package cn.com.jit.android.ida.util.pki.pkcs;

import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.ASN1InputStream;
import cn.com.jit.ida.util.pki.asn1.ASN1OctetString;
import cn.com.jit.ida.util.pki.asn1.ASN1Sequence;
import cn.com.jit.ida.util.pki.asn1.DEREncodable;
import cn.com.jit.ida.util.pki.asn1.DEREncodableVector;
import cn.com.jit.ida.util.pki.asn1.DERInteger;
import cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1.DEROctetString;
import cn.com.jit.ida.util.pki.asn1.DEROutputStream;
import cn.com.jit.ida.util.pki.asn1.DERSequence;
import cn.com.jit.ida.util.pki.asn1.DERSet;
import cn.com.jit.ida.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1.pkcs.RSAPrivateKeyStructure;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs12.AuthenticatedSafe;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs12.CertBag;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs12.MacData;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs12.PKCS12PBEParams;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs12.Pfx;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs12.SafeBag;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs12.SafeContents;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs7.ContentInfo;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs7.EncryptedContentInfo;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs7.EncryptedData;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs8.PrivateKeyInfo;
import cn.com.jit.ida.util.pki.asn1.x509.AlgorithmIdentifier;
import cn.com.jit.ida.util.pki.asn1.x509.Attribute;
import cn.com.jit.ida.util.pki.asn1.x509.DigestInfo;
import cn.com.jit.ida.util.pki.asn1.x509.X509CertificateStructure;
import cn.com.jit.ida.util.pki.cert.X509Cert;
import cn.com.jit.ida.util.pki.cipher.JCrypto;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.cipher.param.CBCParam;
import cn.com.jit.ida.util.pki.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.security.SecureRandom;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Vector;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.spec.PBEParameterSpec;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.crypto.digests.MD2Digest;
import org.bouncycastle.crypto.digests.MD5Digest;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.engines.RC2Engine;
import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.modes.PaddedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.ocsp.CertificateID;
import org.jetbrains.anko.DimensionsKt;

/* loaded from: classes.dex */
public class PKCS12 {
    private static final int ITERATIONS = 2000;
    private CertBag[] certBags;
    private ContentInfo certContent;
    private boolean decrypted;
    private boolean isSM2;
    private ContentInfo keyContent;
    private byte[] password;
    private Pfx pfx;
    private JKey privateKey;
    private DEREncodable privateKeyInfo;
    private Session session;

    public PKCS12() {
        this.decrypted = false;
        this.session = null;
        this.isSM2 = false;
        this.privateKey = null;
        JCrypto jCrypto = JCrypto.getInstance();
        try {
            jCrypto.initialize(JCrypto.JSOFT_LIB, null);
            this.session = jCrypto.openSession(JCrypto.JSOFT_LIB);
        } catch (Exception e) {
            e.printStackTrace();
        }
        this.pfx = null;
        this.certBags = null;
        this.privateKeyInfo = null;
        this.keyContent = null;
        this.certContent = null;
        this.password = null;
        this.decrypted = false;
        this.isSM2 = false;
        this.privateKey = null;
    }

    private EncryptedData encryptedCertContents(DEREncodable dEREncodable) throws Exception {
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
        pKCS12ParametersGenerator.init(this.password, bArr, ITERATIONS);
        DEROctetString dEROctetString = new DEROctetString(rc2doCipher(true, pKCS12ParametersGenerator.generateDerivedParameters(40, 64), Parser.writeDERObj2Bytes(dEREncodable.getDERObject())));
        DEREncodableVector dEREncodableVector = new DEREncodableVector();
        DEROctetString dEROctetString2 = new DEROctetString(bArr);
        DERInteger dERInteger = new DERInteger(ITERATIONS);
        dEREncodableVector.add(dEROctetString2);
        dEREncodableVector.add(dERInteger);
        return new EncryptedData(new DERInteger(0), new EncryptedContentInfo(PKCSObjectIdentifiers.data, new AlgorithmIdentifier(PKCSObjectIdentifiers.pbeWithSHAAnd40RC2CBC, new DERSequence(dEREncodableVector)), dEROctetString));
    }

    private EncryptedPrivateKeyInfo generateEPKI(JKey jKey) throws Exception {
        byte[] key = jKey.getKey();
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
        pKCS12ParametersGenerator.init(this.password, bArr, ITERATIONS);
        ParametersWithIV parametersWithIV = (ParametersWithIV) pKCS12ParametersGenerator.generateDerivedParameters(192, 64);
        byte[] iv = parametersWithIV.getIV();
        JKey jKey2 = new JKey("DESede", ((KeyParameter) parametersWithIV.getParameters()).getKey());
        CBCParam cBCParam = new CBCParam();
        cBCParam.setIv(iv);
        DEROctetString dEROctetString = new DEROctetString(this.session.encrypt(new Mechanism(Mechanism.DES3_CBC, cBCParam), jKey2, key));
        DEREncodableVector dEREncodableVector = new DEREncodableVector();
        DEROctetString dEROctetString2 = new DEROctetString(bArr);
        DERInteger dERInteger = new DERInteger(ITERATIONS);
        dEREncodableVector.add(dEROctetString2);
        dEREncodableVector.add(dERInteger);
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.pbeWithSHAAnd3DESCBC, new DERSequence(dEREncodableVector));
        DEREncodableVector dEREncodableVector2 = new DEREncodableVector();
        dEREncodableVector2.add(algorithmIdentifier);
        dEREncodableVector2.add(dEROctetString);
        return new EncryptedPrivateKeyInfo(Parser.writeDERObj2Bytes(new DERSequence(dEREncodableVector2)));
    }

    private MacData generateMacData(ContentInfo contentInfo) throws Exception {
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
        pKCS12ParametersGenerator.init(this.password, bArr, ITERATIONS);
        CipherParameters generateDerivedMacParameters = pKCS12ParametersGenerator.generateDerivedMacParameters(DimensionsKt.MDPI);
        byte[] octets = ASN1OctetString.getInstance(contentInfo.getContent()).getOctets();
        HMac hMac = new HMac(new SHA1Digest());
        hMac.init(generateDerivedMacParameters);
        hMac.update(octets, 0, octets.length);
        byte[] bArr2 = new byte[hMac.getMacSize()];
        hMac.doFinal(bArr2, 0);
        return new MacData(new DigestInfo(new AlgorithmIdentifier(new DERObjectIdentifier(CertificateID.HASH_SHA1)), bArr2), bArr, ITERATIONS);
    }

    private DEREncodable generateRSAPriKeyInfo(CipherParameters cipherParameters) {
        RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters = (RSAPrivateCrtKeyParameters) cipherParameters;
        return new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, null), new RSAPrivateKeyStructure(rSAPrivateCrtKeyParameters.getModulus(), rSAPrivateCrtKeyParameters.getPublicExponent(), rSAPrivateCrtKeyParameters.getExponent(), rSAPrivateCrtKeyParameters.getP(), rSAPrivateCrtKeyParameters.getQ(), rSAPrivateCrtKeyParameters.getDP(), rSAPrivateCrtKeyParameters.getDQ(), rSAPrivateCrtKeyParameters.getQInv()).getDERObject());
    }

    private void handleCertContent(ContentInfo contentInfo) throws Exception {
        EncryptedContentInfo encryptedContentInfo = EncryptedData.getInstance(contentInfo.getContent()).getEncryptedContentInfo();
        PKCS12PBEParams pKCS12PBEParams = PKCS12PBEParams.getInstance(encryptedContentInfo.getContentEncryptionAlgorithm().getParameters());
        byte[] iv = pKCS12PBEParams.getIV();
        int intValue = pKCS12PBEParams.getIterations().intValue();
        PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
        pKCS12ParametersGenerator.init(this.password, iv, intValue);
        SafeBag[] safeBag = SafeContents.getInstance((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(pbeDecrypt(encryptedContentInfo.getContentEncryptionAlgorithm().getObjectId().getId(), pKCS12ParametersGenerator, encryptedContentInfo.getEncryptedContent().getOctets()))).readObject()).getSafeBag();
        Vector vector = new Vector();
        for (int i = 0; i < safeBag.length; i++) {
            if (safeBag[i].getBagId().equals(PKCSObjectIdentifiers.certBag)) {
                CertBag certBag = CertBag.getInstance(safeBag[i].getBagValue());
                safeBag[i].getBagAttributes();
                if (!this.isSM2 && certBag.getCertId().equals(PKCSObjectIdentifiers.x509certType) && new X509Cert(X509CertificateStructure.getInstance(oct2Seq(ASN1OctetString.getInstance(certBag.getCertValue())))).getPublicKey().getKeyType().equals("SM2_Public")) {
                    this.isSM2 = true;
                }
                vector.add(certBag);
            }
        }
        CertBag[] certBagArr = new CertBag[vector.size()];
        this.certBags = certBagArr;
        vector.toArray(certBagArr);
    }

    private void handleKeyContent(ContentInfo contentInfo) throws Exception {
        SafeBag safeBag = SafeContents.getInstance(oct2Seq(ASN1OctetString.getInstance(contentInfo.getContent()))).getSafeBag()[0];
        if (safeBag.getBagId().equals(PKCSObjectIdentifiers.keyBag)) {
            this.privateKeyInfo = new PrivateKeyInfo((ASN1Sequence) safeBag.getBagValue());
            return;
        }
        if (!safeBag.getBagId().equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag)) {
            throw new Exception("handle keyBag error. bagId = " + safeBag.getBagId().getId());
        }
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(Parser.writeDERObj2Bytes(safeBag.getBagValue()));
        PBEParameterSpec pBEParameterSpec = (PBEParameterSpec) encryptedPrivateKeyInfo.getAlgParameters().getParameterSpec(PBEParameterSpec.class);
        byte[] salt = pBEParameterSpec.getSalt();
        int iterationCount = pBEParameterSpec.getIterationCount();
        PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
        pKCS12ParametersGenerator.init(this.password, salt, iterationCount);
        byte[] pbeDecrypt = pbeDecrypt(encryptedPrivateKeyInfo.getAlgParameters().getAlgorithm(), pKCS12ParametersGenerator, encryptedPrivateKeyInfo.getEncryptedData());
        if (this.isSM2) {
            this.privateKey = new JKey(JKey.SM2_PRV_KEY, pbeDecrypt);
        } else {
            this.privateKeyInfo = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(pbeDecrypt)).readObject();
            Attribute.getInstance(safeBag.getBagAttributes().getObjectAt(0));
        }
    }

    public static void main(String[] strArr) {
        try {
            JCrypto.getInstance().initialize(JCrypto.JSOFT_LIB, null);
            PKCS12 pkcs12 = new PKCS12();
            pkcs12.load(new FileInputStream("d:/user.pfx"));
            pkcs12.decrypt("".toCharArray());
            JKey privateKey = pkcs12.getPrivateKey();
            X509Cert[] certs = pkcs12.getCerts();
            System.out.println(certs.length);
            pkcs12.generatePfxFile(privateKey, certs, "2222".toCharArray(), "c:/complex.pfx");
        } catch (Exception e) {
            System.out.println(e.toString());
        }
    }

    private ASN1Sequence oct2Seq(ASN1OctetString aSN1OctetString) throws Exception {
        return (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(aSN1OctetString.getOctets())).readObject();
    }

    private byte[] pbeDecrypt(String str, PKCS12ParametersGenerator pKCS12ParametersGenerator, byte[] bArr) throws Exception {
        if (str.equals("pbeWithSHAAnd3-KeyTripleDES-CBC") || str.equals(PKCSObjectIdentifiers.pbeWithSHAAnd3DESCBC.getId())) {
            ParametersWithIV parametersWithIV = (ParametersWithIV) pKCS12ParametersGenerator.generateDerivedParameters(192, 64);
            byte[] iv = parametersWithIV.getIV();
            JKey jKey = new JKey("DESede", ((KeyParameter) parametersWithIV.getParameters()).getKey());
            CBCParam cBCParam = new CBCParam();
            cBCParam.setIv(iv);
            return this.session.decrypt(new Mechanism(Mechanism.DES3_CBC, cBCParam), jKey, bArr);
        }
        if (str.equals("pbeWithSHAAnd2-KeyTripleDES-CBC") || str.equals(PKCSObjectIdentifiers.pbeWithSHAAnd2DESCBC.getId())) {
            ParametersWithIV parametersWithIV2 = (ParametersWithIV) pKCS12ParametersGenerator.generateDerivedParameters(128, 64);
            byte[] iv2 = parametersWithIV2.getIV();
            JKey jKey2 = new JKey("DESede", ((KeyParameter) parametersWithIV2.getParameters()).getKey());
            CBCParam cBCParam2 = new CBCParam();
            cBCParam2.setIv(iv2);
            return this.session.decrypt(new Mechanism(Mechanism.DES3_CBC, cBCParam2), jKey2, bArr);
        }
        if (str.equals("pbeWithSHAAnd128BitRC2-CBC") || str.equals(PKCSObjectIdentifiers.pbeWithSHAAnd128RC2CBC.getId())) {
            return rc2doCipher(false, pKCS12ParametersGenerator.generateDerivedParameters(128, 64), bArr);
        }
        if (str.equals("pbeWithSHAAnd40BitRC2-CBC") || str.equals(PKCSObjectIdentifiers.pbeWithSHAAnd40RC2CBC.getId())) {
            return rc2doCipher(false, pKCS12ParametersGenerator.generateDerivedParameters(40, 64), bArr);
        }
        throw new Exception("not support pkcs12pbe algorithm: " + str);
    }

    private byte[] rc2doCipher(boolean z, CipherParameters cipherParameters, byte[] bArr) throws Exception {
        PaddedBlockCipher paddedBlockCipher = new PaddedBlockCipher(new CBCBlockCipher(new RC2Engine()));
        paddedBlockCipher.init(z, cipherParameters);
        int outputSize = paddedBlockCipher.getOutputSize(bArr.length);
        byte[] bArr2 = new byte[outputSize];
        int processBytes = paddedBlockCipher.processBytes(bArr, 0, bArr.length, bArr2, 0);
        int doFinal = processBytes < outputSize ? paddedBlockCipher.doFinal(bArr2, processBytes) : -1;
        if (z) {
            return bArr2;
        }
        int blockSize = (outputSize - paddedBlockCipher.getBlockSize()) + doFinal;
        byte[] bArr3 = new byte[blockSize];
        System.arraycopy(bArr2, 0, bArr3, 0, blockSize);
        return bArr3;
    }

    private boolean verifyMac() throws Exception {
        PKCS12ParametersGenerator pKCS12ParametersGenerator;
        Mechanism mechanism;
        MacData macData = this.pfx.getMacData();
        DigestInfo mac = macData.getMac();
        String id = mac.getAlgorithmId().getObjectId().getId();
        int i = 128;
        if (id.equals(CertificateID.HASH_SHA1)) {
            pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
            i = DimensionsKt.MDPI;
            mechanism = new Mechanism(Mechanism.HMAC_SHA1);
        } else if (id.equals("1.2.840.113549.2.2")) {
            pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new MD2Digest());
            mechanism = new Mechanism(Mechanism.HMAC_MD2);
        } else {
            if (!id.equals("1.2.840.113549.2.5")) {
                throw new Exception("not support digest algorithmIdentifier:" + id);
            }
            pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new MD5Digest());
            mechanism = new Mechanism(Mechanism.HMAC_MD5);
        }
        pKCS12ParametersGenerator.init(this.password, macData.getSalt(), macData.getIterationCount().intValue());
        return Parser.isEqualArray(this.session.mac(mechanism, new JKey("DESede", ((KeyParameter) pKCS12ParametersGenerator.generateDerivedMacParameters(i)).getKey()), ASN1OctetString.getInstance(this.pfx.getAuthSafe().getContent()).getOctets()), mac.getDigest());
    }

    public void decrypt(char[] cArr) throws PKIException {
        try {
            if (this.pfx == null) {
                throw new Exception("you must load Pfx first.");
            }
            this.password = PBEParametersGenerator.PKCS12PasswordToBytes(cArr);
            if (!verifyMac()) {
                throw new Exception("verifyMac faulture.");
            }
            ContentInfo[] contentInfo = AuthenticatedSafe.getInstance(oct2Seq(ASN1OctetString.getInstance(this.pfx.getAuthSafe().getContent()))).getContentInfo();
            for (int i = 0; i < contentInfo.length; i++) {
                if (contentInfo[i].getContentType().equals(PKCSObjectIdentifiers.data)) {
                    this.keyContent = contentInfo[i];
                } else if (contentInfo[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) {
                    this.certContent = contentInfo[i];
                }
            }
            handleCertContent(this.certContent);
            handleKeyContent(this.keyContent);
            this.decrypted = true;
        } catch (Exception e) {
            throw new PKIException("8177", PKIException.DECRYPT_P12_ERR_DES, e);
        }
    }

    public Pfx generatePfx(JKey jKey, X509Cert x509Cert, char[] cArr) throws PKIException {
        X509CertificateStructure certStructure = x509Cert.getCertStructure();
        this.password = PBEParametersGenerator.PKCS12PasswordToBytes(cArr);
        try {
            EncryptedPrivateKeyInfo generateEPKI = generateEPKI(jKey);
            DEROctetString dEROctetString = new DEROctetString(Parser.writeDERObj2Bytes(certStructure.getSerialNumber()));
            DEREncodableVector dEREncodableVector = new DEREncodableVector();
            dEREncodableVector.add(dEROctetString);
            Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new DERSet(dEREncodableVector));
            DEREncodableVector dEREncodableVector2 = new DEREncodableVector();
            dEREncodableVector2.add(attribute);
            DERSet dERSet = new DERSet(dEREncodableVector2);
            DEROctetString dEROctetString2 = new DEROctetString(Parser.writeDERObj2Bytes(new SafeContents(new SafeBag[]{new SafeBag(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, Parser.writeBytes2DERObj(generateEPKI.getEncoded()), dERSet)}).getDERObject()));
            DERObjectIdentifier dERObjectIdentifier = PKCSObjectIdentifiers.data;
            ContentInfo contentInfo = new ContentInfo(dERObjectIdentifier, new DEROctetString(Parser.writeDERObj2Bytes(new AuthenticatedSafe(new ContentInfo[]{new ContentInfo(dERObjectIdentifier, dEROctetString2), new ContentInfo(PKCSObjectIdentifiers.encryptedData, encryptedCertContents(new SafeContents(new SafeBag[]{new SafeBag(PKCSObjectIdentifiers.certBag, new CertBag(PKCSObjectIdentifiers.x509certType, new DEROctetString(Parser.writeDERObj2Bytes(certStructure.getDERObject()))).getDERObject(), dERSet)})).getDERObject())}).getDERObject())));
            return new Pfx(contentInfo, generateMacData(contentInfo));
        } catch (Exception e) {
            throw new PKIException("8170", PKIException.P12_GENERATE_ERR_DES, e);
        }
    }

    public Pfx generatePfx(JKey jKey, X509Cert[] x509CertArr, char[] cArr) throws PKIException {
        int i = 0;
        X509CertificateStructure certStructure = x509CertArr[0].getCertStructure();
        this.password = PBEParametersGenerator.PKCS12PasswordToBytes(cArr);
        try {
            EncryptedPrivateKeyInfo generateEPKI = generateEPKI(jKey);
            DEROctetString dEROctetString = new DEROctetString(Parser.writeDERObj2Bytes(certStructure.getSerialNumber()));
            DEREncodableVector dEREncodableVector = new DEREncodableVector();
            dEREncodableVector.add(dEROctetString);
            Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new DERSet(dEREncodableVector));
            DEREncodableVector dEREncodableVector2 = new DEREncodableVector();
            dEREncodableVector2.add(attribute);
            DERSet dERSet = new DERSet(dEREncodableVector2);
            ContentInfo[] contentInfoArr = new ContentInfo[2];
            contentInfoArr[0] = new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(Parser.writeDERObj2Bytes(new SafeContents(new SafeBag[]{new SafeBag(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, Parser.writeBytes2DERObj(generateEPKI.getEncoded()), dERSet)}).getDERObject())));
            SafeBag[] safeBagArr = new SafeBag[x509CertArr.length];
            while (i < x509CertArr.length) {
                CertBag certBag = new CertBag(PKCSObjectIdentifiers.x509certType, new DEROctetString(Parser.writeDERObj2Bytes(x509CertArr[i].getCertStructure().getDERObject())));
                safeBagArr[i] = i == 0 ? new SafeBag(PKCSObjectIdentifiers.certBag, certBag.getDERObject(), dERSet) : new SafeBag(PKCSObjectIdentifiers.certBag, certBag.getDERObject());
                i++;
            }
            contentInfoArr[1] = new ContentInfo(PKCSObjectIdentifiers.encryptedData, encryptedCertContents(new SafeContents(safeBagArr)).getDERObject());
            ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(Parser.writeDERObj2Bytes(new AuthenticatedSafe(contentInfoArr).getDERObject())));
            return new Pfx(contentInfo, generateMacData(contentInfo));
        } catch (Exception e) {
            throw new PKIException("8170", PKIException.P12_GENERATE_ERR_DES, e);
        }
    }

    public byte[] generatePfxData(JKey jKey, X509Cert x509Cert, char[] cArr) throws PKIException {
        return Parser.writeDERObj2Bytes(generatePfx(jKey, x509Cert, cArr).getDERObject());
    }

    public byte[] generatePfxData(JKey jKey, X509Cert[] x509CertArr, char[] cArr) throws PKIException {
        return Parser.writeDERObj2Bytes(generatePfx(jKey, x509CertArr, cArr).getDERObject());
    }

    public void generatePfxFile(JKey jKey, X509Cert x509Cert, char[] cArr, String str) throws PKIException {
        Pfx generatePfx = generatePfx(jKey, x509Cert, cArr);
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            DEROutputStream dEROutputStream = new DEROutputStream(fileOutputStream);
            dEROutputStream.writeObject(generatePfx);
            dEROutputStream.close();
            fileOutputStream.close();
        } catch (Exception e) {
            throw new PKIException("8170", PKIException.P12_GENERATE_ERR_DES, e);
        }
    }

    public void generatePfxFile(JKey jKey, X509Cert[] x509CertArr, char[] cArr, String str) throws PKIException {
        Pfx generatePfx = generatePfx(jKey, x509CertArr, cArr);
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            DEROutputStream dEROutputStream = new DEROutputStream(fileOutputStream);
            dEROutputStream.writeObject(generatePfx);
            dEROutputStream.close();
            fileOutputStream.close();
        } catch (Exception e) {
            throw new PKIException("8170", PKIException.P12_GENERATE_ERR_DES, e);
        }
    }

    public X509Cert getCertificate() throws PKIException {
        X509Cert[] certs = getCerts();
        JKey privateKey = getPrivateKey();
        if (certs == null) {
            return null;
        }
        int i = 0;
        for (int i2 = 0; i2 < certs.length; i2++) {
            JKey publicKey = certs[i2].getPublicKey();
            Mechanism mechanism = publicKey.getKeyType().equals("SM2_Public") ? new Mechanism("SM3withSM2Encryption") : publicKey.getKeyType().equals("RSA_Public") ? new Mechanism("SHA1withRSAEncryption") : new Mechanism("SHA1withECDSA");
            byte[] bytes = "JIT".getBytes();
            if (this.session.verifySign(mechanism, publicKey, bytes, this.session.sign(mechanism, privateKey, bytes))) {
                i = i2;
            }
        }
        return certs[i];
    }

    public X509Cert[] getCerts() throws PKIException {
        try {
            if (!this.decrypted) {
                throw new Exception("pfx file hasn't been decrypted yet.");
            }
            Vector vector = new Vector();
            int i = 0;
            while (true) {
                CertBag[] certBagArr = this.certBags;
                if (i >= certBagArr.length) {
                    X509Cert[] x509CertArr = new X509Cert[vector.size()];
                    vector.toArray(x509CertArr);
                    return x509CertArr;
                }
                DERObjectIdentifier certId = certBagArr[i].getCertId();
                if (certId.equals(PKCSObjectIdentifiers.x509certType)) {
                    vector.add(new X509Cert(X509CertificateStructure.getInstance(oct2Seq(ASN1OctetString.getInstance(this.certBags[i].getCertValue())))));
                } else if (!certId.equals(PKCSObjectIdentifiers.sdsiCertType)) {
                    throw new Exception("not support certBag type, id=" + certId.getId());
                }
                i++;
            }
        } catch (Exception e) {
            throw new PKIException("8179", PKIException.P12_GETPUBCERT_ERR_DES, e);
        }
    }

    public Pfx getPfx() {
        return this.pfx;
    }

    public JKey getPrivateKey() throws PKIException {
        try {
            if (!this.decrypted) {
                throw new Exception("pfx file hasn't been decrypted yet.");
            }
            if (this.isSM2) {
                return this.privateKey;
            }
            ASN1Sequence aSN1Sequence = (ASN1Sequence) this.privateKeyInfo;
            PrivateKeyInfo privateKeyInfo = new PrivateKeyInfo(aSN1Sequence);
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(Parser.writeDERObj2Bytes(aSN1Sequence));
            if (privateKeyInfo.getAlgorithmId().getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption)) {
                return new JKey(JKey.RSA_PRV_KEY, pKCS8EncodedKeySpec.getEncoded());
            }
            return null;
        } catch (Exception e) {
            throw new PKIException("8178", PKIException.P12_GETPRVKEY_ERR_DES, e);
        }
    }

    public void load(Pfx pfx) {
        this.pfx = pfx;
    }

    public void load(InputStream inputStream) throws PKIException {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(inputStream);
            this.pfx = Pfx.getInstance(aSN1InputStream.readObject());
            aSN1InputStream.close();
            inputStream.close();
        } catch (Exception e) {
            throw new PKIException("8176", PKIException.LOAD_P12_ERR_DES, e);
        }
    }

    public void load(String str) throws PKIException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            load(bArr);
        } catch (Exception e) {
            throw new PKIException("8176", PKIException.LOAD_P12_ERR_DES, e);
        }
    }

    public void load(byte[] bArr) throws PKIException {
        if (Parser.isBase64Encode(bArr)) {
            bArr = Base64.decode(Parser.convertBase64(bArr));
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            ASN1InputStream aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
            this.pfx = Pfx.getInstance(aSN1InputStream.readObject());
            aSN1InputStream.close();
            byteArrayInputStream.close();
        } catch (Exception e) {
            throw new PKIException("8176", PKIException.LOAD_P12_ERR_DES, e);
        }
    }

    public void reset() {
        this.pfx = null;
        this.certBags = null;
        this.privateKeyInfo = null;
        this.keyContent = null;
        this.certContent = null;
        this.password = null;
        this.decrypted = false;
        this.isSM2 = false;
        this.privateKey = null;
    }
}
