package nbcb.cfca.sadk.asn1.pkcs;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.PKCS8EncodedKeySpec;
import nbcb.cfca.sadk.algorithm.common.CBCParam;
import nbcb.cfca.sadk.algorithm.common.Mechanism;
import nbcb.cfca.sadk.algorithm.common.MechanismKit;
import nbcb.cfca.sadk.algorithm.common.PKCSObjectIdentifiers;
import nbcb.cfca.sadk.algorithm.common.PKIException;
import nbcb.cfca.sadk.algorithm.sm2.SM2PrivateKey;
import nbcb.cfca.sadk.algorithm.util.SymmetricHelper;
import nbcb.cfca.sadk.asn1.parser.ASN1Parser;
import nbcb.cfca.sadk.extend.session.ECCCurveId;
import nbcb.cfca.sadk.jcajce.provider.SADKProvider;
import nbcb.cfca.sadk.lib.crypto.Session;
import nbcb.cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1Encodable;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1Sequence;
import nbcb.cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import nbcb.cfca.sadk.org.bouncycastle.asn1.DEROutputStream;
import nbcb.cfca.sadk.org.bouncycastle.asn1.DERSequence;
import nbcb.cfca.sadk.org.bouncycastle.asn1.DERSet;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.Attribute;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.CertBag;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.ContentInfo;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.EncryptedData;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.MacData;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.PBEParameter;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.Pfx;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.SafeBag;
import nbcb.cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import nbcb.cfca.sadk.org.bouncycastle.asn1.x509.DigestInfo;
import nbcb.cfca.sadk.org.bouncycastle.crypto.CipherParameters;
import nbcb.cfca.sadk.org.bouncycastle.crypto.DataLengthException;
import nbcb.cfca.sadk.org.bouncycastle.crypto.Digest;
import nbcb.cfca.sadk.org.bouncycastle.crypto.InvalidCipherTextException;
import nbcb.cfca.sadk.org.bouncycastle.crypto.digests.MD2Digest;
import nbcb.cfca.sadk.org.bouncycastle.crypto.digests.MD5Digest;
import nbcb.cfca.sadk.org.bouncycastle.crypto.digests.SHA1Digest;
import nbcb.cfca.sadk.org.bouncycastle.crypto.engines.RC2Engine;
import nbcb.cfca.sadk.org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
import nbcb.cfca.sadk.org.bouncycastle.crypto.macs.HMac;
import nbcb.cfca.sadk.org.bouncycastle.crypto.modes.CBCBlockCipher;
import nbcb.cfca.sadk.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import nbcb.cfca.sadk.org.bouncycastle.crypto.params.KeyParameter;
import nbcb.cfca.sadk.org.bouncycastle.crypto.params.ParametersWithIV;
import nbcb.cfca.sadk.org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey;
import nbcb.cfca.sadk.org.bouncycastle.util.Arrays;
import nbcb.cfca.sadk.org.bouncycastle.util.Strings;
import nbcb.cfca.sadk.signature.rsa.SafeContents;
import nbcb.cfca.sadk.system.FileHelper;
import nbcb.cfca.sadk.system.logging.LoggerManager;
import nbcb.cfca.sadk.x509.certificate.X509Cert;

/* loaded from: input_file:sdklib/nbcb-SADK-3.7.1.0.jar:nbcb/cfca/sadk/asn1/pkcs/PKCS12.class */
public class PKCS12 {
    private Pfx pfx;
    private PrivateKey privateKey;
    private X509Cert[] certs;
    private static final int ITERATIONS = 2000;

    public PKCS12() {
        this.privateKey = null;
        this.certs = null;
        this.pfx = null;
    }

    public PKCS12(byte[] bArr) throws PKIException {
        this.privateKey = null;
        this.certs = null;
        if (bArr == null) {
            throw new PKIException("PFXFile pfxFileData should not be null");
        }
        load(bArr);
    }

    public void load(Pfx pfx) {
        this.pfx = pfx;
    }

    public void load(String str) throws PKIException {
        if (str == null) {
            throw new PKIException("PFXFile fileName should not be null");
        }
        File file = new File(str);
        if (!file.exists()) {
            throw new PKIException("PFXFile fileName not found: " + file.getAbsolutePath());
        }
        try {
            load(FileHelper.read(str));
        } catch (IOException e) {
            throw new PKIException("PFXFile reading failure", e);
        }
    }

    public void load(InputStream inputStream) throws PKIException {
        if (inputStream == null) {
            throw new PKIException("Argument not allowed null for InputStream");
        }
        try {
            try {
                byte[] bArr = new byte[inputStream.available()];
                inputStream.read(bArr);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        e.printStackTrace();
                    }
                }
                load(bArr);
            } catch (IOException e2) {
                throw new PKIException("PFXFile reading failure", e2);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e3) {
                    e3.printStackTrace();
                }
            }
            throw th;
        }
    }

    public void load(byte[] bArr) throws PKIException {
        if (bArr == null) {
            throw new PKIException("PFXFile encoding should not be null");
        }
        try {
            try {
                this.pfx = Pfx.getInstance(ASN1Parser.getDERSequenceFrom(bArr));
            } catch (Exception e) {
                throw new PKIException("PFXFile object decoding failure", e);
            }
        } catch (Exception e2) {
            throw new PKIException("PFXFile encoding decoding failure", e2);
        }
    }

    public X509Cert[] getCerts() throws PKIException {
        if (this.certs == null) {
            throw new PKIException("PFXFile hasn't been decrypted yet.");
        }
        return this.certs;
    }

    public PrivateKey getPrivateKey() throws PKIException {
        if (this.privateKey == null) {
            throw new PKIException("PFXFile hasn't been decrypted yet.");
        }
        return this.privateKey;
    }

    public PrivateKey decrypt(char[] cArr) throws PKIException {
        if (this.pfx == null) {
            throw new IllegalStateException("PFXFile must loading first!");
        }
        if (cArr == null) {
            throw new PKIException("PFXFile password should not be null");
        }
        try {
            byte[] PKCS12PasswordToBytes = PKCS12ParametersGenerator.PKCS12PasswordToBytes(cArr);
            if (!DecryptAndVerifyMac(PKCS12PasswordToBytes)) {
                throw new PKIException("PFXFile password invalid");
            }
            try {
                ContentInfo[] contentInfo = AuthenticatedSafe.getInstance(ASN1OctetString.getInstance(this.pfx.getAuthSafe().getContent()).getOctets()).getContentInfo();
                if (contentInfo == null || contentInfo.length == 0) {
                    throw new PKIException("PFXFile ContentInfo missing");
                }
                PrivateKey privateKey = null;
                X509Cert x509Cert = null;
                X509Cert[] x509CertArr = null;
                for (int i = 0; i < contentInfo.length; i++) {
                    ContentInfo contentInfo2 = contentInfo[i];
                    ASN1ObjectIdentifier contentType = contentInfo[i].getContentType();
                    if (contentType.equals(PKCSObjectIdentifiers.data)) {
                        SafeBag[] safeBag = SafeContents.getInstance(ASN1Sequence.getInstance(ASN1OctetString.getInstance(contentInfo2.getContent()).getOctets())).getSafeBag();
                        if (safeBag == null || safeBag.length == 0) {
                            throw new PKIException("PFXFile safeBag missing");
                        }
                        SafeBag safeBag2 = safeBag[0];
                        ASN1ObjectIdentifier bagId = safeBag2.getBagId();
                        if (bagId.equals(PKCSObjectIdentifiers.keyBag)) {
                            privateKey = decodeKeyBag(safeBag2, PKCS12PasswordToBytes, false);
                        } else if (bagId.equals(PKCSObjectIdentifiers.certBag)) {
                            x509Cert = decodeCertBag(safeBag2.getBagValue());
                        } else {
                            if (!bagId.equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag)) {
                                throw new PKIException("PFXFile handle keyBag error. bagId = " + safeBag2.getBagId().getId());
                            }
                            privateKey = decodeKeyBag(safeBag2, PKCS12PasswordToBytes, true);
                        }
                    } else if (contentType.equals(PKCSObjectIdentifiers.encryptedData)) {
                        EncryptedData encryptedData = EncryptedData.getInstance(contentInfo2.getContent());
                        AlgorithmIdentifier encryptionAlgorithm = encryptedData.getEncryptionAlgorithm();
                        PKCS12PBEParams pKCS12PBEParams = PKCS12PBEParams.getInstance(encryptionAlgorithm.getParameters());
                        PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
                        pKCS12ParametersGenerator.init(PKCS12PasswordToBytes, pKCS12PBEParams.getIV(), pKCS12PBEParams.getIterations().intValue());
                        SafeBag[] safeBag3 = SafeContents.getInstance(ASN1Sequence.getInstance(PBEDecryptContent(encryptionAlgorithm.getAlgorithm().getId(), pKCS12ParametersGenerator, encryptedData.getContent().getOctets()))).getSafeBag();
                        x509CertArr = new X509Cert[safeBag3.length];
                        int i2 = 0;
                        for (SafeBag safeBag4 : safeBag3) {
                            if (safeBag4.getBagId().equals(PKCSObjectIdentifiers.certBag)) {
                                int i3 = i2;
                                i2++;
                                x509CertArr[i3] = decodeCertBag(safeBag4.getBagValue());
                            }
                        }
                        if (x509CertArr.length == i2) {
                            LoggerManager.systemLogger.warn("PKCS#12 certs ==0 ");
                        } else {
                            X509Cert[] x509CertArr2 = new X509Cert[i2];
                            System.arraycopy(x509CertArr, 0, x509CertArr2, 0, x509CertArr2.length);
                            x509CertArr = x509CertArr2;
                        }
                    }
                }
                if (x509CertArr == null || x509CertArr.length == 0) {
                    this.certs = new X509Cert[]{x509Cert};
                } else {
                    this.certs = x509CertArr;
                }
                this.privateKey = privateKey;
                for (int i4 = 0; i4 < PKCS12PasswordToBytes.length; i4++) {
                    PKCS12PasswordToBytes[0] = 0;
                }
                return privateKey;
            } catch (Exception e) {
                throw new PKIException("PFXFile ContentInfo invalid", e);
            }
        } catch (Exception e2) {
            throw new PKIException("PFXFile password invalid");
        }
    }

    private byte[] PBEDecryptContent(String str, PKCS12ParametersGenerator pKCS12ParametersGenerator, byte[] bArr) throws PKIException {
        byte[] RC2Encrypt;
        try {
            if (str.equals(PKCSObjectIdentifiers.pbeWithSHAAnd3DESCBC.getId())) {
                ParametersWithIV parametersWithIV = (ParametersWithIV) pKCS12ParametersGenerator.generateDerivedParameters(192, 64);
                RC2Encrypt = SymmetricHelper.dataDecrypt(false, new Mechanism(MechanismKit.DES3_CBC, new CBCParam(parametersWithIV.getIV())), ((KeyParameter) parametersWithIV.getParameters()).getKey(), bArr);
            } else if (str.equals(PKCSObjectIdentifiers.pbeWithSHAAnd2DESCBC.getId())) {
                ParametersWithIV parametersWithIV2 = (ParametersWithIV) pKCS12ParametersGenerator.generateDerivedParameters(128, 64);
                RC2Encrypt = SymmetricHelper.dataDecrypt(false, new Mechanism(MechanismKit.DES3_CBC, new CBCParam(parametersWithIV2.getIV())), ((KeyParameter) parametersWithIV2.getParameters()).getKey(), bArr);
            } else if (str.equals(PKCSObjectIdentifiers.pbeWithSHAAnd128RC2CBC.getId())) {
                RC2Encrypt = RC2Encrypt(false, pKCS12ParametersGenerator.generateDerivedParameters(128, 64), bArr);
            } else {
                if (!str.equals(PKCSObjectIdentifiers.pbeWithSHAAnd40RC2CBC.getId())) {
                    throw new PKIException("PFXFile keyBag pkcs12pbe failure with invalid algorithm: " + str);
                }
                RC2Encrypt = RC2Encrypt(false, pKCS12ParametersGenerator.generateDerivedParameters(40, 64), bArr);
            }
            return RC2Encrypt;
        } catch (Exception e) {
            throw new PKIException("PFXFile keyBag pkcs12pbe failure with invalid password", e);
        }
    }

    private X509Cert decodeCertBag(ASN1Encodable aSN1Encodable) throws PKIException {
        X509Cert x509Cert = null;
        try {
            CertBag certBag = CertBag.getInstance(aSN1Encodable);
            ASN1ObjectIdentifier certId = certBag.getCertId();
            if (certId.equals(PKCSObjectIdentifiers.x509certType)) {
                x509Cert = new X509Cert(ASN1OctetString.getInstance(certBag.getCertValue()).getOctets());
            } else {
                if (!certId.equals(PKCSObjectIdentifiers.sdsiCertType)) {
                    throw new PKIException("PFXFile certBag with invalid certBagType=" + certId.getId());
                }
                LoggerManager.systemLogger.warn("PKCS#12 certId ==" + PKCSObjectIdentifiers.sdsiCertType);
            }
            return x509Cert;
        } catch (Exception e) {
            throw new PKIException("PFXFile certBag invalid ", e);
        }
    }

    private PrivateKey decodeKeyBag(SafeBag safeBag, byte[] bArr, boolean z) throws PKIException {
        byte[] PBEDecryptContent;
        if (z) {
            try {
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = EncryptedPrivateKeyInfo.getInstance(safeBag.getBagValue());
                PBEParameter pBEParameter = PBEParameter.getInstance(encryptedPrivateKeyInfo.getEncryptionAlgorithm().getParameters());
                PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
                pKCS12ParametersGenerator.init(bArr, pBEParameter.getSalt(), pBEParameter.getIterationCount().intValue());
                PBEDecryptContent = PBEDecryptContent(encryptedPrivateKeyInfo.getEncryptionAlgorithm().getAlgorithm().getId(), pKCS12ParametersGenerator, encryptedPrivateKeyInfo.getEncryptedData());
            } catch (Exception e) {
                throw new PKIException("PFXFile keyBag decrypt failure", e);
            }
        } else {
            try {
                PBEDecryptContent = safeBag.getBagValue().toASN1Primitive().getEncoded();
            } catch (IOException e2) {
                throw new PKIException("PFXFile keyBag encoding invalid", e2);
            }
        }
        PrivateKey privateKey = null;
        if (PBEDecryptContent != null) {
            try {
                PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(PBEDecryptContent);
                PrivateKeyInfo privateKeyInfo = PrivateKeyInfo.getInstance(pKCS8EncodedKeySpec.getEncoded());
                ASN1ObjectIdentifier algorithm = privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm();
                if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm)) {
                    privateKey = new BCRSAPrivateCrtKey(privateKeyInfo);
                } else {
                    if (!PKCSObjectIdentifiers.ecEncryption.equals(algorithm)) {
                        throw new PKIException("PFXFile keyBag PrivateKey invalid encoding");
                    }
                    privateKey = decodePrivateKey(privateKeyInfo, pKCS8EncodedKeySpec);
                }
            } catch (PKIException e3) {
                throw e3;
            } catch (Exception e4) {
                throw new PKIException("PFXFile keyBag PrivateKey build failure", e4);
            }
        }
        return privateKey;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v30, types: [java.security.PrivateKey] */
    private PrivateKey decodePrivateKey(PrivateKeyInfo privateKeyInfo, PKCS8EncodedKeySpec pKCS8EncodedKeySpec) throws PKIException {
        SM2PrivateKey sM2PrivateKey;
        ASN1Encodable parameters = privateKeyInfo.getPrivateKeyAlgorithm().getParameters();
        if (parameters == null) {
            throw new PKIException("PFXFile keyBag PrivateKey missing algorithm parameters");
        }
        if (!(parameters instanceof ASN1ObjectIdentifier)) {
            throw new PKIException("PFXFile keyBag PrivateKey invalid algorithm parameters");
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(parameters);
        if (aSN1ObjectIdentifier.getId().startsWith("1.2.156.10197") || aSN1ObjectIdentifier.getId().startsWith("1.2.156.197")) {
            try {
                sM2PrivateKey = SM2PrivateKey.getInstance(pKCS8EncodedKeySpec.getEncoded());
            } catch (Exception e) {
                throw new PKIException("PFXFile keyBag SM2PrivateKey decode failed ", e);
            }
        } else {
            ECCCurveId findECCCurveId = ECCCurveId.findECCCurveId(aSN1ObjectIdentifier.getId());
            if (findECCCurveId == null || !ECCCurveId.isCardSupport(findECCCurveId)) {
                throw new PKIException("PFXFile keyBag ECCPrivateKey not support ecc=" + aSN1ObjectIdentifier);
            }
            try {
                sM2PrivateKey = KeyFactory.getInstance("ECDSA", SADKProvider.INSTANCE()).generatePrivate(pKCS8EncodedKeySpec);
            } catch (Exception e2) {
                throw new PKIException("PFXFile keyBag ECCPrivateKey decode failed ", e2);
            }
        }
        return sM2PrivateKey;
    }

    private boolean DecryptAndVerifyMac(byte[] bArr) throws PKIException {
        PKCS12ParametersGenerator pKCS12ParametersGenerator;
        int i;
        Digest mD5Digest;
        try {
            MacData macData = this.pfx.getMacData();
            DigestInfo mac = macData.getMac();
            ASN1ObjectIdentifier algorithm = mac.getAlgorithmId().getAlgorithm();
            if (algorithm.equals(PKCSObjectIdentifiers.sha1)) {
                pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
                i = 160;
                mD5Digest = new SHA1Digest();
            } else if (algorithm.equals(PKCSObjectIdentifiers.md2)) {
                pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new MD2Digest());
                i = 128;
                mD5Digest = new MD2Digest();
            } else {
                if (!algorithm.equals(PKCSObjectIdentifiers.md5)) {
                    throw new PKIException("not support digest algorithmIdentifier:" + algorithm);
                }
                pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new MD5Digest());
                i = 128;
                mD5Digest = new MD5Digest();
            }
            pKCS12ParametersGenerator.init(bArr, macData.getSalt(), macData.getIterationCount().intValue());
            KeyParameter keyParameter = (KeyParameter) pKCS12ParametersGenerator.generateDerivedMacParameters(i);
            byte[] octets = ASN1OctetString.getInstance(this.pfx.getAuthSafe().getContent()).getOctets();
            HMac hMac = new HMac(mD5Digest);
            hMac.init(keyParameter);
            hMac.update(octets, 0, octets.length);
            byte[] bArr2 = new byte[hMac.getMacSize()];
            hMac.doFinal(bArr2, 0);
            return Arrays.areEqual(bArr2, mac.getDigest());
        } catch (Exception e) {
            throw new PKIException("PFXFile MacData checked failure", e);
        }
    }

    private static byte[] RC2Encrypt(boolean z, CipherParameters cipherParameters, byte[] bArr) throws PKIException {
        try {
            PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new RC2Engine()));
            paddedBufferedBlockCipher.init(z, cipherParameters);
            byte[] bArr2 = new byte[paddedBufferedBlockCipher.getOutputSize(bArr.length)];
            int processBytes = paddedBufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr2, 0);
            int i = -1;
            if (processBytes < bArr2.length) {
                i = paddedBufferedBlockCipher.doFinal(bArr2, processBytes);
            }
            if (z) {
                return bArr2;
            }
            byte[] bArr3 = new byte[(bArr2.length - paddedBufferedBlockCipher.getBlockSize()) + i];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr3.length);
            return bArr3;
        } catch (IllegalArgumentException e) {
            throw new PKIException("PFXFile Operations failure with IllegalArgumentException", e);
        } catch (IllegalStateException e2) {
            throw new PKIException("PFXFile Operations failure with IllegalStateException", e2);
        } catch (DataLengthException e3) {
            throw new PKIException("PFXFile Operations failure with DataLengthException", e3);
        } catch (InvalidCipherTextException e4) {
            throw new PKIException("PFXFile Operations failure with InvalidCipherTextException", e4);
        } catch (Exception e5) {
            throw new PKIException("PFXFile Operations failure with Exception", e5);
        }
    }

    private static EncryptedPrivateKeyInfo GenerateEncryptedPrivateKeyInfo(PrivateKey privateKey, byte[] bArr) throws PKIException {
        try {
            byte[] encoded = privateKey.getEncoded();
            byte[] bArr2 = new byte[8];
            new SecureRandom().nextBytes(bArr2);
            PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
            pKCS12ParametersGenerator.init(bArr, bArr2, 2000);
            ParametersWithIV parametersWithIV = (ParametersWithIV) pKCS12ParametersGenerator.generateDerivedParameters(192, 64);
            DEROctetString dEROctetString = new DEROctetString(SymmetricHelper.dataEncrypt(false, new Mechanism(MechanismKit.DES3_CBC, new CBCParam(parametersWithIV.getIV())), ((KeyParameter) parametersWithIV.getParameters()).getKey(), encoded));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new DEROctetString(bArr2));
            aSN1EncodableVector.add(new ASN1Integer(2000L));
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.pbeWithSHAAnd3DESCBC, new DERSequence(aSN1EncodableVector));
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            aSN1EncodableVector2.add(algorithmIdentifier);
            aSN1EncodableVector2.add(dEROctetString);
            return EncryptedPrivateKeyInfo.getInstance(new DERSequence(aSN1EncodableVector2));
        } catch (Exception e) {
            throw new PKIException("PFXFile Encrypted PrivateKeyInfo failure", e);
        }
    }

    private static EncryptedData GenerateSaftContents(ASN1Encodable aSN1Encodable, byte[] bArr) throws PKIException {
        try {
            byte[] bArr2 = new byte[8];
            new SecureRandom().nextBytes(bArr2);
            PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
            pKCS12ParametersGenerator.init(bArr, bArr2, 2000);
            DEROctetString dEROctetString = new DEROctetString(RC2Encrypt(true, pKCS12ParametersGenerator.generateDerivedParameters(40, 64), ASN1Parser.parseDERObj2Bytes(aSN1Encodable)));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new DEROctetString(bArr2));
            aSN1EncodableVector.add(new ASN1Integer(2000L));
            return new EncryptedData(PKCSObjectIdentifiers.data, new AlgorithmIdentifier(PKCSObjectIdentifiers.pbeWithSHAAnd40RC2CBC, new DERSequence(aSN1EncodableVector)), dEROctetString);
        } catch (Exception e) {
            throw new PKIException("PFXFile EncryptedSaftContents failure", e);
        }
    }

    private static MacData GenerateMacData(ContentInfo contentInfo, byte[] bArr) throws PKIException {
        try {
            byte[] bArr2 = new byte[8];
            new SecureRandom().nextBytes(bArr2);
            PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
            pKCS12ParametersGenerator.init(bArr, bArr2, 2000);
            CipherParameters generateDerivedMacParameters = pKCS12ParametersGenerator.generateDerivedMacParameters(160);
            byte[] octets = ASN1OctetString.getInstance(contentInfo.getContent()).getOctets();
            HMac hMac = new HMac(new SHA1Digest());
            hMac.init(generateDerivedMacParameters);
            hMac.update(octets, 0, octets.length);
            byte[] bArr3 = new byte[hMac.getMacSize()];
            hMac.doFinal(bArr3, 0);
            return new MacData(new DigestInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1), bArr3), bArr2, 2000);
        } catch (Exception e) {
            throw new PKIException("PFXFile MacData Generated failure", e);
        }
    }

    public static String generatePfxFile(X509Cert x509Cert, PrivateKey privateKey, String str, String str2) throws PKIException {
        if (str2 == null) {
            throw new PKIException("PFXFile fileName should not be null");
        }
        try {
            FileHelper.write(str2, generatePfxData(x509Cert, privateKey, str));
            return str2;
        } catch (Exception e) {
            throw new PKIException("PFXFile write failure", e);
        }
    }

    public static byte[] generatePfxData(X509Cert x509Cert, PrivateKey privateKey, String str) throws PKIException {
        Pfx generatePfx = generatePfx(x509Cert, privateKey, str);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
            dEROutputStream.writeObject(generatePfx);
            dEROutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new PKIException("PFXData generating failure", e);
        }
    }

    public static Pfx generatePfx(X509Cert x509Cert, PrivateKey privateKey, String str) throws PKIException {
        if (str == null || str.length() == 0) {
            throw new PKIException("PFXFile password should not be null");
        }
        checkCertWithPrivateKey(x509Cert, privateKey);
        try {
            byte[] PKCS12PasswordToBytes = PKCS12ParametersGenerator.PKCS12PasswordToBytes(str.toCharArray());
            EncryptedPrivateKeyInfo GenerateEncryptedPrivateKeyInfo = GenerateEncryptedPrivateKeyInfo(privateKey, PKCS12PasswordToBytes);
            try {
                DEROctetString dEROctetString = new DEROctetString(ASN1Parser.parseDERObj2Bytes(new ASN1Integer(x509Cert.getSerialNumber())));
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                aSN1EncodableVector.add(dEROctetString);
                Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new DERSet(aSN1EncodableVector));
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(attribute);
                DERSet dERSet = new DERSet(aSN1EncodableVector2);
                ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(ASN1Parser.parseDERObj2Bytes(new AuthenticatedSafe(new ContentInfo[]{new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(ASN1Parser.parseDERObj2Bytes(new SafeContents(new SafeBag[]{new SafeBag(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, ASN1Parser.parseBytes2DERObj(GenerateEncryptedPrivateKeyInfo.getEncoded()), dERSet)})))), new ContentInfo(PKCSObjectIdentifiers.encryptedData, GenerateSaftContents(new SafeContents(new SafeBag[]{new SafeBag(PKCSObjectIdentifiers.certBag, new CertBag(PKCSObjectIdentifiers.x509certType, new DEROctetString(x509Cert.getEncoding())), dERSet)}), PKCS12PasswordToBytes))}))));
                return new Pfx(contentInfo, GenerateMacData(contentInfo, PKCS12PasswordToBytes));
            } catch (IOException e) {
                throw new PKIException("PFXFile generating failure", e);
            }
        } catch (Exception e2) {
            throw new PKIException("PFXFile password encoding invalid", e2);
        }
    }

    private static Mechanism buildSignAlg(X509Cert x509Cert) throws PKIException {
        Mechanism mechanism;
        if (x509Cert == null) {
            throw new PKIException("PFXFile x509Cert should not be null");
        }
        if (x509Cert.isSM2Cert()) {
            mechanism = new Mechanism(MechanismKit.SM3_SM2);
        } else if (x509Cert.isRSACert()) {
            mechanism = new Mechanism(MechanismKit.SHA256_RSA);
        } else {
            if (!x509Cert.isECCCert()) {
                throw new PKIException("PFXFile x509Cert do not support");
            }
            mechanism = new Mechanism(MechanismKit.SHA256_ECDSA);
        }
        return mechanism;
    }

    private static boolean checkCertWithPrivateKey(X509Cert x509Cert, PrivateKey privateKey) throws PKIException {
        if (privateKey == null) {
            throw new PKIException("PFXFile privateKey should not be null");
        }
        Mechanism buildSignAlg = buildSignAlg(x509Cert);
        Session INSTANCE = BCSoftLib.INSTANCE();
        byte[] byteArray = Strings.toByteArray("TESTING");
        try {
            boolean verify = INSTANCE.verify(buildSignAlg, x509Cert.getPublicKey(), byteArray, INSTANCE.sign(buildSignAlg, privateKey, byteArray));
            if (verify) {
                return verify;
            }
            throw new PKIException("PFXFile x509Cert/privateKey not match");
        } catch (Exception e) {
            throw new PKIException("PFXFile x509Cert/privateKey try signing failure", e);
        }
    }
}
