package com.mindbright.security.keystore;

import com.mindbright.asn1.ASN1DER;
import com.mindbright.asn1.ASN1OIDRegistry;
import com.mindbright.bdb.DBHash;
import com.mindbright.jca.security.InvalidKeyException;
import com.mindbright.jca.security.Key;
import com.mindbright.jca.security.KeyStoreException;
import com.mindbright.jca.security.KeyStoreSpi;
import com.mindbright.jca.security.MessageDigest;
import com.mindbright.jca.security.NoSuchAlgorithmException;
import com.mindbright.jca.security.PublicKey;
import com.mindbright.jca.security.UnrecoverableKeyException;
import com.mindbright.jca.security.cert.Certificate;
import com.mindbright.jca.security.cert.CertificateException;
import com.mindbright.jca.security.interfaces.DSAPublicKey;
import com.mindbright.jca.security.interfaces.RSAPublicKey;
import com.mindbright.jce.crypto.Cipher;
import com.mindbright.jce.crypto.Mac;
import com.mindbright.jce.crypto.ShortBufferException;
import com.mindbright.jce.crypto.spec.IvParameterSpec;
import com.mindbright.jce.crypto.spec.SecretKeySpec;
import com.mindbright.security.pkcs8.EncryptedPrivateKeyInfo;
import com.mindbright.security.x509.X509Certificate;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;

/* loaded from: input_file:embedded.war:WEB-INF/lib/mindterm.jar:com/mindbright/security/keystore/NetscapeKeyStore.class */
public class NetscapeKeyStore extends KeyStoreSpi {
    public static final int TYPE_VERSION = 0;
    public static final int TYPE_CERTIFICATE = 1;
    public static final int TYPE_NICKNAME = 2;
    public static final int TYPE_SUBJECT = 3;
    public static final int TYPE_REVOCATION = 4;
    public static final int TYPE_KEYREVOCATION = 5;
    public static final int TYPE_SMIMEPROFILE = 6;
    public static final int TYPE_CONTENTVER = 7;
    private static final String[] CERT_FILES = {"cert8.db", "cert7.db", "Certificates8", "Certificates7"};
    private static final String[] KEY_FILES = {"key3.db", "Key Database3"};
    private DBHash certdb;
    private DBHash keydb;
    private Hashtable certificates;

    /* loaded from: input_file:embedded.war:WEB-INF/lib/mindterm.jar:com/mindbright/security/keystore/NetscapeKeyStore$CertEntry.class */
    public class CertEntry extends DBEntry {
        public int sslFlags;
        public int emailFlags;
        public int oSignFlags;
        public byte[] certificate;
        public String nickName;
        private final NetscapeKeyStore this$0;

        public CertEntry(NetscapeKeyStore netscapeKeyStore, byte[] bArr) {
            super(netscapeKeyStore, bArr);
            this.this$0 = netscapeKeyStore;
            this.sslFlags = readShort();
            this.emailFlags = readShort();
            this.oSignFlags = readShort();
            int readShort = readShort();
            int readShort2 = readShort();
            this.certificate = readRaw(readShort);
            this.nickName = new String(readRaw(readShort2 - 1));
        }
    }

    /* loaded from: input_file:embedded.war:WEB-INF/lib/mindterm.jar:com/mindbright/security/keystore/NetscapeKeyStore$DBEntry.class */
    public class DBEntry {
        protected byte[] data;
        private final NetscapeKeyStore this$0;
        protected int rPos = 0;
        public int type = readByte();
        public int version = readByte();
        public int flags = readByte();

        protected DBEntry(NetscapeKeyStore netscapeKeyStore, byte[] bArr) {
            this.this$0 = netscapeKeyStore;
            this.data = bArr;
        }

        public final int readByte() {
            byte[] bArr = this.data;
            int i = this.rPos;
            this.rPos = i + 1;
            return bArr[i] & 255;
        }

        public final int readShort() {
            return (readByte() << 8) + (readByte() << 0);
        }

        public final byte[] readRaw(int i) {
            byte[] bArr = new byte[i];
            readRaw(bArr, 0, i);
            return bArr;
        }

        public final void readRaw(byte[] bArr, int i, int i2) {
            System.arraycopy(this.data, this.rPos, bArr, i, i2);
            this.rPos += i2;
        }
    }

    /* loaded from: input_file:embedded.war:WEB-INF/lib/mindterm.jar:com/mindbright/security/keystore/NetscapeKeyStore$KeyEntry.class */
    public class KeyEntry extends DBEntry {
        public byte[] salt;
        public String nickName;
        public byte[] encryptedKey;
        private final NetscapeKeyStore this$0;

        public KeyEntry(NetscapeKeyStore netscapeKeyStore, byte[] bArr) {
            super(netscapeKeyStore, bArr);
            this.this$0 = netscapeKeyStore;
            this.salt = readRaw(this.version);
            this.nickName = new String(readRaw(this.flags - 1));
            this.rPos++;
            this.encryptedKey = readRaw(bArr.length - this.rPos);
        }
    }

    public NetscapeKeyStore() {
        ASN1OIDRegistry.addModule("com.mindbright.security.pkcs12");
        ASN1OIDRegistry.register("1.2.840.113549.1.12.5.1.3", "com.mindbright.security.pkcs12.PKCS12PbeParams");
        this.certdb = new DBHash();
        this.keydb = new DBHash();
        this.certificates = new Hashtable();
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyEntry keyEntry = getKeyEntry(str);
        if (!passwordCheck(cArr)) {
            throw new UnrecoverableKeyException("Invalid password");
        }
        if (keyEntry == null) {
            return null;
        }
        try {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo();
            new ASN1DER().decode(new ByteArrayInputStream(keyEntry.encryptedKey), encryptedPrivateKeyInfo);
            byte[] raw = encryptedPrivateKeyInfo.encryptedData.getRaw();
            byte[] bArr = new byte[raw.length];
            do3DESCipher(1, cArr, raw, 0, raw.length, bArr, globalSalt(), keyEntry.salt);
            new ByteArrayInputStream(bArr);
            return PKCS12KeyStore.extractPrivateKey(bArr);
        } catch (IOException e) {
            throw new UnrecoverableKeyException(e.getMessage());
        }
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        return null;
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public synchronized Certificate engineGetCertificate(String str) {
        CertEntry certEntry = (CertEntry) this.certificates.get(str);
        if (certEntry != null) {
            return new X509Certificate(certEntry.certificate);
        }
        return null;
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        return null;
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public synchronized Enumeration engineAliases() {
        return this.certificates.keys();
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public synchronized boolean engineContainsAlias(String str) {
        return this.certificates.get(str) != null;
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public synchronized int engineSize() {
        return this.certificates.size();
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return getKeyEntry(str) != null;
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public synchronized boolean engineIsCertificateEntry(String str) {
        return (engineIsKeyEntry(str) || this.certificates.get(str) == null) ? false : true;
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        return null;
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
    }

    @Override // com.mindbright.jca.security.KeyStoreSpi
    public synchronized void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        this.certificates.clear();
        if (!(inputStream instanceof ByteArrayInputStream)) {
            throw new IOException("Parameter 'stream' must be a ByteArrayInputStream");
        }
        byte[] bArr = new byte[inputStream.available()];
        inputStream.read(bArr);
        String str = new String(bArr);
        String str2 = null;
        String str3 = null;
        int i = 0;
        while (true) {
            if (i >= CERT_FILES.length) {
                break;
            }
            if (new File(new StringBuffer().append(str).append(File.separator).append(CERT_FILES[i]).toString()).exists()) {
                str2 = CERT_FILES[i];
                break;
            }
            i++;
        }
        if (str2 == null) {
            throw new IOException("No certificate database found");
        }
        int i2 = 0;
        while (true) {
            if (i2 >= KEY_FILES.length) {
                break;
            }
            if (new File(new StringBuffer().append(str).append(File.separator).append(KEY_FILES[i2]).toString()).exists()) {
                str3 = KEY_FILES[i2];
                break;
            }
            i2++;
        }
        if (str3 == null) {
            throw new IOException("No key database found");
        }
        this.certdb.loadAll(new StringBuffer().append(str).append(File.separator).append(str2).toString());
        this.keydb.loadAll(new StringBuffer().append(str).append(File.separator).append(str3).toString());
        Enumeration keys = this.certdb.keys();
        while (keys.hasMoreElements()) {
            DBHash.DBT dbt = (DBHash.DBT) keys.nextElement();
            if (dbt.key[0] == 1) {
                CertEntry certEntry = new CertEntry(this, dbt.data);
                this.certificates.put(certEntry.nickName, certEntry);
            }
        }
        if (!passwordCheck(cArr)) {
            throw new IOException("Invalid password");
        }
    }

    private KeyEntry getKeyEntry(String str) {
        Certificate engineGetCertificate = engineGetCertificate(str);
        KeyEntry keyEntry = null;
        if (engineGetCertificate != null) {
            PublicKey publicKey = engineGetCertificate.getPublicKey();
            byte[] bArr = null;
            if (publicKey instanceof RSAPublicKey) {
                bArr = ((RSAPublicKey) publicKey).getModulus().toByteArray();
            } else if (publicKey instanceof DSAPublicKey) {
                bArr = ((DSAPublicKey) publicKey).getY().toByteArray();
            }
            byte[] bArr2 = this.keydb.get(bArr);
            if (bArr2 == null && bArr != null && bArr[0] == 0) {
                byte[] bArr3 = new byte[bArr.length - 1];
                System.arraycopy(bArr, 1, bArr3, 0, bArr3.length);
                bArr2 = this.keydb.get(bArr3);
            }
            if (bArr2 != null) {
                keyEntry = new KeyEntry(this, bArr2);
            }
        }
        return keyEntry;
    }

    private static byte[] deriveKey(char[] cArr, byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException, ShortBufferException {
        Mac mac = Mac.getInstance("HmacSHA1");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        byte[] bArr3 = new byte[40];
        byte[] bArr4 = new byte[cArr.length];
        for (int i = 0; i < bArr4.length; i++) {
            bArr4[i] = (byte) cArr[i];
        }
        messageDigest.update(bArr);
        messageDigest.update(bArr4);
        byte[] digest = messageDigest.digest();
        byte[] bArr5 = new byte[20];
        System.arraycopy(bArr2, 0, bArr5, 0, bArr2.length);
        messageDigest.update(digest);
        messageDigest.update(bArr2);
        mac.init(new SecretKeySpec(messageDigest.digest(), mac.getAlgorithm()));
        mac.update(bArr5);
        mac.update(bArr2);
        mac.doFinal(bArr3, 0);
        mac.update(bArr5);
        mac.update(mac.doFinal());
        mac.update(bArr2);
        mac.doFinal(bArr3, 20);
        return bArr3;
    }

    private static void do3DESCipher(int i, char[] cArr, byte[] bArr, int i2, int i3, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws NoSuchAlgorithmException {
        try {
            Cipher cipher = Cipher.getInstance("3DES/CBC/PKCS5Padding");
            byte[] deriveKey = deriveKey(cArr, bArr3, bArr4);
            byte[] bArr5 = new byte[24];
            byte[] bArr6 = new byte[8];
            System.arraycopy(deriveKey, 0, bArr5, 0, 24);
            System.arraycopy(deriveKey, 32, bArr6, 0, 8);
            cipher.init(i, new SecretKeySpec(bArr5, cipher.getAlgorithm()), new IvParameterSpec(bArr6));
            cipher.doFinal(bArr, i2, i3, bArr2, 0);
        } catch (Exception e) {
            throw new Error(new StringBuffer().append("Error in NetscapeKeyStore.do3DESCipher: ").append(e).toString());
        }
    }

    private byte[] globalSalt() {
        return this.keydb.get("global-salt");
    }

    private boolean passwordCheck(char[] cArr) throws NoSuchAlgorithmException {
        byte[] bArr;
        KeyEntry keyEntry;
        if (cArr == null || (bArr = this.keydb.get("password-check")) == null || (keyEntry = new KeyEntry(this, bArr)) == null) {
            return true;
        }
        int length = keyEntry.encryptedKey.length - 16;
        byte[] bArr2 = new byte[16];
        do3DESCipher(1, cArr, keyEntry.encryptedKey, length, 16, bArr2, globalSalt(), keyEntry.salt);
        return "password-check".equals(new String(bArr2, 0, 14));
    }
}
