package signgate.provider.ec.codec.pkcs12;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import signgate.javax.crypto.Mac;
import signgate.javax.crypto.SecretKey;
import signgate.javax.crypto.SecretKeyFactory;
import signgate.javax.crypto.spec.PBEKeySpec;
import signgate.javax.crypto.spec.PBEParameterSpec;
import signgate.provider.ec.codec.asn1.ASN1Exception;
import signgate.provider.ec.codec.asn1.ASN1Integer;
import signgate.provider.ec.codec.asn1.ASN1Null;
import signgate.provider.ec.codec.asn1.ASN1ObjectIdentifier;
import signgate.provider.ec.codec.asn1.ASN1Sequence;
import signgate.provider.ec.codec.asn1.ASN1Type;
import signgate.provider.ec.codec.asn1.BERDecoder;
import signgate.provider.ec.codec.asn1.DEREncoder;
import signgate.provider.ec.codec.asn1.Decoder;
import signgate.provider.ec.codec.pkcs1.DigestInfo;
import signgate.provider.ec.codec.pkcs7.ContentInfo;
import signgate.provider.ec.codec.pkcs7.Data;
import signgate.provider.ec.codec.pkcs7.SignedData;
import signgate.provider.ec.codec.pkcs7.Signer;
import signgate.provider.ec.codec.pkcs7.SignerInfo;
import signgate.provider.ec.codec.pkcs7.Verifier;
import signgate.provider.ec.codec.x501.BadNameException;
import signgate.provider.ec.codec.x509.AlgorithmIdentifier;

/* loaded from: input_file:signgate/provider/ec/codec/pkcs12/PFX.class */
public class PFX extends ASN1Sequence implements Serializable {
    protected static ASN1Integer version_;
    protected ContentInfo authSafe_;
    protected MacData macData_;
    private AuthenticatedSafe authentSafe_;
    private int[] SHA_OID = {1, 3, 14, 3, 2, 26};
    public static final int INTEGRITY_MODE_NONE = 0;
    public static final int INTEGRITY_MODE_PASSWORD = 1;
    public static final int INTEGRITY_MODE_PUBLIC_KEY = 2;
    protected int INTEGRITY_MODE_;

    public PFX() {
        version_ = new ASN1Integer();
        add(version_);
        this.authSafe_ = new ContentInfo();
        add(this.authSafe_);
        this.macData_ = new MacData();
        this.macData_.setOptional(true);
        add(this.macData_);
    }

    public PFX(AuthenticatedSafe authenticatedSafe) throws ASN1Exception {
        version_ = new ASN1Integer(3);
        add(version_);
        setAuthenticatedSafe(authenticatedSafe);
        this.INTEGRITY_MODE_ = 0;
    }

    public PFX(AuthenticatedSafe authenticatedSafe, char[] cArr) throws ASN1Exception, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, InvalidAlgorithmParameterException {
        version_ = new ASN1Integer(3);
        add(version_);
        setAuthenticatedSafe(authenticatedSafe);
        addMacData(cArr);
        this.INTEGRITY_MODE_ = 1;
    }

    public PFX(AuthenticatedSafe authenticatedSafe, PrivateKey privateKey, X509Certificate x509Certificate, String str, AlgorithmParameters algorithmParameters) throws SignatureException, GeneralSecurityException, ASN1Exception {
        version_ = new ASN1Integer(3);
        add(version_);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            authenticatedSafe.encode(new DEREncoder(byteArrayOutputStream));
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.close();
            SignedData signedData = new SignedData();
            signedData.setData(byteArray);
            Signer signer = new Signer(signedData, new SignerInfo(x509Certificate, str, algorithmParameters), privateKey);
            signer.update();
            signer.sign();
            this.authSafe_ = new ContentInfo(signedData);
            add(this.authSafe_);
            this.INTEGRITY_MODE_ = 2;
        } catch (IOException e) {
            System.out.println("Internal Error. Shouldn't occur:");
            e.printStackTrace();
            throw new GeneralSecurityException(new StringBuffer().append("Caught IOException: ").append(e.getMessage()).toString());
        } catch (BadNameException e2) {
            System.out.println("Internal Error. Shouldn't occur:");
            e2.printStackTrace();
            throw new GeneralSecurityException(new StringBuffer().append("Caught BadNameException: ").append(e2.getMessage()).toString());
        }
    }

    public PFX(PrivateKey privateKey, X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, char[] cArr, String str, byte[] bArr) throws GeneralSecurityException, CertificateEncodingException, ASN1Exception {
        try {
            SafeContents safeContents = new SafeContents(new CertBag(x509Certificate), str, bArr);
            if (x509CertificateArr != null) {
                for (X509Certificate x509Certificate2 : x509CertificateArr) {
                    safeContents.addSafeBag(new CertBag(x509Certificate2));
                }
            }
            PKCS8ShroudedKeyBag pKCS8ShroudedKeyBag = new PKCS8ShroudedKeyBag();
            pKCS8ShroudedKeyBag.setPrivateKey(privateKey, cArr, "PbeWithSHAAnd3_KeyTripleDES_CBC");
            AuthenticatedSafe authenticatedSafe = new AuthenticatedSafe(new SafeContents(pKCS8ShroudedKeyBag, str, bArr));
            authenticatedSafe.addSafeContents(safeContents, cArr, "PbeWithSHAAnd40BitRC2_CBC");
            version_ = new ASN1Integer(3);
            add(version_);
            setAuthenticatedSafe(authenticatedSafe);
            addMacData(cArr);
        } catch (IOException e) {
            System.out.println("Internal Error. Shouldn't occur:");
            e.printStackTrace();
            throw new GeneralSecurityException(new StringBuffer().append("Caught IOException: ").append(e.getMessage()).toString());
        }
    }

    private void setAuthenticatedSafe(AuthenticatedSafe authenticatedSafe) throws ASN1Exception {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DEREncoder dEREncoder = new DEREncoder(byteArrayOutputStream);
            this.authentSafe_ = authenticatedSafe;
            this.authentSafe_.encode(dEREncoder);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.close();
            this.authSafe_ = new ContentInfo(new Data(byteArray));
            add(this.authSafe_);
        } catch (IOException e) {
            System.out.println("Internal Error. Should not occur:");
            e.printStackTrace();
        }
    }

    private void addMacData(char[] cArr) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, InvalidAlgorithmParameterException, ASN1Exception {
        try {
            byte[] bArr = new byte[64];
            new SecureRandom().nextBytes(bArr);
            SecretKey generateSecret = SecretKeyFactory.getInstance("PbeWithSHAAnd3_KeyTripleDES_CBC").generateSecret(new PBEKeySpec(cArr));
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, 1024);
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(generateSecret, pBEParameterSpec);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            this.authentSafe_.encode(new DEREncoder(byteArrayOutputStream));
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.close();
            this.macData_ = new MacData(new DigestInfo(new AlgorithmIdentifier(new ASN1ObjectIdentifier(this.SHA_OID), new ASN1Null()), mac.doFinal(byteArray)), bArr, 1024);
            add(this.macData_);
            this.INTEGRITY_MODE_ = 1;
        } catch (IOException e) {
            System.out.println("Internal Error. Should not occur:");
            e.printStackTrace();
        }
    }

    public boolean checkIntegrity(char[] cArr) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, InvalidKeySpecException {
        if (this.INTEGRITY_MODE_ != 1) {
            throw new IllegalStateException("bad integrity mode (not password integrity)!");
        }
        byte[] digest = this.macData_.getMacData().getDigest();
        SecretKey generateSecret = SecretKeyFactory.getInstance("PbeWithSHAAnd3_KeyTripleDES_CBC").generateSecret(new PBEKeySpec(cArr));
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(generateSecret, new PBEParameterSpec(this.macData_.getSalt(), this.macData_.getIterationCount()));
        byte[] doFinal = mac.doFinal(((Data) this.authSafe_.getContent()).getByteArray());
        boolean z = true;
        for (int i = 0; i < doFinal.length; i++) {
            z = doFinal[i] == digest[i] && z;
        }
        return z;
    }

    public X509Certificate checkIntegrity(X509Certificate x509Certificate) throws GeneralSecurityException {
        if (this.INTEGRITY_MODE_ != 2) {
            throw new IllegalStateException("bad integrity mode (not password integrity)!");
        }
        Verifier verifier = new Verifier((SignedData) this.authSafe_.getContent(), null, x509Certificate);
        verifier.update();
        return verifier.verify();
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1AbstractCollection, signgate.provider.ec.codec.asn1.ASN1Type
    public void decode(Decoder decoder) throws ASN1Exception, IOException {
        super.decode(decoder);
        if (this.macData_ != null) {
            this.INTEGRITY_MODE_ = 1;
        } else if (this.authSafe_.getContent() instanceof SignedData) {
            this.INTEGRITY_MODE_ = 2;
        } else {
            this.INTEGRITY_MODE_ = 0;
        }
    }

    public AuthenticatedSafe getAuthSafe() throws ASN1Exception, IllegalStateException {
        byte[] byteArray;
        if (this.authSafe_.getContent() instanceof Data) {
            byteArray = ((Data) this.authSafe_.getContent()).getByteArray();
        } else {
            if (!(this.authSafe_.getContent() instanceof SignedData)) {
                throw new IllegalStateException("The contents of the PFX is not a valid type.");
            }
            ASN1Type content = ((SignedData) this.authSafe_.getContent()).getContent();
            if (!(content instanceof Data)) {
                throw new IllegalStateException("unable to extract authSafe encoded data!");
            }
            byteArray = ((Data) content).getByteArray();
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArray);
        this.authentSafe_ = new AuthenticatedSafe();
        try {
            this.authentSafe_.decode(new BERDecoder(byteArrayInputStream));
            byteArrayInputStream.close();
        } catch (IOException e) {
            System.out.println("Internal Error. Should not occur:");
            e.printStackTrace();
        }
        return this.authentSafe_;
    }

    public int getIntegrityMode() {
        return this.INTEGRITY_MODE_;
    }

    public ASN1Integer getVersion() {
        return version_;
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1AbstractCollection, java.util.AbstractCollection
    public String toString() {
        String stringBuffer = new StringBuffer().append("PFX {\n").append(" Version: ").append(version_.getBigInteger().toString()).append("\n").toString();
        try {
            stringBuffer = new StringBuffer().append(stringBuffer).append(" ").append(getAuthSafe().toString()).append("\n").toString();
        } catch (Exception e) {
            stringBuffer = new StringBuffer().append(stringBuffer).append(" <AuthenticatedSafe not printable. Caught ").append(e.getClass().getName()).append(">\n").toString();
        }
        if (this.macData_ == null) {
            stringBuffer = new StringBuffer().append(stringBuffer).append(" No MacData\n").toString();
        } else {
            try {
                stringBuffer = new StringBuffer().append(stringBuffer).append(" MacData: ").append(this.macData_.toString()).append("\n").toString();
            } catch (Exception e2) {
                stringBuffer = new StringBuffer().append(stringBuffer).append(" <MacData not printable. Caught ").append(e2.getClass().getName()).append(">\n").toString();
            }
        }
        if (this.INTEGRITY_MODE_ == 0) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("NO INTEGRITY PROTECTION\n").toString();
        } else if (this.INTEGRITY_MODE_ == 1) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("Integrity is guaranteed by password integrity mode\n").toString();
        } else if (this.INTEGRITY_MODE_ == 2) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("Integrity is guaranteed by public-key integrity mode\n").toString();
        }
        return new StringBuffer().append(stringBuffer).append("}").toString();
    }
}
