package com.nitrodesk.crypto.ew.impl.jca;

import com.echoworx.edt.common.ErrorCodes;
import com.echoworx.edt.common.pki.EDTCertificate;
import com.echoworx.edt.common.pki.EDTKeyPair;
import com.echoworx.edt.common.pki.EDTPKIException;
import com.echoworx.edt.common.pki.EDTPrivateKey;
import com.echoworx.edt.common.pki.EDTX509Certificate;
import com.echoworx.edt.common.pki.PKCS12Container;
import com.echoworx.edt.credential.domain.Password;
import com.nitrodesk.crypto.ew.impl.bouncycastle.BouncyCastleX509Certificate;
import com.nitrodesk.crypto.ew.util.TypeHelper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import org.ndbouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public class JCAPKCS12Container implements PKCS12Container {
    protected KeyStore fModel;
    protected Password fPassword;

    protected JCAPKCS12Container(byte[] bArr, Password password) {
        this.fModel = null;
        this.fPassword = password;
        try {
            this.fModel = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
            try {
                this.fModel.load(bArr != null ? new ByteArrayInputStream(bArr) : null, this.fPassword != null ? this.fPassword.getPasswordString().toCharArray() : new char[0]);
            } catch (Exception e) {
                throw new EDTPKIException(ErrorCodes.CANNOT_LOAD_PKCS12, e);
            }
        } catch (Exception e2) {
            throw new EDTPKIException(ErrorCodes.CANNOT_LOAD_PKCS12, e2);
        }
    }

    public static JCAPKCS12Container load(byte[] bArr, Password password) {
        return new JCAPKCS12Container(bArr, password);
    }

    @Override // com.echoworx.edt.common.pki.PKCS12Container
    public void changePassword(Password password) {
        this.fPassword = password;
    }

    protected Certificate convertCertificateType(EDTCertificate eDTCertificate) {
        if ((eDTCertificate instanceof BouncyCastleX509Certificate) || (eDTCertificate instanceof JCACertificate)) {
            return eDTCertificate instanceof JCACertificate ? ((JCACertificate) eDTCertificate).getCertificate() : ((BouncyCastleX509Certificate) eDTCertificate).getCertificate();
        }
        throw new EDTPKIException("Invalid type for certificate (expected BouncyCastleX509Certificate or JCACertificate).");
    }

    protected String findAliasOfCertificate(EDTCertificate eDTCertificate) {
        if (eDTCertificate == null) {
            return null;
        }
        Certificate convertCertificateType = convertCertificateType(eDTCertificate);
        try {
            Enumeration<String> aliases = this.fModel.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.fModel.isKeyEntry(nextElement) && this.fModel.getCertificate(nextElement).equals(convertCertificateType)) {
                    return nextElement;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new EDTPKIException(ErrorCodes.CANNOT_FIND_ALIAS, e);
        }
    }

    @Override // com.echoworx.edt.common.pki.PKCS12Container
    public EDTCertificate[] getAllCertificatesWithPrivateKey() {
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration<String> aliases = this.fModel.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.fModel.isKeyEntry(nextElement)) {
                    arrayList.add(new BouncyCastleX509Certificate((X509Certificate) this.fModel.getCertificate(nextElement)));
                }
            }
            return (EDTCertificate[]) arrayList.toArray(new EDTCertificate[0]);
        } catch (KeyStoreException e) {
            throw new EDTPKIException(ErrorCodes.CANNOT_ENUMERATE_CERTIFICATE, e);
        }
    }

    @Override // com.echoworx.edt.common.pki.PKCS12Container
    public EDTCertificate getCertificateByCanonicalName(String str) {
        if (str == null) {
            return null;
        }
        try {
            Enumeration<String> aliases = this.fModel.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.fModel.isKeyEntry(nextElement)) {
                    X509Certificate x509Certificate = (X509Certificate) this.fModel.getCertificate(nextElement);
                    String name = x509Certificate.getSubjectDN().getName();
                    if (name != null && name.indexOf(str) >= 0) {
                        return new BouncyCastleX509Certificate(x509Certificate);
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            new EDTPKIException(ErrorCodes.getErrorString(ErrorCodes.CANNOT_FIND_CANONICAL_NAME, str), e).setErrorCode(ErrorCodes.CANNOT_FIND_CANONICAL_NAME);
            return null;
        }
    }

    @Override // com.echoworx.edt.common.pki.PKCS12Container
    public EDTCertificate[] getCertificateChain(EDTCertificate eDTCertificate) {
        String findAliasOfCertificate = findAliasOfCertificate(eDTCertificate);
        if (findAliasOfCertificate == null) {
            return new EDTCertificate[0];
        }
        try {
            return TypeHelper.convertCertificates(this.fModel.getCertificateChain(findAliasOfCertificate));
        } catch (KeyStoreException e) {
            throw new EDTPKIException(ErrorCodes.CANNOT_RETRIEVE_CHAIN);
        }
    }

    @Override // com.echoworx.edt.common.pki.PKCS12Container
    public byte[] getEncoded() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            this.fModel.store(byteArrayOutputStream, this.fPassword != null ? this.fPassword.getPasswordString().toCharArray() : new char[0]);
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new EDTPKIException(ErrorCodes.INVALID_BYTE_REPRESENTATION, e);
        }
    }

    @Override // com.echoworx.edt.common.pki.PKCS12Container
    public EDTPrivateKey getKeyRelatedToCertificate(EDTCertificate eDTCertificate, Password password) {
        JCAKey jCAKey = null;
        String findAliasOfCertificate = findAliasOfCertificate(eDTCertificate);
        if (findAliasOfCertificate != null) {
            try {
                if (this.fModel.isKeyEntry(findAliasOfCertificate)) {
                    jCAKey = new JCAKey(this.fModel.getKey(findAliasOfCertificate, password == null ? new char[0] : password.getPasswordString().toCharArray()));
                }
            } catch (Exception e) {
                throw new EDTPKIException(ErrorCodes.CANNOT_RETIREVE_KEY, e);
            }
        }
        return jCAKey;
    }

    @Override // com.echoworx.edt.common.pki.PKCS12Container
    public void removeCertificate(EDTCertificate eDTCertificate) {
        String findAliasOfCertificate = findAliasOfCertificate(eDTCertificate);
        if (findAliasOfCertificate == null) {
            return;
        }
        try {
            this.fModel.deleteEntry(findAliasOfCertificate);
        } catch (KeyStoreException e) {
            throw new EDTPKIException(ErrorCodes.CANNOT_DELETE_CERTIFICATE, e);
        }
    }

    @Override // com.echoworx.edt.common.pki.PKCS12Container
    public void setKeyEntry(String str, EDTKeyPair eDTKeyPair, EDTX509Certificate[] eDTX509CertificateArr, Password password) {
        if (eDTKeyPair == null || eDTKeyPair.getPrivateKey() == null) {
            throw new EDTPKIException(ErrorCodes.INVALID_PRIVATE_KEY);
        }
        if (str == null) {
            str = new String();
        }
        ArrayList arrayList = new ArrayList();
        if (eDTX509CertificateArr != null) {
            for (EDTX509Certificate eDTX509Certificate : eDTX509CertificateArr) {
                arrayList.add(convertCertificateType(eDTX509Certificate));
            }
        }
        try {
            this.fModel.setKeyEntry(str, JCAKey.loadFromPKCS8(eDTKeyPair.getPrivateKey(), 0).getKey(), password != null ? password.getPasswordString().toCharArray() : new char[0], (Certificate[]) arrayList.toArray(new Certificate[0]));
        } catch (Exception e) {
            throw new EDTPKIException(ErrorCodes.CANNOT_ADD_KEY, e);
        }
    }
}
