package com.ibm.gsk.ikeyman.io;

import com.ibm.gsk.ikeyman.error.InternalKeyManagerException;
import com.ibm.gsk.ikeyman.error.KeyManagerException;
import com.ibm.gsk.ikeyman.keystore.entry.EntryFactory;
import com.ibm.gsk.ikeyman.util.KeymanSettings;
import com.ibm.gsk.ikeyman.util.KeymanUtil;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.AuthorityKeyIdentifierExtension;
import com.ibm.security.x509.BasicConstraintsExtension;
import com.ibm.security.x509.CertificateAlgorithmId;
import com.ibm.security.x509.CertificateExtensions;
import com.ibm.security.x509.CertificateSerialNumber;
import com.ibm.security.x509.CertificateValidity;
import com.ibm.security.x509.CertificateX509Key;
import com.ibm.security.x509.GeneralNames;
import com.ibm.security.x509.KeyIdentifier;
import com.ibm.security.x509.SerialNumber;
import com.ibm.security.x509.SubjectKeyIdentifierExtension;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509CertInfo;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;

/* loaded from: input_file:com/ibm/gsk/ikeyman/io/BlankPKCS12File.class */
public class BlankPKCS12File {
    private static final String KEYSTORE_NAME = "PKCS12";
    private KeyStore keyStore;

    public BlankPKCS12File() throws KeyManagerException {
        try {
            this.keyStore = KeyStore.getInstance(KEYSTORE_NAME);
            this.keyStore.load(null, null);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            KeymanUtil.getJCEProviderName();
            this.keyStore.setCertificateEntry("dummy", generateDummyCertificate("cn=dummyCert", generateKeyPair, 7000));
        } catch (IOException e) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.IO_ERROR, e);
        } catch (KeyStoreException e2) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.KEY_STORE_TYPE_NOT_FOUND, e2, new String[]{KEYSTORE_NAME});
        } catch (NoSuchAlgorithmException e3) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_ALGORITHM, e3, new String[]{e3.getMessage()});
        } catch (CertificateException e4) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.CERTIFICATE_LOAD_ERROR, e4);
        }
    }

    public void store(char[] cArr, String str) throws KeyManagerException {
        try {
            LockedFileOutputStream lockedFileOutputStream = new LockedFileOutputStream(str);
            this.keyStore.store(lockedFileOutputStream, cArr);
            lockedFileOutputStream.close();
        } catch (FileNotFoundException e) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.OUTPUT_FILE_CREATION_ERROR, e, new String[]{str});
        } catch (IOException e2) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.IO_ERROR, e2);
        } catch (KeyStoreException e3) {
            KeyManagerException.ExceptionReason exceptionReason = KeyManagerException.ExceptionReason.BLANK_PKCS12_STORE_ERROR;
            String[] strArr = new String[1];
            strArr[0] = e3.getMessage() != null ? e3.getMessage() : e3.toString();
            throw new KeyManagerException(exceptionReason, e3, strArr);
        } catch (NoSuchAlgorithmException e4) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_ALGORITHM, e4, new String[]{e4.getMessage()});
        } catch (CertificateException e5) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.CERTIFICATE_STORE_ERROR, e5);
        }
    }

    private X509Certificate generateDummyCertificate(String str, KeyPair keyPair, int i) throws KeyManagerException {
        String jCEProviderNameLegacy;
        String jCEProviderName = KeymanUtil.getJCEProviderName();
        X509CertInfo x509CertInfo = new X509CertInfo(jCEProviderName);
        String str2 = KeymanSettings.DEFAULT_SIGNATURE_ALGORITHM;
        try {
            X500Name x500Name = new X500Name(str);
            PublicKey publicKey = keyPair.getPublic();
            PrivateKey privateKey = keyPair.getPrivate();
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(6, i);
            x509CertInfo.set("validity", new CertificateValidity(calendar.getTime(), calendar2.getTime()));
            x509CertInfo.set("serialNumber", new CertificateSerialNumber((int) (calendar.getTime().getTime() / 1000)));
            x509CertInfo.set("subject", x500Name);
            x509CertInfo.set("issuer", x500Name);
            x509CertInfo.set("key", new CertificateX509Key(publicKey));
            x509CertInfo.set("version", KeymanSettings.DEFAULT_CERTIFICATE_VERSION);
            x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.get(str2)));
            CertificateExtensions certificateExtensions = new CertificateExtensions();
            certificateExtensions.set("BasicConstraints", new BasicConstraintsExtension(false, 0));
            KeyIdentifier keyIdentifier = new KeyIdentifier(EntryFactory.getKeyIdentifier(publicKey));
            certificateExtensions.set("SubjectKeyIdentifier", new SubjectKeyIdentifierExtension(keyIdentifier.getIdentifier()));
            certificateExtensions.set("AuthorityKeyIdentifier", new AuthorityKeyIdentifierExtension(keyIdentifier, (GeneralNames) null, (SerialNumber) null));
            x509CertInfo.set("extensions", certificateExtensions);
            X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo, jCEProviderName);
            if (KeymanUtil.isIBMJCE()) {
                try {
                    x509CertImpl.sign(privateKey, str2, jCEProviderName);
                } catch (NoSuchAlgorithmException e) {
                    if (!KeymanUtil.isIBMJCEPlusModeOn() || (jCEProviderNameLegacy = KeymanUtil.getJCEProviderNameLegacy()) == null) {
                        throw e;
                    }
                    x509CertImpl.sign(privateKey, str2, jCEProviderNameLegacy);
                }
            } else {
                x509CertImpl.sign(privateKey, str2);
            }
            return x509CertImpl;
        } catch (IOException e2) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.IO_ERROR, e2);
        } catch (InvalidKeyException e3) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_KEY_FOR_SIGNING, e3, new String[]{str});
        } catch (NoSuchAlgorithmException e4) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_ALGORITHM, e4, new String[]{str2});
        } catch (NoSuchProviderException e5) {
            throw new InternalKeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_PROVIDER, e5, new String[]{jCEProviderName});
        } catch (SignatureException e6) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.SIGNATURE_ERROR, e6, new String[]{str});
        } catch (CertificateException e7) {
            if (e7.getMessage().contains("Invalid version")) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_CERTIFICATE_VERSION, e7, new String[]{str});
            }
            throw new KeyManagerException(KeyManagerException.ExceptionReason.CERTIFICATE_CREATE_ERROR, e7);
        }
    }
}
