package cn.eseals.crypto;

import cn.eseals.certificate.CommonCertificate;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;

/* loaded from: input_file:cn/eseals/crypto/CertificateStorePKCS12.class */
class CertificateStorePKCS12 implements ICertificateStore {
    private ICryptoProvider provider;
    private char[] password;
    private List<String> keyAliases = new ArrayList();
    private KeyStore ks = KeyStore.getInstance("PKCS12");

    /* JADX INFO: Access modifiers changed from: protected */
    public CertificateStorePKCS12(ICryptoProvider iCryptoProvider, byte[] bArr, String str) throws Exception {
        this.password = null;
        this.password = str.toCharArray();
        this.ks.load(new ByteArrayInputStream(bArr), this.password);
        Enumeration<String> aliases = this.ks.aliases();
        while (aliases.hasMoreElements()) {
            this.keyAliases.add(aliases.nextElement());
        }
        this.provider = iCryptoProvider;
    }

    @Override // cn.eseals.crypto.ICertificateStore
    public int getCount() throws Exception {
        return this.keyAliases.size();
    }

    @Override // cn.eseals.crypto.ICertificateStore
    public byte[] getCertificate(int i) throws Exception {
        if (i < 0 || i >= this.keyAliases.size()) {
            throw new Exception("指定的证书不存在。");
        }
        return this.ks.getCertificate(this.keyAliases.get(i)).getEncoded();
    }

    @Override // cn.eseals.crypto.ICertificateStore
    public IPrivateKey getKey(int i) throws Exception {
        if (i < 0 || i >= this.keyAliases.size()) {
            throw new Exception("指定的证书不存在。");
        }
        return new PrivateKeyRSA(this.provider, this.ks.getKey(this.keyAliases.get(i), this.password));
    }

    @Override // cn.eseals.crypto.ICertificateStore
    public IPrivateKey newKey(String str) throws Exception {
        throw new Exception("This store doesn't support edit.");
    }

    @Override // cn.eseals.crypto.ICertificateStore
    public byte[] backup(IPrivateKey iPrivateKey, String str) throws Exception {
        if (!(iPrivateKey instanceof PrivateKeyRSA)) {
            throw new Exception("This store doesn't support.");
        }
        byte[] encoded = ((PrivateKeyRSA) iPrivateKey).getKey().getEncoded();
        ISecureData createEnveloper = this.provider.createEnveloper();
        createEnveloper.init(2, str, "pbeWithSHAAnd3-KeyTripleDES-CBC");
        return createEnveloper.update(true, encoded);
    }

    @Override // cn.eseals.crypto.ICertificateStore
    public IPrivateKey restore(String str, byte[] bArr) throws Exception {
        ISecureData createEnveloper = this.provider.createEnveloper();
        createEnveloper.init(0, str);
        try {
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(createEnveloper.update(true, bArr));
            return new PrivateKeyRSA(this.provider, KeyFactory.getInstance("RSA").generatePrivate(pKCS8EncodedKeySpec));
        } catch (Exception e) {
            throw new Exception("不支持这种密钥的还原。");
        }
    }

    @Override // cn.eseals.crypto.ICertificateStore
    public void setCertificate(IPrivateKey iPrivateKey, byte[] bArr) throws Exception {
        throw new Exception("This store doesn't support edit.");
    }

    @Override // cn.eseals.crypto.ICertificateStore
    public ICryptoProvider getProvider() throws Exception {
        return this.provider;
    }

    @Override // cn.eseals.crypto.ICertificateStore
    public byte[] backupStore(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        char[] charArray = str.toCharArray();
        keyStore.load(null, charArray);
        for (int i = 0; i < this.keyAliases.size(); i++) {
            String str2 = this.keyAliases.get(i);
            keyStore.setKeyEntry(str2, this.ks.getKey(str2, this.password), charArray, this.ks.getCertificateChain(str2));
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, str.toCharArray());
        return byteArrayOutputStream.toByteArray();
    }

    @Override // cn.eseals.crypto.ICertificateStore
    public ISignature createSigner(int i) throws Exception {
        ISignature createSigner = this.provider.createSigner(new CommonCertificate(getCertificate(i)).getSigAlgName());
        createSigner.initSign(getKey(i));
        return createSigner;
    }
}
