.getBagValue().getActual()).getPrivateKey(cArr);
        } catch (DecodeException e) {
            throw new PKIException("Unable to ASN.1 decode a portion of the PFX", e);
        }
    }

    private void addAuthSafeContent(ContentInfo contentInfo) throws PKIException {
        try {
            if (this.mPFX.getAuthSafe().getContentType().getValue() == null) {
                this.mPFX.getAuthSafe().getContentType().copy(com.isnetworks.provider.asn1.pkcs7.Identifiers.data);
                this.mPFX.getAuthSafe().getContent().setActual(new Data("data"));
            } else if (!this.mPFX.getAuthSafe().getContentType().equals(com.isnetworks.provider.asn1.pkcs7.Identifiers.data)) {
                throw new IllegalStateException("Adding more contents to a signed PFX is not currently supported");
            }
            clearMAC();
            AuthenticatedSafe authenticatedSafe = this.mPFX.getAuthenticatedSafe();
            authenticatedSafe.addComponent(contentInfo);
            this.mPFX.getAuthSafe().getContent().getActual().setValue(authenticatedSafe.encode());
        } catch (DecodeException e) {
            throw new PKIException("Unable to ASN.1 decode part of the PFX", e);
        } catch (EncodeException e2) {
            throw new PKIException("Unable to ASN.1 encode the AuthenticatedSafe", e2);
        }
    }

    private void addPrivateKey(PrivateKey privateKey, char[] cArr) throws PKIException {
        EncryptedPrivateKeyInfoWrapper encryptedPrivateKeyInfoWrapper = new EncryptedPrivateKeyInfoWrapper(privateKey, cArr);
        SafeBag safeBag = new SafeBag("safeBag");
        safeBag.getBagId().copy(Identifiers.pkcs8ShroudedKeyBag);
        safeBag.getBagValue().setActual(encryptedPrivateKeyInfoWrapper.getEncryptedPrivateKeyInfo());
        byte[] bArr = new byte[4];
        bArr[0] = 1;
        LocalKeyId localKeyId = new LocalKeyId("localKeyId");
        localKeyId.setValue(bArr);
        safeBag.addAttribute(com.isnetworks.provider.asn1.pkcs9.Identifiers.localKeyId, localKeyId);
        SafeContents safeContents = new SafeContents("safeContents");
        safeContents.addComponent(safeBag);
        ContentInfo contentInfo = new ContentInfo("contentInfo");
        contentInfo.getContentType().copy(com.isnetworks.provider.asn1.pkcs7.Identifiers.data);
        try {
            Data data = new Data("data");
            data.setValue(safeContents.encode());
            contentInfo.getContent().setActual(data);
            addAuthSafeContent(contentInfo);
        } catch (EncodeException e) {
            throw new PKIException("Unable to ASN.1 encode the newly created SafeContents", e);
        }
    }

    private Certificate getCertificateFromSafeBag(SafeBag safeBag) throws PKIException {
        if (safeBag == null) {
            return null;
        }
        try {
            CertBag certBag = (CertBag) safeBag.getBagValue().getActual();
            if (!certBag.getCertId().equals(Identifiers.x509Certificate)) {
                throw new PKIException("Unsupported certificate type");
            }
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream((byte[]) ((OctetString) certBag.getCertValue().getActual()).getValue()));
        } catch (CertificateException e) {
            throw new PKIException("Problem decoding the certificate, possibly a wrong password");
        }
    }

    public Certificate getCertificate() throws PKIException {
        try {
            return getCertificateFromSafeBag(this.mPFX.getAuthenticatedSafe().getSafeBagInData(Identifiers.certBag));
        } catch (DecodeException e) {
            throw new PKIException("Unable to ASN.1 decode the PKCS12 correctly", e);
        }
    }

    public Certificate getCertificate(char[] cArr) throws PKIException {
        try {
            ContentInfo firstEncryptedData = this.mPFX.getAuthenticatedSafe().getFirstEncryptedData();
            if (firstEncryptedData == null) {
                return null;
            }
            byte[] data = new EncryptedDataContentInfo(firstEncryptedData).getData(cArr);
            SafeContents safeContents = new SafeContents("safeContents");
            safeContents.decode(data);
            return getCertificateFromSafeBag(safeContents.getSafeBag(Identifiers.certBag));
        } catch (DecodeException e) {
            throw new PKIException("Unable to ASN.1 decode part of the PFX", e);
        }
    }

    private SafeContents createCertificateSafeContents(Certificate certificate) throws PKIException {
        try {
            OctetString octetString = new OctetString("certOctetString");
            octetString.setValue(certificate.getEncoded());
            CertBag certBag = new CertBag("certBag");
            certBag.getCertId().copy(Identifiers.x509Certificate);
            certBag.getCertValue().setActual(octetString);
            SafeBag safeBag = new SafeBag("safeBag");
            safeBag.getBagId().copy(Identifiers.certBag);
            safeBag.getBagValue().setActual(certBag);
            byte[] bArr = new byte[4];
            bArr[0] = 1;
            LocalKeyId localKeyId = new LocalKeyId("localKeyId");
            localKeyId.setValue(bArr);
            safeBag.addAttribute(com.isnetworks.provider.asn1.pkcs9.Identifiers.localKeyId, localKeyId);
            SafeContents safeContents = new SafeContents("safeContents");
            safeContents.addComponent(safeBag);
            return safeContents;
        } catch (CertificateEncodingException e) {
            throw new PKIException("Unable to encode the certificate", e);
        }
    }

    private void addCertificate(Certificate certificate) throws PKIException {
        try {
            SafeContents createCertificateSafeContents = createCertificateSafeContents(certificate);
            Data data = new Data("data");
            data.setValue(createCertificateSafeContents.encode());
            ContentInfo contentInfo = new ContentInfo("contentInfo");
            contentInfo.getContentType().copy(com.isnetworks.provider.asn1.pkcs7.Identifiers.data);
            contentInfo.getContent().setActual(data);
            addAuthSafeContent(contentInfo);
        } catch (EncodeException e) {
            throw new PKIException("Unable to ASN.1 encode the newly created SafeContents", e);
        }
    }

    private void addCertificate(Certificate certificate, char[] cArr) throws PKIException {
        try {
            SafeContents createCertificateSafeContents = createCertificateSafeContents(certificate);
            EncryptedDataContentInfo encryptedDataContentInfo = new EncryptedDataContentInfo();
            encryptedDataContentInfo.setData(createCertificateSafeContents.encode(), cArr);
            addAuthSafeContent(encryptedDataContentInfo.getContentInfo());
        } catch (EncodeException e) {
            throw new PKIException("Unable to ASN.1 encode the newly created SafeContents", e);
        }
    }

    private void createMAC(char[] cArr) throws PKIException {
        try {
            MacData macData = this.mPFX.getMacData();
            byte[] bArr = new byte[8];
            new SecureRandom().nextBytes(bArr);
            macData.getMacSalt().setValue(bArr);
            macData.getIterations().setValue(AsnInteger.makeValue(1));
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, 1);
            SecretKey generateSecret = SecretKeyFactory.getInstance(DEFAULT_PBE_HMAC_ALGORITHM).generateSecret(new PBEKeySpec(cArr));
            Mac mac = Mac.getInstance(DEFAULT_PBE_HMAC_ALGORITHM);
            mac.init(generateSecret, pBEParameterSpec);
            byte[] doFinal = mac.doFinal((byte[]) this.mPFX.getAuthSafe().getContent().getActual().getValue());
            macData.getMac().getDigestAlgorithm().getAlgorithm().copy(com.isnetworks.provider.asn1.pkcs1.Identifiers.id_SHA1);
            macData.getMac().getDigest().setValue(doFinal);
        } catch (InvalidAlgorithmParameterException e) {
            throw new PKIException("MAC doesn't like the PBEParameterSpec", e);
        } catch (InvalidKeyException e2) {
            throw new PKIException("MAC doesn't like the key from the SecretKeyFactory", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new PKIException("Unable to find algorithm: PBEWithHmacSHA1");
        } catch (InvalidKeySpecException e4) {
            throw new PKIException("SecretKeyFactory doesn't like the PBEKeySpec", e4);
        }
    }

    private void clearMAC() {
        this.mPFX.getMacData().copy(new MacData("macData"));
    }

    public byte[] encode() throws EncodeException {
        return this.mPFX.encode();
    }
}
