package com.rsa.sslj.x;

import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.OctetStringContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.crypto.AlgorithmStrings;
import com.rsa.jsafe.FIPS140Context;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_InvalidKeyException;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_SecretKey;
import com.rsa.jsafe.JSAFE_SymmetricCipher;
import com.rsa.jsafe.JSAFE_UnimplementedException;
import com.rsa.jsafe.provider.JsafeJCE;
import com.rsa.jsafe.provider.PKCS11KeySpec;
import com.rsa.ssl.SSLException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;

/* loaded from: classes.dex */
public final class cw {

    /* renamed from: a, reason: collision with root package name */
    public static final char[] f4449a = {'A', 'L', 'L'};

    /* renamed from: b, reason: collision with root package name */
    public KeyStore f4450b = a();

    /* renamed from: c, reason: collision with root package name */
    private cx f4451c;

    /* renamed from: d, reason: collision with root package name */
    private cC f4452d;
    private JsafeJCE e;
    private CertificateFactory f;
    private FIPS140Context g;

    /* JADX INFO: Access modifiers changed from: package-private */
    public cw(cC cCVar, JsafeJCE jsafeJCE, FIPS140Context fIPS140Context, cB cBVar) {
        this.f4452d = cCVar;
        this.f4451c = new cx(jsafeJCE, cBVar, cCVar.n);
        this.e = jsafeJCE;
        this.g = fIPS140Context;
        try {
            this.f = CertificateFactory.getInstance("X.509", this.e);
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private JSAFE_PrivateKey a(byte[] bArr, char[] cArr) {
        JSAFE_SymmetricCipher jSAFE_SymmetricCipher = null;
        try {
            jSAFE_SymmetricCipher = this.g != null ? JSAFE_SymmetricCipher.getInstance(bArr, 0, "Java", this.g) : JSAFE_SymmetricCipher.getInstance(bArr, 0, "Java");
            JSAFE_SecretKey blankKey = jSAFE_SymmetricCipher.getBlankKey();
            blankKey.setPassword(cArr, 0, cArr.length);
            jSAFE_SymmetricCipher.decryptInit(blankKey);
            JSAFE_PrivateKey unwrapPrivateKey = jSAFE_SymmetricCipher.unwrapPrivateKey(bArr, 0, bArr.length, true);
            jSAFE_SymmetricCipher.clearSensitiveData();
            return unwrapPrivateKey;
        } catch (Throwable th) {
            if (jSAFE_SymmetricCipher != null) {
                jSAFE_SymmetricCipher.clearSensitiveData();
            }
            throw th;
        }
    }

    private String a(String str) {
        return str.equals(AlgorithmStrings.DSA) ? "DSAPrivateKeyX957BER" : b.a.a.a.a.a(str, "PrivateKeyBER");
    }

    private void a(PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
        this.f4450b.setKeyEntry(cI.a(x509CertificateArr[0]), privateKey, f4449a, x509CertificateArr);
        this.f4452d.b();
    }

    private int[] a(byte[] bArr, int i) {
        SequenceContainer sequenceContainer = new SequenceContainer(0);
        EndContainer endContainer = new EndContainer();
        EncodedContainer encodedContainer = new EncodedContainer(ASN1.SEQUENCE);
        OctetStringContainer octetStringContainer = new OctetStringContainer(0);
        try {
            ASN1.berDecode(bArr, i, new ASN1Container[]{sequenceContainer, encodedContainer, octetStringContainer, endContainer});
            return new int[]{octetStringContainer.dataOffset, octetStringContainer.dataLen};
        } catch (ASN_Exception e) {
            throw new JSAFE_InvalidKeyException(b.a.a.a.a.a(e, b.a.a.a.a.b("Cannot build the PKCS #8 encrypted key. ("), ")"));
        }
    }

    KeyStore a() {
        try {
            KeyStore keyStore = this.e.getVersion() >= 4.01d ? KeyStore.getInstance("PKCS12", this.e) : KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            return keyStore;
        } catch (Exception unused) {
            throw new AssertionError("Failure to create in-memory keystore");
        }
    }

    public void a(com.rsa.certj.cert.X509Certificate[] x509CertificateArr, JSAFE_PrivateKey jSAFE_PrivateKey) {
        byte[][] a2 = cJ.a(x509CertificateArr);
        if (jSAFE_PrivateKey.getDevice().equals("PKCS11")) {
            a(a2, jSAFE_PrivateKey, (char[]) null);
            return;
        }
        try {
            a(a2, jSAFE_PrivateKey.getKeyData(a(jSAFE_PrivateKey.getAlgorithm()))[0], (char[]) null);
        } catch (JSAFE_UnimplementedException e) {
            throw new SSLException(e);
        }
    }

    public void a(com.rsa.certj.cert.X509Certificate[] x509CertificateArr, byte[] bArr, char[] cArr) {
        a(cJ.a(x509CertificateArr), bArr, cArr);
    }

    public void a(byte[][] bArr, JSAFE_PrivateKey jSAFE_PrivateKey, char[] cArr) {
        try {
            X509Certificate[] a2 = cJ.a(bArr, this.f);
            String algorithm = a2[0].getPublicKey().getAlgorithm();
            com.rsa.jsse.engine.util.k.a(algorithm);
            KeyFactory keyFactory = KeyFactory.getInstance(algorithm, this.e);
            String str = jSAFE_PrivateKey.getSupportedGetFormats()[0];
            byte[] bArr2 = jSAFE_PrivateKey.getKeyData(str)[0];
            byte[] bArr3 = jSAFE_PrivateKey.getKeyData(str)[1];
            com.rsa.jsse.engine.util.k.a(new String(bArr2));
            com.rsa.jsse.engine.util.k.a(bArr3);
            PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS11KeySpec(bArr2, bArr3));
            this.f4451c.a(a2, generatePrivate, true);
            a(generatePrivate, a2);
        } catch (Exception e) {
            throw new SSLException(e);
        }
    }

    public void a(byte[][] bArr, byte[] bArr2, char[] cArr) {
        PrivateKey generatePrivate;
        try {
            X509Certificate[] a2 = cJ.a(bArr, this.f);
            KeyFactory keyFactory = KeyFactory.getInstance(a2[0].getPublicKey().getAlgorithm(), this.e);
            try {
                generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr2));
            } catch (InvalidKeySpecException unused) {
                if (cArr == null) {
                    throw new SSLException("Could not read private key.");
                }
                try {
                    try {
                        JSAFE_PrivateKey a3 = a(bArr2, cArr);
                        generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(a3.getKeyData(a(a3.getAlgorithm()))[0]));
                    } catch (InvalidKeySpecException unused2) {
                        throw new SSLException("Could not read private key.");
                    }
                } catch (JSAFE_Exception e) {
                    throw new SSLException("Could not read private key.", e);
                }
            }
            this.f4451c.a(a2, generatePrivate, false);
            a(generatePrivate, a2);
        } catch (Exception e2) {
            throw new SSLException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStore b() {
        return this.f4450b;
    }
}
