package net.sf.jsignpdf.utils;

import java.io.File;
import java.io.FileInputStream;
import java.lang.reflect.Field;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import net.sf.jsignpdf.BasicSignerOptions;
import net.sf.jsignpdf.Constants;
import net.sf.jsignpdf.InstallCert;
import net.sf.jsignpdf.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:net/sf/jsignpdf/utils/KeyStoreUtils.class */
public class KeyStoreUtils {
    private static final ResourceProvider res = ResourceProvider.getInstance();

    public static SortedSet<String> getKeyStores() {
        return new TreeSet(Security.getAlgorithms("KeyStore"));
    }

    public static String[] getKeyAliases(BasicSignerOptions basicSignerOptions) {
        if (basicSignerOptions == null) {
            throw new NullPointerException("Options are empty.");
        }
        basicSignerOptions.log("console.getKeystoreType", basicSignerOptions.getKsType());
        KeyStore loadKeyStore = loadKeyStore(basicSignerOptions.getKsType(), basicSignerOptions.getKsFile(), basicSignerOptions.getKsPasswd());
        if (loadKeyStore == null) {
            throw new NullPointerException(res.get("error.keystoreNull"));
        }
        List<String> aliasesList = getAliasesList(loadKeyStore, basicSignerOptions);
        return (String[]) aliasesList.toArray(new String[aliasesList.size()]);
    }

    private static List<String> getAliasesList(KeyStore keyStore, BasicSignerOptions basicSignerOptions) {
        Set<String> criticalExtensionOIDs;
        boolean[] keyUsage;
        if (basicSignerOptions == null) {
            throw new NullPointerException("Options are empty.");
        }
        if (keyStore == null) {
            throw new NullPointerException(res.get("error.keystoreNull"));
        }
        ArrayList arrayList = new ArrayList();
        try {
            basicSignerOptions.log("console.getAliases", new String[0]);
            Enumeration<String> aliases = keyStore.aliases();
            boolean asBool = ConfigProvider.getInstance().getAsBool("certificate.checkValidity", true);
            boolean asBool2 = ConfigProvider.getInstance().getAsBool("certificate.checkKeyUsage", true);
            boolean asBool3 = ConfigProvider.getInstance().getAsBool("certificate.checkCriticalExtensions", true);
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    Certificate certificate = keyStore.getCertificate(nextElement);
                    boolean z = true;
                    if (certificate instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        if (asBool) {
                            try {
                                try {
                                    x509Certificate.checkValidity();
                                } catch (CertificateNotYetValidException e) {
                                    basicSignerOptions.log("console.certificateNotYetValid", nextElement);
                                    z = false;
                                }
                            } catch (CertificateExpiredException e2) {
                                basicSignerOptions.log("console.certificateExpired", nextElement);
                                z = false;
                            }
                        }
                        if (asBool2 && (keyUsage = x509Certificate.getKeyUsage()) != null && keyUsage.length > 0 && !keyUsage[0] && !keyUsage[1]) {
                            basicSignerOptions.log("console.certificateNotForSignature", nextElement);
                            z = false;
                        }
                        if (asBool3 && (criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs()) != null) {
                            for (String str : criticalExtensionOIDs) {
                                if (!Constants.SUPPORTED_CRITICAL_EXTENSION_OIDS.contains(str)) {
                                    basicSignerOptions.log("console.criticalExtensionNotSupported", nextElement, str);
                                    z = false;
                                }
                            }
                        }
                    }
                    if (z) {
                        arrayList.add(nextElement);
                    }
                }
            }
        } catch (Exception e3) {
            basicSignerOptions.log("console.exception", new String[0]);
            e3.printStackTrace(basicSignerOptions.getPrintWriter());
        }
        return arrayList;
    }

    public static String getKeyAlias(BasicSignerOptions basicSignerOptions) {
        return getKeyAliasInternal(basicSignerOptions, loadKeyStore(basicSignerOptions.getKsType(), basicSignerOptions.getKsFile(), basicSignerOptions.getKsPasswd()));
    }

    private static String getKeyAliasInternal(BasicSignerOptions basicSignerOptions, KeyStore keyStore) {
        if (keyStore == null) {
            throw new NullPointerException(res.get("error.keystoreNull"));
        }
        String str = null;
        if (StringUtils.hasLength(basicSignerOptions.getKeyAliasX())) {
            try {
                if (keyStore.isKeyEntry(basicSignerOptions.getKeyAliasX())) {
                    str = basicSignerOptions.getKeyAliasX();
                    basicSignerOptions.log("console.usedKeyAlias", str);
                    return str;
                }
            } catch (KeyStoreException e) {
            }
        }
        List<String> aliasesList = getAliasesList(keyStore, basicSignerOptions);
        String keyAliasX = basicSignerOptions.getKeyAliasX();
        int keyIndexX = basicSignerOptions.getKeyIndexX();
        if (keyAliasX != null && aliasesList.contains(keyAliasX)) {
            str = keyAliasX;
        } else if (aliasesList.size() > keyIndexX && keyIndexX >= 0) {
            str = aliasesList.get(keyIndexX);
        } else if (aliasesList.size() > 0) {
            str = aliasesList.get(0);
        }
        basicSignerOptions.log("console.usedKeyAlias", str);
        return str;
    }

    public static String[] getCertAliases(KeyStore keyStore) {
        if (keyStore == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    arrayList.add(nextElement);
                }
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String[] getCertAliases(String str, String str2, String str3) {
        return getCertAliases(loadKeyStore(str, str2, str3));
    }

    public static KeyStore loadKeyStore(String str, String str2, String str3) {
        char[] cArr = null;
        if (str3 != null) {
            cArr = str3.toCharArray();
        }
        return loadKeyStore(str, str2, cArr);
    }

    public static KeyStore loadKeyStore(String str, String str2, char[] cArr) {
        if (StringUtils.isEmpty(str) && StringUtils.isEmpty(str2)) {
            return loadCacertsKeyStore(null);
        }
        if (StringUtils.isEmpty(str)) {
            str = KeyStore.getDefaultType();
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(str);
                if (!StringUtils.isEmpty(str2)) {
                    fileInputStream = new FileInputStream(str2);
                }
                keyStore.load(fileInputStream, cArr);
                fixAliases(keyStore);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e) {
                    }
                }
                return keyStore;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e2) {
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            e3.printStackTrace();
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e4) {
                }
            }
            return null;
        }
    }

    public static KeyStore loadCacertsKeyStore(String str) {
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(new File(new File(new File(System.getProperty("java.home"), "lib"), "security"), InstallCert.CACERTS_KEYSTORE));
                KeyStore keyStore = str == null ? KeyStore.getInstance("JKS") : KeyStore.getInstance("JKS", str);
                keyStore.load(fileInputStream, null);
                KeyStore keyStore2 = keyStore;
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e) {
                    }
                }
                return keyStore2;
            } catch (Exception e2) {
                e2.printStackTrace();
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e3) {
                        return null;
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e4) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public static PrivateKeyInfo getPkInfo(BasicSignerOptions basicSignerOptions) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        KeyStore loadKeyStore = loadKeyStore(basicSignerOptions.getKsType(), basicSignerOptions.getKsFile(), basicSignerOptions.getKsPasswd());
        String keyAliasInternal = getKeyAliasInternal(basicSignerOptions, loadKeyStore);
        basicSignerOptions.log("console.getPrivateKey", new String[0]);
        PrivateKey privateKey = (PrivateKey) loadKeyStore.getKey(keyAliasInternal, basicSignerOptions.getKeyPasswdX());
        basicSignerOptions.log("console.getCertChain", new String[0]);
        return new PrivateKeyInfo(privateKey, loadKeyStore.getCertificateChain(keyAliasInternal));
    }

    private static void fixAliases(KeyStore keyStore) {
        HashSet hashSet = new HashSet();
        try {
            Field declaredField = keyStore.getClass().getDeclaredField("keyStoreSpi");
            declaredField.setAccessible(true);
            KeyStoreSpi keyStoreSpi = (KeyStoreSpi) declaredField.get(keyStore);
            if ("sun.security.mscapi.KeyStore$MY".equals(keyStoreSpi.getClass().getName())) {
                Field declaredField2 = keyStoreSpi.getClass().getEnclosingClass().getDeclaredField("entries");
                declaredField2.setAccessible(true);
                for (Object obj : (Collection) declaredField2.get(keyStoreSpi)) {
                    Field declaredField3 = obj.getClass().getDeclaredField("certChain");
                    declaredField3.setAccessible(true);
                    String num = Integer.toString(((X509Certificate[]) declaredField3.get(obj))[0].hashCode());
                    Field declaredField4 = obj.getClass().getDeclaredField("alias");
                    declaredField4.setAccessible(true);
                    String str = (String) declaredField4.get(obj);
                    String str2 = str;
                    int i = 0;
                    while (hashSet.contains(str2)) {
                        i++;
                        str2 = str + "-" + i;
                    }
                    hashSet.add(str2);
                    if (!str.equals(num)) {
                        declaredField4.set(obj, str2);
                    }
                }
            }
        } catch (Exception e) {
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
