package com.ibm.cfwk.pkcs;

import com.ibm.asn1.ASN1Decoder;
import com.ibm.asn1.ASN1Encoder;
import com.ibm.asn1.ASN1Exception;
import com.ibm.asn1.ASN1OID;
import com.ibm.asn1.ASN1Tag;
import com.ibm.asn1.BERAny;
import com.ibm.asn1.BERDecoder;
import com.ibm.asn1.BEREncoder;
import com.ibm.cfwk.API;
import com.ibm.cfwk.Digest;
import com.ibm.cfwk.FailedException;
import com.ibm.cfwk.Key;
import com.ibm.cfwk.Signature;
import com.ibm.cfwk.key.SimpleKey;
import com.ibm.cfwk.pki.AlgId;
import com.ibm.cfwk.pki.AssortedIDs;
import java.util.Vector;

/* loaded from: input_file:lib/swimport.zip:com/ibm/cfwk/pkcs/PKCS12.class */
public class PKCS12 {
    public static final ASN1OID V1 = new ASN1OID("pkcs12-v1", "1.2.840.113549.1.12.10").intern();
    public int version;
    public ASN1OID[] bagContentTypes;
    public Object[] bags;
    public AlgId digestAlg;
    public byte[] mac;
    public byte[] macSalt;
    public int macIterationCount;
    public boolean macOK;
    public byte[] macedData2;

    public void decode(ASN1Decoder aSN1Decoder) throws ASN1Exception {
        int decodeSequence = aSN1Decoder.decodeSequence();
        this.version = aSN1Decoder.decodeIntegerAsInt();
        int decodeSequence2 = aSN1Decoder.decodeSequence();
        ASN1OID decodeObjectIdentifier = aSN1Decoder.decodeObjectIdentifier();
        int decodeExplicit = aSN1Decoder.decodeExplicit(ASN1Tag.makeContextTag(0));
        if (!PKCS7.DATA.equals(decodeObjectIdentifier)) {
            if (!PKCS7.SIGNED.equals(decodeObjectIdentifier)) {
                throw new ASN1Exception(new StringBuffer("Bad PKCS#12 - authSafes PKCS#7 contentType: ").append(decodeObjectIdentifier).toString());
            }
            throw new ASN1Exception(new StringBuffer("Not supported PKCS#12 - authSafes PKCS#7 contentType: ").append(decodeObjectIdentifier).toString());
        }
        this.macedData2 = aSN1Decoder.decodeOctetString();
        BERDecoder bERDecoder = new BERDecoder(this.macedData2);
        int decodeSequence3 = bERDecoder.decodeSequence();
        Vector vector = new Vector();
        while (!bERDecoder.endOf(decodeSequence3)) {
            int decodeSequence4 = bERDecoder.decodeSequence();
            ASN1OID decodeObjectIdentifier2 = bERDecoder.decodeObjectIdentifier();
            int decodeExplicit2 = bERDecoder.decodeExplicit(ASN1Tag.makeContextTag(0));
            if (PKCS7.DATA.equals(decodeObjectIdentifier2)) {
                vector.addElement(decodeObjectIdentifier2);
                vector.addElement(PKCS12SafeBag.sequenceOfSafeBags(new BERDecoder(bERDecoder.decodeOctetString())));
            } else {
                if (!PKCS7.ENCRYPTED.equals(decodeObjectIdentifier2)) {
                    if (!PKCS7.ENVELOPED.equals(decodeObjectIdentifier2)) {
                        throw new ASN1Exception(new StringBuffer("Bad PKCS#12 - authSafes.content[").append(vector.size()).append("] PKCS#7 contentType: ").append(decodeObjectIdentifier2).toString());
                    }
                    throw new ASN1Exception("Not supported PKCS#12 - enveloped SafeBag");
                }
                PKCS7Encrypted pKCS7Encrypted = new PKCS7Encrypted();
                pKCS7Encrypted.decodeContent(bERDecoder);
                vector.addElement(decodeObjectIdentifier2);
                vector.addElement(pKCS7Encrypted);
            }
            bERDecoder.endOf(decodeExplicit2);
            bERDecoder.endOf(decodeSequence4);
        }
        int size = vector.size();
        this.bagContentTypes = new ASN1OID[size / 2];
        this.bags = new Object[size / 2];
        for (int i = 0; i < size; i += 2) {
            this.bagContentTypes[i / 2] = (ASN1OID) vector.elementAt(i);
            this.bags[i / 2] = vector.elementAt(i + 1);
        }
        aSN1Decoder.endOf(decodeExplicit);
        aSN1Decoder.endOf(decodeSequence2);
        if (aSN1Decoder.endOf(decodeSequence)) {
            this.digestAlg = null;
            this.mac = null;
            this.macSalt = null;
            this.macedData2 = null;
            this.macIterationCount = 0;
            return;
        }
        int decodeSequence5 = aSN1Decoder.decodeSequence();
        int decodeSequence6 = aSN1Decoder.decodeSequence();
        this.digestAlg = AlgId.make(aSN1Decoder);
        this.mac = aSN1Decoder.decodeOctetString();
        aSN1Decoder.endOf(decodeSequence6);
        this.macSalt = aSN1Decoder.decodeOctetString();
        if (aSN1Decoder.endOf(decodeSequence5)) {
            this.macIterationCount = 1;
        } else {
            this.macIterationCount = aSN1Decoder.decodeIntegerAsInt();
            aSN1Decoder.endOf(decodeSequence5);
        }
        aSN1Decoder.endOf(decodeSequence);
    }

    public void encode(ASN1Encoder aSN1Encoder, byte[] bArr, API api) throws ASN1Exception {
        BEREncoder bEREncoder = new BEREncoder();
        int encodeSequence = bEREncoder.encodeSequence();
        for (int i = 0; i < this.bags.length; i++) {
            ASN1OID asn1oid = this.bagContentTypes[i];
            if (asn1oid.equals(PKCS7.DATA)) {
                int encodeSequence2 = bEREncoder.encodeSequence();
                bEREncoder.encodeObjectIdentifier(asn1oid);
                int encodeExplicit = bEREncoder.encodeExplicit(ASN1Tag.makeContextTag(0));
                BEREncoder bEREncoder2 = new BEREncoder();
                PKCS12SafeBag.sequenceOfSafeBags(bEREncoder2, (PKCS12SafeBag[]) this.bags[i]);
                bEREncoder.encodeOctetString(bEREncoder2.toByteArray());
                bEREncoder.endOf(encodeExplicit);
                bEREncoder.endOf(encodeSequence2);
            } else {
                if (!asn1oid.equals(PKCS7.ENCRYPTED)) {
                    throw new FailedException(new StringBuffer("Cannot encode top level bag type: ").append(asn1oid).toString());
                }
                PKCS7Encrypted pKCS7Encrypted = (PKCS7Encrypted) this.bags[i];
                if (pKCS7Encrypted.encContent == null) {
                    if (!(pKCS7Encrypted.content instanceof PKCS12SafeBag[])) {
                        throw new FailedException(new StringBuffer("Unknown data <").append(pKCS7Encrypted.content == null ? "null" : pKCS7Encrypted.content.getClass().getName()).append("> under PKCS#7/Encrypted").toString());
                    }
                    BEREncoder bEREncoder3 = new BEREncoder();
                    PKCS12SafeBag.sequenceOfSafeBags(bEREncoder3, (PKCS12SafeBag[]) pKCS7Encrypted.content);
                    pKCS7Encrypted.content = new BERAny(bEREncoder3.toByteArray());
                    pKCS7Encrypted.encryptContent(bArr, api);
                }
                pKCS7Encrypted.encode(bEREncoder);
            }
        }
        bEREncoder.endOf(encodeSequence);
        this.macedData2 = bEREncoder.toByteArray();
        this.mac = computeMac(bArr, api);
        int encodeSequence3 = aSN1Encoder.encodeSequence();
        aSN1Encoder.encodeInteger(this.version == 0 ? 3 : this.version);
        int encodeSequence4 = aSN1Encoder.encodeSequence();
        aSN1Encoder.encodeObjectIdentifier(PKCS7.DATA);
        int encodeExplicit2 = aSN1Encoder.encodeExplicit(ASN1Tag.makeContextTag(0));
        aSN1Encoder.encodeOctetString(this.macedData2);
        aSN1Encoder.endOf(encodeExplicit2);
        aSN1Encoder.endOf(encodeSequence4);
        int encodeSequence5 = aSN1Encoder.encodeSequence();
        int encodeSequence6 = aSN1Encoder.encodeSequence();
        this.digestAlg.encode(aSN1Encoder);
        aSN1Encoder.encodeOctetString(this.mac);
        aSN1Encoder.endOf(encodeSequence6);
        aSN1Encoder.encodeOctetString(this.macSalt);
        if (this.macIterationCount != 1) {
            aSN1Encoder.encodeInteger(this.macIterationCount);
        }
        aSN1Encoder.endOf(encodeSequence5);
        aSN1Encoder.endOf(encodeSequence3);
    }

    public boolean verifyMac(byte[] bArr, API api) {
        if (this.macedData2 != null) {
            ASN1OID asn1oid = this.digestAlg.asn1oid();
            if (!asn1oid.equals(AssortedIDs.oiw_sha1)) {
                this.macOK = false;
                throw new FailedException(new StringBuffer("Unknown MAC digest algorithm: ").append(asn1oid).toString());
            }
            Digest find = Digest.find("SHA1", api);
            this.macOK = Signature.find("HMAC-SHA1", api).verify(Key.importKeyMaterial(new SimpleKey(Key.SECRET, PKCS12PBE.pbe(find, find.digestSize(), this.macIterationCount, 3, bArr, this.macSalt)), api), this.macedData2, 0, this.macedData2.length, this.mac, 0, this.mac.length);
        }
        return this.macOK;
    }

    public byte[] computeMac(byte[] bArr, API api) {
        if (this.macedData2 == null) {
            throw new FailedException("Need encoded authSafes");
        }
        ASN1OID asn1oid = this.digestAlg.asn1oid();
        if (!asn1oid.equals(AssortedIDs.oiw_sha1)) {
            throw new FailedException(new StringBuffer("Unknown MAC digest algorithm: ").append(asn1oid).toString());
        }
        Digest find = Digest.find("SHA1", api);
        byte[] sign = Signature.find("HMAC-SHA1", api).sign(Key.importKeyMaterial(new SimpleKey(Key.SECRET, PKCS12PBE.pbe(find, find.digestSize(), this.macIterationCount, 3, bArr, this.macSalt)), api), this.macedData2);
        this.mac = sign;
        return sign;
    }

    public PKCS12() {
    }

    public PKCS12(ASN1Decoder aSN1Decoder) throws ASN1Exception {
        decode(aSN1Decoder);
    }
}
