package net.netca.pki.encoding.asn1.pki.pkcs12;

import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.Integer;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.OctetStringType;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceOf;
import net.netca.pki.encoding.asn1.SequenceType;
import net.netca.pki.encoding.asn1.SetOf;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.Attributes;
import net.netca.pki.encoding.asn1.pki.EncryptedPrivateKeyInfo;
import net.netca.pki.encoding.asn1.pki.IHmac;
import net.netca.pki.encoding.asn1.pki.IKDF;
import net.netca.pki.encoding.asn1.pki.JCESymEncrypter;
import net.netca.pki.encoding.asn1.pki.Pkcs5PBKDF2;
import net.netca.pki.encoding.asn1.pki.PrivateKeyInfo;
import net.netca.pki.encoding.asn1.pki.SoftwareHmac;
import net.netca.pki.encoding.asn1.pki.SymEncrypter;
import net.netca.pki.encoding.asn1.pki.X509CRL;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey;
import net.netca.pki.encoding.asn1.pki.cms.ContentInfo;
import net.netca.pki.encoding.asn1.pki.cms.EncryptedContentInfo;
import net.netca.pki.encoding.asn1.pki.cms.EncryptedData;

/* loaded from: classes3.dex */
public final class PFX {
    private static final SequenceType type = (SequenceType) ASN1TypeManager.getInstance().get("PFX");
    private ArrayList<X509CertificateAndPrivateKey> certAndPrivKeys;
    private ArrayList<byte[]> certIds;
    private ArrayList<X509Certificate> certs;
    private ArrayList<X509CRL> crls;
    private IHmac hmacObj;
    private Sequence pfx;
    private Pkcs12KDF pkcs12Kdf;
    private IKDF pkcs5Kdf;
    private ArrayList<byte[]> privKeyInfoIds;
    private ArrayList<PrivateKeyInfo> privKeyInfos;
    private SymEncrypter symEncrypter;

    public PFX(Sequence sequence) throws PkiException {
        if (!type.match(sequence)) {
            throw new PkiException("not PFX");
        }
        this.pfx = sequence;
    }

    public PFX(ContentInfo contentInfo, MacData macData) throws PkiException {
        Sequence sequence = new Sequence(type);
        this.pfx = sequence;
        sequence.add(new Integer(3L));
        this.pfx.add(contentInfo.getASN1Object());
        if (macData != null) {
            this.pfx.add(macData.getASN1Object());
        }
    }

    private PFX(byte[] bArr) throws PkiException {
        this.pfx = (Sequence) ASN1Object.decode(bArr, type);
    }

    /* JADX WARN: Removed duplicated region for block: B:36:0x005b A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void addCertAndPrivateKey(net.netca.pki.encoding.asn1.pki.X509Certificate r6, net.netca.pki.encoding.asn1.pki.PrivateKeyInfo r7) throws net.netca.pki.PkiException {
        /*
            r5 = this;
            net.netca.pki.encoding.asn1.pki.Extensions r0 = r6.getExtensions()
            r1 = 0
            r2 = 1
            if (r0 != 0) goto L9
            goto L11
        L9:
            java.lang.String r3 = "2.5.29.15"
            net.netca.pki.encoding.asn1.pki.Extension r0 = r0.get(r3)
            if (r0 != 0) goto L13
        L11:
            r3 = 1
            goto L47
        L13:
            net.netca.pki.encoding.asn1.pki.ExtensionObject r0 = r0.getExtensionObject()
            net.netca.pki.encoding.asn1.pki.NamedBitStringExtension r0 = (net.netca.pki.encoding.asn1.pki.NamedBitStringExtension) r0
            boolean r3 = r0.isSet(r1)
            if (r3 != 0) goto L36
            boolean r3 = r0.isSet(r2)
            if (r3 != 0) goto L36
            r3 = 5
            boolean r3 = r0.isSet(r3)
            if (r3 != 0) goto L36
            r3 = 6
            boolean r3 = r0.isSet(r3)
            if (r3 == 0) goto L34
            goto L36
        L34:
            r3 = 0
            goto L37
        L36:
            r3 = 1
        L37:
            r4 = 2
            boolean r4 = r0.isSet(r4)
            if (r4 != 0) goto L47
            r4 = 3
            boolean r0 = r0.isSet(r4)
            if (r0 == 0) goto L46
            goto L47
        L46:
            r2 = 0
        L47:
            boolean r0 = r6.isInValidity()
            if (r0 != 0) goto L4e
            goto L4f
        L4e:
            r1 = r3
        L4f:
            r0 = 0
            if (r2 == 0) goto L58
            net.netca.pki.encoding.asn1.pki.JCEPrivateKeyDecrypter r2 = new net.netca.pki.encoding.asn1.pki.JCEPrivateKeyDecrypter     // Catch: net.netca.pki.PkiException -> L58
            r2.<init>(r7)     // Catch: net.netca.pki.PkiException -> L58
            goto L59
        L58:
            r2 = r0
        L59:
            if (r1 == 0) goto L63
            net.netca.pki.encoding.asn1.pki.JCESigner r1 = new net.netca.pki.encoding.asn1.pki.JCESigner     // Catch: net.netca.pki.PkiException -> L62
            r1.<init>(r7)     // Catch: net.netca.pki.PkiException -> L62
            r0 = r1
            goto L63
        L62:
        L63:
            if (r0 != 0) goto L67
            if (r2 == 0) goto L71
        L67:
            net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey r7 = new net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey     // Catch: net.netca.pki.PkiException -> L71
            r7.<init>(r6, r0, r2)     // Catch: net.netca.pki.PkiException -> L71
            java.util.ArrayList<net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey> r6 = r5.certAndPrivKeys     // Catch: net.netca.pki.PkiException -> L71
            r6.add(r7)     // Catch: net.netca.pki.PkiException -> L71
        L71:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: net.netca.pki.encoding.asn1.pki.pkcs12.PFX.addCertAndPrivateKey(net.netca.pki.encoding.asn1.pki.X509Certificate, net.netca.pki.encoding.asn1.pki.PrivateKeyInfo):void");
    }

    private void addPrivateKeyInfo(SafeBag safeBag) throws PkiException {
        this.privKeyInfos.add(new PrivateKeyInfo((Sequence) safeBag.getBagValue().to(PrivateKeyInfo.getASN1Type())));
        byte[] localId = getLocalId(safeBag.getBagAttributes());
        if (localId == null) {
            localId = new byte[0];
        }
        this.privKeyInfoIds.add(localId);
    }

    private void addX509CRL(SafeBag safeBag) throws PkiException {
        CRLBag cRLBag = new CRLBag((Sequence) safeBag.getBagValue().to(CRLBag.getASN1Type()));
        if (cRLBag.getCrlId().equals(CRLBag.X509CRL_OID)) {
            this.crls.add(cRLBag.getX509CRL());
        }
    }

    private void addX509Certificate(SafeBag safeBag) throws PkiException {
        CertBag certBag = new CertBag((Sequence) safeBag.getBagValue().to(CertBag.getASN1Type()));
        if (certBag.getCertId().equals(CertBag.X509CERTIFICATE_OID)) {
            this.certs.add(certBag.getX509Certificate());
            byte[] localId = getLocalId(safeBag.getBagAttributes());
            if (localId == null) {
                localId = new byte[0];
            }
            this.certIds.add(localId);
        }
    }

    private boolean byteArrayEquals(byte[] bArr, byte[] bArr2) {
        if (bArr.length != bArr2.length) {
            return false;
        }
        for (int i2 = 0; i2 < bArr.length; i2++) {
            if (bArr[i2] != bArr2[i2]) {
                return false;
            }
        }
        return true;
    }

    private boolean checkMac(String str, byte[] bArr, MacData macData) throws PkiException {
        String oid = macData.getMac().getDigestAlgorithm().getOid();
        byte[] macKey = this.pkcs12Kdf.getMacKey(oid, str, macData.getMacSalt(), macData.getIterations());
        byte[] hmac = this.hmacObj.hmac(oid, macKey, bArr, 0, bArr.length);
        Arrays.fill(macKey, (byte) 0);
        byte[] digest = macData.getMac().getDigest();
        if (hmac.length != digest.length) {
            return false;
        }
        for (int i2 = 0; i2 < hmac.length; i2++) {
            if (hmac[i2] != digest[i2]) {
                return false;
            }
        }
        return true;
    }

    private void createCertAndPrivateKeyList() throws PkiException {
        PrivateKeyInfo findPrivateKeyInfo;
        for (int i2 = 0; i2 < this.certs.size(); i2++) {
            byte[] bArr = this.certIds.get(i2);
            if (bArr.length > 0 && (findPrivateKeyInfo = findPrivateKeyInfo(bArr)) != null) {
                X509Certificate x509Certificate = this.certs.get(i2);
                if (findPrivateKeyInfo.match(x509Certificate)) {
                    addCertAndPrivateKey(x509Certificate, findPrivateKeyInfo);
                }
            }
        }
    }

    public static PFX decode(byte[] bArr) throws PkiException {
        return new PFX(bArr);
    }

    private void decryptAuthenticatedSafe(String str, AuthenticatedSafe authenticatedSafe) throws PkiException {
        for (int i2 = 0; i2 < authenticatedSafe.size(); i2++) {
            ContentInfo contentInfo = authenticatedSafe.get(i2);
            if (contentInfo.getContentType().equals(ContentInfo.DATA_OID)) {
                ASN1Object content = contentInfo.getContent();
                if (!(content instanceof OctetString)) {
                    throw new PkiException("bad AuthenticatedSafe ContentInfo,content is not data");
                }
                decryptSafeContents(str, SafeContents.decode(((OctetString) content).getValue()));
            } else if (contentInfo.getContentType().equals("1.2.840.113549.1.7.6")) {
                decryptEncryptedData(str, new EncryptedData((Sequence) contentInfo.getContent().to(EncryptedData.getASN1Type())));
            }
        }
        createCertAndPrivateKeyList();
    }

    private void decryptEncryptedData(String str, EncryptedData encryptedData) throws PkiException {
        byte[] pkcs5Decrypt;
        EncryptedContentInfo encryptedContentInfo = encryptedData.getEncryptedContentInfo();
        if (encryptedContentInfo.getEncryptedContent() == null) {
            throw new PkiException("EncryptedData no encryptedContent");
        }
        if (encryptedContentInfo.getContentEncryptionAlgorithm().getOid().equals(AlgorithmIdentifier.PBES2)) {
            try {
                pkcs5Decrypt = encryptedContentInfo.pkcs5Decrypt(str.getBytes("UTF-8"), this.symEncrypter, this.pkcs5Kdf);
            } catch (UnsupportedEncodingException e2) {
                throw new PkiException("utf-8 encode fail", e2);
            }
        } else {
            pkcs5Decrypt = encryptedContentInfo.pkcs12Decrypt(str, this.symEncrypter, this.pkcs12Kdf);
        }
        SafeContents decode = SafeContents.decode(pkcs5Decrypt);
        Arrays.fill(pkcs5Decrypt, (byte) 0);
        decryptSafeContents(str, decode);
    }

    private void decryptEncryptedPrivateKeyInfo(String str, SafeBag safeBag) throws PkiException {
        PrivateKeyInfo pkcs5Decrypt;
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo((Sequence) safeBag.getBagValue().to(EncryptedPrivateKeyInfo.getASN1Type()));
        if (encryptedPrivateKeyInfo.getEncryptionAlgorithm().getOid().equals(AlgorithmIdentifier.PBES2)) {
            try {
                byte[] bytes = str.getBytes("UTF-8");
                pkcs5Decrypt = encryptedPrivateKeyInfo.pkcs5Decrypt(bytes, this.symEncrypter, this.pkcs5Kdf);
                Arrays.fill(bytes, (byte) 0);
            } catch (UnsupportedEncodingException e2) {
                throw new PkiException("utf-8 encode fail", e2);
            }
        } else {
            pkcs5Decrypt = encryptedPrivateKeyInfo.pkcs12Decrypt(str, this.symEncrypter, this.pkcs12Kdf);
        }
        this.privKeyInfos.add(pkcs5Decrypt);
        byte[] localId = getLocalId(safeBag.getBagAttributes());
        if (localId == null) {
            localId = new byte[0];
        }
        this.privKeyInfoIds.add(localId);
    }

    private void decryptSafeContents(String str, SafeContents safeContents) throws PkiException {
        for (int i2 = 0; i2 < safeContents.size(); i2++) {
            SafeBag safeBag = safeContents.get(i2);
            String bagId = safeBag.getBagId();
            if (bagId.equals(SafeBag.KEY_BAG_OID)) {
                addPrivateKeyInfo(safeBag);
            } else if (bagId.equals(SafeBag.CERT_BAG_OID)) {
                addX509Certificate(safeBag);
            } else if (bagId.equals(SafeBag.CRL_BAG_OID)) {
                addX509CRL(safeBag);
            } else if (bagId.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG_OID)) {
                decryptEncryptedPrivateKeyInfo(str, safeBag);
            } else if (bagId.equals(SafeBag.SAFE_CONTENT_BAG_OID)) {
                decryptSafeContents(str, new SafeContents((SequenceOf) safeBag.getBagValue().to(SafeContents.getASN1Type())));
            }
        }
    }

    private PrivateKeyInfo findPrivateKeyInfo(byte[] bArr) {
        for (int i2 = 0; i2 < this.privKeyInfoIds.size(); i2++) {
            if (byteArrayEquals(bArr, this.privKeyInfoIds.get(i2))) {
                return this.privKeyInfos.get(i2);
            }
        }
        return null;
    }

    public static SequenceType getASN1Type() {
        return type;
    }

    private byte[] getLocalId(Attributes attributes) throws PkiException {
        Attribute attribute;
        if (attributes == null || (attribute = attributes.get(Attribute.LOCAL_KEY_ID)) == null) {
            return null;
        }
        SetOf value = attribute.getValue();
        if (value.size() == 1) {
            return ((OctetString) value.get(0).to(OctetStringType.getInstance())).getValue();
        }
        throw new PkiException("bad local key id attribute");
    }

    private boolean hasPrivateKeyInfo(AuthenticatedSafe authenticatedSafe) throws PkiException {
        for (int i2 = 0; i2 < authenticatedSafe.size(); i2++) {
            ContentInfo contentInfo = authenticatedSafe.get(i2);
            if (contentInfo.getContentType().equals(ContentInfo.DATA_OID)) {
                ASN1Object content = contentInfo.getContent();
                if (!(content instanceof OctetString)) {
                    throw new PkiException("bad AuthenticatedSafe ContentInfo,content is not data");
                }
                if (hasPrivateKeyInfo(SafeContents.decode(((OctetString) content).getValue()))) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean hasPrivateKeyInfo(SafeContents safeContents) throws PkiException {
        for (int i2 = 0; i2 < safeContents.size(); i2++) {
            SafeBag safeBag = safeContents.get(i2);
            String bagId = safeBag.getBagId();
            if (bagId.equals(SafeBag.KEY_BAG_OID)) {
                return true;
            }
            if (bagId.equals(SafeBag.SAFE_CONTENT_BAG_OID) && hasPrivateKeyInfo(new SafeContents((SequenceOf) safeBag.getBagValue().to(SafeContents.getASN1Type())))) {
                return true;
            }
        }
        return false;
    }

    private void initForDecrypt() {
        if (this.pkcs12Kdf == null) {
            this.pkcs12Kdf = new Pkcs12KDF();
        }
        if (this.symEncrypter == null) {
            this.symEncrypter = new JCESymEncrypter();
        }
        if (this.hmacObj == null) {
            this.hmacObj = new SoftwareHmac();
        }
        if (this.pkcs5Kdf == null) {
            this.pkcs5Kdf = new Pkcs5PBKDF2();
        }
        this.certs = new ArrayList<>();
        this.certIds = new ArrayList<>();
        this.crls = new ArrayList<>();
        this.privKeyInfos = new ArrayList<>();
        this.privKeyInfoIds = new ArrayList<>();
        this.certAndPrivKeys = new ArrayList<>();
    }

    public void decrypt(String str) throws PkiException {
        ContentInfo authSafe = getAuthSafe();
        if (!authSafe.getContentType().equals(ContentInfo.DATA_OID)) {
            throw new PkiException("not password privacy mode");
        }
        ASN1Object content = authSafe.getContent();
        if (!(content instanceof OctetString)) {
            throw new PkiException("bad authSafe ContentInfo,content is not data");
        }
        MacData macData = getMacData();
        if (macData == null) {
            throw new PkiException("no macData");
        }
        initForDecrypt();
        byte[] value = ((OctetString) content).getValue();
        if (!checkMac(str, value, macData)) {
            throw new PkiException("check mac fail");
        }
        AuthenticatedSafe decode = AuthenticatedSafe.decode(value);
        if (hasPrivateKeyInfo(decode)) {
            throw new PkiException("PrivateKeyInfo not encrypt");
        }
        decryptAuthenticatedSafe(str, decode);
    }

    public Sequence getASN1Object() throws PkiException {
        return this.pfx;
    }

    public ContentInfo getAuthSafe() throws PkiException {
        return new ContentInfo((Sequence) this.pfx.get(1));
    }

    public ArrayList<X509CRL> getCRLList() throws PkiException {
        ArrayList<X509CRL> arrayList = this.crls;
        if (arrayList != null) {
            return arrayList;
        }
        throw new PkiException("not decrypt or decrypt fail");
    }

    public Iterator<X509CertificateAndPrivateKey> getCertAndPrivateKeyIterator() throws PkiException {
        ArrayList<X509CertificateAndPrivateKey> arrayList = this.certAndPrivKeys;
        if (arrayList != null) {
            return arrayList.iterator();
        }
        throw new PkiException("not decrypt or decrypt fail");
    }

    public ArrayList<X509Certificate> getCertList() throws PkiException {
        ArrayList<X509Certificate> arrayList = this.certs;
        if (arrayList != null) {
            return arrayList;
        }
        throw new PkiException("not decrypt or decrypt fail");
    }

    public MacData getMacData() throws PkiException {
        if (this.pfx.size() < 3) {
            return null;
        }
        return new MacData((Sequence) this.pfx.get(2));
    }

    public int getVersion() throws PkiException {
        return ((Integer) this.pfx.get(0)).getIntegerValue();
    }

    public void setHmacImplement(IHmac iHmac) throws PkiException {
        if (iHmac == null) {
            throw new PkiException("hmacObj is null");
        }
        this.hmacObj = iHmac;
    }

    public void setPkcs12KDF(Pkcs12KDF pkcs12KDF) throws PkiException {
        if (pkcs12KDF == null) {
            throw new PkiException("kdf is null");
        }
        this.pkcs12Kdf = pkcs12KDF;
    }

    public void setPkcs5KDF(IKDF ikdf) throws PkiException {
        if (ikdf == null) {
            throw new PkiException("kdf is null");
        }
        this.pkcs5Kdf = ikdf;
    }

    public void setSymEncrypter(SymEncrypter symEncrypter) throws PkiException {
        if (symEncrypter == null) {
            throw new PkiException("symEncrypter is null");
        }
        this.symEncrypter = symEncrypter;
    }
}
