package com.rsa.certj.cms;

import com.bea.security.utils.encryption.EncryptedStreamFactory;
import com.bea.wls.ejbgen.EJBGen;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJInternalHelper;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.DatabaseService;
import com.rsa.certj.NoServiceException;
import com.rsa.certj.cert.AttributeException;
import com.rsa.certj.cert.CRL;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.X501Attributes;
import com.rsa.certj.cert.X509CRL;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.cert.attributes.X501Attribute;
import com.rsa.certj.cert.extensions.X509V3Extension;
import com.rsa.certj.internal.CertJContext;
import com.rsa.certj.spi.db.DatabaseException;
import com.rsa.jsafe.JSAFE_InvalidKeyException;
import com.rsa.jsafe.JSAFE_InvalidParameterException;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;
import com.rsa.jsafe.JSAFE_SecretKey;
import com.rsa.jsafe.JSAFE_UnimplementedException;
import com.rsa.jsafe.cert.Attribute;
import com.rsa.jsafe.cert.GeneralName;
import com.rsa.jsafe.cert.InvalidEncodingException;
import com.rsa.jsafe.cert.X509ExtensionSpec;
import com.rsa.jsafe.crypto.FIPS140Context;
import com.rsa.jsafe.provider.JsafeJCE;
import java.io.ByteArrayInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreParameters;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/rsa/certj/cms/CMSUtils.class */
public class CMSUtils {
    private static final int DES_KEY_LENGTH = 8;

    CMSUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JsafeJCE createJceProvider(FIPS140Context fIPS140Context) {
        return fIPS140Context == null ? new JsafeJCE() : new JsafeJCE(fIPS140Context);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FIPS140Context getJceCtx(CertJ certJ) {
        return certJ == null ? CertJContext.getCertJContext().fips140 : CertJInternalHelper.context(certJ).fips140;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static com.rsa.jsafe.cms.RecipientInfo[] convertToJceRecipientInfos(RecipientInfo[] recipientInfoArr, JsafeJCE jsafeJCE) throws CMSException {
        if (recipientInfoArr == null) {
            return null;
        }
        com.rsa.jsafe.cms.RecipientInfo[] recipientInfoArr2 = new com.rsa.jsafe.cms.RecipientInfo[recipientInfoArr.length];
        for (int i = 0; i < recipientInfoArr.length; i++) {
            recipientInfoArr2[i] = recipientInfoArr[i] == null ? null : recipientInfoArr[i].getJceRecipientInfo(jsafeJCE);
        }
        return recipientInfoArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static com.rsa.jsafe.cms.SignerInfo[] convertToJceSignerInfos(SignerInfo[] signerInfoArr, JsafeJCE jsafeJCE) throws CMSException {
        if (signerInfoArr == null) {
            return null;
        }
        com.rsa.jsafe.cms.SignerInfo[] signerInfoArr2 = new com.rsa.jsafe.cms.SignerInfo[signerInfoArr.length];
        for (int i = 0; i < signerInfoArr.length; i++) {
            signerInfoArr2[i] = signerInfoArr[i] == null ? null : signerInfoArr[i].getJceSignerInfo(jsafeJCE);
        }
        return signerInfoArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static com.rsa.jsafe.cms.Accuracy convertToJceAccuracy(Accuracy accuracy) {
        if (accuracy == null) {
            return null;
        }
        return new com.rsa.jsafe.cms.Accuracy(accuracy.getSeconds(), accuracy.getMillis(), accuracy.getMicros());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Attribute[] convertToJceAttributes(X501Attributes x501Attributes) throws CMSException {
        if (x501Attributes == null) {
            return null;
        }
        int attributeCount = x501Attributes.getAttributeCount();
        Attribute[] attributeArr = new Attribute[attributeCount];
        for (int i = 0; i < attributeCount; i++) {
            attributeArr[i] = convertToJceAttribute(x501Attributes.getAttributeByIndex(i));
        }
        return attributeArr;
    }

    private static Attribute convertToJceAttribute(X501Attribute x501Attribute) throws CMSException {
        byte[] bArr = new byte[x501Attribute.getDERLen(0)];
        try {
            int dEREncoding = x501Attribute.getDEREncoding(bArr, 0, 0);
            byte[] bArr2 = bArr;
            if (dEREncoding != bArr.length) {
                bArr2 = new byte[dEREncoding];
                System.arraycopy(bArr, 0, bArr2, 0, dEREncoding);
            }
            return new Attribute(bArr2);
        } catch (AttributeException e) {
            throw new CMSException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CertStore convertToJceCertStore(DatabaseService databaseService, JsafeJCE jsafeJCE) throws CMSException {
        if (databaseService == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        try {
            Certificate firstCertificate = databaseService.firstCertificate();
            while (firstCertificate != null) {
                arrayList.add(firstCertificate);
                firstCertificate = databaseService.nextCertificate();
            }
            List<Object> createJcpStoreEntryList = createJcpStoreEntryList((Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]), jsafeJCE);
            try {
                CRL firstCRL = databaseService.firstCRL();
                while (firstCRL != null) {
                    if (firstCRL instanceof X509CRL) {
                        createJcpStoreEntryList.add(convertToJceCRL((X509CRL) firstCRL, jsafeJCE));
                    }
                    firstCRL = databaseService.nextCRL();
                }
                return createJcpCertStore(createJcpStoreEntryList, jsafeJCE);
            } catch (NoServiceException e) {
                throw new CMSException(e);
            } catch (DatabaseException e2) {
                throw new CMSException(e2);
            }
        } catch (NoServiceException e3) {
            throw new CMSException(e3);
        } catch (DatabaseException e4) {
            throw new CMSException(e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CertStore convertToJceCertStore(Certificate[] certificateArr, JsafeJCE jsafeJCE) throws CMSException {
        if (certificateArr == null) {
            return null;
        }
        return createJcpCertStore(createJcpStoreEntryList(certificateArr, jsafeJCE), jsafeJCE);
    }

    private static List<Object> createJcpStoreEntryList(Certificate[] certificateArr, JsafeJCE jsafeJCE) throws CMSException {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < certificateArr.length; i++) {
            if (certificateArr[i] instanceof X509Certificate) {
                arrayList.add(convertToJceCertificate((X509Certificate) certificateArr[i], jsafeJCE));
            }
        }
        return arrayList;
    }

    private static CertStore createJcpCertStore(List<Object> list, JsafeJCE jsafeJCE) throws CMSException {
        try {
            return CertStore.getInstance(EJBGen.COLLECTION, (CertStoreParameters) new CollectionCertStoreParameters(list), (Provider) jsafeJCE);
        } catch (InvalidAlgorithmParameterException e) {
            throw new CMSException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CMSException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static java.security.cert.X509Certificate convertToJceCertificate(X509Certificate x509Certificate, JsafeJCE jsafeJCE) throws CMSException {
        if (x509Certificate == null) {
            return null;
        }
        byte[] bArr = new byte[x509Certificate.getDERLen(0)];
        try {
            x509Certificate.getDEREncoding(bArr, 0, 0);
            return (java.security.cert.X509Certificate) CertificateFactory.getInstance("X509", (Provider) jsafeJCE).generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            throw new CMSException(e);
        } catch (java.security.cert.CertificateException e2) {
            throw new CMSException(e2);
        }
    }

    private static java.security.cert.X509CRL convertToJceCRL(X509CRL x509crl, JsafeJCE jsafeJCE) throws CMSException {
        if (x509crl == null) {
            return null;
        }
        byte[] bArr = new byte[x509crl.getDERLen(0)];
        try {
            x509crl.getDEREncoding(bArr, 0, 0);
            return (java.security.cert.X509CRL) CertificateFactory.getInstance("X509", (Provider) jsafeJCE).generateCRL(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            throw new CMSException(e);
        } catch (CRLException e2) {
            throw new CMSException(e2);
        } catch (java.security.cert.CertificateException e3) {
            throw new CMSException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretKey convertToJceSecretKey(JSAFE_SecretKey jSAFE_SecretKey, JsafeJCE jsafeJCE) throws CMSException {
        if (jSAFE_SecretKey == null) {
            return null;
        }
        String algorithm = jSAFE_SecretKey.getAlgorithm();
        byte[] secretKeyData = jSAFE_SecretKey.getSecretKeyData();
        if (algorithm.indexOf(EncryptedStreamFactory.AES_ALGORITHM) >= 0) {
            algorithm = EncryptedStreamFactory.AES_ALGORITHM;
        } else if (algorithm.equals("3DES_EDE")) {
            algorithm = EncryptedStreamFactory.DES_KEY_ALGORITHM;
            if (CertJUtils.byteArraysEqual(secretKeyData, 0, 8, secretKeyData, 8, 8) && secretKeyData.length == 24 && CertJUtils.byteArraysEqual(secretKeyData, 8, 8, secretKeyData, 16, 8)) {
                byte[] bArr = new byte[8];
                System.arraycopy(secretKeyData, 0, bArr, 0, bArr.length);
                jSAFE_SecretKey.overwrite(secretKeyData);
                secretKeyData = bArr;
            } else if (secretKeyData.length == 24 && CertJUtils.byteArraysEqual(secretKeyData, 0, 8, secretKeyData, 16, 8)) {
                byte[] bArr2 = new byte[16];
                System.arraycopy(secretKeyData, 0, bArr2, 0, bArr2.length);
                jSAFE_SecretKey.overwrite(secretKeyData);
                secretKeyData = bArr2;
            }
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(secretKeyData, algorithm);
        jSAFE_SecretKey.overwrite(secretKeyData);
        return secretKeySpec;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey convertToJcePrivateKey(JSAFE_PrivateKey jSAFE_PrivateKey, JsafeJCE jsafeJCE) throws CMSException {
        if (jSAFE_PrivateKey == null) {
            return null;
        }
        String algorithm = jSAFE_PrivateKey.getAlgorithm();
        try {
            return KeyFactory.getInstance(algorithm, (Provider) jsafeJCE).generatePrivate(new PKCS8EncodedKeySpec(jSAFE_PrivateKey.getKeyData(algorithm + "PrivateKeyBER")[0]));
        } catch (NoSuchAlgorithmException e) {
            throw new CMSException(e);
        } catch (JSAFE_UnimplementedException e2) {
            throw new CMSException((Throwable) e2);
        } catch (InvalidKeySpecException e3) {
            throw new CMSException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PublicKey convertToJcePublicKey(JSAFE_PublicKey jSAFE_PublicKey, JsafeJCE jsafeJCE) throws CMSException {
        if (jSAFE_PublicKey == null) {
            return null;
        }
        String algorithm = jSAFE_PublicKey.getAlgorithm();
        try {
            return KeyFactory.getInstance(algorithm, (Provider) jsafeJCE).generatePublic(new X509EncodedKeySpec(jSAFE_PublicKey.getKeyData(algorithm + "PublicKeyBER")[0]));
        } catch (NoSuchAlgorithmException e) {
            throw new CMSException(e);
        } catch (JSAFE_UnimplementedException e2) {
            throw new CMSException((Throwable) e2);
        } catch (InvalidKeySpecException e3) {
            throw new CMSException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GeneralName convertToJceGeneralName(com.rsa.certj.cert.extensions.GeneralName generalName) throws CMSException {
        if (generalName == null) {
            return null;
        }
        try {
            byte[] bArr = new byte[generalName.getDERLen(0)];
            generalName.getDEREncoding(bArr, 0, 0);
            return new GeneralName(bArr);
        } catch (InvalidEncodingException e) {
            throw new CMSException((Throwable) e);
        } catch (NameException e2) {
            throw new CMSException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static com.rsa.jsafe.cms.KeyContainer convertToJceKeyContainer(KeyContainer keyContainer, JsafeJCE jsafeJCE) throws CMSException {
        if (keyContainer == null) {
            return null;
        }
        JSAFE_SecretKey secretKey = keyContainer.getSecretKey();
        char[] password = keyContainer.getPassword();
        if (password != null) {
            return new com.rsa.jsafe.cms.KeyContainer(password);
        }
        if (secretKey == null) {
            return new com.rsa.jsafe.cms.KeyContainer(convertToJcePrivateKey(keyContainer.getPrivateKey(), jsafeJCE), convertToJcePublicKey(keyContainer.getPublicKey(), jsafeJCE));
        }
        if (secretKey.getAlgorithm().indexOf("PBKDF2") < 0) {
            return new com.rsa.jsafe.cms.KeyContainer(convertToJceSecretKey(secretKey, jsafeJCE));
        }
        try {
            return new com.rsa.jsafe.cms.KeyContainer(secretKey.getPassword());
        } catch (JSAFE_InvalidKeyException e) {
            throw new CMSException((Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509ExtensionSpec convertToJceExtensionSpecs(X509V3Extensions x509V3Extensions) throws CMSException {
        if (x509V3Extensions == null) {
            return null;
        }
        X509ExtensionSpec x509ExtensionSpec = new X509ExtensionSpec();
        int extensionCount = x509V3Extensions.getExtensionCount();
        for (int i = 0; i < extensionCount; i++) {
            try {
                X509V3Extension extensionByIndex = x509V3Extensions.getExtensionByIndex(i);
                byte[] bArr = new byte[extensionByIndex.getDERLen(0)];
                extensionByIndex.getDEREncoding(bArr, 0, 0);
                x509ExtensionSpec.addOtherExtension(bArr);
            } catch (CertificateException e) {
                throw new CMSException(e);
            }
        }
        return x509ExtensionSpec;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String convertToJceEncryptionAlg(String str) {
        if (str == null) {
            return null;
        }
        String[] split = str.split("/");
        if ("3DES_EDE".equals(split[0])) {
            split[0] = EncryptedStreamFactory.DES_KEY_ALGORITHM;
        } else if (split[0].startsWith(EncryptedStreamFactory.AES_ALGORITHM)) {
            split[0] = EncryptedStreamFactory.AES_ALGORITHM;
        }
        StringBuilder sb = new StringBuilder(split[0]);
        for (int i = 1; i < split.length; i++) {
            sb.append('/');
            sb.append(split[i]);
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String convertToJceKDFAlg(String str) throws CMSException {
        String str2;
        if (str == null) {
            return null;
        }
        String[] split = str.toUpperCase().split("/");
        if (split.length != 3 || !split[0].equals("PBKDF2") || !split[2].startsWith("PKCS5V2PBE")) {
            throw new CMSException("Illegal KDF algorithm string: " + str);
        }
        if ("SHA1".equals(split[1])) {
            str2 = "PBKDF2withSHA1";
        } else if ("SHA256".equals(split[1])) {
            str2 = "PBKDF2withSHA256";
        } else if ("SHA512".equals(split[1])) {
            str2 = "PBKDF2withSHA512";
        } else if ("SHA384".equals(split[1])) {
            str2 = "PBKDF2withSHA384";
        } else {
            if (!"SHA224".equals(split[1])) {
                throw new CMSException("Illegal hash algorithm string: " + split[1]);
            }
            str2 = "PBKDF2withSHA224";
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RecipientInfo[] convertToJsafeRecipientInfo(com.rsa.jsafe.cms.RecipientInfo[] recipientInfoArr) {
        if (recipientInfoArr == null) {
            return null;
        }
        RecipientInfo[] recipientInfoArr2 = new RecipientInfo[recipientInfoArr.length];
        for (int i = 0; i < recipientInfoArr.length; i++) {
            recipientInfoArr2[i] = createJsafeRecipientInfo(recipientInfoArr[i]);
        }
        return recipientInfoArr2;
    }

    private static RecipientInfo createJsafeRecipientInfo(com.rsa.jsafe.cms.RecipientInfo recipientInfo) {
        RecipientInfo passwordRecipientInfo;
        if (recipientInfo instanceof com.rsa.jsafe.cms.KeyAgreeRecipientInfo) {
            passwordRecipientInfo = new KeyAgreeRecipientInfo((com.rsa.jsafe.cms.KeyAgreeRecipientInfo) recipientInfo);
        } else if (recipientInfo instanceof com.rsa.jsafe.cms.KekRecipientInfo) {
            passwordRecipientInfo = new KekRecipientInfo((com.rsa.jsafe.cms.KekRecipientInfo) recipientInfo);
        } else if (recipientInfo instanceof com.rsa.jsafe.cms.KeyTransRecipientInfo) {
            passwordRecipientInfo = new KeyTransRecipientInfo((com.rsa.jsafe.cms.KeyTransRecipientInfo) recipientInfo);
        } else {
            if (!(recipientInfo instanceof com.rsa.jsafe.cms.PasswordRecipientInfo)) {
                throw new IllegalArgumentException("RecipientInfo type not supported.");
            }
            passwordRecipientInfo = new PasswordRecipientInfo((com.rsa.jsafe.cms.PasswordRecipientInfo) recipientInfo);
        }
        return passwordRecipientInfo;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SignerInfo[] convertToJsafeSignerInfo(com.rsa.jsafe.cms.SignerInfo[] signerInfoArr) {
        if (signerInfoArr == null) {
            return null;
        }
        SignerInfo[] signerInfoArr2 = new SignerInfo[signerInfoArr.length];
        for (int i = 0; i < signerInfoArr.length; i++) {
            signerInfoArr2[i] = new SignerInfo(signerInfoArr[i]);
        }
        return signerInfoArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate[] convertToJsafeCertificates(java.security.cert.X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null) {
            return null;
        }
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            try {
                x509CertificateArr2[i] = new X509Certificate(x509CertificateArr[i].getEncoded(), 0, 0);
            } catch (CertificateException e) {
                throw new InvalidEncodingException(e);
            } catch (CertificateEncodingException e2) {
                throw new InvalidEncodingException(e2);
            }
        }
        return x509CertificateArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509CRL[] convertToJsafeCRLs(java.security.cert.X509CRL[] x509crlArr) {
        if (x509crlArr == null) {
            return null;
        }
        X509CRL[] x509crlArr2 = new X509CRL[x509crlArr.length];
        for (int i = 0; i < x509crlArr.length; i++) {
            try {
                x509crlArr2[i] = new X509CRL(x509crlArr[i].getEncoded(), 0, 0);
            } catch (CertificateException e) {
                throw new InvalidEncodingException(e);
            } catch (CRLException e2) {
                throw new InvalidEncodingException(e2);
            }
        }
        return x509crlArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X501Attributes convertToJsafeAttributes(Attribute[] attributeArr) throws CMSException {
        if (attributeArr == null) {
            return null;
        }
        X501Attributes x501Attributes = new X501Attributes();
        for (Attribute attribute : attributeArr) {
            try {
                x501Attributes.addAttribute(X501Attribute.getInstance(attribute.getEncoded(), 0, 0));
            } catch (AttributeException e) {
                throw new CMSException(e);
            }
        }
        return x501Attributes;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JSAFE_PublicKey convertToJsafePublicKey(PublicKey publicKey) throws CMSException {
        if (publicKey == null) {
            return null;
        }
        try {
            return JSAFE_PublicKey.getInstance(publicKey.getEncoded(), 0, "Java");
        } catch (JSAFE_UnimplementedException e) {
            throw new CMSException((Throwable) e);
        } catch (JSAFE_InvalidParameterException e2) {
            throw new CMSException((Throwable) e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X500Name convertToJsafeIssuerName(X500Principal x500Principal) throws CMSException {
        if (x500Principal == null) {
            return null;
        }
        try {
            return new X500Name(x500Principal.getEncoded(), 0, 0);
        } catch (NameException e) {
            throw new CMSException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static com.rsa.certj.cert.extensions.GeneralName convertToJsafeGeneralName(GeneralName generalName) throws CMSException {
        if (generalName == null) {
            return null;
        }
        try {
            return new com.rsa.certj.cert.extensions.GeneralName(generalName.getEncoded(), 0, 0);
        } catch (NameException e) {
            throw new CMSException(e);
        }
    }
}
