package net.netca.pki.encoding.asn1.pki.pkcs12;

import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.Integer;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.Attributes;
import net.netca.pki.encoding.asn1.pki.DigestInfo;
import net.netca.pki.encoding.asn1.pki.EncryptedPrivateKeyInfo;
import net.netca.pki.encoding.asn1.pki.IHmac;
import net.netca.pki.encoding.asn1.pki.IKDF;
import net.netca.pki.encoding.asn1.pki.JCESecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.JCESymEncrypter;
import net.netca.pki.encoding.asn1.pki.PBES2Params;
import net.netca.pki.encoding.asn1.pki.PBKDF2Params;
import net.netca.pki.encoding.asn1.pki.PrivateKeyInfo;
import net.netca.pki.encoding.asn1.pki.RC2CBCParameter;
import net.netca.pki.encoding.asn1.pki.SecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.SoftwareHmac;
import net.netca.pki.encoding.asn1.pki.SymEncrypter;
import net.netca.pki.encoding.asn1.pki.X509CRL;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.cms.ContentInfo;
import net.netca.pki.encoding.asn1.pki.cms.EncryptedContentInfo;
import net.netca.pki.encoding.asn1.pki.cms.EncryptedData;

/* loaded from: classes3.dex */
public final class PFXBuilder {
    public static final int AES_128_CBC = 1;
    public static final int AES_192_CBC = 2;
    public static final int AES_256_CBC = 3;
    public static final int SM4_CBC = 4;
    private AlgorithmIdentifier hashAlgo;
    private String pwd;
    private Pkcs12KDF pkcs12Kdf = new Pkcs12KDF();
    private boolean certEncrypt = true;
    private boolean crlEncrypt = true;
    private int iterationCount = 8192;
    private SymEncrypter symEncrypter = new JCESymEncrypter();
    private IHmac hmacObj = new SoftwareHmac();
    private SafeContents crls = new SafeContents();
    private SafeContents certs = new SafeContents();
    private SafeContents privkeys = new SafeContents();
    private boolean usePkcs5Pbe2 = false;
    private IKDF pkcs5Kdf = null;
    private SecureRandomGenerator randGenerator = JCESecureRandomGenerator.getInstance();
    private int encAlgo = 1;

    private void addCRL(AuthenticatedSafe authenticatedSafe) throws PkiException {
        if (this.crls.size() == 0) {
            return;
        }
        if (this.crlEncrypt) {
            authenticatedSafe.add(new ContentInfo("1.2.840.113549.1.7.6", encrypt(this.crls).getASN1Object()));
        } else {
            authenticatedSafe.add(ContentInfo.NewData(this.crls.getASN1Object().encode()));
        }
    }

    private void addCert(AuthenticatedSafe authenticatedSafe) throws PkiException {
        if (this.certs.size() == 0) {
            return;
        }
        if (this.certEncrypt) {
            authenticatedSafe.add(new ContentInfo("1.2.840.113549.1.7.6", encrypt(this.certs).getASN1Object()));
        } else {
            authenticatedSafe.add(ContentInfo.NewData(this.certs.getASN1Object().encode()));
        }
    }

    private void addPrivKey(AuthenticatedSafe authenticatedSafe) throws PkiException {
        authenticatedSafe.add(ContentInfo.NewData(this.privkeys.getASN1Object().encode()));
    }

    private MacData createMac(byte[] bArr) throws PkiException {
        byte[] generate = this.randGenerator.generate(64);
        byte[] macKey = this.pkcs12Kdf.getMacKey(this.hashAlgo.getOid(), this.pwd, generate, this.iterationCount);
        byte[] hmac = this.hmacObj.hmac(this.hashAlgo.getOid(), macKey, bArr, 0, bArr.length);
        Arrays.fill(macKey, (byte) 0);
        return new MacData(new DigestInfo(this.hashAlgo, hmac), generate, this.iterationCount);
    }

    private EncryptedPrivateKeyInfo encrypt(PrivateKeyInfo privateKeyInfo) throws PkiException {
        return this.usePkcs5Pbe2 ? pkcs5Encrypt(privateKeyInfo) : pkcs12Encrypt(privateKeyInfo);
    }

    private EncryptedData encrypt(SafeContents safeContents) throws PkiException {
        return this.usePkcs5Pbe2 ? pkcs5Encrypt(safeContents) : pkcs12Encrypt(safeContents);
    }

    public static PFXBuilder getInstance() {
        return new PFXBuilder();
    }

    private AlgorithmIdentifier getPkcs5EncAlgo(byte[] bArr) throws PkiException {
        int i2 = this.encAlgo;
        if (i2 == 1) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.AES128CBCPAD_OID, new OctetString(bArr));
        }
        if (i2 == 2) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.AES192CBCPAD_OID, new OctetString(bArr));
        }
        if (i2 == 3) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.AES256CBCPAD_OID, new OctetString(bArr));
        }
        if (i2 == 4) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.SM4CBC_OID, new OctetString(bArr));
        }
        return null;
    }

    private String getPkcs5EncAlgoOid() {
        int i2 = this.encAlgo;
        if (i2 == 1 || i2 == 2 || i2 == 3) {
            return AlgorithmIdentifier.AES128CBCPAD_OID;
        }
        if (i2 == 4) {
            return AlgorithmIdentifier.SM4CBC_OID;
        }
        return null;
    }

    private int getPkcs5KeyLength() {
        int i2 = this.encAlgo;
        if (i2 == 1) {
            return 16;
        }
        if (i2 == 2) {
            return 24;
        }
        if (i2 == 3) {
            return 32;
        }
        return i2 == 4 ? 16 : -1;
    }

    private AlgorithmIdentifier getPkcs5Prf(String str) throws PkiException {
        String str2;
        if (str.equals(AlgorithmIdentifier.SHA1_OID)) {
            str2 = AlgorithmIdentifier.PKCS5_HMAC_SHA1_OID;
        } else if (str.equals(AlgorithmIdentifier.SHA224_OID)) {
            str2 = AlgorithmIdentifier.HMAC_SHA224_OID;
        } else if (str.equals(AlgorithmIdentifier.SHA256_OID)) {
            str2 = AlgorithmIdentifier.HMAC_SHA256_OID;
        } else if (str.equals(AlgorithmIdentifier.SHA384_OID)) {
            str2 = AlgorithmIdentifier.HMAC_SHA384_OID;
        } else if (str.equals(AlgorithmIdentifier.SHA512_OID)) {
            str2 = AlgorithmIdentifier.HMAC_SHA512_OID;
        } else if (str.equals(AlgorithmIdentifier.SHA512_224_OID)) {
            str2 = AlgorithmIdentifier.HMAC_SHA512_224_OID;
        } else if (str.equals(AlgorithmIdentifier.SHA512_256_OID)) {
            str2 = AlgorithmIdentifier.HMAC_SHA512_256_OID;
        } else if (str.equals(AlgorithmIdentifier.SHA3_224_OID)) {
            str2 = AlgorithmIdentifier.HMAC_SHA3_224_OID;
        } else if (str.equals(AlgorithmIdentifier.SHA3_256_OID)) {
            str2 = AlgorithmIdentifier.HMAC_SHA3_256_OID;
        } else if (str.equals(AlgorithmIdentifier.SHA3_384_OID)) {
            str2 = AlgorithmIdentifier.HMAC_SHA3_384_OID;
        } else {
            if (!str.equals(AlgorithmIdentifier.SHA3_512_OID)) {
                throw new PkiException("unsupport algo:" + str);
            }
            str2 = AlgorithmIdentifier.HMAC_SHA3_512_OID;
        }
        return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(str2);
    }

    private Attributes newAttributes(Attributes attributes, byte[] bArr) throws PkiException {
        Attribute attribute = null;
        if (attributes == null && (bArr == null || bArr.length == 0)) {
            return null;
        }
        if (bArr != null && bArr.length != 0) {
            attribute = newLocalKeyIdAttribute(bArr);
        }
        if (attribute == null) {
            return attributes;
        }
        Attributes attributes2 = new Attributes();
        attributes2.add(attribute);
        if (attributes == null) {
            return attributes2;
        }
        for (int i2 = 0; i2 < attributes.size(); i2++) {
            attributes2.add(attributes.get(i2));
        }
        return attributes2;
    }

    private Attribute newLocalKeyIdAttribute(byte[] bArr) throws PkiException {
        return new Attribute(Attribute.LOCAL_KEY_ID, new OctetString(bArr));
    }

    private AlgorithmIdentifier newPkcs12PbeAlgorithm(String str, byte[] bArr) throws PkiException {
        return new AlgorithmIdentifier(str, new Pkcs12PbeParams(bArr, this.iterationCount).getASN1Object());
    }

    private EncryptedPrivateKeyInfo pkcs12Encrypt(PrivateKeyInfo privateKeyInfo) throws PkiException {
        byte[] generate = this.randGenerator.generate(32);
        byte[] key = this.pkcs12Kdf.getKey(AlgorithmIdentifier.SHA1_OID, this.pwd, generate, this.iterationCount, 24);
        byte[] iv = this.pkcs12Kdf.getIV(AlgorithmIdentifier.SHA1_OID, this.pwd, generate, this.iterationCount, 8);
        AlgorithmIdentifier newPkcs12PbeAlgorithm = newPkcs12PbeAlgorithm(AlgorithmIdentifier.PBE_WITH_SHA_AND_3KEY_TRIPLEDES_CBC, generate);
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(AlgorithmIdentifier.DESEDE3CBC_OID, new OctetString(iv));
        byte[] encode = privateKeyInfo.getASN1Object().encode();
        byte[] cipher = this.symEncrypter.cipher(true, key, algorithmIdentifier, encode, 0, encode.length);
        Arrays.fill(encode, (byte) 0);
        Arrays.fill(key, (byte) 0);
        Arrays.fill(iv, (byte) 0);
        return new EncryptedPrivateKeyInfo(newPkcs12PbeAlgorithm, cipher);
    }

    private EncryptedData pkcs12Encrypt(SafeContents safeContents) throws PkiException {
        byte[] generate = this.randGenerator.generate(32);
        byte[] key = this.pkcs12Kdf.getKey(AlgorithmIdentifier.SHA1_OID, this.pwd, generate, this.iterationCount, 5);
        byte[] iv = this.pkcs12Kdf.getIV(AlgorithmIdentifier.SHA1_OID, this.pwd, generate, this.iterationCount, 8);
        AlgorithmIdentifier newPkcs12PbeAlgorithm = newPkcs12PbeAlgorithm(AlgorithmIdentifier.PBE_WITH_SHA_AND_40BIT_RC2_CBC, generate);
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(AlgorithmIdentifier.RC2CBC_OID, new RC2CBCParameter(160, iv).getASN1Object());
        byte[] encode = safeContents.getASN1Object().encode();
        byte[] cipher = this.symEncrypter.cipher(true, key, algorithmIdentifier, encode, 0, encode.length);
        Arrays.fill(encode, (byte) 0);
        Arrays.fill(key, (byte) 0);
        Arrays.fill(iv, (byte) 0);
        EncryptedContentInfo encryptedContentInfo = new EncryptedContentInfo(ContentInfo.DATA_OID, newPkcs12PbeAlgorithm, cipher);
        Sequence sequence = new Sequence(EncryptedData.getASN1Type());
        sequence.add(new Integer(0L));
        sequence.add(encryptedContentInfo.getASN1Object());
        return new EncryptedData(sequence);
    }

    private EncryptedPrivateKeyInfo pkcs5Encrypt(PrivateKeyInfo privateKeyInfo) throws PkiException {
        try {
            byte[] bytes = this.pwd.getBytes("UTF-8");
            if (this.hashAlgo == null) {
                this.hashAlgo = AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA256_OID);
            }
            EncryptedPrivateKeyInfo pkcs5Encrypt = privateKeyInfo.pkcs5Encrypt(bytes, this.hashAlgo.getOid(), this.iterationCount, 64, this.pkcs5Kdf, getPkcs5EncAlgoOid(), this.symEncrypter, this.randGenerator);
            Arrays.fill(bytes, (byte) 0);
            return pkcs5Encrypt;
        } catch (UnsupportedEncodingException e2) {
            throw new PkiException("utf-8 encode fail", e2);
        }
    }

    private EncryptedData pkcs5Encrypt(SafeContents safeContents) throws PkiException {
        byte[] generate = this.randGenerator.generate(64);
        int pkcs5KeyLength = getPkcs5KeyLength();
        byte[] generate2 = this.randGenerator.generate(16);
        if (this.hashAlgo == null) {
            this.hashAlgo = AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA256_OID);
        }
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(AlgorithmIdentifier.PBKDF2, new PBKDF2Params(generate, this.iterationCount, getPkcs5Prf(this.hashAlgo.getOid())).getASN1Object());
        try {
            byte[] bytes = this.pwd.getBytes("UTF-8");
            byte[] kdf = this.pkcs5Kdf.kdf(algorithmIdentifier, bytes, null, pkcs5KeyLength);
            Arrays.fill(bytes, (byte) 0);
            AlgorithmIdentifier pkcs5EncAlgo = getPkcs5EncAlgo(generate2);
            byte[] encode = safeContents.getASN1Object().encode();
            byte[] cipher = this.symEncrypter.cipher(true, kdf, pkcs5EncAlgo, encode, 0, encode.length);
            Arrays.fill(encode, (byte) 0);
            Arrays.fill(kdf, (byte) 0);
            EncryptedContentInfo encryptedContentInfo = new EncryptedContentInfo(ContentInfo.DATA_OID, new AlgorithmIdentifier(AlgorithmIdentifier.PBES2, new PBES2Params(algorithmIdentifier, pkcs5EncAlgo).getASN1Object()), cipher);
            Sequence sequence = new Sequence(EncryptedData.getASN1Type());
            sequence.add(new Integer(0L));
            sequence.add(encryptedContentInfo.getASN1Object());
            return new EncryptedData(sequence);
        } catch (UnsupportedEncodingException e2) {
            throw new PkiException("utf-8 encode fail", e2);
        }
    }

    public PFXBuilder addCRL(X509CRL x509crl) throws PkiException {
        return addCRL(x509crl, null);
    }

    public PFXBuilder addCRL(X509CRL x509crl, Attributes attributes) throws PkiException {
        this.crls.add(SafeBag.NewCRL(x509crl, attributes));
        return this;
    }

    public PFXBuilder addCert(X509Certificate x509Certificate) throws PkiException {
        return addCert(x509Certificate, null);
    }

    public PFXBuilder addCert(X509Certificate x509Certificate, Attributes attributes) throws PkiException {
        this.certs.add(SafeBag.NewCert(x509Certificate, attributes));
        return this;
    }

    public PFXBuilder addPrivateKey(PrivateKeyInfo privateKeyInfo, Attributes attributes, X509Certificate x509Certificate, byte[] bArr, Attributes attributes2) throws PkiException {
        if (this.pwd == null) {
            throw new PkiException("please setPwd first");
        }
        if (this.symEncrypter == null) {
            throw new PkiException("please setSymEncrypter first");
        }
        if (x509Certificate != null && (bArr == null || bArr.length == 0)) {
            throw new PkiException("no keyId");
        }
        this.privkeys.add(SafeBag.NewPKCS8ShroudedKey(encrypt(privateKeyInfo), newAttributes(attributes, bArr)));
        if (x509Certificate != null) {
            addCert(x509Certificate, newAttributes(attributes2, bArr));
        }
        return this;
    }

    public PFX build() throws PkiException {
        if (this.pwd == null) {
            throw new PkiException("please setPwd first");
        }
        if (this.privkeys.size() == 0 && this.certs.size() == 0 && this.crls.size() == 0) {
            throw new PkiException("no data for pfx");
        }
        if (this.hmacObj == null) {
            throw new PkiException("hmacObj is null");
        }
        if (this.hashAlgo == null) {
            this.hashAlgo = AlgorithmIdentifier.CreateAlgorithmIdentifier(this.usePkcs5Pbe2 ? AlgorithmIdentifier.SHA256_OID : AlgorithmIdentifier.SHA1_OID);
        }
        AuthenticatedSafe authenticatedSafe = new AuthenticatedSafe();
        addPrivKey(authenticatedSafe);
        addCert(authenticatedSafe);
        addCRL(authenticatedSafe);
        byte[] encode = authenticatedSafe.getASN1Object().encode();
        return new PFX(ContentInfo.NewData(encode), createMac(encode));
    }

    public PFXBuilder setCRLEncrypt(boolean z) {
        this.crlEncrypt = z;
        return this;
    }

    public PFXBuilder setCertEncrypt(boolean z) {
        this.certEncrypt = z;
        return this;
    }

    public PFXBuilder setEncAlgo(int i2) throws PkiException {
        if (!this.usePkcs5Pbe2) {
            throw new PkiException("pkcs12 pbe can not setEncAlgo");
        }
        if (i2 != 1 && i2 != 2 && i2 != 3 && i2 != 4) {
            throw new PkiException("bad encAlgo");
        }
        this.encAlgo = i2;
        return this;
    }

    public PFXBuilder setHashAlgo(AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        this.hashAlgo = algorithmIdentifier;
        return this;
    }

    public PFXBuilder setHmacImplement(IHmac iHmac) throws PkiException {
        if (iHmac == null) {
            throw new PkiException("hmacObj is null");
        }
        this.hmacObj = iHmac;
        return this;
    }

    public PFXBuilder setIterationCount(int i2) throws PkiException {
        if (i2 < 1024) {
            throw new PkiException("iterationCount<1024");
        }
        this.iterationCount = i2;
        return this;
    }

    public PFXBuilder setPkcs12KDF(Pkcs12KDF pkcs12KDF) throws PkiException {
        if (pkcs12KDF == null) {
            throw new PkiException("kdf is null");
        }
        this.pkcs12Kdf = pkcs12KDF;
        return this;
    }

    public PFXBuilder setPkcs5KDF(IKDF ikdf) throws PkiException {
        if (ikdf == null) {
            throw new PkiException("kdf is null");
        }
        this.pkcs5Kdf = ikdf;
        this.usePkcs5Pbe2 = true;
        return this;
    }

    public PFXBuilder setPwd(String str) throws PkiException {
        if (this.pwd != null) {
            throw new PkiException("do not setPwd again");
        }
        this.pwd = str;
        return this;
    }

    public PFXBuilder setSecureRandomGenerator(SecureRandomGenerator secureRandomGenerator) throws PkiException {
        if (secureRandomGenerator == null) {
            throw new PkiException("randomGenerator is null");
        }
        this.randGenerator = secureRandomGenerator;
        return this;
    }

    public PFXBuilder setSymEncrypter(SymEncrypter symEncrypter) throws PkiException {
        if (symEncrypter == null) {
            throw new PkiException("symEncrypter is null");
        }
        this.symEncrypter = symEncrypter;
        return this;
    }
}
