package cn.com.infosec.netsign.crypto.util;

import cn.com.infosec.jca.security.KeyStore;
import cn.com.infosec.jcajce.asn1.ASN1Set;
import cn.com.infosec.jcajce.asn1.DERConstructedSequence;
import cn.com.infosec.jcajce.asn1.DERInputStream;
import cn.com.infosec.jcajce.asn1.DERObject;
import cn.com.infosec.jcajce.asn1.pkcs.ContentInfo;
import cn.com.infosec.jcajce.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.infosec.jcajce.asn1.pkcs.SignedData;
import cn.com.infosec.jcajce.asn1.x509.X509CertificateStructure;
import cn.com.infosec.jcajce.jce.provider.JCESM2PublicKey;
import cn.com.infosec.jcajce.jce.provider.X509CertificateObject;
import cn.com.infosec.netsign.crypto.exception.CryptoException;
import cn.com.infosec.oscca.sm2.SM2PrivateKey;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;

/* loaded from: input_file:cn/com/infosec/netsign/crypto/util/PKCS12File.class */
public class PKCS12File {
    private PrivateKey prik;
    private Certificate cert;
    private Certificate[] certChain;

    public static PKCS12File parsePFX(byte[] bArr, byte[] bArr2) throws Exception {
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            PKCS12File pKCS12File = new PKCS12File();
            ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr);
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "INFOSEC");
            keyStore.load(byteArrayInputStream2, new String(bArr2).toCharArray());
            String str = null;
            String str2 = null;
            Enumeration aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String str3 = (String) aliases.nextElement();
                if (keyStore.isKeyEntry(str3)) {
                    str = str3;
                }
                if (keyStore.isCertificateEntry(str3)) {
                    str2 = str3;
                }
            }
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
            if (x509Certificate == null) {
                if (str2 != null) {
                    x509Certificate = (X509Certificate) keyStore.getCertificate(str2);
                }
                pKCS12File.setCert(x509Certificate);
            } else {
                pKCS12File.setCert(x509Certificate);
            }
            PublicKey publicKey = x509Certificate.getPublicKey();
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            if (certificateChain == null) {
                pKCS12File.setCertChain(keyStore.getCertificateChain(str2));
            } else {
                pKCS12File.setCertChain(certificateChain);
            }
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, "".toCharArray());
            if (publicKey instanceof JCESM2PublicKey) {
                pKCS12File.setPrik(new SM2PrivateKey(privateKey.getEncoded()));
            } else {
                pKCS12File.setPrik(privateKey);
            }
            if (byteArrayInputStream2 != null) {
                byteArrayInputStream2.close();
            }
            return pKCS12File;
        } catch (Throwable th) {
            if (0 != 0) {
                byteArrayInputStream.close();
            }
            throw th;
        }
    }

    public static byte[] generatePFX(PrivateKey privateKey, byte[] bArr, String str, Certificate[] certificateArr) throws NoSuchProviderException, KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        char[] charArray = new String(bArr).toCharArray();
        ByteArrayOutputStream byteArrayOutputStream = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "INFOSEC");
            keyStore.load((KeyStore.LoadStoreParameter) null);
            keyStore.setKeyEntry(str, privateKey, charArray, certificateArr);
            byteArrayOutputStream = new ByteArrayOutputStream();
            keyStore.store(byteArrayOutputStream, charArray);
            byteArrayOutputStream.flush();
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (byteArrayOutputStream != null) {
                byteArrayOutputStream.close();
            }
            return byteArray;
        } catch (Throwable th) {
            if (byteArrayOutputStream != null) {
                byteArrayOutputStream.close();
            }
            throw th;
        }
    }

    public static Certificate[] getCertChain(byte[] bArr) throws CryptoException, CertificateParsingException {
        try {
            DERObject readObject = new DERInputStream(new ByteArrayInputStream(bArr)).readObject();
            if (!(readObject instanceof DERConstructedSequence)) {
                throw new CryptoException("Not a valid PKCS#7 object - not a sequence");
            }
            ContentInfo contentInfo = ContentInfo.getInstance(readObject);
            if (!contentInfo.getContentType().equals(PKCSObjectIdentifiers.signedData)) {
                throw new CryptoException("Not a valid PKCS#7 signed-data object - wrong header " + contentInfo.getContentType().getId());
            }
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            ArrayList arrayList = new ArrayList();
            if (signedData.getCertificates() != null) {
                Enumeration objects = ASN1Set.getInstance(signedData.getCertificates()).getObjects();
                while (objects.hasMoreElements()) {
                    arrayList.add(new X509CertificateObject(X509CertificateStructure.getInstance(objects.nextElement())));
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
        } catch (IOException e) {
            throw new CryptoException("can't decode PKCS7SignedData object");
        }
    }

    public PrivateKey getPrik() {
        return this.prik;
    }

    public Certificate getCert() {
        return this.cert;
    }

    public Certificate[] getCertChain() {
        return this.certChain;
    }

    public void setPrik(PrivateKey privateKey) {
        this.prik = privateKey;
    }

    public void setCert(Certificate certificate) {
        this.cert = certificate;
    }

    public void setCertChain(Certificate[] certificateArr) {
        this.certChain = certificateArr;
    }
}
