package libcore.java.security;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.crypto.spec.DHParameterSpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.x500.X500Principal;
import libcore.javax.net.ssl.TestKeyManager;
import libcore.javax.net.ssl.TestTrustManager;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.OCSPRespBuilder;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.junit.Assert;
import org.mockftpserver.stub.command.PassCommandHandler;

/* loaded from: input_file:libcore/java/security/TestKeyStore.class */
public final class TestKeyStore {
    private static final int DSA_KEY_SIZE_BITS = 1024;
    private static final int EC_KEY_SIZE_BITS = 256;
    private static final int RSA_KEY_SIZE_BITS = 1024;
    private static final BigInteger DH_PARAMS_P = new BigInteger(1, new byte[]{-94, 49, -76, -77, 109, -101, 126, -12, -25, 33, 81, 64, -21, -58, -74, -42, 84, 86, 114, -66, 67, 24, 48, 92, 21, 90, -7, 25, 98, -83, -12, 41, -53, -58, -10, 100, 11, -99, 35, Byte.MIN_VALUE, -7, 91, 28, 28, 106, -76, -22, -71, Byte.MIN_VALUE, -104, -117, -81, 21, -88, 92, -60, -80, 65, 41, 102, -97, -97, 31, -120, 80, -105, 56, 11, 1, 22, -42, -124, 29, 72, 111, 124, 6, -116, 110, 104, -51, 56, -26, 34, 48, 97, 55, 2, 61, 71, 98, -50, -71, 26, 105, -99, -95, -97, 16, -95, -86, 112, -9, 39, -100, -44, -91, 21, -30, 21, 12, 32, -112, 8, -74, -11, -33, 28, -53, -126, 109, -64, -31, -67, -52, 74, 118, -29});
    private static final BigInteger DH_PARAMS_G = BigInteger.valueOf(2);
    private static TestKeyStore ROOT_CA;
    private static TestKeyStore INTERMEDIATE_CA;
    private static TestKeyStore INTERMEDIATE_CA_2;
    private static TestKeyStore INTERMEDIATE_CA_EC;
    private static TestKeyStore SERVER;
    private static TestKeyStore CLIENT;
    private static TestKeyStore CLIENT_CERTIFICATE;
    private static TestKeyStore CLIENT_EC_RSA_CERTIFICATE;
    private static TestKeyStore CLIENT_EC_EC_CERTIFICATE;
    private static TestKeyStore CLIENT_2;
    private static final byte[] LOCAL_HOST_ADDRESS;
    private static final String LOCAL_HOST_NAME = "localhost";
    public final KeyStore keyStore;
    public final char[] storePassword;
    public final char[] keyPassword;
    public final KeyManager[] keyManagers;
    public final TrustManager[] trustManagers;
    public final TestTrustManager trustManager;

    /* loaded from: input_file:libcore/java/security/TestKeyStore$Builder.class */
    public static class Builder {
        private char[] storePassword;
        private char[] keyPassword;
        private String aliasPrefix;
        private int keyUsage;
        private boolean ca;
        private KeyStore.PrivateKeyEntry privateEntry;
        private KeyStore.PrivateKeyEntry signer;
        private Certificate rootCa;
        private String[] keyAlgorithms = {"RSA"};
        private final List<KeyPurposeId> extendedKeyUsages = new ArrayList();
        private final List<Boolean> criticalExtendedKeyUsages = new ArrayList();
        private final List<GeneralName> subjectAltNames = new ArrayList();
        private final List<GeneralSubtree> permittedNameConstraints = new ArrayList();
        private final List<GeneralSubtree> excludedNameConstraints = new ArrayList();
        private BigInteger certificateSerialNumber = null;
        private X500Principal subject = localhost();

        public Builder keyAlgorithms(String... strArr) {
            this.keyAlgorithms = strArr;
            return this;
        }

        public Builder aliasPrefix(String str) {
            this.aliasPrefix = str;
            return this;
        }

        public Builder subject(X500Principal x500Principal) {
            this.subject = x500Principal;
            return this;
        }

        public Builder subject(String str) {
            return subject(new X500Principal(str));
        }

        public Builder keyUsage(int i) {
            this.keyUsage = i;
            return this;
        }

        public Builder ca(boolean z) {
            this.ca = z;
            return this;
        }

        public Builder privateEntry(KeyStore.PrivateKeyEntry privateKeyEntry) {
            this.privateEntry = privateKeyEntry;
            return this;
        }

        public Builder signer(KeyStore.PrivateKeyEntry privateKeyEntry) {
            this.signer = privateKeyEntry;
            return this;
        }

        public Builder rootCa(Certificate certificate) {
            this.rootCa = certificate;
            return this;
        }

        public Builder addExtendedKeyUsage(KeyPurposeId keyPurposeId, boolean z) {
            this.extendedKeyUsages.add(keyPurposeId);
            this.criticalExtendedKeyUsages.add(Boolean.valueOf(z));
            return this;
        }

        public Builder addSubjectAltName(GeneralName generalName) {
            this.subjectAltNames.add(generalName);
            return this;
        }

        public Builder addSubjectAltNameIpAddress(byte[] bArr) {
            return addSubjectAltName(new GeneralName(7, new DEROctetString(bArr)));
        }

        private Builder addNameConstraint(boolean z, GeneralName generalName) {
            if (z) {
                this.permittedNameConstraints.add(new GeneralSubtree(generalName));
            } else {
                this.excludedNameConstraints.add(new GeneralSubtree(generalName));
            }
            return this;
        }

        public Builder addNameConstraint(boolean z, byte[] bArr) {
            return addNameConstraint(z, new GeneralName(7, new DEROctetString(bArr)));
        }

        public Builder certificateSerialNumber(BigInteger bigInteger) {
            this.certificateSerialNumber = bigInteger;
            return this;
        }

        public TestKeyStore build() {
            try {
                if (StandardNames.IS_RI) {
                    if (this.storePassword == null) {
                        this.storePassword = PassCommandHandler.PASSWORD_KEY.toCharArray();
                    }
                    if (this.keyPassword == null) {
                        this.keyPassword = PassCommandHandler.PASSWORD_KEY.toCharArray();
                    }
                }
                if (this.privateEntry != null && (this.keyAlgorithms.length != 1 || !"RSA".equals(this.keyAlgorithms[0]))) {
                    throw new IllegalStateException("Only reusing an existing key is implemented for RSA");
                }
                KeyStore createKeyStore = TestKeyStore.createKeyStore();
                for (String str : this.keyAlgorithms) {
                    String str2 = this.aliasPrefix + "-public-" + str;
                    String str3 = this.aliasPrefix + "-private-" + str;
                    if ((str.equals("EC_RSA") || str.equals("DH_RSA")) && this.signer == null && this.rootCa == null) {
                        createKeys(createKeyStore, str, str2, str3, null, TestKeyStore.privateKey(createKeyStore, this.keyPassword, "RSA", "RSA"));
                    } else if (str.equals("DH_DSA") && this.signer == null && this.rootCa == null) {
                        createKeys(createKeyStore, str, str2, str3, null, TestKeyStore.privateKey(createKeyStore, this.keyPassword, "DSA", "DSA"));
                    } else {
                        createKeys(createKeyStore, str, str2, str3, this.privateEntry, this.signer);
                    }
                }
                if (this.rootCa != null) {
                    createKeyStore.setCertificateEntry(this.aliasPrefix + "-root-ca-" + this.rootCa.getPublicKey().getAlgorithm(), this.rootCa);
                }
                return new TestKeyStore(createKeyStore, this.storePassword, this.keyPassword);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }

        private KeyStore createKeys(KeyStore keyStore, String str, String str2, String str3, KeyStore.PrivateKeyEntry privateKeyEntry, KeyStore.PrivateKeyEntry privateKeyEntry2) throws Exception {
            PrivateKey privateKey;
            X509Certificate x509Certificate;
            X509Certificate[] x509CertificateArr;
            PrivateKey privateKey2;
            PublicKey publicKey;
            X509Certificate createCertificate;
            X509Certificate[] x509CertificateArr2;
            if (privateKeyEntry2 == null) {
                privateKey = null;
                x509Certificate = null;
                x509CertificateArr = null;
            } else {
                privateKey = privateKeyEntry2.getPrivateKey();
                x509Certificate = (X509Certificate) privateKeyEntry2.getCertificate();
                x509CertificateArr = (X509Certificate[]) privateKeyEntry2.getCertificateChain();
            }
            if (str2 == null && str3 == null) {
                privateKey2 = null;
                createCertificate = null;
            } else {
                if (privateKeyEntry == null) {
                    int i = -1;
                    DHParameterSpec dHParameterSpec = null;
                    if (str.equals("RSA")) {
                        i = 1024;
                    } else if (str.equals("DH_RSA")) {
                        dHParameterSpec = new DHParameterSpec(TestKeyStore.DH_PARAMS_P, TestKeyStore.DH_PARAMS_G);
                        str = "DH";
                    } else if (str.equals("DSA")) {
                        i = 1024;
                    } else if (str.equals("DH_DSA")) {
                        dHParameterSpec = new DHParameterSpec(TestKeyStore.DH_PARAMS_P, TestKeyStore.DH_PARAMS_G);
                        str = "DH";
                    } else if (str.equals("EC")) {
                        i = 256;
                    } else {
                        if (!str.equals("EC_RSA")) {
                            throw new IllegalArgumentException("Unknown key algorithm " + str);
                        }
                        i = 256;
                        str = "EC";
                    }
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
                    if (dHParameterSpec != null) {
                        keyPairGenerator.initialize(dHParameterSpec);
                    } else {
                        if (i == -1) {
                            throw new AssertionError("Must either have set algorithm parameters or key size!");
                        }
                        keyPairGenerator.initialize(i);
                    }
                    KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                    privateKey2 = generateKeyPair.getPrivate();
                    publicKey = generateKeyPair.getPublic();
                } else {
                    privateKey2 = privateKeyEntry.getPrivateKey();
                    publicKey = privateKeyEntry.getCertificate().getPublicKey();
                }
                createCertificate = TestKeyStore.createCertificate(publicKey, privateKey == null ? privateKey2 : privateKey, this.subject, x509Certificate != null ? x509Certificate.getSubjectX500Principal() : this.subject, this.keyUsage, this.ca, this.extendedKeyUsages, this.criticalExtendedKeyUsages, this.subjectAltNames, this.permittedNameConstraints, this.excludedNameConstraints, this.certificateSerialNumber);
            }
            if (str3 == null) {
                x509CertificateArr2 = null;
            } else if (x509CertificateArr == null) {
                x509CertificateArr2 = new X509Certificate[]{createCertificate};
            } else {
                x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
                x509CertificateArr2[0] = createCertificate;
                System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 1, x509CertificateArr.length);
            }
            if (str3 != null) {
                keyStore.setKeyEntry(str3, privateKey2, this.keyPassword, x509CertificateArr2);
            }
            if (str2 != null) {
                keyStore.setCertificateEntry(str2, createCertificate);
            }
            return keyStore;
        }

        private X500Principal localhost() {
            return new X500Principal("CN=Local Host");
        }
    }

    private TestKeyStore(KeyStore keyStore, char[] cArr, char[] cArr2) {
        this.keyStore = keyStore;
        this.storePassword = cArr;
        this.keyPassword = cArr2;
        this.keyManagers = createKeyManagers(keyStore, cArr);
        this.trustManagers = createTrustManagers(keyStore);
        this.trustManager = (TestTrustManager) this.trustManagers[0];
    }

    public static KeyManager[] createKeyManagers(KeyStore keyStore, char[] cArr) {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, cArr);
            return TestKeyManager.wrap(keyManagerFactory.getKeyManagers());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static TrustManager[] createTrustManagers(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return TestTrustManager.wrap(trustManagerFactory.getTrustManagers());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static synchronized void initCerts() {
        if (ROOT_CA != null) {
            return;
        }
        ROOT_CA = new Builder().aliasPrefix("RootCA").subject("CN=Test Root Certificate Authority").ca(true).certificateSerialNumber(BigInteger.valueOf(1L)).build();
        INTERMEDIATE_CA_EC = new Builder().aliasPrefix("IntermediateCA-EC").keyAlgorithms("EC").subject("CN=Test Intermediate Certificate Authority ECDSA").ca(true).signer(ROOT_CA.getPrivateKey("RSA", "RSA")).rootCa(ROOT_CA.getRootCertificate("RSA")).certificateSerialNumber(BigInteger.valueOf(2L)).build();
        INTERMEDIATE_CA = new Builder().aliasPrefix("IntermediateCA").subject("CN=Test Intermediate Certificate Authority").ca(true).signer(ROOT_CA.getPrivateKey("RSA", "RSA")).rootCa(ROOT_CA.getRootCertificate("RSA")).certificateSerialNumber(BigInteger.valueOf(2L)).build();
        SERVER = new Builder().aliasPrefix("server").signer(INTERMEDIATE_CA.getPrivateKey("RSA", "RSA")).rootCa(INTERMEDIATE_CA.getRootCertificate("RSA")).addSubjectAltName(new GeneralName(2, LOCAL_HOST_NAME)).certificateSerialNumber(BigInteger.valueOf(3L)).build();
        CLIENT = new TestKeyStore(createClient(INTERMEDIATE_CA.keyStore), null, null);
        CLIENT_EC_RSA_CERTIFICATE = new Builder().aliasPrefix("client-ec").keyAlgorithms("EC").subject("emailAddress=test-ec@user").signer(INTERMEDIATE_CA.getPrivateKey("RSA", "RSA")).rootCa(INTERMEDIATE_CA.getRootCertificate("RSA")).build();
        CLIENT_EC_EC_CERTIFICATE = new Builder().aliasPrefix("client-ec").keyAlgorithms("EC").subject("emailAddress=test-ec@user").signer(INTERMEDIATE_CA_EC.getPrivateKey("EC", "RSA")).rootCa(INTERMEDIATE_CA_EC.getRootCertificate("RSA")).build();
        CLIENT_CERTIFICATE = new Builder().aliasPrefix("client").subject("emailAddress=test@user").signer(INTERMEDIATE_CA.getPrivateKey("RSA", "RSA")).rootCa(INTERMEDIATE_CA.getRootCertificate("RSA")).build();
        TestKeyStore build = new Builder().aliasPrefix("RootCA2").subject("CN=Test Root Certificate Authority 2").ca(true).build();
        INTERMEDIATE_CA_2 = new Builder().aliasPrefix("IntermediateCA").subject("CN=Test Intermediate Certificate Authority").ca(true).signer(build.getPrivateKey("RSA", "RSA")).rootCa(build.getRootCertificate("RSA")).build();
        CLIENT_2 = new TestKeyStore(createClient(build.keyStore), null, null);
    }

    public static TestKeyStore getRootCa() {
        initCerts();
        return ROOT_CA;
    }

    public static TestKeyStore getIntermediateCa() {
        initCerts();
        return INTERMEDIATE_CA;
    }

    public static TestKeyStore getIntermediateCa2() {
        initCerts();
        return INTERMEDIATE_CA_2;
    }

    public static TestKeyStore getServer() {
        initCerts();
        return SERVER;
    }

    public static TestKeyStore getClient() {
        initCerts();
        return CLIENT;
    }

    public static TestKeyStore getClientCertificate() {
        initCerts();
        return CLIENT_CERTIFICATE;
    }

    public static TestKeyStore getClientEcRsaCertificate() {
        initCerts();
        return CLIENT_EC_RSA_CERTIFICATE;
    }

    public static TestKeyStore getClientEcEcCertificate() {
        initCerts();
        return CLIENT_EC_EC_CERTIFICATE;
    }

    public static TestKeyStore getClientCA2() {
        initCerts();
        return CLIENT_2;
    }

    public static X509Certificate createCa(PublicKey publicKey, PrivateKey privateKey, String str) {
        try {
            X500Principal x500Principal = new X500Principal(str);
            return createCertificate(publicKey, privateKey, x500Principal, x500Principal, 0, true, new ArrayList(), new ArrayList(), new ArrayList(), new ArrayList(), new ArrayList(), null);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509Certificate createCertificate(PublicKey publicKey, PrivateKey privateKey, X500Principal x500Principal, X500Principal x500Principal2, int i, boolean z, List<KeyPurposeId> list, List<Boolean> list2, List<GeneralName> list3, List<GeneralSubtree> list4, List<GeneralSubtree> list5, BigInteger bigInteger) throws Exception {
        String str;
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis - 86400000);
        Date date2 = new Date(currentTimeMillis + 86400000);
        String algorithm = privateKey.getAlgorithm();
        if (algorithm.equals("RSA")) {
            str = "sha256WithRSA";
        } else if (algorithm.equals("DSA")) {
            str = "sha256WithDSA";
        } else if (algorithm.equals("EC")) {
            str = "sha256WithECDSA";
        } else {
            if (!algorithm.equals("EC_RSA")) {
                throw new IllegalArgumentException("Unknown key algorithm " + algorithm);
            }
            str = "sha256WithRSA";
        }
        if (bigInteger == null) {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            bigInteger = new BigInteger(1, bArr);
        }
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(X500Name.getInstance(x500Principal2.getEncoded()), bigInteger, date, date2, X500Name.getInstance(x500Principal.getEncoded()), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        if (i != 0) {
            x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(i));
        }
        if (z) {
            x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
        }
        for (int i2 = 0; i2 < list.size(); i2++) {
            x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, list2.get(i2).booleanValue(), new ExtendedKeyUsage(list.get(i2)));
        }
        Iterator<GeneralName> it = list3.iterator();
        while (it.hasNext()) {
            x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(it.next()).getEncoded());
        }
        if (!list4.isEmpty() || !list5.isEmpty()) {
            x509v3CertificateBuilder.addExtension(Extension.nameConstraints, true, (ASN1Encodable) new NameConstraints((GeneralSubtree[]) list4.toArray(new GeneralSubtree[list4.size()]), (GeneralSubtree[]) list5.toArray(new GeneralSubtree[list5.size()])));
        }
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(str).build(privateKey)).getEncoded()));
        if (StandardNames.IS_RI) {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()));
        }
        return x509Certificate;
    }

    public static String keyAlgorithm(String str) {
        int indexOf = str.indexOf(95);
        return indexOf == -1 ? str : str.substring(0, indexOf);
    }

    public static String signatureAlgorithm(String str) {
        int indexOf = str.indexOf(95);
        return indexOf == -1 ? str : str.substring(indexOf + 1, str.length());
    }

    public static KeyStore createKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(StandardNames.KEY_STORE_ALGORITHM);
            keyStore.load(null, null);
            return keyStore;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public KeyStore.PrivateKeyEntry getPrivateKey(String str, String str2) {
        return privateKey(this.keyStore, this.keyPassword, str, str2);
    }

    public static KeyStore.PrivateKeyEntry privateKey(KeyStore keyStore, char[] cArr, String str, String str2) {
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = null;
            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(cArr);
            Iterator it = Collections.list(keyStore.aliases()).iterator();
            while (it.hasNext()) {
                String str3 = (String) it.next();
                if (keyStore.entryInstanceOf(str3, KeyStore.PrivateKeyEntry.class)) {
                    KeyStore.PrivateKeyEntry privateKeyEntry2 = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str3, passwordProtection);
                    if (privateKeyEntry2.getPrivateKey().getAlgorithm().equals(str) && ((X509Certificate) privateKeyEntry2.getCertificate()).getSigAlgName().contains(str2)) {
                        if (privateKeyEntry != null) {
                            throw new IllegalStateException("KeyStore has more than one private key for keyAlgorithm: " + str + " signatureAlgorithm: " + str2 + "\nfirst: " + privateKeyEntry.getPrivateKey() + "\nsecond: " + privateKeyEntry2.getPrivateKey());
                        }
                        privateKeyEntry = privateKeyEntry2;
                    }
                }
            }
            if (privateKeyEntry == null) {
                throw new IllegalStateException("KeyStore contained no private key for keyAlgorithm: " + str + " signatureAlgorithm: " + str2);
            }
            return privateKeyEntry;
        } catch (Exception e) {
            throw new RuntimeException("Problem getting key for " + str + " and signature " + str2, e);
        }
    }

    public Certificate getIssuer(Certificate certificate) throws Exception {
        return issuer(this.keyStore, certificate);
    }

    public static Certificate issuer(KeyStore keyStore, Certificate certificate) throws Exception {
        if (!(certificate instanceof X509Certificate)) {
            throw new IllegalStateException("issuer requires an X509Certificate, found " + certificate);
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        Certificate certificate2 = null;
        Iterator it = Collections.list(keyStore.aliases()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (keyStore.entryInstanceOf(str, KeyStore.TrustedCertificateEntry.class)) {
                Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) keyStore.getEntry(str, null)).getTrustedCertificate();
                if (trustedCertificate instanceof X509Certificate) {
                    if (!x509Certificate.getIssuerDN().equals(((X509Certificate) trustedCertificate).getSubjectDN())) {
                        continue;
                    } else {
                        if (certificate2 != null) {
                            throw new IllegalStateException("KeyStore has more than one issuing CA for " + x509Certificate + "\nfirst: " + certificate2 + "\nsecond: " + trustedCertificate);
                        }
                        certificate2 = trustedCertificate;
                    }
                } else {
                    continue;
                }
            }
        }
        if (certificate2 == null) {
            throw new IllegalStateException("KeyStore contained no issuing CA for " + x509Certificate);
        }
        return certificate2;
    }

    public X509Certificate getRootCertificate(String str) {
        return rootCertificate(this.keyStore, str);
    }

    private static OCSPResp generateOCSPResponse(KeyStore.PrivateKeyEntry privateKeyEntry, KeyStore.PrivateKeyEntry privateKeyEntry2, CertificateStatus certificateStatus) throws CertificateException {
        try {
            X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
            X509Certificate x509Certificate2 = (X509Certificate) privateKeyEntry2.getCertificate();
            JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(x509Certificate2);
            BcDigestCalculatorProvider bcDigestCalculatorProvider = new BcDigestCalculatorProvider();
            BasicOCSPRespBuilder basicOCSPRespBuilder = new BasicOCSPRespBuilder(SubjectPublicKeyInfo.getInstance(x509Certificate2.getPublicKey().getEncoded()), bcDigestCalculatorProvider.get(CertificateID.HASH_SHA1));
            basicOCSPRespBuilder.addResponse(new CertificateID(bcDigestCalculatorProvider.get(CertificateID.HASH_SHA1), jcaX509CertificateHolder, x509Certificate.getSerialNumber()), certificateStatus);
            return new OCSPRespBuilder().build(0, basicOCSPRespBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(privateKeyEntry2.getPrivateKey()), null, new Date()));
        } catch (Exception e) {
            throw new CertificateException("cannot generate OCSP response", e);
        }
    }

    public static byte[] getOCSPResponseForGood(KeyStore.PrivateKeyEntry privateKeyEntry, KeyStore.PrivateKeyEntry privateKeyEntry2) throws CertificateException {
        try {
            return generateOCSPResponse(privateKeyEntry, privateKeyEntry2, CertificateStatus.GOOD).getEncoded();
        } catch (IOException e) {
            throw new CertificateException(e);
        }
    }

    public static byte[] getOCSPResponseForRevoked(KeyStore.PrivateKeyEntry privateKeyEntry, KeyStore.PrivateKeyEntry privateKeyEntry2) throws CertificateException {
        try {
            return generateOCSPResponse(privateKeyEntry, privateKeyEntry2, new RevokedStatus(new Date(), 1)).getEncoded();
        } catch (IOException e) {
            throw new CertificateException(e);
        }
    }

    public static X509Certificate rootCertificate(KeyStore keyStore, String str) {
        try {
            X509Certificate x509Certificate = null;
            Iterator it = Collections.list(keyStore.aliases()).iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                if (keyStore.entryInstanceOf(str2, KeyStore.TrustedCertificateEntry.class)) {
                    Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) keyStore.getEntry(str2, null)).getTrustedCertificate();
                    if (trustedCertificate.getPublicKey().getAlgorithm().equals(str) && (trustedCertificate instanceof X509Certificate)) {
                        X509Certificate x509Certificate2 = (X509Certificate) trustedCertificate;
                        if (x509Certificate2.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
                            if (x509Certificate != null) {
                                throw new IllegalStateException("KeyStore has more than one root CA for " + str + "\nfirst: " + x509Certificate + "\nsecond: " + trustedCertificate);
                            }
                            x509Certificate = x509Certificate2;
                        }
                    }
                }
            }
            if (x509Certificate == null) {
                throw new IllegalStateException("KeyStore contained no root CA for " + str);
            }
            return x509Certificate;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public KeyStore.Entry getEntryByAlias(String str) {
        return entryByAlias(this.keyStore, str);
    }

    public static KeyStore.Entry entryByAlias(KeyStore keyStore, String str) {
        try {
            return keyStore.getEntry(str, null);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            throw new RuntimeException(e);
        }
    }

    public static KeyStore createClient(KeyStore keyStore) {
        KeyStore createKeyStore = createKeyStore();
        copySelfSignedCertificates(createKeyStore, keyStore);
        return createKeyStore;
    }

    public static boolean copySelfSignedCertificates(KeyStore keyStore, KeyStore keyStore2) {
        try {
            boolean z = false;
            Iterator it = Collections.list(keyStore2.aliases()).iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                if (keyStore2.isCertificateEntry(str)) {
                    X509Certificate x509Certificate = (X509Certificate) keyStore2.getCertificate(str);
                    if (x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                        keyStore.setCertificateEntry(str, x509Certificate);
                        z = true;
                    }
                }
            }
            return z;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static boolean copyCertificate(Principal principal, KeyStore keyStore, KeyStore keyStore2) throws Exception {
        Iterator it = Collections.list(keyStore2.aliases()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (keyStore2.isCertificateEntry(str)) {
                X509Certificate x509Certificate = (X509Certificate) keyStore2.getCertificate(str);
                if (x509Certificate.getSubjectDN().equals(principal)) {
                    keyStore.setCertificateEntry(str, x509Certificate);
                    return true;
                }
            }
        }
        return false;
    }

    public void dump(String str) throws KeyStoreException, NoSuchAlgorithmException {
        dump(str, this.keyStore, this.keyPassword);
    }

    public static void dump(String str, KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException {
        String str2;
        PrintStream printStream = System.out;
        printStream.println("context=" + str);
        printStream.println("\tkeyStore=" + keyStore);
        printStream.println("\tkeyStore.type=" + keyStore.getType());
        printStream.println("\tkeyStore.provider=" + keyStore.getProvider());
        printStream.println("\tkeyPassword=" + (cArr == null ? null : new String(cArr)));
        printStream.println("\tsize=" + keyStore.size());
        Iterator it = Collections.list(keyStore.aliases()).iterator();
        while (it.hasNext()) {
            String str3 = (String) it.next();
            printStream.println("alias=" + str3);
            printStream.println("\tcreationDate=" + keyStore.getCreationDate(str3));
            if (keyStore.isCertificateEntry(str3)) {
                printStream.println("\tcertificate:");
                printStream.println("==========================================");
                printStream.println(keyStore.getCertificate(str3));
                printStream.println("==========================================");
            } else if (keyStore.isKeyEntry(str3)) {
                printStream.println("\tkey:");
                printStream.println("==========================================");
                try {
                    str2 = "Key retrieved using password\n" + keyStore.getKey(str3, cArr);
                } catch (UnrecoverableKeyException e) {
                    try {
                        str2 = "Key retrieved without password\n" + keyStore.getKey(str3, null);
                    } catch (UnrecoverableKeyException e2) {
                        str2 = "Key could not be retrieved";
                    }
                }
                printStream.println(str2);
                printStream.println("==========================================");
                Certificate[] certificateChain = keyStore.getCertificateChain(str3);
                if (certificateChain == null) {
                    printStream.println("No certificate chain associated with key");
                    printStream.println("==========================================");
                } else {
                    for (int i = 0; i < certificateChain.length; i++) {
                        printStream.println("Certificate chain element #" + i);
                        printStream.println(certificateChain[i]);
                        printStream.println("==========================================");
                    }
                }
            } else {
                printStream.println("\tunknown entry type");
            }
        }
    }

    public static void assertChainLength(Object[] objArr) {
        Assert.assertEquals(3L, objArr.length);
    }

    static {
        if (StandardNames.IS_RI) {
            Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length + 1);
        } else if (!BouncyCastleProvider.class.getName().startsWith("com.android")) {
            new BouncyCastleProvider();
        }
        LOCAL_HOST_ADDRESS = new byte[]{Byte.MAX_VALUE, 0, 0, 1};
    }
}
