package com.xdja.jce.base.keystore.util;

import com.xdja.jce.base.common.JcaJceHelper;
import com.xdja.jce.base.common.XdjaJcaJceHelper;
import com.xdja.jce.base.jcajce.BCLoadStoreParameter;
import com.xdja.jce.base.keystore.XdjaKeyStoreSpi;
import com.xdja.jce.base.util.ArraysUtils;
import com.xdja.jce.base.util.DigestFactory;
import com.xdja.jce.coding.asn1.io.Streams;
import com.xdja.jce.core.util.Arrays;
import com.xdja.jce.core.util.Strings;
import com.xdja.jce.hash.digest.Digest;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.DigestInputStream;
import java.security.DigestOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Locale;
import sun.security.pkcs.EncryptedPrivateKeyInfo;

/* loaded from: input_file:com/xdja/jce/base/keystore/util/JKSKeyStoreSpi.class */
public class JKSKeyStoreSpi extends KeyStoreSpi implements XdjaKeyStoreSpi {
    private static final String NOT_IMPLEMENTED_MESSAGE = "BC JKS store is read-only and only supports certificate entries";
    private final Hashtable<String, Object> entries = new Hashtable<>();
    private final JcaJceHelper helper;
    private static final int MAGIC = -17957139;
    private static final int VERSION_1 = 1;
    private static final int VERSION_2 = 2;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/xdja/jce/base/keystore/util/JKSKeyStoreSpi$BCJKSKeyEntry.class */
    public static class BCJKSKeyEntry {
        Date date;
        byte[] protectedPrivKey;
        Certificate[] chain;

        private BCJKSKeyEntry() {
        }

        private BCJKSKeyEntry(Date date, byte[] bArr, Certificate[] certificateArr) {
            this.date = date;
            this.protectedPrivKey = bArr;
            this.chain = certificateArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/xdja/jce/base/keystore/util/JKSKeyStoreSpi$BCJKSTrustedCertEntry.class */
    public static final class BCJKSTrustedCertEntry {
        Date date;
        Certificate cert;

        public BCJKSTrustedCertEntry() {
        }

        public BCJKSTrustedCertEntry(Date date, Certificate certificate) {
            this.date = date;
            this.cert = certificate;
        }
    }

    /* loaded from: input_file:com/xdja/jce/base/keystore/util/JKSKeyStoreSpi$ErasableByteStream.class */
    private static final class ErasableByteStream extends ByteArrayInputStream {
        public ErasableByteStream(byte[] bArr, int i, int i2) {
            super(bArr, i, i2);
        }

        public void erase() {
            Arrays.fill(this.buf, (byte) 0);
        }
    }

    /* loaded from: input_file:com/xdja/jce/base/keystore/util/JKSKeyStoreSpi$JKS.class */
    public static class JKS extends JKSKeyStoreSpi {
        public JKS() {
            super(new XdjaJcaJceHelper());
        }
    }

    public JKSKeyStoreSpi(JcaJceHelper jcaJceHelper) {
        this.helper = jcaJceHelper;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineProbe(InputStream inputStream) throws IOException {
        DataInputStream dataInputStream = inputStream instanceof DataInputStream ? (DataInputStream) inputStream : new DataInputStream(inputStream);
        int readInt = dataInputStream.readInt();
        int readInt2 = dataInputStream.readInt();
        return readInt == MAGIC && (readInt2 == 1 || readInt2 == 2);
    }

    String convertAlias(String str) {
        return str.toLowerCase(Locale.ENGLISH);
    }

    private byte[] convertToBytes(char[] cArr) {
        byte[] bArr = new byte[cArr.length * 2];
        int i = 0;
        for (int i2 = 0; i2 < cArr.length; i2++) {
            int i3 = i;
            int i4 = i + 1;
            bArr[i3] = (byte) (cArr[i2] >> '\b');
            i = i4 + 1;
            bArr[i4] = (byte) cArr[i2];
        }
        return bArr;
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        Object obj = this.entries.get(convertAlias(str));
        if (obj == null || !(obj instanceof BCJKSKeyEntry)) {
            return null;
        }
        if (cArr == null) {
            throw new UnrecoverableKeyException("Password must not be null");
        }
        byte[] convertToBytes = convertToBytes(cArr);
        try {
            try {
                Key recover = new KeyProtector(convertToBytes).recover(new EncryptedPrivateKeyInfo(((BCJKSKeyEntry) obj).protectedPrivKey));
                Arrays.fill(convertToBytes, (byte) 0);
                return recover;
            } catch (IOException e) {
                throw new UnrecoverableKeyException("Private key not stored as PKCS #8 EncryptedPrivateKeyInfo");
            }
        } catch (Throwable th) {
            Arrays.fill(convertToBytes, (byte) 0);
            throw th;
        }
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        Object obj = this.entries.get(convertAlias(str));
        if (obj == null || !(obj instanceof BCJKSKeyEntry) || ((BCJKSKeyEntry) obj).chain == null) {
            return null;
        }
        return (Certificate[]) ((BCJKSKeyEntry) obj).chain.clone();
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        Object obj = this.entries.get(convertAlias(str));
        if (obj == null) {
            return null;
        }
        if (obj instanceof BCJKSTrustedCertEntry) {
            return ((BCJKSTrustedCertEntry) obj).cert;
        }
        if (((BCJKSKeyEntry) obj).chain == null) {
            return null;
        }
        return ((BCJKSKeyEntry) obj).chain[0];
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public Date engineGetCreationDate(String str) {
        Object obj = this.entries.get(convertAlias(str));
        if (obj != null) {
            return obj instanceof BCJKSTrustedCertEntry ? new Date(((BCJKSTrustedCertEntry) obj).date.getTime()) : new Date(((BCJKSKeyEntry) obj).date.getTime());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        byte[] bArr = null;
        if (!(key instanceof PrivateKey)) {
            throw new KeyStoreException("Cannot store non-PrivateKeys");
        }
        try {
            if (cArr == null) {
                throw new KeyStoreException("password can't be null");
            }
            try {
                synchronized (this.entries) {
                    BCJKSKeyEntry bCJKSKeyEntry = new BCJKSKeyEntry();
                    bCJKSKeyEntry.date = new Date();
                    bArr = convertToBytes(cArr);
                    bCJKSKeyEntry.protectedPrivKey = new KeyProtector(bArr).protect(key);
                    if (certificateArr == null || certificateArr.length == 0) {
                        bCJKSKeyEntry.chain = null;
                    } else {
                        bCJKSKeyEntry.chain = (Certificate[]) certificateArr.clone();
                    }
                    this.entries.put(convertAlias(str), bCJKSKeyEntry);
                }
                if (bArr != null) {
                    Arrays.fill(bArr, (byte) 0);
                }
            } catch (NoSuchAlgorithmException e) {
                throw new KeyStoreException("Key protection algorithm not found");
            }
        } catch (Throwable th) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            throw th;
        }
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        synchronized (this.entries) {
            try {
                new EncryptedPrivateKeyInfo(bArr);
                BCJKSKeyEntry bCJKSKeyEntry = new BCJKSKeyEntry();
                bCJKSKeyEntry.date = new Date();
                bCJKSKeyEntry.protectedPrivKey = (byte[]) bArr.clone();
                if (certificateArr == null || certificateArr.length == 0) {
                    bCJKSKeyEntry.chain = null;
                } else {
                    bCJKSKeyEntry.chain = (Certificate[]) certificateArr.clone();
                }
                this.entries.put(convertAlias(str), bCJKSKeyEntry);
            } catch (IOException e) {
                throw new KeyStoreException("key is not encoded as EncryptedPrivateKeyInfo");
            }
        }
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        synchronized (this.entries) {
            Object obj = this.entries.get(convertAlias(str));
            if (obj != null && (obj instanceof BCJKSKeyEntry)) {
                throw new KeyStoreException("Cannot overwrite own certificate");
            }
            BCJKSTrustedCertEntry bCJKSTrustedCertEntry = new BCJKSTrustedCertEntry();
            bCJKSTrustedCertEntry.cert = certificate;
            bCJKSTrustedCertEntry.date = new Date();
            this.entries.put(convertAlias(str), bCJKSTrustedCertEntry);
        }
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        synchronized (this.entries) {
            this.entries.remove(convertAlias(str));
        }
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public Enumeration<String> engineAliases() {
        return this.entries.keys();
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return this.entries.containsKey(convertAlias(str));
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        Object obj = this.entries.get(convertAlias(str));
        return obj != null && (obj instanceof BCJKSKeyEntry);
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        Object obj = this.entries.get(convertAlias(str));
        return obj != null && (obj instanceof BCJKSTrustedCertEntry);
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        Certificate certificate2;
        Enumeration<String> keys = this.entries.keys();
        while (keys.hasMoreElements()) {
            String nextElement = keys.nextElement();
            Object obj = this.entries.get(nextElement);
            if (obj instanceof BCJKSTrustedCertEntry) {
                certificate2 = ((BCJKSTrustedCertEntry) obj).cert;
            } else if (((BCJKSKeyEntry) obj).chain != null) {
                certificate2 = ((BCJKSKeyEntry) obj).chain[0];
            } else {
                continue;
            }
            if (certificate2.equals(certificate)) {
                return nextElement;
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        synchronized (this.entries) {
            if (cArr == null) {
                throw new IllegalArgumentException("password can't be null");
            }
            MessageDigest preKeyedHash = getPreKeyedHash(cArr);
            DataOutputStream dataOutputStream = new DataOutputStream(new DigestOutputStream(outputStream, preKeyedHash));
            dataOutputStream.writeInt(MAGIC);
            dataOutputStream.writeInt(2);
            dataOutputStream.writeInt(this.entries.size());
            Enumeration<String> keys = this.entries.keys();
            while (keys.hasMoreElements()) {
                String nextElement = keys.nextElement();
                Object obj = this.entries.get(nextElement);
                if (obj instanceof BCJKSKeyEntry) {
                    dataOutputStream.writeInt(1);
                    dataOutputStream.writeUTF(nextElement);
                    dataOutputStream.writeLong(((BCJKSKeyEntry) obj).date.getTime());
                    dataOutputStream.writeInt(((BCJKSKeyEntry) obj).protectedPrivKey.length);
                    dataOutputStream.write(((BCJKSKeyEntry) obj).protectedPrivKey);
                    int length = ((BCJKSKeyEntry) obj).chain == null ? 0 : ((BCJKSKeyEntry) obj).chain.length;
                    dataOutputStream.writeInt(length);
                    for (int i = 0; i < length; i++) {
                        byte[] encoded = ((BCJKSKeyEntry) obj).chain[i].getEncoded();
                        dataOutputStream.writeUTF(((BCJKSKeyEntry) obj).chain[i].getType());
                        dataOutputStream.writeInt(encoded.length);
                        dataOutputStream.write(encoded);
                    }
                } else {
                    dataOutputStream.writeInt(2);
                    dataOutputStream.writeUTF(nextElement);
                    dataOutputStream.writeLong(((BCJKSTrustedCertEntry) obj).date.getTime());
                    byte[] encoded2 = ((BCJKSTrustedCertEntry) obj).cert.getEncoded();
                    dataOutputStream.writeUTF(((BCJKSTrustedCertEntry) obj).cert.getType());
                    dataOutputStream.writeInt(encoded2.length);
                    dataOutputStream.write(encoded2);
                }
            }
            dataOutputStream.write(preKeyedHash.digest());
            dataOutputStream.flush();
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (loadStoreParameter == null) {
            engineLoad(null, null);
        } else {
            if (!(loadStoreParameter instanceof BCLoadStoreParameter)) {
                throw new IllegalArgumentException("no support for 'param' of type " + loadStoreParameter.getClass().getName());
            }
            engineLoad(((BCLoadStoreParameter) loadStoreParameter).getInputStream(), ParameterUtil.extractPassword(loadStoreParameter));
        }
    }

    @Override // java.security.KeyStoreSpi, com.xdja.jce.base.keystore.XdjaKeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        DataInputStream dataInputStream;
        synchronized (this.entries) {
            MessageDigest messageDigest = null;
            CertificateFactory certificateFactory = null;
            Hashtable hashtable = null;
            int i = 0;
            int i2 = 0;
            if (inputStream == null) {
                return;
            }
            if (cArr != null) {
                messageDigest = getPreKeyedHash(cArr);
                dataInputStream = new DataInputStream(new DigestInputStream(inputStream, messageDigest));
            } else {
                dataInputStream = new DataInputStream(inputStream);
            }
            int readInt = dataInputStream.readInt();
            int readInt2 = dataInputStream.readInt();
            if (readInt != MAGIC || (readInt2 != 1 && readInt2 != 2)) {
                throw new IOException("Invalid keystore format");
            }
            if (readInt2 == 1) {
                try {
                    certificateFactory = this.helper.createCertificateFactory("X509");
                } catch (NoSuchProviderException e) {
                    throw new IOException(e.toString());
                }
            } else {
                hashtable = new Hashtable(3);
            }
            this.entries.clear();
            int readInt3 = dataInputStream.readInt();
            for (int i3 = 0; i3 < readInt3; i3++) {
                int readInt4 = dataInputStream.readInt();
                if (readInt4 == 1) {
                    i2++;
                    BCJKSKeyEntry bCJKSKeyEntry = new BCJKSKeyEntry();
                    String readUTF = dataInputStream.readUTF();
                    bCJKSKeyEntry.date = new Date(dataInputStream.readLong());
                    bCJKSKeyEntry.protectedPrivKey = ArraysUtils.readFully(dataInputStream, dataInputStream.readInt(), true);
                    int readInt5 = dataInputStream.readInt();
                    if (readInt5 > 0) {
                        ArrayList arrayList = new ArrayList(readInt5 > 10 ? 10 : readInt5);
                        for (int i4 = 0; i4 < readInt5; i4++) {
                            if (readInt2 == 2) {
                                String readUTF2 = dataInputStream.readUTF();
                                if (hashtable.containsKey(readUTF2)) {
                                    certificateFactory = (CertificateFactory) hashtable.get(readUTF2);
                                } else {
                                    try {
                                        certificateFactory = this.helper.createCertificateFactory(readUTF2);
                                        hashtable.put(readUTF2, certificateFactory);
                                    } catch (NoSuchProviderException e2) {
                                        throw new IOException(e2.toString());
                                    }
                                }
                            }
                            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(ArraysUtils.readFully(dataInputStream, dataInputStream.readInt(), true));
                            arrayList.add(certificateFactory.generateCertificate(byteArrayInputStream));
                            byteArrayInputStream.close();
                        }
                        bCJKSKeyEntry.chain = (Certificate[]) arrayList.toArray(new Certificate[readInt5]);
                    }
                    this.entries.put(readUTF, bCJKSKeyEntry);
                } else {
                    if (readInt4 != 2) {
                        throw new IOException("Unrecognized keystore entry: " + readInt4);
                    }
                    i++;
                    BCJKSTrustedCertEntry bCJKSTrustedCertEntry = new BCJKSTrustedCertEntry();
                    String readUTF3 = dataInputStream.readUTF();
                    bCJKSTrustedCertEntry.date = new Date(dataInputStream.readLong());
                    if (readInt2 == 2) {
                        String readUTF4 = dataInputStream.readUTF();
                        if (hashtable.containsKey(readUTF4)) {
                            certificateFactory = (CertificateFactory) hashtable.get(readUTF4);
                        } else {
                            try {
                                certificateFactory = this.helper.createCertificateFactory(readUTF4);
                                hashtable.put(readUTF4, certificateFactory);
                            } catch (NoSuchProviderException e3) {
                                throw new IOException(e3.toString());
                            }
                        }
                    }
                    ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(ArraysUtils.readFully(dataInputStream, dataInputStream.readInt(), true));
                    bCJKSTrustedCertEntry.cert = certificateFactory.generateCertificate(byteArrayInputStream2);
                    byteArrayInputStream2.close();
                    this.entries.put(readUTF3, bCJKSTrustedCertEntry);
                }
            }
            if (cArr != null) {
                byte[] digest = messageDigest.digest();
                if (!MessageDigest.isEqual(digest, ArraysUtils.readFully(dataInputStream, digest.length, true))) {
                    throw new IOException("Keystore was tampered with, or password was incorrect", new UnrecoverableKeyException("Password verification failed"));
                }
            }
        }
    }

    private MessageDigest getPreKeyedHash(char[] cArr) throws IOException, NoSuchAlgorithmException {
        try {
            MessageDigest createMessageDigest = this.helper.createMessageDigest("SHA");
            byte[] convertToBytes = convertToBytes(cArr);
            createMessageDigest.update(convertToBytes);
            Arrays.fill(convertToBytes, (byte) 0);
            createMessageDigest.update("Mighty Aphrodite".getBytes(StandardCharsets.UTF_8));
            return createMessageDigest;
        } catch (NoSuchProviderException e) {
            throw new IOException(e.toString());
        }
    }

    private CertificateFactory createCertFactory(String str) throws IOException, CertificateException {
        if (this.helper == null) {
            return CertificateFactory.getInstance(str);
        }
        try {
            return this.helper.createCertificateFactory(str);
        } catch (NoSuchProviderException e) {
            throw new IOException(e.toString());
        }
    }

    private void addPassword(Digest digest, char[] cArr) throws IOException {
        for (int i = 0; i < cArr.length; i++) {
            digest.update((byte) (cArr[i] >> '\b'));
            digest.update((byte) cArr[i]);
        }
        digest.update(Strings.toByteArray("Mighty Aphrodite"), 0, 16);
    }

    private ErasableByteStream validateStream(InputStream inputStream, char[] cArr) throws IOException {
        Digest digest = DigestFactory.getDigest("SHA-1");
        byte[] readAll = Streams.readAll(inputStream);
        if (cArr == null) {
            return new ErasableByteStream(readAll, 0, readAll.length - digest.getDigestSize());
        }
        addPassword(digest, cArr);
        digest.update(readAll, 0, readAll.length - digest.getDigestSize());
        byte[] bArr = new byte[digest.getDigestSize()];
        digest.doFinal(bArr, 0);
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(readAll, readAll.length - bArr.length, bArr2, 0, bArr.length);
        if (Arrays.constantTimeAreEqual(bArr, bArr2)) {
            return new ErasableByteStream(readAll, 0, readAll.length - bArr.length);
        }
        Arrays.fill(readAll, (byte) 0);
        throw new IOException("password incorrect or store tampered with");
    }
}
