package com.wizvera.wcrypto;

import com.wizvera.provider.asn1.ASN1Primitive;
import com.wizvera.provider.asn1.DERNull;
import com.wizvera.provider.asn1.pkcs.PKCSObjectIdentifiers;
import com.wizvera.provider.asn1.pkcs.PrivateKeyInfo;
import com.wizvera.provider.asn1.x509.AlgorithmIdentifier;
import com.wizvera.provider.jce.provider.JDKPKCS12KeyStore;
import com.wizvera.wcrypto.jose4j.lang.JoseException;
import com.wizvera.wcrypto.key.WRsaPrivateKey;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Enumeration;

/* loaded from: classes4.dex */
public class WPKCS12 {
    public static byte[] create(WCertKeyPair wCertKeyPair, char[] cArr) throws WCryptoException {
        try {
            String fingerPrint = getFingerPrint(wCertKeyPair.certificate());
            PrivateKey privateKey = ((WRsaPrivateKey) wCertKeyPair.privateKey()).getPrivateKey();
            X509Certificate[] x509CertificateArr = {wCertKeyPair.certificate().x509Certificate()};
            KeyStore keyStore = KeyStore.getInstance("PKCS12", WizConstants.WIZ_PROVIDER);
            keyStore.load(null, null);
            keyStore.setKeyEntry(fingerPrint, privateKey, cArr, x509CertificateArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            keyStore.store(byteArrayOutputStream, cArr);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new WCryptoException(e);
        } catch (KeyStoreException e2) {
            throw new WCryptoException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new WCryptoException(e3);
        } catch (CertificateException e4) {
            throw new WCryptoException(e4);
        }
    }

    private static PrivateKeyInfo generateKeyInfo(PrivateKey privateKey) throws WCryptoException {
        try {
            try {
                return new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(privateKey.getEncoded())).getPrivateKey());
            } catch (IOException e) {
                throw new WCryptoException(e);
            }
        } catch (IOException e2) {
            throw new WCryptoException("PrivateKeyInfo error", e2);
        }
    }

    private static PrivateKey generatePrivateKey(PrivateKeyInfo privateKeyInfo) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
        return KeyFactory.getInstance(privateKeyInfo.getAlgorithmId().getAlgorithm().getId(), WizConstants.WIZ_PROVIDER).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded("DER")));
    }

    static String getFingerPrint(WCertificate wCertificate) throws WCryptoException {
        return WHex.encode(WMessageDigest.sha1().digest(wCertificate.toDer())).toUpperCase();
    }

    public static WCertKeyPair parse(byte[] bArr, char[] cArr) throws WCryptoException, WPasswordException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        JDKPKCS12KeyStore.DefPKCS12KeyStore defPKCS12KeyStore = new JDKPKCS12KeyStore.DefPKCS12KeyStore();
        try {
            defPKCS12KeyStore.engineLoad(byteArrayInputStream, cArr);
            Enumeration engineAliases = defPKCS12KeyStore.engineAliases();
            while (engineAliases.hasMoreElements()) {
                String str = (String) engineAliases.nextElement();
                X509Certificate x509Certificate = (X509Certificate) defPKCS12KeyStore.engineGetCertificate(str);
                PrivateKeyInfo privateKeyInfo = defPKCS12KeyStore.getPrivateKeyInfo(str);
                if (x509Certificate != null && privateKeyInfo != null) {
                    return new WCertKeyPair(new WCertificate(x509Certificate), new WRsaPrivateKey((RSAPrivateKey) generatePrivateKey(privateKeyInfo)));
                }
            }
            return null;
        } catch (JoseException e) {
            throw new WCryptoException("keypair load fail", e);
        } catch (IOException e2) {
            if (e2.getMessage() == null || !e2.getMessage().startsWith("PKCS12 key store mac invalid")) {
                throw new WCryptoException("keypair load fail", e2);
            }
            throw new WPasswordException("wrong PKCS12 passsword", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new WCryptoException("keypair load fail", e3);
        } catch (InvalidKeySpecException e4) {
            throw new WCryptoException("keypair load fail", e4);
        }
    }
}
