package com.initech.android.sfilter.plugin.pki.filestore;

import com.initech.android.sfilter.core.Logger;
import com.initech.android.sfilter.plugin.pki.CertificateEntry;
import com.initech.android.sfilter.plugin.pki.X509TokenChallenger;
import com.initech.android.sfilter.plugin.pki.ui.CertUtil;
import com.initech.android.sfilter.third.store.OtherCertificateConsist;
import com.initech.android.sfilter.util.Util;
import com.initech.asn1.ASN1Exception;
import com.initech.asn1.BERDecoder;
import com.initech.asn1.useful.AlgorithmID;
import com.initech.asn1.useful.Attribute;
import com.initech.cryptox.spec.PBEKeySpec;
import com.initech.pkcs.pkcs8.EncryptedPrivateKeyInfo;
import com.initech.pkcs.pkcs8.PrivateKeyInfo;
import com.initech.x509.X509CertImpl;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.AlgorithmParameters;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.crypto.spec.PBEParameterSpec;

/* loaded from: classes.dex */
public class DefaultFileCertificateEntry implements CertificateEntry, Serializable {
    private static final long serialVersionUID = 4431092270715892434L;
    private X509Certificate a;
    private String b;
    private String c;
    private boolean d;

    public DefaultFileCertificateEntry(String str) {
        this.a = null;
        this.b = null;
        this.c = null;
        this.d = false;
        this.b = str;
        if (str.indexOf("/NPKI/") == -1 && str.indexOf("\\NPKI\\") == -1) {
            this.c = CertificateEntry.DEFAULT_PPKI_FILEBASE;
        } else {
            this.c = CertificateEntry.DEFAULT_NPKI_FILEBASE;
        }
    }

    protected DefaultFileCertificateEntry(boolean z, String str) {
        this(str);
        this.d = z;
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        if (this.a == null || (this.a instanceof X509CertImpl)) {
            return;
        }
        String cls = this.a.getClass().toString();
        try {
            this.a = Util.convertX509Certificate(this.a.getEncoded());
            Logger.debug("[v1.5.42]DefaultFileCertificateEntry", "readObject", "Class converted. : " + cls + " -> " + this.a.getClass());
        } catch (Exception e) {
            Logger.debug("[v1.5.42]DefaultFileCertificateEntry", "readObject", "Convert failed. : " + this.a.getClass());
        }
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        objectOutputStream.defaultWriteObject();
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public boolean changePassword(char[] cArr, char[] cArr2) {
        FileInputStream fileInputStream;
        FileInputStream fileInputStream2 = null;
        try {
            try {
                File file = new File(getPrivateKeyPath());
                fileInputStream = new FileInputStream(file);
                try {
                    EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(fileInputStream);
                    encryptedPrivateKeyInfo.getAlgorithmID();
                    PrivateKey decrypt = encryptedPrivateKeyInfo.decrypt(new PBEKeySpec(cArr));
                    PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr2);
                    PrivateKeyInfo privateKeyInfo = new PrivateKeyInfo(decrypt);
                    AlgorithmID algorithmID = new AlgorithmID("1.2.410.200004.1.15");
                    AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("PBE");
                    byte[] bArr = new byte[8];
                    SecureRandom.getInstance("X9.17", "Initech").nextBytes(bArr);
                    algorithmParameters.init(new PBEParameterSpec(bArr, 2048));
                    algorithmID.setParameter(algorithmParameters.getEncoded());
                    EncryptedPrivateKeyInfo encryptedPrivateKeyInfo2 = new EncryptedPrivateKeyInfo(privateKeyInfo, pBEKeySpec, algorithmID);
                    byte[] bArr2 = new byte[512];
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(encryptedPrivateKeyInfo2.getEncoded());
                    File file2 = new File(getPrivateKeyPath() + ".tmp");
                    file2.createNewFile();
                    FileOutputStream fileOutputStream = new FileOutputStream(file2);
                    while (true) {
                        int read = byteArrayInputStream.read(bArr2);
                        if (read == -1) {
                            break;
                        }
                        fileOutputStream.write(bArr2, 0, read);
                        fileOutputStream.flush();
                    }
                    fileInputStream.close();
                    fileOutputStream.close();
                    byteArrayInputStream.close();
                    File file3 = new File(getPrivateKeyPath() + ".orgbak");
                    if (file.renameTo(file3)) {
                        if (file2.renameTo(file)) {
                            CertificateEntry kmCertificateEntry = getKmCertificateEntry();
                            if (kmCertificateEntry == null || kmCertificateEntry.changePassword(cArr, cArr2)) {
                                Logger.debug("[v1.5.42]DefaultFileCertificateEntry", "changePassword", "Removed bak file : " + file3.delete());
                                try {
                                    fileInputStream.close();
                                } catch (Exception e) {
                                }
                                return true;
                            }
                            Logger.error("[v1.5.42]DefaultFileCertificateEntry", "changePassword", "Km Entry is invalid");
                            Logger.debug("[v1.5.42]DefaultFileCertificateEntry", "changePassword", "Recorv result (delete) : " + file.delete() + ", (orgbak -> key) : " + file3.renameTo(file));
                            try {
                                fileInputStream.close();
                                return false;
                            } catch (Exception e2) {
                                return false;
                            }
                        }
                        Logger.error("[v1.5.42]DefaultFileCertificateEntry", "changePassword", "rename error (tmp -> key)");
                        Logger.debug("[v1.5.42]DefaultFileCertificateEntry", "changePassword", "Recorv result (orgbak -> key) : " + file3.renameTo(file));
                    }
                    Logger.warn("[v1.5.42]DefaultFileCertificateEntry", "changePassword", "File rename proc error");
                    try {
                        fileInputStream.close();
                        return false;
                    } catch (Exception e3) {
                        return false;
                    }
                } catch (Exception e4) {
                    e = e4;
                    Logger.error("[v1.5.42]DefaultFileCertificateEntry", "", e.getMessage());
                    try {
                        fileInputStream.close();
                        return false;
                    } catch (Exception e5) {
                        return false;
                    }
                }
            } catch (Throwable th) {
                th = th;
                try {
                    fileInputStream2.close();
                } catch (Exception e6) {
                }
                throw th;
            }
        } catch (Exception e7) {
            e = e7;
            fileInputStream = null;
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2.close();
            throw th;
        }
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public void checkVid() {
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public OtherCertificateConsist getCertConsist() {
        return null;
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public X509Certificate getCertificate() {
        if (this.a == null) {
            String str = !isKm() ? this.b + "/signCert.der" : this.b + "/kmCert.der";
            if (new File(str).exists() && new File(getPrivateKeyPath()).exists()) {
                this.a = Util.convertX509Certificate(str);
            }
        }
        return this.a;
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public String getCertifycateType() {
        return CertificateEntry.DEFAULT_NPKI_FILEBASE;
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public String getEntryID() {
        return this.b;
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public CertificateEntry getKmCertificateEntry() {
        if (!isKm() && new File(this.b + "/kmCert.der").isFile() && new File(this.b + "/kmPri.key").isFile()) {
            return new DefaultFileCertificateEntry(true, this.b);
        }
        return null;
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public String getPrivateKeyPath() {
        return !isKm() ? this.b + "/signPri.key" : this.b + "/kmPri.key";
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public String getStorageType() {
        return CertificateEntry.STORAGE_TYPE_SDCARD;
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public byte[] getVidR(char[] cArr) {
        return null;
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public boolean isKm() {
        return this.d;
    }

    protected byte[] parseVID(byte[] bArr) throws ASN1Exception {
        Attribute attribute = new PrivateKeyInfo(bArr).getAttribute("1.2.410.200004.10.1.1.3");
        if (attribute == null || attribute.size() <= 0) {
            return null;
        }
        try {
            return new BERDecoder(attribute.attributeAt(0)).decodeBitString().getAsByteArray();
        } catch (Exception e) {
            return null;
        }
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public boolean removeEntry() {
        boolean delete = new File(this.b + "/signCert.der").delete() & true & new File(this.b + "/signPri.key").delete();
        new File(this.b + "/kmCert.der").delete();
        new File(this.b + "/kmPri.key").delete();
        new File(this.b + "/CaPubs").delete();
        return delete & new File(this.b).delete();
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public boolean removeEntry(String str) {
        return false;
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public byte[] signPkcs1(char[] cArr, byte[] bArr) {
        return null;
    }

    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public byte[] signPkcs7(char[] cArr, byte[] bArr) {
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.initech.android.sfilter.plugin.pki.CertificateEntry
    public void tryLoadToken(X509TokenChallenger x509TokenChallenger) throws InvalidChallengerException {
        FileInputStream fileInputStream;
        byte[] bArr = null;
        Object[] objArr = 0;
        if (!(x509TokenChallenger instanceof DefaultNPKIX509TokenChallenger)) {
            throw new InvalidChallengerException("Challenger is able to accept only DefaultNPKIX509TokenChallenger");
        }
        DefaultNPKIX509TokenChallenger defaultNPKIX509TokenChallenger = (DefaultNPKIX509TokenChallenger) x509TokenChallenger;
        try {
            try {
                fileInputStream = new FileInputStream(getPrivateKeyPath());
                try {
                    PrivateKey decrypt = new EncryptedPrivateKeyInfo(fileInputStream).decrypt(new PBEKeySpec(defaultNPKIX509TokenChallenger.getPassword()));
                    if (!CertUtil.isKROID(getCertificate()) || isKm()) {
                        try {
                            bArr = parseVID(decrypt.getEncoded());
                        } catch (Exception e) {
                            Logger.debug("[v1.5.42]DefaultFileCertificateEntry", "tryLoadToken", "VIDR parse failed. but the certificate does not apply to npki. " + getCertificate().getSubjectDN());
                        }
                    } else {
                        bArr = parseVID(decrypt.getEncoded());
                    }
                    FileX509Token fileX509Token = new FileX509Token(getEntryID(), getCertificate(), decrypt, bArr);
                    Logger.debug("[v1.5.42]DefaultFileCertificateEntry", "tryLoadToken", "loaded");
                    x509TokenChallenger.onLoadSuccess(fileX509Token);
                    try {
                        fileInputStream.close();
                    } catch (Exception e2) {
                    }
                } catch (Exception e3) {
                    e = e3;
                    Logger.debug("[v1.5.42]DefaultFileCertificateEntry", "tryLoadToken", "", e);
                    x509TokenChallenger.onLoadFailed(this);
                    try {
                        fileInputStream.close();
                    } catch (Exception e4) {
                    }
                }
            } catch (Throwable th) {
                th = th;
                try {
                    (objArr == true ? 1 : 0).close();
                } catch (Exception e5) {
                }
                throw th;
            }
        } catch (Exception e6) {
            e = e6;
            fileInputStream = null;
        } catch (Throwable th2) {
            th = th2;
            (objArr == true ? 1 : 0).close();
            throw th;
        }
    }
}
