package org.apache.commons.ssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Collection;
import java.util.Enumeration;

/* loaded from: classes2.dex */
public class KeyStoreBuilder {
    private static final String PKCS7_ENCRYPTED = "1.2.840.113549.1.7.6";

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes2.dex */
    public static class BuildResult {
        protected final X509Certificate[] chain;
        protected final KeyStore jks;
        protected final Key key;

        protected BuildResult(Key key, Certificate[] certificateArr, KeyStore keyStore) {
            this.key = key;
            this.jks = keyStore;
            if (certificateArr == null) {
                this.chain = null;
            } else {
                if (certificateArr instanceof X509Certificate[]) {
                    this.chain = (X509Certificate[]) certificateArr;
                    return;
                }
                X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
                System.arraycopy(certificateArr, 0, x509CertificateArr, 0, certificateArr.length);
                this.chain = x509CertificateArr;
            }
        }
    }

    public static KeyStore build(byte[] bArr, byte[] bArr2, char[] cArr) {
        KeyStore keyStore;
        BuildResult buildResult;
        String str;
        BuildResult parse = parse(bArr, cArr);
        if (parse.jks != null) {
            keyStore = parse.jks;
            buildResult = null;
        } else if (bArr2 == null || bArr2.length <= 0) {
            keyStore = null;
            buildResult = null;
        } else {
            BuildResult parse2 = parse(bArr2, cArr);
            if (parse2.jks != null) {
                buildResult = parse2;
                keyStore = parse2.jks;
            } else {
                buildResult = parse2;
                keyStore = null;
            }
        }
        if (keyStore != null) {
            validate(keyStore, cArr);
            return keyStore;
        }
        Key key = parse.key;
        X509Certificate[] x509CertificateArr = parse.chain;
        if ((key == null || x509CertificateArr == null) && buildResult != null) {
            if (buildResult.key != null) {
                key = buildResult.key;
            }
            if (x509CertificateArr == null) {
                x509CertificateArr = buildResult.chain;
            }
        }
        if (key == null || x509CertificateArr == null) {
            String str2 = key == null ? " [Private key missing (bad password?)]" : "";
            if (x509CertificateArr == null) {
                str2 = new StringBuffer().append(str2).append(" [Certificate chain missing]").toString();
            }
            throw new KeyStoreException(new StringBuffer().append("Can't build keystore:").append(str2).toString());
        }
        X509Certificate buildChain = buildChain(key, x509CertificateArr);
        if (buildChain != null) {
            x509CertificateArr = Certificates.trimChain(x509CertificateArr);
            str = Certificates.getCN(buildChain).replace(' ', '_');
        } else {
            str = "alias";
        }
        KeyStore keyStore2 = KeyStore.getInstance("jks");
        keyStore2.load(null, cArr);
        keyStore2.setKeyEntry(str, key, cArr, x509CertificateArr);
        return keyStore2;
    }

    public static KeyStore build(byte[] bArr, char[] cArr) {
        return build(bArr, null, cArr);
    }

    public static X509Certificate buildChain(Key key, Certificate[] certificateArr) {
        if (!(key instanceof RSAPrivateCrtKey)) {
            return null;
        }
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) key;
        BigInteger publicExponent = rSAPrivateCrtKey.getPublicExponent();
        BigInteger modulus = rSAPrivateCrtKey.getModulus();
        X509Certificate x509Certificate = null;
        for (Certificate certificate : certificateArr) {
            X509Certificate x509Certificate2 = (X509Certificate) certificate;
            PublicKey publicKey = x509Certificate2.getPublicKey();
            if (publicKey instanceof RSAPublicKey) {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
                BigInteger publicExponent2 = rSAPublicKey.getPublicExponent();
                BigInteger modulus2 = rSAPublicKey.getModulus();
                if (publicExponent.equals(publicExponent2) && modulus.equals(modulus2)) {
                    x509Certificate = x509Certificate2;
                }
            }
        }
        if (x509Certificate == null) {
            throw new KeyStoreException("Can't build keystore: [No certificates belong to the private-key]");
        }
        X509Certificate[] buildPath = X509CertificateChainBuilder.buildPath(x509Certificate, certificateArr);
        Arrays.fill(certificateArr, (Object) null);
        System.arraycopy(buildPath, 0, certificateArr, 0, buildPath.length);
        return x509Certificate;
    }

    /* JADX WARN: Removed duplicated region for block: B:42:0x01f3 A[LOOP:2: B:40:0x01f0->B:42:0x01f3, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:45:0x020a  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void main(java.lang.String[] r12) {
        /*
            Method dump skipped, instructions count: 584
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.commons.ssl.KeyStoreBuilder.main(java.lang.String[]):void");
    }

    /* JADX WARN: Removed duplicated region for block: B:41:0x00d1  */
    /* JADX WARN: Removed duplicated region for block: B:74:0x012f  */
    /* JADX WARN: Removed duplicated region for block: B:86:0x017d A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:94:0x00c3 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static org.apache.commons.ssl.KeyStoreBuilder.BuildResult parse(byte[] r18, char[] r19) {
        /*
            Method dump skipped, instructions count: 434
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.commons.ssl.KeyStoreBuilder.parse(byte[], char[]):org.apache.commons.ssl.KeyStoreBuilder$BuildResult");
    }

    private static X509Certificate[] toChain(Collection collection) {
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[collection.size()];
        collection.toArray(x509CertificateArr);
        return x509CertificateArr;
    }

    private static BuildResult tryJKS(String str, ByteArrayInputStream byteArrayInputStream, char[] cArr) {
        Certificate[] certificateArr;
        byteArrayInputStream.reset();
        String lowerCase = str.trim().toLowerCase();
        boolean equals = "pkcs12".equals(lowerCase);
        KeyStore keyStore = KeyStore.getInstance(lowerCase);
        try {
            keyStore.load(byteArrayInputStream, cArr);
            Enumeration<String> aliases = keyStore.aliases();
            Key key = null;
            while (true) {
                if (!aliases.hasMoreElements()) {
                    certificateArr = null;
                    break;
                }
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement) && (key = keyStore.getKey(nextElement, cArr)) != null && (key instanceof PrivateKey)) {
                    certificateArr = keyStore.getCertificateChain(nextElement);
                    break;
                }
                if (equals && aliases.hasMoreElements()) {
                    System.out.println("what kind of weird pkcs12 file has more than one alias?");
                }
            }
            if (equals) {
                keyStore = null;
            }
            return new BuildResult(key, certificateArr, keyStore);
        } catch (IOException e) {
            e.printStackTrace();
            String message = e.getMessage();
            String lowerCase2 = message != null ? message.trim().toLowerCase() : "";
            if (equals) {
                if (Math.max(lowerCase2.indexOf("failed to decrypt"), lowerCase2.indexOf("verify mac")) >= 0) {
                    throw new ProbablyBadPasswordException(new StringBuffer().append("Probably bad PKCS12 password: ").append(e).toString());
                }
            } else if (lowerCase2.indexOf("password") >= 0) {
                throw new ProbablyBadPasswordException(new StringBuffer().append("Probably bad JKS password: ").append(e).toString());
            }
            e.printStackTrace();
            throw e;
        } catch (GeneralSecurityException e2) {
            throw e2;
        }
    }

    public static void validate(KeyStore keyStore, char[] cArr) {
        Enumeration<String> aliases = keyStore.aliases();
        String str = null;
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                if (str != null) {
                    throw new KeyStoreException("Only 1 private key per keystore allowed for Commons-SSL");
                }
                str = nextElement;
            }
        }
        if (str == null) {
            throw new KeyStoreException("No private keys found in keystore!");
        }
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, cArr);
        X509Certificate[] x509ifyChain = Certificates.x509ifyChain(keyStore.getCertificateChain(str));
        if (buildChain(privateKey, x509ifyChain) != null) {
            X509Certificate[] trimChain = Certificates.trimChain(x509ifyChain);
            keyStore.deleteEntry(str);
            keyStore.setKeyEntry(str, privateKey, cArr, trimChain);
        }
    }
}
