package com.sonicsw.security.ssl;

import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeSet;
import java.util.Vector;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:com/sonicsw/security/ssl/KeyStoreHelper.class */
public class KeyStoreHelper {
    private static boolean DEBUG = false;
    private static X509Certificate[] CerticateArray = new X509Certificate[0];

    public static KeyStore keyStoreFromPKCS7AndEncryptedPKCS8(String str, String str2, String str3, String str4) throws KeyStoreException, CertificateException, IOException, InvalidKeyException {
        return keyStoreFromPKCS7AndPKCS8(str, str2, true, str3, str4, getKeyStore(null));
    }

    public static KeyStore keyStoreFromPKCS7AndUnencryptedPKCS8(String str, String str2, String str3, String str4) throws KeyStoreException, CertificateException, IOException, InvalidKeyException {
        return keyStoreFromPKCS7AndPKCS8(str, str2, false, str3, str4, getKeyStore(null));
    }

    public static KeyStore keyStoreFromPKCS7AndPKCS8(String str, String str2, boolean z, String str3, String str4, KeyStore keyStore) throws KeyStoreException, CertificateException, IOException, InvalidKeyException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        FileInputStream fileInputStream = new FileInputStream(str);
        X509Certificate[] certificateChain = new CertChain((X509Certificate[]) certificateFactory.generateCertificates(fileInputStream).toArray(CerticateArray)).getCertificateChain();
        fileInputStream.close();
        if (DEBUG) {
            System.out.println("keyStoreFromPKCS7AndPKCS8(): certificate chain loaded from " + str + "...");
            for (int i = 0; i < certificateChain.length; i++) {
                System.out.println("cert[" + i + "]:\n" + certificateChain[i]);
            }
        }
        return loadKeyStoreFromCertificatesAndPKCS8(certificateChain, str2, z, str3, str4, keyStore);
    }

    public static KeyStore keyStoreFromPKCS12(String str, String str2, String str3) throws KeyStoreException, CertificateException, IOException, InvalidKeyException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        if (DEBUG) {
            System.out.println("keyStoreFromPKCS12(): type = " + keyStore.getType() + ", path = " + str);
        }
        try {
            keyStore.load(new FileInputStream(str), str2.toCharArray());
            if (keyStore.size() > 1) {
                throw new KeyStoreException("More than one pair of certificate & private key found in PKCS12 " + str);
            }
            if (str3 != null) {
                String nextElement = keyStore.aliases().nextElement();
                if (!nextElement.equals(str3)) {
                    try {
                        keyStore.setKeyEntry(str3, keyStore.getKey(nextElement, str2.toCharArray()), str2.toCharArray(), keyStore.getCertificateChain(nextElement));
                        keyStore.deleteEntry(nextElement);
                    } catch (Exception e) {
                        if (DEBUG) {
                            e.printStackTrace();
                        }
                        throw new KeyStoreException("Unable to add key & certificate(s) using alias " + str3 + ": " + e.getMessage(), e);
                    }
                }
            }
            return keyStore;
        } catch (Exception e2) {
            if (DEBUG) {
                e2.printStackTrace();
            }
            throw new KeyStoreException("Failed to create in-memory key store: " + e2.getMessage(), e2);
        }
    }

    public static KeyStore loadKeyStoreFromPKCS12(String str, String str2, String str3, KeyStore keyStore) throws KeyStoreException, CertificateException, IOException, InvalidKeyException {
        try {
            KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
            FileInputStream fileInputStream = new FileInputStream(str);
            keyStore2.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
            if (keyStore == null) {
                try {
                    keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(null, str2.toCharArray());
                } catch (Exception e) {
                    throw new KeyStoreException("Failed to create a new JKS keystore: " + e.getMessage(), e);
                }
            }
            if (str3 == null) {
                throw new KeyStoreException("Key entry alias not specified.");
            }
            if (keyStore2.size() > 1) {
                throw new KeyStoreException("More than one pair of certificate & private key found in PKCS12 " + str);
            }
            String nextElement = keyStore2.aliases().nextElement();
            try {
                keyStore.setKeyEntry(str3, keyStore2.getKey(nextElement, str2.toCharArray()), str2.toCharArray(), keyStore2.getCertificateChain(nextElement));
                return keyStore;
            } catch (Exception e2) {
                if (DEBUG) {
                    e2.printStackTrace();
                }
                throw new KeyStoreException("Unable to add key & certificate(s) using alias " + str3 + ": " + e2.getMessage(), e2);
            }
        } catch (Exception e3) {
            if (DEBUG) {
                e3.printStackTrace();
            }
            throw new KeyStoreException("Failed to load PKCS12 from " + str + " : " + e3.getMessage(), e3);
        }
    }

    public static KeyStore keyStoreFromCertificatesAndPKCS8(String[] strArr, String str, boolean z, String str2, String str3, String str4) throws KeyStoreException, CertificateException, IOException, InvalidKeyException {
        Certificate[] certificateArr = null;
        if (strArr.length > 0) {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            certificateArr = new Certificate[strArr.length];
            for (int i = 0; i < strArr.length; i++) {
                certificateArr[i] = certificateFactory.generateCertificate(new FileInputStream(strArr[i]));
            }
        }
        return loadKeyStoreFromCertificatesAndPKCS8(certificateArr, str, z, str2, str3, getKeyStore(str4));
    }

    public static KeyStore getKeyStore(String str) throws KeyStoreException, CertificateException, IOException, InvalidKeyException {
        if (str == null) {
            str = KeyStore.getDefaultType();
        }
        KeyStore keyStore = KeyStore.getInstance(str);
        if (DEBUG) {
            System.out.println("loadKeyStoreFromPKCS7AndPKCS8(): key store created, type = " + keyStore.getType());
        }
        try {
            keyStore.load(null, null);
            return keyStore;
        } catch (Exception e) {
            if (DEBUG) {
                e.printStackTrace();
            }
            throw new KeyStoreException("Failed to create in-memory key store: " + e.getMessage(), e);
        }
    }

    public static KeyStore loadKeyStoreFromCertificatesAndPKCS8(Certificate[] certificateArr, String str, boolean z, String str2, String str3, KeyStore keyStore) throws KeyStoreException, CertificateException, IOException, InvalidKeyException {
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec;
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            DataInputStream dataInputStream = new DataInputStream(fileInputStream);
            byte[] bArr = new byte[dataInputStream.available()];
            dataInputStream.readFully(bArr);
            dataInputStream.close();
            fileInputStream.close();
            if (z) {
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
                if (DEBUG) {
                    System.out.println("loadKeyStoreFromPKCS7AndPKCS8(): encrypted private key info...\nencryption algorithm name = " + encryptedPrivateKeyInfo.getAlgName() + "\nencryption algorithm parameter = " + encryptedPrivateKeyInfo.getAlgParameters());
                }
                pKCS8EncodedKeySpec = encryptedPrivateKeyInfo.getKeySpec(SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(str2.toCharArray())));
            } else {
                pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(bArr);
            }
            PrivateKey generatePrivate = KeyFactory.getInstance(certificateArr[0].getPublicKey().getAlgorithm()).generatePrivate(pKCS8EncodedKeySpec);
            if (DEBUG) {
                System.out.println("loadKeyStoreFromPKCS7AndPKCS8(): private key info...\nalgorithm name = " + generatePrivate.getAlgorithm() + "\nencoding format = " + generatePrivate.getFormat());
            }
            keyStore.setKeyEntry(str3, generatePrivate, str2.toCharArray(), certificateArr);
            return keyStore;
        } catch (Exception e) {
            if (DEBUG) {
                e.printStackTrace();
            }
            throw new InvalidKeyException("Failed to load the private key from " + str + ":" + e.getMessage(), e);
        }
    }

    public static X509Certificate[] loadCertificatesFromDirectory(String str) throws CertificateException {
        if (str == null || str.trim().length() <= 0) {
            return null;
        }
        File file = new File(str.trim());
        if (!file.isDirectory()) {
            return null;
        }
        if (DEBUG) {
            System.out.println("Loading certificate(s) from directory " + str);
        }
        X509Certificate[] x509CertificateArr = null;
        File[] listFiles = file.listFiles();
        if (listFiles != null && listFiles.length > 0) {
            Vector vector = new Vector();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i = 0; i < listFiles.length; i++) {
                try {
                    FileInputStream fileInputStream = new FileInputStream(listFiles[i]);
                    vector.addElement((X509Certificate) certificateFactory.generateCertificate(fileInputStream));
                    fileInputStream.close();
                } catch (Exception e) {
                    if (DEBUG) {
                        System.out.println(e + " : Unable to load X.509 certificate from " + listFiles[i].getName());
                    }
                }
            }
            x509CertificateArr = new X509Certificate[vector.size()];
            vector.copyInto(x509CertificateArr);
        }
        return x509CertificateArr;
    }

    public static KeyStore trustStoreFromCertificates(X509Certificate[] x509CertificateArr, KeyStore keyStore) throws KeyStoreException {
        if (DEBUG) {
            System.out.println("Populating a trust store with trusted " + x509CertificateArr.length + " certificates, store = " + keyStore);
        }
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return null;
        }
        KeyStore keyStore2 = keyStore;
        if (keyStore2 == null) {
            try {
                keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore2.load(null, null);
            } catch (Exception e) {
                if (DEBUG) {
                    e.printStackTrace();
                }
                throw new KeyStoreException("Failed to add CA certificate(s) into a trust store: " + e.getMessage(), e);
            }
        }
        for (int i = 0; i < x509CertificateArr.length; i++) {
            keyStore2.setCertificateEntry(x509CertificateArr[i].getSubjectDN().getName(), x509CertificateArr[i]);
        }
        return keyStore2;
    }

    public static void dumpProviderInfo() {
        for (Provider provider : Security.getProviders()) {
            TreeSet treeSet = new TreeSet();
            System.out.println(provider.getName());
            System.out.println("ver. " + provider.getVersion());
            System.out.println(provider.getInfo());
            for (Map.Entry<Object, Object> entry : provider.entrySet()) {
                treeSet.add((entry.getKey().toString() + (entry.getKey().toString().startsWith("Alg.Alias.") ? " is aliased to " : " = ")) + entry.getValue().toString());
            }
            Iterator it = treeSet.iterator();
            while (it.hasNext()) {
                System.out.println((String) it.next());
            }
        }
    }

    private boolean testPKCS7AndEncryptedPKCS8(String str, String str2, String str3, String str4, String str5) {
        boolean z = true;
        try {
            KeyStore keyStoreFromPKCS7AndPKCS8 = keyStoreFromPKCS7AndPKCS8(str, str2, true, str3, str4, getKeyStore(str5));
            Certificate[] certificateChain = keyStoreFromPKCS7AndPKCS8.getCertificateChain(str4);
            for (int i = 0; i < certificateChain.length; i++) {
                System.out.println("cert[" + i + "]:\n" + certificateChain[i]);
            }
            Key key = keyStoreFromPKCS7AndPKCS8.getKey(str4, str3.toCharArray());
            System.out.println("private key is of instance of " + key.getClass());
            System.out.println("private key info:\nalgorithm name = " + key.getAlgorithm() + "\nencoding format = " + key.getFormat() + "\n");
        } catch (Exception e) {
            e.printStackTrace();
            z = false;
        }
        return z;
    }

    private boolean testPKCS12(String str, String str2, String str3) {
        KeyStore keyStoreFromPKCS12;
        String nextElement;
        boolean z = true;
        try {
            keyStoreFromPKCS12 = keyStoreFromPKCS12(str, str2, str3);
            nextElement = keyStoreFromPKCS12.aliases().nextElement();
        } catch (Exception e) {
            e.printStackTrace();
            z = false;
        }
        if (!nextElement.equals(str3)) {
            System.out.println("ERROR: unable to retrieve key & certificate(s) from entry \"" + str3 + "\", found \"" + nextElement + "\"");
            return false;
        }
        System.out.println("retrieving key & certificate(s) from key entry[0] " + str3);
        Certificate[] certificateChain = keyStoreFromPKCS12.getCertificateChain(str3);
        for (int i = 0; i < certificateChain.length; i++) {
            System.out.println("cert[" + i + "]:\n" + certificateChain[i]);
        }
        Key key = keyStoreFromPKCS12.getKey(str3, str2.toCharArray());
        System.out.println("private key is of instance of " + key.getClass());
        System.out.println("private key info:\nalgorithm name = " + key.getAlgorithm() + "\nencoding format = " + key.getFormat() + "\n");
        int i2 = 0 + 1;
        return z;
    }

    public static void main(String[] strArr) {
        String str = "C:/sandboxMQ8.0/MQ8.0";
        boolean z = true;
        boolean z2 = true;
        int i = 0;
        while (i < strArr.length) {
            if ("-dir".equalsIgnoreCase(strArr[i])) {
                i++;
                str = strArr[i];
            } else if ("-type".equalsIgnoreCase(strArr[i])) {
                i++;
                String str2 = strArr[i];
                if ("pkcs7".equalsIgnoreCase(str2)) {
                    z2 = false;
                } else if ("pkcs12".equalsIgnoreCase(str2)) {
                    z = false;
                }
            }
            i++;
        }
        String str3 = str + "server.p7c";
        String str4 = str + "serverKey.pkcs8";
        String str5 = str + "client.p7c";
        String str6 = str + "clientKey.pkcs8";
        String str7 = str + "server.p12";
        String str8 = str + "client.p12";
        boolean z3 = true;
        KeyStoreHelper keyStoreHelper = new KeyStoreHelper();
        if (z) {
            if (1 != 0 && !keyStoreHelper.testPKCS7AndEncryptedPKCS8(str3, str4, "password", "server", null)) {
                z3 = false;
            }
            if (z3 && !keyStoreHelper.testPKCS7AndEncryptedPKCS8(str5, str6, "password", "client", "JKS")) {
                z3 = false;
            }
            if (z3 && !keyStoreHelper.testPKCS7AndEncryptedPKCS8(str3, str4, "password", "server", "PKCS12")) {
                z3 = false;
            }
        }
        if (z2) {
            if (z3 && !keyStoreHelper.testPKCS12(str7, "password", "server")) {
                z3 = false;
            }
            if (z3 && !keyStoreHelper.testPKCS12(str8, "password", "client")) {
                z3 = false;
            }
        }
        if (z3) {
            System.out.println("\nTest [v3] passed.");
        } else {
            System.out.println("\nTest [v3] failed, provider info:\n");
            dumpProviderInfo();
        }
    }
}
