package ksign.jce.provider.pkcs;

import com.ksign.KCaseLogging;
import com.ksign.asn1.ASN1EncodableVector;
import com.ksign.asn1.ASN1InputStream;
import com.ksign.asn1.ASN1ObjectIdentifier;
import com.ksign.asn1.ASN1OctetString;
import com.ksign.asn1.ASN1Sequence;
import com.ksign.asn1.DERInteger;
import com.ksign.asn1.DEROctetString;
import com.ksign.asn1.DERSequence;
import com.ksign.asn1.kisa.KISAObjectIdentifiers;
import com.ksign.asn1.pkcs.EncryptedPrivateKeyInfo;
import com.ksign.asn1.pkcs.EncryptionScheme;
import com.ksign.asn1.pkcs.KeyDerivationFunc;
import com.ksign.asn1.pkcs.PBEParameter;
import com.ksign.asn1.pkcs.PBES2Parameters;
import com.ksign.asn1.pkcs.PBKDF2Params;
import com.ksign.asn1.pkcs.PKCSObjectIdentifiers;
import com.ksign.asn1.pkcs.PrivateKeyInfo;
import com.ksign.asn1.util.ASN1Dump;
import com.ksign.asn1.x509.AlgorithmIdentifier;
import com.ksign.asn1.x9.X9ObjectIdentifiers;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import ksign.jce.crypto.common.PBEParametersGenerator;
import ksign.jce.crypto.digests.MD5KSignDigest;
import ksign.jce.crypto.digests.SHA1KSignDigest;
import ksign.jce.crypto.engines.ARIACipherEngine;
import ksign.jce.crypto.engines.DESCipherEngine;
import ksign.jce.crypto.engines.DESedeCipherEngine;
import ksign.jce.crypto.engines.SEEDCipherEngine;
import ksign.jce.crypto.generators.PKCS5S1ParametersGenerator;
import ksign.jce.crypto.generators.PKCS5S2ParametersGenerator;
import ksign.jce.crypto.modes.CBCBlockCipher;
import ksign.jce.crypto.modes.CBCBlockCipherBack;
import ksign.jce.crypto.paddings.PaddedBufferedBlockCipher;
import ksign.jce.crypto.params.KeyParameterWithIV;
import ksign.jce.provider.keystore.PKCS12KeyStore;

/* loaded from: classes.dex */
public class PKCS5 {
    private static final ASN1ObjectIdentifier KCDSAtempOID = new ASN1ObjectIdentifier("1.2.410.200004.1.4.12");
    public static final ASN1ObjectIdentifier DESV1 = PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC;
    public static final ASN1ObjectIdentifier DESedeV2 = PKCSObjectIdentifiers.des_EDE3_CBC;
    public static final ASN1ObjectIdentifier SEEDV1 = KISAObjectIdentifiers.seedCBCWithSHA1;
    public static final ASN1ObjectIdentifier SEEDV2 = KISAObjectIdentifiers.seedCBC;
    public static final ASN1ObjectIdentifier ARIACBC = KISAObjectIdentifiers.ariaCBC;

    private static byte[] DecryptPrivateKeyInfo_PKCS5S1(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, ASN1ObjectIdentifier aSN1ObjectIdentifier, char[] cArr) {
        PaddedBufferedBlockCipher paddedBufferedBlockCipher;
        int i;
        int i2;
        if (aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC)) {
            i = 64;
            i2 = 64;
            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESCipherEngine()));
        } else if (aSN1ObjectIdentifier.equals(KISAObjectIdentifiers.seedCBCWithSHA1) || aSN1ObjectIdentifier.equals(KCDSAtempOID)) {
            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new SEEDCipherEngine()));
            i = 128;
            i2 = 128;
        } else if (aSN1ObjectIdentifier.equals(KISAObjectIdentifiers.seedCBC)) {
            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipherBack(new SEEDCipherEngine()));
            i = 128;
            i2 = 128;
        } else if (aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC)) {
            i = 64;
            i2 = 64;
            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESCipherEngine()));
        } else {
            i2 = 0;
            paddedBufferedBlockCipher = null;
            i = 0;
        }
        try {
            byte[] encryptedData = encryptedPrivateKeyInfo.getEncryptedData();
            PBEParameter pBEParameter = PBEParameter.getInstance(encryptedPrivateKeyInfo.getEncryptionAlgorithm().getParameters());
            byte[] salt = pBEParameter.getSalt();
            int intValue = pBEParameter.getIterationCount().intValue();
            if (aSN1ObjectIdentifier.equals(KCDSAtempOID)) {
                return PKCS12KeyStore.decryptData(salt, intValue, encryptedData, cArr);
            }
            PKCS5S1ParametersGenerator pKCS5S1ParametersGenerator = new PKCS5S1ParametersGenerator(aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC) ? new MD5KSignDigest() : new SHA1KSignDigest());
            pKCS5S1ParametersGenerator.init(PBEParametersGenerator.PKCS5PassToBytes(cArr), salt, intValue);
            paddedBufferedBlockCipher.init(false, pKCS5S1ParametersGenerator.generateDerivedParameters(i2, i));
            byte[] bArr = new byte[paddedBufferedBlockCipher.getOutputSize(encryptedData.length)];
            int calcBytes = paddedBufferedBlockCipher.calcBytes(encryptedData, 0, encryptedData.length, bArr, 0);
            byte[] bArr2 = new byte[paddedBufferedBlockCipher.doFinal(bArr, calcBytes) + calcBytes];
            System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
            return bArr2;
        } catch (Exception e) {
            throw new IOException("(KSign) PKCS5S1 Decoding failed. : " + e.toString());
        }
    }

    private static byte[] DecryptPrivateKeyInfo_PKCS5S2(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, ASN1ObjectIdentifier aSN1ObjectIdentifier, char[] cArr) {
        boolean z;
        int i;
        PaddedBufferedBlockCipher paddedBufferedBlockCipher;
        try {
            byte[] encryptedData = encryptedPrivateKeyInfo.getEncryptedData();
            PBES2Parameters pBES2Parameters = PBES2Parameters.getInstance(encryptedPrivateKeyInfo.getEncryptionAlgorithm().getParameters());
            PBKDF2Params pBKDF2Params = PBKDF2Params.getInstance(pBES2Parameters.getKeyDerivationFunc().getParameters());
            byte[] salt = pBKDF2Params.getSalt();
            int intValue = pBKDF2Params.getIterationCount().intValue();
            try {
                i = pBKDF2Params.getKeyLength().intValue();
                z = true;
            } catch (NullPointerException e) {
                z = false;
                i = 0;
            }
            EncryptionScheme encryptionScheme = pBES2Parameters.getEncryptionScheme();
            if (encryptionScheme.getAlgorithm().equals(PKCSObjectIdentifiers.des_EDE3_CBC)) {
                paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESedeCipherEngine()));
                if (!z) {
                    i = 24;
                }
            } else if (encryptionScheme.getAlgorithm().equals(KISAObjectIdentifiers.seedCBC) || encryptionScheme.getAlgorithm().equals(KCDSAtempOID)) {
                paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new SEEDCipherEngine()));
                if (!z) {
                    i = 16;
                }
            } else {
                if (!encryptionScheme.getAlgorithm().equals(KISAObjectIdentifiers.ariaCBC) && !encryptionScheme.getAlgorithm().equals(KCDSAtempOID)) {
                    throw new Exception("unsupporting Encryption Scheme Algorithm");
                }
                paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new ARIACipherEngine()));
                if (!z) {
                    i = 16;
                }
            }
            byte[] octets = ASN1OctetString.getInstance(encryptionScheme.getObject()).getOctets();
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator();
            pKCS5S2ParametersGenerator.init(PBEParametersGenerator.PKCS5PassToBytes(cArr), salt, intValue);
            paddedBufferedBlockCipher.init(false, new KeyParameterWithIV(pKCS5S2ParametersGenerator.generateDerivedParameters(i * 8), octets));
            byte[] bArr = new byte[paddedBufferedBlockCipher.getOutputSize(encryptedData.length)];
            int calcBytes = paddedBufferedBlockCipher.calcBytes(encryptedData, 0, encryptedData.length, bArr, 0);
            byte[] bArr2 = new byte[paddedBufferedBlockCipher.doFinal(bArr, calcBytes) + calcBytes];
            System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
            return bArr2;
        } catch (Exception e2) {
            KCaseLogging.print(e2);
            throw new IOException("(KSign) PKCS5 : PKCS5S2 Decoding failed. : " + e2.toString());
        }
    }

    public static void PKCS5Decode(InputStream inputStream, char[] cArr, OutputStream outputStream) {
        outputStream.write(getDecryptedPrivateKey(inputStream, cArr));
    }

    public static PrivateKey PKCS5DecodeForPrivateKey(InputStream inputStream, char[] cArr) {
        return byteArrayToPrivateKey(getDecryptedPrivateKeyInfo(inputStream, cArr));
    }

    public static PrivateKey PKCS5DecodeForPrivateKey(InputStream inputStream, char[] cArr, String str) {
        return PKCS5DecodeForPrivateKey(inputStream, cArr);
    }

    public static void PKCS5DecodeForPrivateKeyInfo(InputStream inputStream, char[] cArr, OutputStream outputStream) {
        outputStream.write(getDecryptedPrivateKeyInfo(inputStream, cArr));
    }

    public static void PKCS5S1Encode(ASN1ObjectIdentifier aSN1ObjectIdentifier, char[] cArr, byte[] bArr, int i, byte[] bArr2, OutputStream outputStream) {
        PaddedBufferedBlockCipher paddedBufferedBlockCipher;
        int i2;
        int i3 = 128;
        if (aSN1ObjectIdentifier.equals(DESV1)) {
            i2 = 64;
            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESCipherEngine()));
            i3 = 64;
        } else {
            if (!aSN1ObjectIdentifier.equals(SEEDV1)) {
                throw new IOException("(KSign) No supported cipher algorithmOID!!!");
            }
            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new SEEDCipherEngine()));
            i2 = 128;
        }
        PKCS5S1ParametersGenerator pKCS5S1ParametersGenerator = new PKCS5S1ParametersGenerator(new SHA1KSignDigest());
        pKCS5S1ParametersGenerator.init(PBEParametersGenerator.PKCS5PassToBytes(cArr), bArr, i);
        paddedBufferedBlockCipher.init(true, pKCS5S1ParametersGenerator.generateDerivedParameters(i2, i3));
        try {
            byte[] bArr3 = new byte[paddedBufferedBlockCipher.getOutputSize(bArr2.length)];
            paddedBufferedBlockCipher.doFinal(bArr3, paddedBufferedBlockCipher.calcBytes(bArr2, 0, bArr2.length, bArr3, 0));
            try {
                outputStream.write(new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(aSN1ObjectIdentifier, new PBEParameter(bArr, i)), bArr3).getEncoded());
            } catch (Exception e) {
                KCaseLogging.print(e);
                throw new IOException("(KSign) PKCS5 : PKCS5S1 Encoding failed.    " + e.toString());
            }
        } catch (Exception e2) {
            KCaseLogging.print(e2);
            throw new IOException("(KSign) PKCS5S1 Encrypted failed.     " + e2.toString());
        }
    }

    public static void PKCS5S2Encode(ASN1ObjectIdentifier aSN1ObjectIdentifier, char[] cArr, byte[] bArr, int i, byte[] bArr2, OutputStream outputStream) {
        int i2;
        PaddedBufferedBlockCipher paddedBufferedBlockCipher;
        int i3;
        if (aSN1ObjectIdentifier.equals(DESedeV2)) {
            i2 = 192;
            i3 = 64;
            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESedeCipherEngine()));
        } else if (aSN1ObjectIdentifier.equals(SEEDV2)) {
            KCaseLogging.println("KISAObjectIdentifiers.seedCBC");
            i2 = 128;
            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new SEEDCipherEngine()));
            i3 = 128;
        } else {
            if (!aSN1ObjectIdentifier.equals(ARIACBC)) {
                throw new IOException("(KSign) No supported cipher algorithmOID!!!");
            }
            KCaseLogging.println("KISAObjectIdentifiers.seedCBC");
            i2 = 128;
            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new ARIACipherEngine()));
            i3 = 128;
        }
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator();
        pKCS5S2ParametersGenerator.init(PBEParametersGenerator.PKCS5PassToBytes(cArr), bArr, i);
        KeyParameterWithIV keyParameterWithIV = (KeyParameterWithIV) pKCS5S2ParametersGenerator.generateDerivedParameters(i2, i3);
        byte[] iv = keyParameterWithIV.getIV();
        paddedBufferedBlockCipher.init(true, keyParameterWithIV);
        try {
            byte[] bArr3 = new byte[paddedBufferedBlockCipher.getOutputSize(bArr2.length)];
            paddedBufferedBlockCipher.doFinal(bArr3, paddedBufferedBlockCipher.calcBytes(bArr2, 0, bArr2.length, bArr3, 0));
            try {
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                aSN1EncodableVector.add(new DEROctetString(bArr));
                aSN1EncodableVector.add(new DERInteger(new BigInteger(Integer.toString(i))));
                aSN1EncodableVector.add(new DERInteger(new BigInteger(Integer.toString(i2 / 8))));
                KeyDerivationFunc keyDerivationFunc = new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(new DERSequence(aSN1EncodableVector)));
                EncryptionScheme encryptionScheme = new EncryptionScheme(aSN1ObjectIdentifier, new DEROctetString(iv));
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(keyDerivationFunc);
                aSN1EncodableVector2.add(encryptionScheme);
                outputStream.write(new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, new PBES2Parameters(new DERSequence(aSN1EncodableVector2))), bArr3).getEncoded());
            } catch (Exception e) {
                KCaseLogging.print(e);
                throw new IOException("(KSign) PKCS5 : PKCS5S2 Encoding failed.    " + e.toString());
            }
        } catch (Exception e2) {
            KCaseLogging.print(e2);
            throw new IOException("(KSign) PKCS5S2 Encrypted failed.    " + e2.toString());
        }
    }

    public static PrivateKey byteArrayToPrivateKey(byte[] bArr) {
        try {
            KeyFactory keyFactory = getKeyFactory(PrivateKeyInfo.getInstance(bArr).getAlgorithmId());
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(bArr);
            PrivateKey generatePrivate = keyFactory.generatePrivate(pKCS8EncodedKeySpec);
            KCaseLogging.println("DEREncodable : \n" + ASN1Dump.dumpAsString(pKCS8EncodedKeySpec));
            return generatePrivate;
        } catch (Exception e) {
            KCaseLogging.print(e);
            throw new IOException(e.getMessage());
        }
    }

    private static byte[] getDecryptedPrivateKey(InputStream inputStream, char[] cArr) {
        boolean z = false;
        try {
            try {
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = EncryptedPrivateKeyInfo.getInstance(new ASN1InputStream(inputStream).readObject());
                inputStream.close();
                ASN1ObjectIdentifier algorithm = encryptedPrivateKeyInfo.getEncryptionAlgorithm().getAlgorithm();
                if (!algorithm.equals(PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC) && !algorithm.equals(KISAObjectIdentifiers.seedCBCWithSHA1) && !algorithm.equals(KCDSAtempOID) && !algorithm.equals(PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC) && !algorithm.equals(KISAObjectIdentifiers.seedCBC)) {
                    if (!algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
                        throw new IOException("(KSign) Not Supported Algorithm name : " + algorithm.toString());
                    }
                    z = true;
                }
                return z ? PrivateKeyInfo.getInstance(DecryptPrivateKeyInfo_PKCS5S2(encryptedPrivateKeyInfo, algorithm, cArr)).getPrivateKey().getEncoded() : PrivateKeyInfo.getInstance(DecryptPrivateKeyInfo_PKCS5S1(encryptedPrivateKeyInfo, algorithm, cArr)).getPrivateKey().getEncoded();
            } catch (Exception e) {
                throw new IOException("(KSign) PKCS5 Decoding failed. : " + e.toString());
            }
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    private static byte[] getDecryptedPrivateKeyInfo(InputStream inputStream, char[] cArr) {
        boolean z = true;
        boolean z2 = false;
        try {
            try {
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = EncryptedPrivateKeyInfo.getInstance(new ASN1InputStream(inputStream).readObject());
                inputStream.close();
                ASN1ObjectIdentifier algorithm = encryptedPrivateKeyInfo.getEncryptionAlgorithm().getAlgorithm();
                if (algorithm.equals(PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC)) {
                    z = false;
                } else if (algorithm.equals(PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC)) {
                    z = false;
                } else if (algorithm.equals(KISAObjectIdentifiers.seedCBCWithSHA1) || algorithm.equals(KCDSAtempOID)) {
                    z = false;
                } else if (algorithm.equals(KISAObjectIdentifiers.seedCBC)) {
                    z = false;
                    z2 = true;
                } else if (!algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
                    throw new IOException("(KSign) Not Supported Algorithm name : " + algorithm.toString());
                }
                if (z) {
                    return DecryptPrivateKeyInfo_PKCS5S2(encryptedPrivateKeyInfo, algorithm, cArr);
                }
                try {
                    byte[] DecryptPrivateKeyInfo_PKCS5S1 = DecryptPrivateKeyInfo_PKCS5S1(encryptedPrivateKeyInfo, algorithm, cArr);
                    if (!z2) {
                        return DecryptPrivateKeyInfo_PKCS5S1;
                    }
                    PrivateKeyInfo.getInstance(DecryptPrivateKeyInfo_PKCS5S1);
                    byte[] bArr = new byte[DecryptPrivateKeyInfo_PKCS5S1.length - DecryptPrivateKeyInfo_PKCS5S1[DecryptPrivateKeyInfo_PKCS5S1.length - 1]];
                    if (DecryptPrivateKeyInfo_PKCS5S1.length <= bArr.length) {
                        return DecryptPrivateKeyInfo_PKCS5S1;
                    }
                    System.arraycopy(DecryptPrivateKeyInfo_PKCS5S1, 0, bArr, 0, bArr.length);
                    return bArr;
                } catch (Exception e) {
                    throw new IOException("(KSign) PKCS5S1 Decoding failed. : " + e.toString());
                }
            } catch (Exception e2) {
                KCaseLogging.print(e2);
                throw new IOException("(KSign) PKCS5 Decoding failed. : " + e2.toString());
            }
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    private static KeyFactory getKeyFactory(AlgorithmIdentifier algorithmIdentifier) {
        if (algorithmIdentifier.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption)) {
            return KeyFactory.getInstance("RSA", "Ksign");
        }
        if (algorithmIdentifier.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa)) {
            return KeyFactory.getInstance("DSA", "Ksign");
        }
        if (!algorithmIdentifier.getAlgorithm().equals(KISAObjectIdentifiers.kcdsa) && !algorithmIdentifier.getAlgorithm().equals(KISAObjectIdentifiers.kcdsa1)) {
            if (algorithmIdentifier.getAlgorithm().equals(X9ObjectIdentifiers.id_ecPublicKey)) {
                return KeyFactory.getInstance("ECDSA", "Ksign");
            }
            throw new RuntimeException("(KSign) algorithm identifier in key not recognised");
        }
        return KeyFactory.getInstance("KCDSA", "Ksign");
    }

    public static byte[] privateKeyInfoDecodeValue(byte[] bArr) {
        try {
            return new PrivateKeyInfo(ASN1Sequence.getInstance(bArr)).getPrivateKey().getEncoded();
        } catch (Exception e) {
            KCaseLogging.print(e);
            throw new IOException("(KSign) PKCS5 : privateKeyInfo Decode Error");
        }
    }

    public static byte[] privateKeyInfoEncodeValue(byte[] bArr) {
        try {
            return new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, null), ASN1Sequence.getInstance(bArr)).getEncoded();
        } catch (Exception e) {
            KCaseLogging.print(e);
            throw new IOException("(KSign) PKCS5 : privateKeyInfo Encoding Error");
        }
    }
}
