package oracle.security.pki;

import java.io.IOException;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Vector;
import oracle.security.crypto.asn1.ASN1OctetString;
import oracle.security.crypto.cert.CertificateRequest;
import oracle.security.crypto.cert.PKCS12Bag;
import oracle.security.crypto.cert.PKCS12CertBag;
import oracle.security.crypto.cert.PKCS12KeyBag;
import oracle.security.crypto.cert.PKCS12SecretBag;
import oracle.security.crypto.cert.PKCS12ShroudedKeyBag;
import oracle.security.crypto.cert.X500Name;
import oracle.security.crypto.core.DSAPrivateKey;
import oracle.security.crypto.core.ECPrivateKey;
import oracle.security.crypto.core.PrivateKey;
import oracle.security.crypto.core.RSA;
import oracle.security.crypto.core.RSAPrivateKey;
import oracle.security.crypto.core.RSAPublicKey;

/* loaded from: input_file:oracle/security/pki/OracleKSIdentityEntry.class */
class OracleKSIdentityEntry extends OracleKSEntry {
    final PKCS12Bag a;
    Certificate[] b;
    private CertificateRequest d;
    int c;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OracleKSIdentityEntry(PKCS12Bag pKCS12Bag, Vector vector) {
        this.c = -1;
        if (!(pKCS12Bag instanceof PKCS12SecretBag)) {
            throw new IllegalArgumentException("Incorrect bag type" + pKCS12Bag);
        }
        this.a = null;
        ASN1OctetString secretValue = ((PKCS12SecretBag) pKCS12Bag).getSecretValue();
        if (secretValue instanceof ASN1OctetString) {
            try {
                this.d = new CertificateRequest(secretValue.getValue());
            } catch (IOException e) {
            }
        }
        byte[] localKeyID = pKCS12Bag.getLocalKeyID();
        this.c = OracleLocalKeyId.l(localKeyID);
        Vector vector2 = new Vector(vector.size());
        byte[] c = OracleLocalKeyId.c(OracleLocalKeyId.k(localKeyID), OracleLocalKeyId.l(localKeyID));
        int i = 0;
        while (true) {
            if (i >= vector.size()) {
                break;
            }
            PKCS12CertBag pKCS12CertBag = (PKCS12CertBag) vector.elementAt(i);
            if (a(pKCS12CertBag.getLocalKeyID(), c)) {
                vector2.addElement(new OraclePKIX509CertImpl(pKCS12CertBag.getCert()));
                vector.removeElementAt(i);
                if (OraclePKIDebug.getDebugFlag()) {
                    try {
                        OraclePKIDebug.a("Found certificate " + pKCS12CertBag.getCert());
                    } catch (Exception e2) {
                        OraclePKIDebug.a("Found certificate - Cannot be converted to string");
                    }
                }
            } else {
                i++;
            }
        }
        if (vector2.size() == 0) {
            OraclePKIDebug.a("No certificate found for cert req " + localKeyID);
            this.b = null;
            return;
        }
        X509Certificate x509Certificate = (X509Certificate) vector2.lastElement();
        while (true) {
            if (x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                break;
            }
            boolean z = false;
            int i2 = 0;
            while (true) {
                if (i2 >= vector.size()) {
                    break;
                }
                PKCS12CertBag pKCS12CertBag2 = (PKCS12CertBag) vector.elementAt(i2);
                if (x509Certificate.getIssuerDN().equals(pKCS12CertBag2.getCert().getSubject())) {
                    z = true;
                    vector2.addElement(new OraclePKIX509CertImpl(pKCS12CertBag2.getCert()));
                    x509Certificate = (X509Certificate) vector2.lastElement();
                    break;
                }
                i2++;
            }
            if (!z) {
                OraclePKIDebug.a("Cert chain incomplete for key " + this.a);
                break;
            }
        }
        OraclePKIDebug.a("Cert chain determined");
        this.b = new Certificate[vector2.size()];
        this.b = (Certificate[]) vector2.toArray(this.b);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OracleKSIdentityEntry(PKCS12Bag pKCS12Bag, Vector vector, Vector vector2) throws IOException {
        BigInteger bigInteger;
        this.c = -1;
        if (!(pKCS12Bag instanceof PKCS12KeyBag) && !(pKCS12Bag instanceof PKCS12ShroudedKeyBag)) {
            throw new IllegalArgumentException("Incorrect bag type" + pKCS12Bag);
        }
        this.a = pKCS12Bag;
        byte[] localKeyID = this.a.getLocalKeyID();
        this.c = OracleLocalKeyId.l(localKeyID);
        byte[] bytes = "abcxyz".getBytes();
        byte[] bArr = null;
        byte[] bArr2 = null;
        BigInteger bigInteger2 = BigInteger.TEN;
        RSA rsa = new RSA();
        PrivateKey privateKey = null;
        if (pKCS12Bag instanceof PKCS12KeyBag) {
            privateKey = ((PKCS12KeyBag) pKCS12Bag).getPrivateKey();
        } else if (pKCS12Bag instanceof PKCS12ShroudedKeyBag) {
            privateKey = ((PKCS12ShroudedKeyBag) pKCS12Bag).getPrivateKey();
        }
        String algorithm = privateKey.getAlgorithm();
        if (algorithm.equals(PKIConstants.RSA)) {
            try {
                if (Boolean.valueOf((String) AccessController.doPrivileged(new PrivilegedExceptionAction<String>() { // from class: oracle.security.pki.OracleKSIdentityEntry.1
                    @Override // java.security.PrivilegedExceptionAction
                    /* renamed from: a, reason: merged with bridge method [inline-methods] */
                    public String run() {
                        return System.getProperty(PKIConstants.FIPS_140_2_MODE_SYSTEM_PROPERTY);
                    }
                })).booleanValue()) {
                    try {
                        javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("RSA/ECB/PKCS1Padding");
                        cipher.init(1, (Key) privateKey);
                        bArr2 = cipher.doFinal(bigInteger2.toByteArray());
                    } catch (GeneralSecurityException e) {
                        if (OraclePKIDebug.getDebugFlag()) {
                            e.printStackTrace();
                        }
                        throw new IOException(e.getLocalizedMessage());
                    }
                } else {
                    rsa.setKey((RSAPrivateKey) privateKey);
                    bArr2 = rsa.performOp(bigInteger2).toByteArray();
                }
            } catch (PrivilegedActionException e2) {
                throw new RuntimeException(e2);
            }
        } else if (algorithm.equals(PKIConstants.EC)) {
            try {
                Signature signature = Signature.getInstance(PKIConstants.SHA1_WITH_ECDSA_SIGNATURE);
                signature.initSign(privateKey);
                signature.update(bytes, 0, bytes.length);
                bArr = signature.sign();
            } catch (GeneralSecurityException e3) {
                e3.printStackTrace();
            }
        }
        Vector vector3 = new Vector(vector.size());
        int i = 0;
        while (true) {
            if (i >= vector.size()) {
                break;
            }
            boolean z = false;
            PKCS12CertBag pKCS12CertBag = (PKCS12CertBag) vector.elementAt(i);
            RSAPublicKey publicKey = pKCS12CertBag.getCert().getPublicKey();
            String algorithm2 = publicKey.getAlgorithm();
            if (algorithm.equals(algorithm2)) {
                if (algorithm2.equals(PKIConstants.RSA)) {
                    try {
                        if (Boolean.valueOf((String) AccessController.doPrivileged(new PrivilegedExceptionAction<String>() { // from class: oracle.security.pki.OracleKSIdentityEntry.2
                            @Override // java.security.PrivilegedExceptionAction
                            /* renamed from: a, reason: merged with bridge method [inline-methods] */
                            public String run() {
                                return System.getProperty(PKIConstants.FIPS_140_2_MODE_SYSTEM_PROPERTY);
                            }
                        })).booleanValue()) {
                            try {
                                javax.crypto.Cipher cipher2 = javax.crypto.Cipher.getInstance("RSA/ECB/PKCS1Padding");
                                cipher2.init(2, (Key) publicKey);
                                bigInteger = new BigInteger(cipher2.doFinal(bArr2));
                            } catch (GeneralSecurityException e4) {
                                if (OraclePKIDebug.getDebugFlag()) {
                                    e4.printStackTrace();
                                }
                            }
                        } else {
                            rsa.setKey(publicKey);
                            bigInteger = rsa.performOp(new BigInteger(bArr2));
                        }
                        if (bigInteger.equals(bigInteger2)) {
                            z = true;
                        }
                    } catch (PrivilegedActionException e5) {
                        throw new RuntimeException(e5);
                    }
                } else if (algorithm2.equals(PKIConstants.EC)) {
                    try {
                        Signature signature2 = Signature.getInstance(PKIConstants.SHA1_WITH_ECDSA_SIGNATURE);
                        signature2.initVerify((PublicKey) publicKey);
                        signature2.update(bytes, 0, bytes.length);
                        z = signature2.verify(bArr);
                    } catch (GeneralSecurityException e6) {
                        e6.printStackTrace();
                    }
                }
            }
            if (a(pKCS12CertBag.getLocalKeyID(), localKeyID) && z) {
                vector3.addElement(new OraclePKIX509CertImpl(pKCS12CertBag.getCert()));
                vector.removeElementAt(i);
                if (OraclePKIDebug.getDebugFlag()) {
                    try {
                        OraclePKIDebug.a("Found certificate " + pKCS12CertBag.getCert());
                    } catch (Exception e7) {
                        OraclePKIDebug.a("Found certificate - Cannot be converted to string");
                    }
                }
            } else if (OracleLocalKeyId.j(localKeyID)) {
                if (!OracleLocalKeyId.d(pKCS12CertBag.getLocalKeyID()) && z) {
                    vector3.addElement(new OraclePKIX509CertImpl(pKCS12CertBag.getCert()));
                    vector.removeElementAt(i);
                    if (OraclePKIDebug.getDebugFlag()) {
                        try {
                            OraclePKIDebug.a("Found certificate " + pKCS12CertBag.getCert());
                        } catch (Exception e8) {
                            OraclePKIDebug.a("Found certificate - Cannot be converted to string");
                        }
                    }
                }
                i++;
            } else if (z) {
                vector3.addElement(new OraclePKIX509CertImpl(pKCS12CertBag.getCert()));
                vector.removeElementAt(i);
                if (OraclePKIDebug.getDebugFlag()) {
                    try {
                        OraclePKIDebug.a("Found certificate " + pKCS12CertBag.getCert());
                    } catch (Exception e9) {
                        OraclePKIDebug.a("Found certificate - Cannot be converted to string");
                    }
                }
            } else {
                i++;
            }
        }
        byte[] d = OracleLocalKeyId.d(OracleLocalKeyId.k(localKeyID), OracleLocalKeyId.l(localKeyID));
        for (int i2 = 0; i2 < vector2.size(); i2++) {
            PKCS12SecretBag pKCS12SecretBag = (PKCS12SecretBag) vector2.elementAt(i2);
            if (a(pKCS12SecretBag.getLocalKeyID(), d)) {
                ASN1OctetString secretValue = pKCS12SecretBag.getSecretValue();
                if (secretValue instanceof ASN1OctetString) {
                    try {
                        this.d = new CertificateRequest(secretValue.getValue());
                        vector2.removeElementAt(i2);
                        OraclePKIDebug.a("Found cert req " + this.d);
                        break;
                    } catch (IOException e10) {
                    }
                } else {
                    continue;
                }
            }
        }
        if (vector3.size() == 0) {
            OraclePKIDebug.a("No certificate found for key " + this.a.getLocalKeyID());
            this.b = null;
            return;
        }
        X509Certificate x509Certificate = (X509Certificate) vector3.lastElement();
        while (true) {
            if (x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                break;
            }
            boolean z2 = false;
            int i3 = 0;
            while (true) {
                if (i3 >= vector.size()) {
                    break;
                }
                PKCS12CertBag pKCS12CertBag2 = (PKCS12CertBag) vector.elementAt(i3);
                if (x509Certificate.getIssuerDN().equals(pKCS12CertBag2.getCert().getSubject())) {
                    z2 = true;
                    vector3.addElement(new OraclePKIX509CertImpl(pKCS12CertBag2.getCert()));
                    x509Certificate = (X509Certificate) vector3.lastElement();
                    break;
                }
                i3++;
            }
            if (!z2) {
                OraclePKIDebug.a("Cert chain incomplete for key " + this.a);
                break;
            }
        }
        OraclePKIDebug.a("Cert chain determined");
        this.b = new Certificate[vector3.size()];
        this.b = (Certificate[]) vector3.toArray(this.b);
    }

    String a(byte[] bArr) {
        return new String("personaNum:" + OracleLocalKeyId.k(bArr) + "  componentNum:" + OracleLocalKeyId.l(bArr));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.security.pki.OracleKSEntry
    public Key a() {
        PrivateKey privateKey = null;
        if (this.a instanceof PKCS12KeyBag) {
            privateKey = this.a.getPrivateKey();
        } else if (this.a instanceof PKCS12ShroudedKeyBag) {
            privateKey = this.a.getPrivateKey();
        }
        if (privateKey instanceof RSAPrivateKey) {
            return new OraclePKIRSAPrivateKey((RSAPrivateKey) privateKey, this.d);
        }
        if (privateKey instanceof ECPrivateKey) {
            return new OraclePKIECPrivateKey((ECPrivateKey) privateKey, this.d);
        }
        if (privateKey instanceof DSAPrivateKey) {
            OraclePKIDebug.a("DSA Keys not supported");
            return null;
        }
        if (this.d == null || this.a != null) {
            return null;
        }
        return new OraclePKIRSAPrivateKey(null, this.d);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.security.pki.OracleKSEntry
    public Certificate b() {
        if (this.b == null) {
            return null;
        }
        return this.b[0];
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.security.pki.OracleKSEntry
    public Certificate[] c() {
        if (this.b == null) {
            return null;
        }
        return (Certificate[]) this.b.clone();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.security.pki.OracleKSEntry
    public boolean e() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.security.pki.OracleKSEntry
    public String f() {
        Certificate b = b();
        if (!(b instanceof X509Certificate)) {
            return "";
        }
        OraclePKIDebug.a("Certificate for private key is " + b);
        X500Name x500Name = new X500Name(((X509Certificate) b).getSubjectDN().getName());
        String str = "CN=" + x500Name.getCommonName();
        if (x500Name.getCommonName() == null) {
            str = "OU=" + x500Name.getOrgUnitName();
        }
        return str;
    }

    private boolean a(byte[] bArr, byte[] bArr2) {
        if (((bArr == null) || (bArr2 == null)) || bArr.length != bArr2.length) {
            return false;
        }
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != bArr2[i]) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] h() {
        return this.a.getLocalKeyID();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int i() {
        return this.c;
    }
}
