package oracle.security.pki;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.nio.channels.FileChannel;
import java.nio.channels.FileLock;
import java.nio.channels.OverlappingFileLockException;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.text.Collator;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.ResourceBundle;
import java.util.TreeSet;
import java.util.Vector;
import javax.crypto.KeyAgreement;
import javax.security.auth.x500.X500Principal;
import oracle.security.crypto.asn1.ASN1ObjectID;
import oracle.security.crypto.asn1.ASN1OctetString;
import oracle.security.crypto.cert.CertificateRequest;
import oracle.security.crypto.cert.PKCS12;
import oracle.security.crypto.cert.PKCS12Bag;
import oracle.security.crypto.cert.PKCS12CertBag;
import oracle.security.crypto.cert.PKCS12KeyBag;
import oracle.security.crypto.cert.PKCS12Safe;
import oracle.security.crypto.cert.PKCS12SecretBag;
import oracle.security.crypto.cert.PKCS12ShroudedKeyBag;
import oracle.security.crypto.cert.X500Name;
import oracle.security.crypto.cert.X509;
import oracle.security.crypto.core.AlgID;
import oracle.security.crypto.core.AuthenticationException;
import oracle.security.crypto.core.PBEAlgorithmIdentifier;
import oracle.security.crypto.core.PrivateKey;
import oracle.security.crypto.core.RSA;
import oracle.security.crypto.core.RSAPrivateKey;
import oracle.security.crypto.core.RSAPublicKey;
import oracle.security.crypto.core.SignatureException;
import oracle.security.crypto.provider.JCEUtil;
import oracle.security.crypto.provider.TransitionMode;
import oracle.security.pki.OracleWallet;
import oracle.security.pki.internal.OracleTrustFlagHelper;
import oracle.security.pki.resources.OraclePKIMsgID;
import oracle.security.pki.textui.OraclePKIGenFunc;
import oracle.security.pki.util.CertType;
import oracle.security.pki.util.TrustFlags;

/* loaded from: input_file:oracle/security/pki/OracleKeyStoreSpi.class */
public class OracleKeyStoreSpi extends KeyStoreSpi {
    private String e;
    private String f;
    private String g;
    private String h;
    private static final int k = 0;
    private static final int l = 1;
    private static final String m = "secret";
    private static final int n = 100;
    public static final String p11LibOID = "2.16.840.1.113894.2.99.300.2";
    public static final String p11TokLblOID = "2.16.840.1.113894.2.99.300.3";
    public static final String p11TokPwdOID = "2.16.840.1.113894.2.99.300.4";
    public static final String p11CrtLblOID = "2.16.840.1.113894.2.99.300.5";
    public static final String CREDENTIAL_CONNECT_STRING = "oracle.security.client.connect_string";
    public static final String CREDENTIAL_USERNAME = "oracle.security.client.username";
    public static final String CREDENTIAL_PASSWORD = "oracle.security.client.password";
    private static final String o = "orakey";
    static ResourceBundle a = ResourceBundle.getBundle(OraclePKIMsgID.a);
    private static final int[] i = {1, 2, 840, 113549, 1, 12, 0, 0, 0};
    private static final byte[] j = {0, 0, 0, 0};
    private Hashtable c = new Hashtable();
    private Hashtable d = new Hashtable();
    private PKCS12 b = null;

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        if (engineContainsAlias(str)) {
            return ((OracleKSEntry) this.c.get(str)).a();
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        try {
            OraclePKIDebug.a("OracleKeyStoreSpi: getCertificateChain alias \"" + (null == str ? "null" : str) + "\"");
            if (engineContainsAlias(str)) {
                return ((OracleKSEntry) this.c.get(str)).c();
            }
            return null;
        } catch (Exception e) {
            if (OraclePKIDebug.getDebugFlag()) {
                e.printStackTrace();
            }
            System.out.println(e.getLocalizedMessage());
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        OraclePKIDebug.a("OracleKeyStoreSpi: getCertificate alias \"" + (null == str ? "null" : str) + "\"");
        if (engineContainsAlias(str)) {
            return ((OracleKSEntry) this.c.get(str)).b();
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        if (engineContainsAlias(str)) {
            return ((OracleKSEntry) this.c.get(str)).g();
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("Not Implemented");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("Not Implemented");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        if (engineContainsAlias(str) && !((OracleKSEntry) this.c.get(str)).d()) {
            throw new KeyStoreException(a.getString(OraclePKIMsgID.ab));
        }
        this.c.put(str, new OracleKSTrustedCertEntry(certificate));
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (!engineContainsAlias(str)) {
            throw new KeyStoreException(a.getString(OraclePKIMsgID.ac));
        }
        this.c.remove(str);
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration engineAliases() {
        return new Vector(this.c.keySet()).elements();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return this.c.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.c.size();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        if (engineContainsAlias(str)) {
            return ((OracleKSEntry) this.c.get(str)).e();
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        if (engineContainsAlias(str)) {
            return ((OracleKSEntry) this.c.get(str)).d();
        }
        return false;
    }

    public boolean IsPubKeyMatching(OraclePKIX509CertImpl oraclePKIX509CertImpl, OraclePKIX509CertImpl oraclePKIX509CertImpl2) {
        boolean z = false;
        if (oraclePKIX509CertImpl.getPublicKey().getAlgorithm().equals(PKIConstants.EC) && oraclePKIX509CertImpl2.getPublicKey().getAlgorithm().equals(PKIConstants.EC)) {
            OraclePKIECPublicKey oraclePKIECPublicKey = (OraclePKIECPublicKey) oraclePKIX509CertImpl.getPublicKey();
            OraclePKIECPublicKey oraclePKIECPublicKey2 = (OraclePKIECPublicKey) oraclePKIX509CertImpl2.getPublicKey();
            ECParameterSpec params = oraclePKIECPublicKey.getParams();
            ECParameterSpec params2 = oraclePKIECPublicKey2.getParams();
            if (oraclePKIECPublicKey2.getW().equals(oraclePKIECPublicKey2.getW()) && params.getCofactor() == params2.getCofactor() && params.getCurve().equals(params2.getCurve()) && params.getGenerator().equals(params2.getGenerator()) && params.getOrder().equals(params2.getOrder())) {
                z = true;
            }
        } else if (oraclePKIX509CertImpl.getPublicKey().getAlgorithm().equals(PKIConstants.RSA) && oraclePKIX509CertImpl2.getPublicKey().getAlgorithm().equals(PKIConstants.RSA)) {
            OraclePKIRSAPublicKey oraclePKIRSAPublicKey = (OraclePKIRSAPublicKey) oraclePKIX509CertImpl.getPublicKey();
            OraclePKIRSAPublicKey oraclePKIRSAPublicKey2 = (OraclePKIRSAPublicKey) oraclePKIX509CertImpl2.getPublicKey();
            if (oraclePKIRSAPublicKey.getModulus().equals(oraclePKIRSAPublicKey2.getModulus()) && oraclePKIRSAPublicKey.getPublicExponent().equals(oraclePKIRSAPublicKey2.getPublicExponent())) {
                z = true;
            }
        }
        return z;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        for (Map.Entry entry : this.c.entrySet()) {
            if (((OracleKSEntry) entry.getValue()).b().equals(certificate)) {
                return (String) entry.getKey();
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        load(inputStream, cArr, false);
    }

    /* JADX WARN: Finally extract failed */
    public void load(InputStream inputStream, char[] cArr, boolean z) throws IOException, CertificateException {
        PKCS12 pkcs12;
        boolean z2;
        OraclePKIDebug.a("OracleKeyStoreSpi: Loading wallet from stream");
        AccessController.doPrivileged(new PrivilegedAction() { // from class: oracle.security.pki.OracleKeyStoreSpi.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                SecurityManager securityManager = System.getSecurityManager();
                if (securityManager == null) {
                    return null;
                }
                securityManager.checkPermission(new OracleWalletPermission("load"));
                return null;
            }
        });
        if (inputStream == null) {
            pkcs12 = new PKCS12();
            pkcs12.setPasswd(cArr);
        } else {
            FileChannel fileChannel = null;
            FileLock fileLock = null;
            boolean z3 = false;
            try {
                try {
                    if (inputStream instanceof FileInputStream) {
                        OraclePKIDebug.a("OracleKeyStoreSpi.engineLoad:getting channel..");
                        fileChannel = ((FileInputStream) inputStream).getChannel();
                        OraclePKIDebug.a("OracleKeyStoreSpi.engineLoad:locking file (shared)..");
                        fileLock = FileLockProvider.a(null, fileChannel, 0L, inputStream.available(), true);
                        OraclePKIDebug.a("OracleKeyStoreSpi.engineLoad:locked file.");
                        z3 = true;
                    }
                } catch (OverlappingFileLockException e) {
                    OraclePKIDebug.a("OracleKeyStoreSpi.engineLoad: Ignoring OverlappingFileLockException ");
                }
                pkcs12 = new PKCS12(new String(cArr), inputStream);
                if (fileLock != null) {
                    OraclePKIDebug.a("OracleKeyStoreSpi.engineLoad:releasing lock..");
                    fileLock.release();
                }
                if (z3 && fileChannel != null) {
                    OraclePKIDebug.a("OracleKeyStoreSpi.engineLoad:closing channel..");
                    fileChannel.close();
                }
            } catch (Throwable th) {
                if (fileLock != null) {
                    OraclePKIDebug.a("OracleKeyStoreSpi.engineLoad:releasing lock..");
                    fileLock.release();
                }
                if (z3 && fileChannel != null) {
                    OraclePKIDebug.a("OracleKeyStoreSpi.engineLoad:closing channel..");
                    fileChannel.close();
                }
                throw th;
            }
        }
        try {
            z2 = pkcs12.verify();
        } catch (AuthenticationException e2) {
            z2 = false;
        }
        if (!z2) {
            throw new IOException(a.getString(OraclePKIMsgID.x));
        }
        a(pkcs12, z);
        OraclePKIDebug.a("OracleKeyStoreSpi: Keystore Loaded");
    }

    public void printLocalKeyIDs(PKCS12 pkcs12) {
        System.out.println("-------------------");
        ArrayList bagsAsList = ((PKCS12Safe) pkcs12.getAuthSafesAsList().get(0)).getBagsAsList();
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            PKCS12Bag pKCS12Bag = (PKCS12Bag) bagsAsList.get(i2);
            byte[] localKeyID = pKCS12Bag.getLocalKeyID();
            if (b(pKCS12Bag)) {
                System.out.println("CertReqBag = " + OracleLocalKeyId.l(localKeyID));
            }
            if (a(pKCS12Bag) && OracleLocalKeyId.c(localKeyID)) {
                System.out.println("User CertBag = " + OracleLocalKeyId.l(localKeyID));
            }
            if (a(pKCS12Bag) && OracleLocalKeyId.d(pKCS12Bag.getLocalKeyID())) {
                System.out.println("Trusted CertBag = " + OracleLocalKeyId.l(localKeyID));
            }
            if (c(pKCS12Bag)) {
                System.out.println("KeyBag = " + OracleLocalKeyId.l(localKeyID));
            }
            if (d(pKCS12Bag)) {
                System.out.println("SecretStoreBag = " + OracleLocalKeyId.l(localKeyID));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int a() {
        return this.d.size();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Enumeration b() {
        TreeSet treeSet = new TreeSet(Collator.getInstance());
        treeSet.addAll(this.d.keySet());
        return new Vector(treeSet).elements();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Enumeration c() {
        return new Vector(this.d.keySet()).elements();
    }

    public void secretStoreDeleteSecret(String str) throws OracleSecretStoreException {
        if (!secretStoreContainsAlias(str)) {
            throw new OracleSecretStoreException("No such alias in secret store");
        }
        this.d.remove(str);
    }

    public void secretStoreSetSecret(String str, char[] cArr) throws OracleSecretStoreException {
        if (secretStoreContainsAlias(str)) {
            ((OracleSSEntry) this.d.get(str)).a(cArr);
        } else {
            OracleSSEntry oracleSSEntry = new OracleSSEntry(str, cArr);
            this.d.put(oracleSSEntry.b(), oracleSSEntry);
        }
    }

    public char[] secretStoreGetSecret(String str) throws OracleSecretStoreException {
        if (secretStoreContainsAlias(str)) {
            return ((OracleSSEntry) this.d.get(str)).a();
        }
        return null;
    }

    public boolean secretStoreContainsAlias(String str) throws OracleSecretStoreException {
        return this.d.containsKey(str);
    }

    public void secretStoreCreateCredential(char[] cArr, char[] cArr2, char[] cArr3) throws OracleSecretStoreException {
        int i2 = 1;
        Enumeration elements = new Vector(this.d.values()).elements();
        while (elements.hasMoreElements()) {
            OracleSSEntry oracleSSEntry = (OracleSSEntry) elements.nextElement();
            String str = new String(oracleSSEntry.a());
            if (oracleSSEntry.b().startsWith(CREDENTIAL_CONNECT_STRING) && str.equalsIgnoreCase(new String(cArr))) {
                throw new OracleSecretStoreException("Credential already exists");
            }
        }
        while (secretStoreContainsAlias(CREDENTIAL_CONNECT_STRING + i2)) {
            i2++;
        }
        secretStoreSetSecret(CREDENTIAL_CONNECT_STRING + i2, cArr);
        secretStoreSetSecret(CREDENTIAL_USERNAME + i2, cArr2);
        secretStoreSetSecret(CREDENTIAL_PASSWORD + i2, cArr3);
    }

    public void secretStoreModifyCredential(char[] cArr, char[] cArr2, char[] cArr3) throws OracleSecretStoreException {
        boolean z = false;
        Enumeration elements = new Vector(this.d.values()).elements();
        while (true) {
            if (!elements.hasMoreElements()) {
                break;
            }
            OracleSSEntry oracleSSEntry = (OracleSSEntry) elements.nextElement();
            String str = new String(oracleSSEntry.a());
            String b = oracleSSEntry.b();
            if (b.startsWith(CREDENTIAL_CONNECT_STRING) && str.equalsIgnoreCase(new String(cArr))) {
                String substring = b.substring(CREDENTIAL_CONNECT_STRING.length());
                secretStoreDeleteSecret(CREDENTIAL_USERNAME + substring);
                secretStoreSetSecret(CREDENTIAL_USERNAME + substring, cArr2);
                secretStoreDeleteSecret(CREDENTIAL_PASSWORD + substring);
                secretStoreSetSecret(CREDENTIAL_PASSWORD + substring, cArr3);
                z = true;
                break;
            }
        }
        if (!z) {
            throw new OracleSecretStoreException("Credential does not exists");
        }
    }

    public void secretStoreDeleteCredential(char[] cArr) throws OracleSecretStoreException {
        boolean z = false;
        Enumeration elements = new Vector(this.d.values()).elements();
        while (true) {
            if (!elements.hasMoreElements()) {
                break;
            }
            OracleSSEntry oracleSSEntry = (OracleSSEntry) elements.nextElement();
            String str = new String(oracleSSEntry.a());
            String b = oracleSSEntry.b();
            if (b.startsWith(CREDENTIAL_CONNECT_STRING) && str.equalsIgnoreCase(new String(cArr))) {
                String substring = b.substring(CREDENTIAL_CONNECT_STRING.length());
                secretStoreDeleteSecret(b);
                secretStoreDeleteSecret(CREDENTIAL_USERNAME + substring);
                secretStoreDeleteSecret(CREDENTIAL_PASSWORD + substring);
                z = true;
                break;
            }
        }
        if (!z) {
            throw new OracleSecretStoreException("Credential does not exists");
        }
    }

    public void secretStoreListCredential() throws OracleSecretStoreException {
        Enumeration elements = new Vector(this.d.values()).elements();
        System.out.println("List credential (index: connect_string username)");
        while (elements.hasMoreElements()) {
            OracleSSEntry oracleSSEntry = (OracleSSEntry) elements.nextElement();
            String str = new String(oracleSSEntry.a());
            String b = oracleSSEntry.b();
            if (b.startsWith(CREDENTIAL_CONNECT_STRING)) {
                String substring = b.substring(CREDENTIAL_CONNECT_STRING.length());
                System.out.println(substring + ": " + str + " " + new String(secretStoreGetSecret(CREDENTIAL_USERNAME + substring)));
            }
        }
    }

    private static boolean a(PKCS12Bag pKCS12Bag) {
        return pKCS12Bag instanceof PKCS12CertBag;
    }

    private static boolean b(PKCS12Bag pKCS12Bag) {
        if (pKCS12Bag instanceof PKCS12SecretBag) {
            return OracleLocalKeyId.b(pKCS12Bag.getLocalKeyID());
        }
        return false;
    }

    private static boolean c(PKCS12Bag pKCS12Bag) {
        return (pKCS12Bag instanceof PKCS12KeyBag) || (pKCS12Bag instanceof PKCS12ShroudedKeyBag);
    }

    private static boolean d(PKCS12Bag pKCS12Bag) {
        if (pKCS12Bag instanceof PKCS12SecretBag) {
            return OracleLocalKeyId.e(pKCS12Bag.getLocalKeyID());
        }
        return false;
    }

    private static boolean e(PKCS12Bag pKCS12Bag) {
        if (pKCS12Bag instanceof PKCS12SecretBag) {
            return OracleLocalKeyId.f(pKCS12Bag.getLocalKeyID());
        }
        return false;
    }

    private static boolean f(PKCS12Bag pKCS12Bag) {
        if (pKCS12Bag instanceof PKCS12SecretBag) {
            return OracleLocalKeyId.g(pKCS12Bag.getLocalKeyID());
        }
        return false;
    }

    private static boolean g(PKCS12Bag pKCS12Bag) {
        if (pKCS12Bag instanceof PKCS12SecretBag) {
            return OracleLocalKeyId.h(pKCS12Bag.getLocalKeyID());
        }
        return false;
    }

    private static boolean h(PKCS12Bag pKCS12Bag) {
        if (pKCS12Bag instanceof PKCS12SecretBag) {
            return OracleLocalKeyId.i(pKCS12Bag.getLocalKeyID());
        }
        return false;
    }

    private static Vector b(PKCS12 pkcs12) {
        ArrayList authSafesAsList = pkcs12.getAuthSafesAsList();
        Vector vector = new Vector();
        for (int i2 = 0; i2 < authSafesAsList.size(); i2++) {
            PKCS12Safe pKCS12Safe = (PKCS12Safe) authSafesAsList.get(i2);
            OraclePKIDebug.a("OracleKeyStoreSpi: Opening safe " + i2);
            ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
            int i3 = 0;
            while (i3 < bagsAsList.size()) {
                PKCS12Bag pKCS12Bag = (PKCS12Bag) bagsAsList.get(i3);
                if (d(pKCS12Bag)) {
                    OraclePKIDebug.a("OracleKeyStoreSpi: found secret store bag");
                    vector.addElement(pKCS12Bag);
                    bagsAsList.remove(i3);
                    i3--;
                }
                i3++;
            }
            pKCS12Safe.setBags(bagsAsList);
        }
        return vector;
    }

    private void c(PKCS12 pkcs12) {
        ArrayList authSafesAsList = pkcs12.getAuthSafesAsList();
        for (int i2 = 0; i2 < authSafesAsList.size(); i2++) {
            PKCS12Safe pKCS12Safe = (PKCS12Safe) authSafesAsList.get(i2);
            OraclePKIDebug.a("OracleKeyStoreSpi: Opening safe " + i2);
            ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
            int i3 = 0;
            while (i3 < bagsAsList.size()) {
                PKCS12SecretBag pKCS12SecretBag = (PKCS12Bag) bagsAsList.get(i3);
                if (e(pKCS12SecretBag)) {
                    OraclePKIDebug.a("OracleKeyStoreSpi: found bag containing PKCS11 lib info");
                    this.e = new String(pKCS12SecretBag.getSecretValue().getValue());
                    bagsAsList.remove(i3);
                    i3--;
                }
                if (f(pKCS12SecretBag)) {
                    OraclePKIDebug.a("OracleKeyStoreSpi: found bag containing PKCS11 tokenlabel info");
                    this.f = new String(pKCS12SecretBag.getSecretValue().getValue());
                    bagsAsList.remove(i3);
                    i3--;
                }
                if (g(pKCS12SecretBag)) {
                    OraclePKIDebug.a("OracleKeyStoreSpi: found bag containing PKCS11 tokenlabel info");
                    this.g = new String(pKCS12SecretBag.getSecretValue().getValue());
                    bagsAsList.remove(i3);
                    i3--;
                }
                if (h(pKCS12SecretBag)) {
                    OraclePKIDebug.a("OracleKeyStoreSpi: found bag containing PKCS11 tokenlabel info");
                    this.h = new String(pKCS12SecretBag.getSecretValue().getValue());
                    bagsAsList.remove(i3);
                    i3--;
                }
                i3++;
            }
            pKCS12Safe.setBags(bagsAsList);
        }
    }

    public String getP11Lib() {
        return this.e;
    }

    public String getP11TokenLabel() {
        return this.f;
    }

    public String getP11TokenPassphrase() {
        return this.g;
    }

    public String getP11CertLabel() {
        return this.h;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, String str) throws IOException, KeyStoreException {
        PKCS12Safe pKCS12Safe;
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        if (pkcs12.getAuthSafesAsList().isEmpty()) {
            OraclePKIDebug.a("OracleKeyStoreSpi: creating new key store");
            pKCS12Safe = new PKCS12Safe(pkcs12);
            pKCS12Safe.setMode(3);
        } else {
            OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
            pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        }
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        boolean z = false;
        int i2 = 0;
        while (true) {
            if (i2 >= bagsAsList.size()) {
                break;
            }
            if (e((PKCS12Bag) bagsAsList.get(i2))) {
                OraclePKIDebug.a("OracleKeyStoreSpi: found old pkcs11 lib bag");
                z = true;
                break;
            }
            i2++;
        }
        if (z) {
            bagsAsList.remove(i2);
        }
        PKCS12SecretBag pKCS12SecretBag = new PKCS12SecretBag(pKCS12Safe, new ASN1ObjectID(p11LibOID), new ASN1OctetString(str.getBytes()));
        pKCS12SecretBag.setLocalKeyID(OracleLocalKeyId.a(0));
        bagsAsList.add(pKCS12SecretBag);
        OraclePKIDebug.a("OracleWallet: added p11 lib bag ");
        pKCS12Safe.setBags(bagsAsList);
        if (bagsAsList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(pkcs12.length());
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] b(InputStream inputStream, char[] cArr, String str) throws IOException, KeyStoreException {
        PKCS12Safe pKCS12Safe;
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        if (pkcs12.getAuthSafesAsList().isEmpty()) {
            OraclePKIDebug.a("OracleKeyStoreSpi: creating new key store");
            pKCS12Safe = new PKCS12Safe(pkcs12);
            pKCS12Safe.setMode(3);
        } else {
            OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
            pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        }
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        boolean z = false;
        int i2 = 0;
        while (true) {
            if (i2 >= bagsAsList.size()) {
                break;
            }
            if (f((PKCS12Bag) bagsAsList.get(i2))) {
                OraclePKIDebug.a("OracleKeyStoreSpi: found old pkcs11 token label bag");
                z = true;
                break;
            }
            i2++;
        }
        if (z) {
            bagsAsList.remove(i2);
        }
        PKCS12SecretBag pKCS12SecretBag = new PKCS12SecretBag(pKCS12Safe, new ASN1ObjectID(p11TokLblOID), new ASN1OctetString(str.getBytes()));
        pKCS12SecretBag.setLocalKeyID(OracleLocalKeyId.b(0));
        bagsAsList.add(pKCS12SecretBag);
        OraclePKIDebug.a("OracleWallet: added p11 token label bag ");
        pKCS12Safe.setBags(bagsAsList);
        if (bagsAsList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(pkcs12.length());
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] c(InputStream inputStream, char[] cArr, String str) throws IOException, KeyStoreException {
        PKCS12Safe pKCS12Safe;
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        if (pkcs12.getAuthSafesAsList().isEmpty()) {
            OraclePKIDebug.a("OracleKeyStoreSpi: creating new key store");
            pKCS12Safe = new PKCS12Safe(pkcs12);
            pKCS12Safe.setMode(3);
        } else {
            OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
            pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        }
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        boolean z = false;
        int i2 = 0;
        while (true) {
            if (i2 >= bagsAsList.size()) {
                break;
            }
            if (g((PKCS12Bag) bagsAsList.get(i2))) {
                OraclePKIDebug.a("OracleKeyStoreSpi: found old pkcs11 token pwd bag");
                z = true;
                break;
            }
            i2++;
        }
        if (z) {
            bagsAsList.remove(i2);
        }
        PKCS12SecretBag pKCS12SecretBag = new PKCS12SecretBag(pKCS12Safe, new ASN1ObjectID(p11TokPwdOID), new ASN1OctetString(str.getBytes()));
        pKCS12SecretBag.setLocalKeyID(OracleLocalKeyId.c(0));
        bagsAsList.add(pKCS12SecretBag);
        OraclePKIDebug.a("OracleWallet: added p11 token pwd bag ");
        pKCS12Safe.setBags(bagsAsList);
        if (bagsAsList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(pkcs12.length());
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] d(InputStream inputStream, char[] cArr, String str) throws IOException, KeyStoreException {
        PKCS12Safe pKCS12Safe;
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        if (pkcs12.getAuthSafesAsList().isEmpty()) {
            OraclePKIDebug.a("OracleKeyStoreSpi: creating new key store");
            pKCS12Safe = new PKCS12Safe(pkcs12);
            pKCS12Safe.setMode(3);
        } else {
            OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
            pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        }
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        boolean z = false;
        int i2 = 0;
        while (true) {
            if (i2 >= bagsAsList.size()) {
                break;
            }
            if (h((PKCS12Bag) bagsAsList.get(i2))) {
                OraclePKIDebug.a("OracleKeyStoreSpi: found old pkcs11 cert label bag");
                z = true;
                break;
            }
            i2++;
        }
        if (z) {
            bagsAsList.remove(i2);
        }
        PKCS12SecretBag pKCS12SecretBag = new PKCS12SecretBag(pKCS12Safe, new ASN1ObjectID(p11CrtLblOID), new ASN1OctetString(str.getBytes()));
        pKCS12SecretBag.setLocalKeyID(OracleLocalKeyId.d(0));
        bagsAsList.add(pKCS12SecretBag);
        OraclePKIDebug.a("OracleWallet: added p11 cert label bag ");
        pKCS12Safe.setBags(bagsAsList);
        if (bagsAsList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(pkcs12.length());
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    private static void a(PKCS12 pkcs12, Vector<PKCS12Bag> vector, Vector<PKCS12Bag> vector2, Vector<PKCS12Bag> vector3) {
        if (null == vector) {
            vector = new Vector<>();
        }
        if (null == vector2) {
            vector2 = new Vector<>();
        }
        if (null == vector3) {
            vector3 = new Vector<>();
        }
        ArrayList authSafesAsList = pkcs12.getAuthSafesAsList();
        for (int i2 = 0; i2 < authSafesAsList.size(); i2++) {
            PKCS12Safe pKCS12Safe = (PKCS12Safe) authSafesAsList.get(i2);
            OraclePKIDebug.a("OracleKeyStoreSpi: Opening safe " + i2);
            ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
            Iterator it = bagsAsList.iterator();
            while (it.hasNext()) {
                PKCS12Bag pKCS12Bag = (PKCS12Bag) it.next();
                if (c(pKCS12Bag)) {
                    OraclePKIDebug.a("OracleKeyStoreSpi: found key bag");
                    vector.add(pKCS12Bag);
                    it.remove();
                } else if (a(pKCS12Bag)) {
                    OraclePKIDebug.a("OracleKeyStoreSpi: found cert bag");
                    vector2.add(pKCS12Bag);
                    it.remove();
                } else if (b(pKCS12Bag)) {
                    OraclePKIDebug.a("OracleKeyStoreSpi: found certReq bag");
                    vector3.add(pKCS12Bag);
                    it.remove();
                }
            }
            pKCS12Safe.setBags(bagsAsList);
        }
    }

    private static Vector d(PKCS12 pkcs12) {
        ArrayList authSafesAsList = pkcs12.getAuthSafesAsList();
        Vector vector = new Vector();
        for (int i2 = 0; i2 < authSafesAsList.size(); i2++) {
            PKCS12Safe pKCS12Safe = (PKCS12Safe) authSafesAsList.get(i2);
            OraclePKIDebug.a("OracleKeyStoreSpi: Opening safe " + i2);
            ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
            int i3 = 0;
            while (i3 < bagsAsList.size()) {
                PKCS12Bag pKCS12Bag = (PKCS12Bag) bagsAsList.get(i3);
                if (a(pKCS12Bag)) {
                    OraclePKIDebug.a("OracleKeyStoreSpi: found cert bag");
                    vector.addElement(pKCS12Bag);
                    bagsAsList.remove(i3);
                    i3--;
                }
                i3++;
            }
            pKCS12Safe.setBags(bagsAsList);
        }
        return vector;
    }

    void a(PKCS12 pkcs12) throws NoSuchAlgorithmException, CertificateException, IOException {
        a(pkcs12, false);
    }

    void a(PKCS12 pkcs12, boolean z) throws CertificateException, IOException {
        String f;
        String f2;
        String f3;
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        Vector vector3 = new Vector();
        a(pkcs12, (Vector<PKCS12Bag>) vector, (Vector<PKCS12Bag>) vector2, (Vector<PKCS12Bag>) vector3);
        Vector b = b(pkcs12);
        c(pkcs12);
        Hashtable hashtable = new Hashtable(vector.size() + vector2.size());
        Hashtable hashtable2 = new Hashtable(b.size());
        for (int i2 = 0; i2 < vector.size(); i2++) {
            OraclePKIDebug.a("Processing identity " + i2);
            PKCS12Bag pKCS12Bag = (PKCS12Bag) vector.get(i2);
            OracleKSIdentityEntry oracleKSIdentityEntry = new OracleKSIdentityEntry(pKCS12Bag, vector2, vector3);
            String friendlyName = pKCS12Bag.getFriendlyName();
            if (z) {
                hashtable.put(o + (getHighestIndexForAliasWithOrakeyPrefix(Collections.list(hashtable.keys())) + 1), oracleKSIdentityEntry);
            } else {
                if (friendlyName != null) {
                    f3 = friendlyName;
                } else {
                    f3 = oracleKSIdentityEntry.f();
                    int i3 = 1;
                    while (hashtable.containsKey(f3)) {
                        f3 = f3 + ' ' + Integer.toString(i3);
                        i3++;
                    }
                }
                OraclePKIDebug.a("Storing identity " + i2 + " as " + f3);
                hashtable.put(f3, oracleKSIdentityEntry);
            }
        }
        for (int i4 = 0; i4 < vector3.size(); i4++) {
            OraclePKIDebug.a("Processing CertReq with no matching pvt key " + i4);
            PKCS12Bag pKCS12Bag2 = (PKCS12Bag) vector3.get(i4);
            OracleKSIdentityEntry oracleKSIdentityEntry2 = new OracleKSIdentityEntry(pKCS12Bag2, vector2);
            String friendlyName2 = pKCS12Bag2.getFriendlyName();
            if (friendlyName2 != null) {
                f2 = friendlyName2;
            } else {
                f2 = oracleKSIdentityEntry2.f();
                int i5 = 1;
                while (hashtable.containsKey(f2)) {
                    f2 = f2 + ' ' + Integer.toString(i5);
                    i5++;
                }
            }
            OraclePKIDebug.a("Storing creq " + i4 + " as " + f2);
            hashtable.put(f2, oracleKSIdentityEntry2);
        }
        for (int i6 = 0; i6 < vector2.size(); i6++) {
            OraclePKIDebug.a("Processing TP " + i6);
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) vector2.get(i6);
            OracleKSTrustedCertEntry oracleKSTrustedCertEntry = new OracleKSTrustedCertEntry(pKCS12CertBag);
            String friendlyName3 = pKCS12CertBag.getFriendlyName();
            if (friendlyName3 != null) {
                f = friendlyName3;
            } else {
                f = oracleKSTrustedCertEntry.f();
                int i7 = 1;
                while (hashtable.containsKey(f)) {
                    f = oracleKSTrustedCertEntry.f() + ' ' + Integer.toString(i7);
                    i7++;
                }
            }
            OraclePKIDebug.a("Storing TP " + i6 + " as " + f);
            hashtable.put(f, oracleKSTrustedCertEntry);
        }
        for (int i8 = 0; i8 < b.size(); i8++) {
            try {
                OraclePKIDebug.a("OracleKeyStoreSpi: Storing Secret" + i8);
                OracleSSEntry oracleSSEntry = new OracleSSEntry((PKCS12SecretBag) b.get(i8));
                hashtable2.put(oracleSSEntry.b(), oracleSSEntry);
            } catch (OracleSecretStoreException e) {
                throw new IOException(e.toString());
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        }
        this.c = hashtable;
        this.d = hashtable2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr) throws IOException, OracleSecretStoreException {
        PKCS12Safe pKCS12Safe;
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
            b(pkcs12);
        }
        if (pkcs12.getAuthSafesAsList().isEmpty()) {
            OraclePKIDebug.a("OracleKeyStoreSpi: creating new secret store");
            pKCS12Safe = new PKCS12Safe(pkcs12);
            pKCS12Safe.setMode(3);
        } else {
            OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
            pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        }
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + "bags");
        if (this.d.size() > 0) {
            Iterator it = this.d.entrySet().iterator();
            int i2 = 0;
            while (it.hasNext()) {
                OracleSSEntry oracleSSEntry = (OracleSSEntry) ((Map.Entry) it.next()).getValue();
                PKCS12SecretBag pKCS12SecretBag = new PKCS12SecretBag(pKCS12Safe);
                oracleSSEntry.a(pKCS12SecretBag);
                pKCS12SecretBag.setLocalKeyID(OracleLocalKeyId.a(0, i2));
                bagsAsList.add(0, pKCS12SecretBag);
                i2++;
                OraclePKIDebug.a("OracleWallet: added secret bag");
            }
        }
        pKCS12Safe.setBags(bagsAsList);
        if (bagsAsList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        OraclePKIDebug.a("OracleWallet: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleWallet: wallet size " + length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, KeyStore keyStore, char[] cArr, byte b) throws IOException, KeyStoreException, CertificateException {
        PKCS12Safe pKCS12Safe;
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        boolean z = false;
        if ((b & 1) != 0) {
            z = true;
        }
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
            a(pkcs12, (Vector<PKCS12Bag>) null, (Vector<PKCS12Bag>) null, (Vector<PKCS12Bag>) null);
        }
        if (pkcs12.getAuthSafesAsList().isEmpty()) {
            OraclePKIDebug.a("OracleKeyStoreSpi: creating new key store");
            pKCS12Safe = new PKCS12Safe(pkcs12);
        } else {
            OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
            pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        }
        if (z) {
            pKCS12Safe.setPBES2Parameters(PBEAlgorithmIdentifier.id_PBES2, TransitionMode.isFIPS140ModeEnabled() ? AlgID.hmacWithSHA256 : AlgID.hmacWithSHA1, AlgID.aes128_CBC);
        } else {
            pKCS12Safe.setMode(3);
        }
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                PKCS12CertBag pKCS12CertBag = new PKCS12CertBag(pKCS12Safe, x509Certificate instanceof OraclePKIX509CertImpl ? ((OraclePKIX509CertImpl) x509Certificate).getX509() : new X509(x509Certificate.getEncoded()));
                pKCS12CertBag.setLocalKeyID(OracleLocalKeyId.b(0, 0));
                bagsAsList.add(0, pKCS12CertBag);
                OraclePKIDebug.a("OracleWallet: added cert bag");
            } else if (keyStore.isKeyEntry(nextElement)) {
                throw new IOException("Not Implemented for private keys");
            }
        }
        pKCS12Safe.setBags(bagsAsList);
        if (bagsAsList.size() >= 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        if (OraclePKIDebug.getDebugFlag()) {
            OraclePKIDebug.a("OracleWallet: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
            OraclePKIDebug.a("OracleWallet: wallet size " + length);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    byte[] a(InputStream inputStream, KeyStore keyStore, char[] cArr) throws IOException, KeyStoreException, CertificateException {
        return a(inputStream, keyStore, cArr, (byte) 0);
    }

    static void a(InputStream inputStream, char[] cArr, OutputStream outputStream, char[] cArr2) throws IOException {
        a(inputStream, cArr, outputStream, cArr2, (byte) 0);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(InputStream inputStream, char[] cArr, OutputStream outputStream, char[] cArr2, byte b) throws IOException {
        PKCS12 pkcs12 = new PKCS12(new String(cArr), inputStream);
        boolean z = cArr.length == cArr2.length;
        boolean z2 = false;
        boolean z3 = false;
        Arrays.copyOf(j, j.length);
        for (int i2 = 0; z && i2 < cArr.length; i2++) {
            if (cArr[i2] != cArr2[i2]) {
                z = false;
            }
        }
        pkcs12.setPasswd(cArr2);
        ArrayList authSafesAsList = pkcs12.getAuthSafesAsList();
        boolean z4 = (b & 1) != 0;
        boolean z5 = (b & 2) != 0;
        for (int i3 = 0; i3 < authSafesAsList.size(); i3++) {
            PKCS12Safe pKCS12Safe = (PKCS12Safe) authSafesAsList.get(0);
            ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
            for (int i4 = 0; i4 < bagsAsList.size(); i4++) {
                PKCS12ShroudedKeyBag pKCS12ShroudedKeyBag = (PKCS12Bag) bagsAsList.get(i4);
                if (pKCS12ShroudedKeyBag instanceof PKCS12ShroudedKeyBag) {
                    PKCS12ShroudedKeyBag pKCS12ShroudedKeyBag2 = pKCS12ShroudedKeyBag;
                    pKCS12ShroudedKeyBag2.setPasswd(cArr);
                    PKCS12KeyBag pKCS12KeyBag = new PKCS12KeyBag(pKCS12Safe, pKCS12ShroudedKeyBag2.getPrivateKey());
                    pKCS12KeyBag.setLocalKeyID(pKCS12ShroudedKeyBag2.getLocalKeyID());
                    pKCS12KeyBag.setFriendlyName(pKCS12ShroudedKeyBag2.getFriendlyName());
                    bagsAsList.remove(i4);
                    bagsAsList.add(i4, pKCS12KeyBag);
                } else if (pKCS12ShroudedKeyBag instanceof PKCS12SecretBag) {
                    PKCS12SecretBag pKCS12SecretBag = (PKCS12SecretBag) pKCS12ShroudedKeyBag;
                    if (pKCS12SecretBag.getSecretType().equals(new ASN1ObjectID(i))) {
                        byte[] value = pKCS12SecretBag.getSecretValue().getValue();
                        if (value[0] == 1) {
                            z2 = true;
                        }
                        if (value[1] == 1) {
                            z3 = true;
                        }
                        bagsAsList.remove(i4);
                    }
                }
            }
            byte[] copyOf = Arrays.copyOf(j, j.length);
            if (z2 || z4) {
                copyOf[0] = 1;
            }
            if (z3 || z5) {
                copyOf[1] = 1;
            }
            if (OraclePKIDebug.getDebugFlag()) {
                OraclePKIDebug.a("Array length: " + j.length);
                OraclePKIDebug.a("Wallet Conf :" + ((int) b));
                OraclePKIDebug.a("Trust Flags: Now Previous :" + z5 + "," + z3);
                OraclePKIDebug.a("V12 Flags: Now Previous :" + z4 + "," + z2);
                OraclePKIDebug.a("Final value of secret bag:" + Arrays.toString(copyOf));
            }
            ASN1OctetString aSN1OctetString = new ASN1OctetString(copyOf);
            if (z4 || z2) {
                pKCS12Safe.setPBES2Parameters(PBEAlgorithmIdentifier.id_PBES2, TransitionMode.isFIPS140ModeEnabled() ? AlgID.hmacWithSHA256 : AlgID.hmacWithSHA1, AlgID.aes128_CBC);
            }
            if (z4 || z2 || z3 || z5) {
                PKCS12SecretBag pKCS12SecretBag2 = new PKCS12SecretBag(pKCS12Safe, new ASN1ObjectID(i), aSN1OctetString);
                pKCS12SecretBag2.setLocalKeyID(OracleLocalKeyId.a(0, 0, OracleLocalKeyId.a));
                pKCS12SecretBag2.setFriendlyName(m + new Random().nextInt(n));
                bagsAsList.add(pKCS12SecretBag2);
            }
            pKCS12Safe.setBags(bagsAsList);
            pKCS12Safe.setPasswd(cArr2);
        }
        try {
            pkcs12.output(outputStream);
            if (OraclePKIDebug.getDebugFlag()) {
                OraclePKIDebug.a("Verifying wallet " + pkcs12.verify());
            }
        } catch (AuthenticationException e) {
            OraclePKIDebug.a("Verifying wallet failed" + e);
            throw new IOException("Could not store wallet " + e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, CertificateRequest certificateRequest, PrivateKey privateKey, String str) throws IOException, KeyStoreException {
        PKCS12Safe pKCS12Safe;
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        if (pkcs12.getAuthSafesAsList().isEmpty()) {
            OraclePKIDebug.a("OracleKeyStoreSpi: creating new key store");
            pKCS12Safe = new PKCS12Safe(pkcs12);
            pKCS12Safe.setMode(3);
        } else {
            OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
            pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        }
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        int i2 = 0;
        for (int i3 = 0; i3 < bagsAsList.size(); i3++) {
            PKCS12Bag pKCS12Bag = (PKCS12Bag) bagsAsList.get(i3);
            if (c(pKCS12Bag)) {
                OraclePKIDebug.a("OracleKeyStoreSpi: found key bag");
                if (str != null && pKCS12Bag.getFriendlyName().equalsIgnoreCase(str)) {
                    throw new IOException(a.getString(OraclePKIMsgID.W) + str);
                }
                int l2 = OracleLocalKeyId.l(pKCS12Bag.getLocalKeyID());
                if (l2 == i2) {
                    i2++;
                } else if (l2 > i2) {
                    i2 = l2 + 1;
                }
            }
            if (b(pKCS12Bag)) {
                int l3 = OracleLocalKeyId.l(pKCS12Bag.getLocalKeyID());
                if (!a(pkcs12, l3)) {
                    if (l3 == i2) {
                        i2++;
                    } else if (l3 > i2) {
                        i2 = l3 + 1;
                    }
                }
            }
        }
        if (str == null) {
            str = i2 == 0 ? o : o + Integer.toString(i2);
        }
        if (privateKey != null) {
            PKCS12KeyBag pKCS12KeyBag = new PKCS12KeyBag(pKCS12Safe, privateKey);
            pKCS12KeyBag.setLocalKeyID(OracleLocalKeyId.c(0, i2));
            pKCS12KeyBag.setFriendlyName(str.toLowerCase());
            bagsAsList.add(pKCS12KeyBag);
            OraclePKIDebug.a("OracleWallet: added key bag " + i2);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateRequest.output(byteArrayOutputStream);
        PKCS12SecretBag pKCS12SecretBag = new PKCS12SecretBag(pKCS12Safe, new ASN1ObjectID("42.134.72.134.247.13.1.10"), new ASN1OctetString(byteArrayOutputStream.toByteArray()));
        pKCS12SecretBag.setLocalKeyID(OracleLocalKeyId.d(0, i2));
        pKCS12SecretBag.setFriendlyName(str.toLowerCase());
        bagsAsList.add(pKCS12SecretBag);
        OraclePKIDebug.a("OracleKeyStoreSpi: added req bag " + i2);
        pKCS12Safe.setBags(bagsAsList);
        if (bagsAsList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream2);
        return byteArrayOutputStream2.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, OraclePKIX509CertImpl oraclePKIX509CertImpl, String str, String str2, boolean z) throws IOException, KeyStoreException {
        PKCS12Safe pKCS12Safe;
        String friendlyName;
        if (a(oraclePKIX509CertImpl)) {
            throw new KeyStoreException(a.getString(OraclePKIMsgID.R));
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        ArrayList authSafesAsList = pkcs12.getAuthSafesAsList();
        if (authSafesAsList.size() == 0) {
            OraclePKIDebug.a("OracleKeyStoreSpi: creating new key store");
            pKCS12Safe = new PKCS12Safe(pkcs12);
            pKCS12Safe.setMode(3);
        } else {
            OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
            pKCS12Safe = (PKCS12Safe) authSafesAsList.get(0);
        }
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        int i2 = 0;
        for (int i3 = 0; i3 < bagsAsList.size(); i3++) {
            PKCS12Bag pKCS12Bag = (PKCS12Bag) bagsAsList.get(i3);
            if (str != null && (friendlyName = pKCS12Bag.getFriendlyName()) != null && friendlyName.equalsIgnoreCase(str)) {
                throw new IOException(a.getString(OraclePKIMsgID.W) + str);
            }
            if (a(pKCS12Bag) && OracleLocalKeyId.d(pKCS12Bag.getLocalKeyID())) {
                OraclePKIDebug.a("OracleKeyStoreSpi: found cert bag");
                i2++;
            }
        }
        PKCS12CertBag pKCS12CertBag = new PKCS12CertBag(pKCS12Safe, oraclePKIX509CertImpl.getX509());
        pKCS12CertBag.setLocalKeyID(OracleLocalKeyId.b(0, i2));
        if (z && null != oraclePKIX509CertImpl) {
            Principal subjectDN = oraclePKIX509CertImpl.getSubjectDN();
            Principal issuerDN = oraclePKIX509CertImpl.getIssuerDN();
            String recalculateTrustFlagforTrustCert = OracleTrustFlagHelper.recalculateTrustFlagforTrustCert(subjectDN != null ? subjectDN.getName() : null, issuerDN != null ? issuerDN.getName() : null, oraclePKIX509CertImpl.getBasicConstraints(), str2);
            byte[] localKeyID = pKCS12CertBag.getLocalKeyID();
            OracleLocalKeyId.a(localKeyID, recalculateTrustFlagforTrustCert);
            pKCS12CertBag.setLocalKeyID(localKeyID);
        }
        if (str != null) {
            pKCS12CertBag.setFriendlyName(str.toLowerCase());
        }
        bagsAsList.add(pKCS12CertBag);
        int length = pkcs12.length();
        if (OraclePKIDebug.getDebugFlag()) {
            OraclePKIDebug.a("OracleWallet: added key bag " + i2);
            OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + authSafesAsList.size() + " safes");
            OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, X500Principal x500Principal) throws IOException, KeyStoreException, CertificateEncodingException, NoSuchAlgorithmException, UnrecoverableKeyException {
        CertificateRequest certificateRequest = null;
        boolean z = false;
        X500Name x500Name = new X500Name(x500Principal.toString());
        Enumeration engineAliases = engineAliases();
        while (true) {
            if (!engineAliases.hasMoreElements()) {
                break;
            }
            String str = (String) engineAliases.nextElement();
            if (engineIsKeyEntry(str)) {
                Key engineGetKey = engineGetKey(str, null);
                if (engineGetKey.getAlgorithm().equals(PKIConstants.RSA)) {
                    certificateRequest = ((OraclePKIRSAPrivateKey) engineGetKey).getCertificateRequest();
                } else if (engineGetKey.getAlgorithm().equals(PKIConstants.EC)) {
                    certificateRequest = ((OraclePKIECPrivateKey) engineGetKey).getCertificateRequest();
                } else {
                    continue;
                }
                if (certificateRequest != null && x500Name.equals(new X500Name(certificateRequest.getSubject().toString()))) {
                    if (((OraclePKIX509CertImpl) engineGetCertificate(str)) != null) {
                        throw new IOException(a.getString(OraclePKIMsgID.Z));
                    }
                    z = true;
                }
            }
        }
        if (z) {
            return a(inputStream, cArr, certificateRequest, true);
        }
        OraclePKIDebug.a("internalRemoveCertReq: No cert request in wallet with matching DN.");
        throw new IOException(a.getString(OraclePKIMsgID.T));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] e(InputStream inputStream, char[] cArr, String str) throws IOException, KeyStoreException, CertificateEncodingException, NoSuchAlgorithmException, UnrecoverableKeyException {
        CertificateRequest certificateRequest = null;
        boolean z = false;
        Enumeration engineAliases = engineAliases();
        while (true) {
            if (!engineAliases.hasMoreElements()) {
                break;
            }
            String str2 = (String) engineAliases.nextElement();
            if (engineIsKeyEntry(str2) && str.equals(str2)) {
                Key engineGetKey = engineGetKey(str2, null);
                if (engineGetKey.getAlgorithm().equals(PKIConstants.RSA)) {
                    certificateRequest = ((OraclePKIRSAPrivateKey) engineGetKey).getCertificateRequest();
                } else if (engineGetKey.getAlgorithm().equals(PKIConstants.EC)) {
                    certificateRequest = ((OraclePKIECPrivateKey) engineGetKey).getCertificateRequest();
                } else {
                    continue;
                }
                if (certificateRequest != null) {
                    if (((OraclePKIX509CertImpl) engineGetCertificate(str2)) != null) {
                        throw new IOException(a.getString(OraclePKIMsgID.Z));
                    }
                    z = true;
                }
            }
        }
        if (z) {
            return a(inputStream, cArr, certificateRequest, true);
        }
        OraclePKIDebug.a("internalRemoveCertReq: No cert request in wallet with matching alias.");
        throw new IOException(a.getString(OraclePKIMsgID.X) + str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] f(InputStream inputStream, char[] cArr, String str) throws IOException, KeyStoreException, CertificateEncodingException, NoSuchAlgorithmException, UnrecoverableKeyException {
        CertificateRequest certificateRequest = null;
        boolean z = false;
        Enumeration engineAliases = engineAliases();
        while (true) {
            if (!engineAliases.hasMoreElements()) {
                break;
            }
            String str2 = (String) engineAliases.nextElement();
            if (engineIsKeyEntry(str2) && str.equals(str2)) {
                OraclePKIRSAPrivateKey oraclePKIRSAPrivateKey = (OraclePKIRSAPrivateKey) engineGetKey(str2, null);
                certificateRequest = oraclePKIRSAPrivateKey.getCertificateRequest();
                if (!oraclePKIRSAPrivateKey.isPvtKeyPresent()) {
                    throw new IOException(a.getString(OraclePKIMsgID.X) + str);
                }
                if (certificateRequest != null) {
                    z = true;
                    break;
                }
            }
        }
        if (z) {
            return a(inputStream, cArr, certificateRequest, false);
        }
        OraclePKIDebug.a("internalRemovePrivateKey: No cert request in wallet with matching alias.");
        throw new IOException(a.getString(OraclePKIMsgID.X) + str);
    }

    byte[] a(InputStream inputStream, char[] cArr, CertificateRequest certificateRequest, boolean z) throws IOException, KeyStoreException, CertificateEncodingException, NoSuchAlgorithmException, UnrecoverableKeyException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateRequest.output(byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byte[] bArr = null;
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
        PKCS12Safe pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        int i2 = 0;
        while (true) {
            if (i2 >= bagsAsList.size()) {
                break;
            }
            PKCS12SecretBag pKCS12SecretBag = (PKCS12Bag) bagsAsList.get(i2);
            if (b((PKCS12Bag) pKCS12SecretBag) && Arrays.equals(byteArray, pKCS12SecretBag.getSecretValue().getValue())) {
                bArr = pKCS12SecretBag.getLocalKeyID();
                if (z) {
                    bagsAsList.remove(i2);
                }
            } else {
                i2++;
            }
        }
        byte[] c = OracleLocalKeyId.c(OracleLocalKeyId.k(bArr), OracleLocalKeyId.l(bArr));
        int i3 = 0;
        while (true) {
            if (i3 >= bagsAsList.size()) {
                break;
            }
            PKCS12Bag pKCS12Bag = (PKCS12Bag) bagsAsList.get(i3);
            if (c(pKCS12Bag) && a(pKCS12Bag.getLocalKeyID(), c)) {
                bagsAsList.remove(i3);
                break;
            }
            i3++;
        }
        pKCS12Safe.setBags(bagsAsList);
        if (bagsAsList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream2);
        return byteArrayOutputStream2.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int g(InputStream inputStream, char[] cArr, String str) throws IOException, KeyStoreException, CertificateEncodingException, NoSuchAlgorithmException, UnrecoverableKeyException {
        CertificateRequest certificateRequest = null;
        boolean z = false;
        Enumeration engineAliases = engineAliases();
        while (true) {
            if (!engineAliases.hasMoreElements()) {
                break;
            }
            String str2 = (String) engineAliases.nextElement();
            if (engineIsKeyEntry(str2) && str.equals(str2)) {
                Key engineGetKey = engineGetKey(str2, null);
                if (engineGetKey.getAlgorithm().equals(PKIConstants.RSA)) {
                    certificateRequest = ((OraclePKIRSAPrivateKey) engineGetKey).getCertificateRequest();
                } else if (engineGetKey.getAlgorithm().equals(PKIConstants.EC)) {
                    certificateRequest = ((OraclePKIECPrivateKey) engineGetKey).getCertificateRequest();
                }
                if (certificateRequest != null) {
                    z = true;
                    break;
                }
            }
        }
        if (!z) {
            OraclePKIDebug.a("internalGetCRCompNum: No cert request in wallet with matching alias.");
            throw new IOException(a.getString(OraclePKIMsgID.X) + str);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateRequest.output(byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
        ArrayList bagsAsList = ((PKCS12Safe) pkcs12.getAuthSafesAsList().get(0)).getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            PKCS12SecretBag pKCS12SecretBag = (PKCS12Bag) bagsAsList.get(i2);
            if (b((PKCS12Bag) pKCS12SecretBag) && Arrays.equals(byteArray, pKCS12SecretBag.getSecretValue().getValue())) {
                return OracleLocalKeyId.l(pKCS12SecretBag.getLocalKeyID());
            }
        }
        throw new IOException("Check wallet.");
    }

    byte[] b(InputStream inputStream, char[] cArr, X500Principal x500Principal) throws IOException, KeyStoreException, CertificateEncodingException {
        return a(inputStream, cArr, x500Principal, (String) null, (String) null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, X500Principal x500Principal, String str, String str2) throws IOException, KeyStoreException, CertificateEncodingException {
        OraclePKIX509CertImpl oraclePKIX509CertImpl;
        OraclePKIX509CertImpl oraclePKIX509CertImpl2 = null;
        boolean z = false;
        X500Name x500Name = new X500Name(x500Principal.toString());
        X500Name x500Name2 = str != null ? new X500Name(str) : null;
        BigInteger bigInteger = str2 != null ? (str2.length() > 2 && str2.charAt(0) == '0' && (str2.charAt(1) == 'x' || str2.charAt(1) == 'X')) ? new BigInteger(str2.substring(2), 16) : new BigInteger(str2) : null;
        Enumeration engineAliases = engineAliases();
        while (engineAliases.hasMoreElements()) {
            String str3 = (String) engineAliases.nextElement();
            if (engineIsKeyEntry(str3) && (oraclePKIX509CertImpl = (OraclePKIX509CertImpl) engineGetCertificate(str3)) != null) {
                String principal = oraclePKIX509CertImpl.getSubjectDN().toString();
                String principal2 = oraclePKIX509CertImpl.getIssuerDN().toString();
                BigInteger serialNumber = oraclePKIX509CertImpl.getSerialNumber();
                boolean z2 = false;
                boolean z3 = false;
                if (x500Name.equals(new X500Name(principal))) {
                    if (str == null || (str != null && x500Name2.equals(new X500Name(principal2)))) {
                        z2 = true;
                    }
                    if (str2 == null || (str2 != null && bigInteger.equals(serialNumber))) {
                        z3 = true;
                    }
                    if (z2 && z3) {
                        if (z) {
                            OraclePKIDebug.a("Multiple certs with matching params exist.");
                            throw new IOException(a.getString(OraclePKIMsgID.an));
                        }
                        z = true;
                        oraclePKIX509CertImpl2 = oraclePKIX509CertImpl;
                    }
                } else {
                    continue;
                }
            }
        }
        if (!z) {
            OraclePKIDebug.a("internalRemoveUserCert: No user cert in wallet with matching inputs.");
            throw new IOException(a.getString(OraclePKIMsgID.V));
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
        PKCS12Safe pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        ArrayList arrayList = new ArrayList(bagsAsList.size());
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i2);
            if (a((PKCS12Bag) pKCS12CertBag) && OracleLocalKeyId.c(pKCS12CertBag.getLocalKeyID())) {
                X509 cert = pKCS12CertBag.getCert();
                X509 x509 = new X509(oraclePKIX509CertImpl2.getEncoded());
                if (x509 == null || !x509.equals(cert)) {
                    arrayList.add(pKCS12CertBag);
                }
            } else {
                if (a((PKCS12Bag) pKCS12CertBag) && !OracleLocalKeyId.d(pKCS12CertBag.getLocalKeyID())) {
                    X509 cert2 = pKCS12CertBag.getCert();
                    X509 x5092 = new X509(oraclePKIX509CertImpl2.getEncoded());
                    if (x5092 != null && x5092.equals(cert2)) {
                    }
                }
                arrayList.add(pKCS12CertBag);
            }
        }
        pKCS12Safe.setBags(arrayList);
        if (arrayList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] h(InputStream inputStream, char[] cArr, String str) throws IOException, KeyStoreException, CertificateEncodingException {
        OraclePKIX509CertImpl oraclePKIX509CertImpl = null;
        boolean z = false;
        Enumeration engineAliases = engineAliases();
        while (true) {
            if (!engineAliases.hasMoreElements()) {
                break;
            }
            String str2 = (String) engineAliases.nextElement();
            if (engineIsKeyEntry(str2)) {
                oraclePKIX509CertImpl = (OraclePKIX509CertImpl) engineGetCertificate(str2);
                if (oraclePKIX509CertImpl != null && str.equals(str2)) {
                    z = true;
                    break;
                }
            }
        }
        if (!z) {
            OraclePKIDebug.a("internalRemoveUserCert: No user cert in wallet with matching alias.");
            throw new IOException(a.getString(OraclePKIMsgID.Y) + str);
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
        PKCS12Safe pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        ArrayList arrayList = new ArrayList(bagsAsList.size());
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i2);
            if (a((PKCS12Bag) pKCS12CertBag) && OracleLocalKeyId.c(pKCS12CertBag.getLocalKeyID())) {
                if (!new X509(oraclePKIX509CertImpl.getEncoded()).equals(pKCS12CertBag.getCert())) {
                    arrayList.add(pKCS12CertBag);
                }
            } else {
                arrayList.add(pKCS12CertBag);
            }
        }
        pKCS12Safe.setBags(arrayList);
        if (arrayList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, OraclePKIX509CertImpl oraclePKIX509CertImpl, String str, String str2) throws IOException, KeyStoreException, CertificateEncodingException {
        OraclePKIX509CertImpl oraclePKIX509CertImpl2;
        OraclePKIX509CertImpl oraclePKIX509CertImpl3 = null;
        boolean z = false;
        X500Name x500Name = new X500Name(oraclePKIX509CertImpl.getSubjectDN().toString());
        X500Name x500Name2 = str != null ? new X500Name(str) : null;
        BigInteger bigInteger = str2 != null ? (str2.length() > 2 && str2.charAt(0) == '0' && (str2.charAt(1) == 'x' || str2.charAt(1) == 'X')) ? new BigInteger(str2.substring(2), 16) : new BigInteger(str2) : null;
        Enumeration engineAliases = engineAliases();
        while (engineAliases.hasMoreElements()) {
            String str3 = (String) engineAliases.nextElement();
            if (engineIsKeyEntry(str3) && (oraclePKIX509CertImpl2 = (OraclePKIX509CertImpl) engineGetCertificate(str3)) != null) {
                String principal = oraclePKIX509CertImpl2.getSubjectDN().toString();
                String principal2 = oraclePKIX509CertImpl2.getIssuerDN().toString();
                BigInteger serialNumber = oraclePKIX509CertImpl2.getSerialNumber();
                boolean z2 = false;
                boolean z3 = false;
                if (x500Name.equals(new X500Name(principal))) {
                    if (str == null || (x500Name2 != null && x500Name2.equals(new X500Name(principal2)))) {
                        z2 = true;
                    }
                    if (str2 == null || (str2 != null && bigInteger.equals(serialNumber))) {
                        z3 = true;
                    }
                    boolean z4 = IsPubKeyMatching(oraclePKIX509CertImpl, oraclePKIX509CertImpl2);
                    if (z2 && z3 && z4) {
                        if (z) {
                            OraclePKIDebug.a("Multiple certs with matching params exist.");
                            throw new IOException(a.getString(OraclePKIMsgID.an));
                        }
                        z = true;
                        oraclePKIX509CertImpl3 = oraclePKIX509CertImpl2;
                    }
                } else {
                    continue;
                }
            }
        }
        if (!z) {
            OraclePKIDebug.a("internalRemoveUserCert: No user cert in wallet with matching inputs.");
            throw new IOException(a.getString(OraclePKIMsgID.V));
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
        PKCS12Safe pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        ArrayList arrayList = new ArrayList(bagsAsList.size());
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i2);
            if (a((PKCS12Bag) pKCS12CertBag) && OracleLocalKeyId.c(pKCS12CertBag.getLocalKeyID())) {
                X509 cert = pKCS12CertBag.getCert();
                X509 x509 = new X509(oraclePKIX509CertImpl3.getEncoded());
                if (x509 == null || !x509.equals(cert)) {
                    arrayList.add(pKCS12CertBag);
                }
            } else {
                arrayList.add(pKCS12CertBag);
            }
        }
        pKCS12Safe.setBags(arrayList);
        if (arrayList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean b(InputStream inputStream, char[] cArr) throws IOException, SignatureException, CertificateEncodingException {
        OraclePKIDebug.a("OracleKeyStoreSpi::checkTrustFlagsEnabled: Entry");
        byte[] bArr = {0, 0, 0, 0};
        boolean z = false;
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        ArrayList bagsAsList = ((PKCS12Safe) pkcs12.getAuthSafesAsList().get(0)).getBagsAsList();
        int i2 = 0;
        while (true) {
            if (i2 >= bagsAsList.size()) {
                break;
            }
            if (((PKCS12Bag) bagsAsList.get(i2)) instanceof PKCS12SecretBag) {
                PKCS12SecretBag pKCS12SecretBag = (PKCS12SecretBag) bagsAsList.get(i2);
                if (pKCS12SecretBag.getSecretType().equals(new ASN1ObjectID(i)) && pKCS12SecretBag.getSecretValue().getValue()[1] == 1) {
                    z = true;
                    break;
                }
            }
            i2++;
        }
        OraclePKIDebug.a("OracleKeyStoreSpi::checkTrustFlagsEnabled: Exit");
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, HashMap hashMap) throws IOException, SignatureException, CertificateEncodingException {
        byte[] localKeyID;
        String a2;
        OraclePKIDebug.a("OracleKeyStoreSpi::getTrustFlagsValue: Entry");
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        ArrayList bagsAsList = ((PKCS12Safe) pkcs12.getAuthSafesAsList().get(0)).getBagsAsList();
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            String str = null;
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i2);
            if (a((PKCS12Bag) pKCS12CertBag) && (localKeyID = pKCS12CertBag.getLocalKeyID()) != null && (a2 = OracleLocalKeyId.a(localKeyID)) != null && !"".equals(a2)) {
                X509 cert = pKCS12CertBag.getCert();
                String x500Name = cert.getIssuer().toString();
                String bigInteger = cert.getSerialNo().toString();
                if (OracleLocalKeyId.c(localKeyID)) {
                    str = CertType.USER.b() + cert.getSubject().toString() + x500Name + bigInteger;
                } else if (OracleLocalKeyId.d(localKeyID)) {
                    str = CertType.TRUSTED.b() + cert.getSubject().toString() + x500Name + bigInteger;
                }
                if (str != null && a2 != null) {
                    hashMap.put(str, a2);
                    OraclePKIDebug.a("OracleKeyStoreSpi::getTrustFlagsValue: " + str + " = " + a2);
                }
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(pkcs12.length());
        pkcs12.output(byteArrayOutputStream);
        OraclePKIDebug.a("OracleKeyStoreSpi::getTrustFlagsValue: Exit");
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, String str, String str2, String str3, String str4, HashMap hashMap) throws IOException, SignatureException, CertificateEncodingException {
        OraclePKIX509CertImpl oraclePKIX509CertImpl;
        OraclePKIDebug.a("OracleKeyStoreSpi::assignTrustFlagstoCert: Entry");
        boolean z = false;
        OraclePKIX509CertImpl oraclePKIX509CertImpl2 = null;
        Enumeration engineAliases = engineAliases();
        while (engineAliases.hasMoreElements()) {
            String str5 = (String) engineAliases.nextElement();
            if (engineIsCertificateEntry(str5) && (oraclePKIX509CertImpl = (OraclePKIX509CertImpl) engineGetCertificate(str5)) != null && a(oraclePKIX509CertImpl.getX509(), str, str2, str3)) {
                if (z) {
                    OraclePKIDebug.a(a.getString(OraclePKIMsgID.an));
                    throw new IOException(a.getString(OraclePKIMsgID.an));
                }
                oraclePKIX509CertImpl2 = oraclePKIX509CertImpl;
                z = true;
            }
        }
        OraclePKIDebug.a("OracleKeyStoreSpi::assignTrustFlagstoCert: Found 1 matching cert for assigning Trust Flags.");
        if (!z) {
            OraclePKIDebug.a(a.getString(OraclePKIMsgID.al));
            throw new IOException(a.getString(OraclePKIMsgID.al));
        }
        if (TrustFlags.NZTF_VALID_PEER.c().equals(str4) && oraclePKIX509CertImpl2.getBasicConstraints() != -1) {
            OraclePKIDebug.a("Cannot assign VALID_PEER flag to a CA certificate.");
            throw new IOException("Cannot assign VALID_PEER flag to a CA certificate.");
        }
        if (oraclePKIX509CertImpl2.getBasicConstraints() == -1 && (TrustFlags.NZTF_SERVER_AUTH.c().equals(str4) || TrustFlags.NZTF_CLIENT_AUTH.c().equals(str4) || (str4 != null && str4.equals(TrustFlags.NZTF_SERVER_AUTH.c() + "," + TrustFlags.NZTF_CLIENT_AUTH.c())))) {
            OraclePKIDebug.a("Cannot assign SERVER_AUTH/CLIENT_AUTH flag to an EE certificate.");
            throw new IOException("Cannot assign SERVER_AUTH/CLIENT_AUTH flag to an EE certificate.");
        }
        if (!a(oraclePKIX509CertImpl2, hashMap, str4)) {
            OraclePKIDebug.a("This operation will result in wallet going into an inconsistent state.");
            throw new IOException("This operation will result in wallet going into an inconsistent state.");
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        ArrayList bagsAsList = ((PKCS12Safe) pkcs12.getAuthSafesAsList().get(0)).getBagsAsList();
        X509 x509 = new X509(oraclePKIX509CertImpl2.getEncoded());
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i2);
            if (a((PKCS12Bag) pKCS12CertBag) && OracleLocalKeyId.d(pKCS12CertBag.getLocalKeyID())) {
                byte[] localKeyID = pKCS12CertBag.getLocalKeyID();
                X509 cert = pKCS12CertBag.getCert();
                if (x509 != null && x509.equals(cert)) {
                    OracleLocalKeyId.a(localKeyID, str4);
                    pKCS12CertBag.setLocalKeyID(localKeyID);
                    OraclePKIDebug.a("OracleKeyStoreSpi::assignTrustFlagstoCert: Trust Flags successfully assigned to matching certificate.");
                }
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(pkcs12.length());
        pkcs12.output(byteArrayOutputStream);
        OraclePKIDebug.a("OracleKeyStoreSpi::assignTrustFlagstoCert: Exit");
        return byteArrayOutputStream.toByteArray();
    }

    private boolean a(X509 x509, String str, String str2, String str3) {
        String str4 = null;
        String str5 = null;
        String str6 = null;
        X500Name x500Name = null;
        if (str == null) {
            return false;
        }
        String x500Name2 = x509.getSubject().toString();
        String x500Name3 = x509.getIssuer().toString();
        BigInteger serialNo = x509.getSerialNo();
        if (null != serialNo) {
            str4 = serialNo.toString();
            str5 = serialNo.toString(16);
            str6 = "0x" + serialNo.toString(16);
        }
        X500Name x500Name4 = new X500Name(new X500Principal(str).toString());
        if (str2 != null) {
            x500Name = new X500Name(new X500Principal(str2).toString());
        }
        if (!x500Name4.equals(new X500Name(x500Name2))) {
            return false;
        }
        if (x500Name == null || x500Name.equals(new X500Name(x500Name3))) {
            return str3 == null || null == serialNo || str3.equals(str4) || str3.equalsIgnoreCase(str5) || str3.equalsIgnoreCase(str6);
        }
        return false;
    }

    boolean a(OraclePKIX509CertImpl oraclePKIX509CertImpl, HashMap hashMap, String str) throws IOException {
        Certificate[] c;
        String str2;
        boolean z = true;
        if (oraclePKIX509CertImpl == null) {
            return true;
        }
        String str3 = CertType.TRUSTED.b() + oraclePKIX509CertImpl.getSubjectDN().toString() + oraclePKIX509CertImpl.getIssuerDN().toString() + oraclePKIX509CertImpl.getSerialNumber().toString();
        if (hashMap == null) {
            return true;
        }
        String str4 = (String) hashMap.get(str3);
        String c2 = TrustFlags.NZTF_SERVER_AUTH.c();
        if (str4 != null && str4.indexOf(c2) != -1) {
            if (str4.indexOf(c2) != -1 && str.indexOf(c2) != -1) {
                return true;
            }
            Iterator it = this.c.entrySet().iterator();
            while (it.hasNext() && z) {
                Map.Entry entry = (Map.Entry) it.next();
                if ((((OracleKSEntry) entry.getValue()) instanceof OracleKSIdentityEntry) && (c = ((OracleKSIdentityEntry) entry.getValue()).c()) != null && !((X509Certificate) c[c.length - 1]).getSubjectDN().getName().equals(((X509Certificate) c[c.length - 1]).getIssuerDN().getName())) {
                    boolean z2 = false;
                    int i2 = 1;
                    while (true) {
                        if (i2 >= c.length) {
                            break;
                        }
                        if (!oraclePKIX509CertImpl.equals(c[i2]) && (str2 = (String) hashMap.get(CertType.TRUSTED.b() + ((X509Certificate) c[i2]).getSubjectDN().getName() + ((X509Certificate) c[i2]).getIssuerDN().getName() + ((X509Certificate) c[i2]).getSerialNumber().toString())) != null && str2.indexOf(c2) != -1) {
                            z2 = true;
                            break;
                        }
                        i2++;
                    }
                    if (!z2) {
                        z = false;
                    }
                }
            }
            return z;
        }
        return true;
    }

    byte[] a(InputStream inputStream, char[] cArr, OracleWallet.DEF_TF_ADD def_tf_add) throws IOException, SignatureException, CertificateEncodingException {
        OraclePKIDebug.a("OracleKeyStoreSpi::addDefaultFlagtoTrustedCerts: Entry");
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        ArrayList bagsAsList = ((PKCS12Safe) pkcs12.getAuthSafesAsList().get(0)).getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi::addDefaultFlagtoTrustedCerts: Number of bags in wallet: " + bagsAsList.size());
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            PKCS12Bag pKCS12Bag = (PKCS12Bag) bagsAsList.get(i2);
            if (a(pKCS12Bag) && OracleLocalKeyId.d(pKCS12Bag.getLocalKeyID())) {
                byte[] localKeyID = pKCS12Bag.getLocalKeyID();
                if (def_tf_add == OracleWallet.DEF_TF_ADD.SERVER_CLIENT_AUTH) {
                    OracleLocalKeyId.a(localKeyID, TrustFlags.NZTF_SERVER_AUTH.c() + "," + TrustFlags.NZTF_CLIENT_AUTH.c());
                } else {
                    if (def_tf_add != OracleWallet.DEF_TF_ADD.NULL) {
                        throw new IOException("Invalid cert type input.");
                    }
                    OracleLocalKeyId.a(localKeyID, TrustFlags.NZTF_NULL.c());
                }
                pKCS12Bag.setLocalKeyID(localKeyID);
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(pkcs12.length());
        pkcs12.output(byteArrayOutputStream);
        OraclePKIDebug.a("OracleKeyStoreSpi::addDefaultFlagtoTrustedCerts: Default Flags added to Trusted certificates.");
        OraclePKIDebug.a("OracleKeyStoreSpi::addDefaultFlagtoTrustedCerts: Exit");
        return byteArrayOutputStream.toByteArray();
    }

    byte[] c(InputStream inputStream, char[] cArr) throws IOException, SignatureException, CertificateEncodingException {
        OraclePKIDebug.a("OracleKeyStoreSpi::addDefaultFlagtoUserCerts: Entry");
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        ArrayList bagsAsList = ((PKCS12Safe) pkcs12.getAuthSafesAsList().get(0)).getBagsAsList();
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            PKCS12Bag pKCS12Bag = (PKCS12Bag) bagsAsList.get(i2);
            if (a(pKCS12Bag) && OracleLocalKeyId.c(pKCS12Bag.getLocalKeyID())) {
                byte[] localKeyID = pKCS12Bag.getLocalKeyID();
                OracleLocalKeyId.a(localKeyID, TrustFlags.NZTF_USER_CERT.c());
                pKCS12Bag.setLocalKeyID(localKeyID);
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(pkcs12.length());
        pkcs12.output(byteArrayOutputStream);
        OraclePKIDebug.a("OracleKeyStoreSpi::addDefaultFlagtoUserCerts: Default Trust Flags successfully added to User certificates.");
        OraclePKIDebug.a("OracleKeyStoreSpi::addDefaultFlagtoUserCerts: Exit");
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] b(InputStream inputStream, char[] cArr, HashMap hashMap) throws IOException, KeyStoreException, CertificateEncodingException {
        Enumeration engineAliases = engineAliases();
        while (engineAliases.hasMoreElements()) {
            String str = (String) engineAliases.nextElement();
            if (!engineIsCertificateEntry(str) || ((OraclePKIX509CertImpl) engineGetCertificate(str)) != null) {
            }
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
        PKCS12Safe pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        ArrayList arrayList = new ArrayList(bagsAsList.size());
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            PKCS12Bag pKCS12Bag = (PKCS12Bag) bagsAsList.get(i2);
            if (!a(pKCS12Bag) || !OracleLocalKeyId.d(pKCS12Bag.getLocalKeyID())) {
                arrayList.add(pKCS12Bag);
            }
        }
        pKCS12Safe.setBags(arrayList);
        if (arrayList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(X500Principal x500Principal, HashMap hashMap) throws IOException, KeyStoreException, CertificateEncodingException {
        OraclePKIX509CertImpl oraclePKIX509CertImpl = null;
        boolean z = false;
        X500Name x500Name = new X500Name(x500Principal.toString());
        Enumeration engineAliases = engineAliases();
        while (true) {
            if (!engineAliases.hasMoreElements()) {
                break;
            }
            String str = (String) engineAliases.nextElement();
            if (engineIsCertificateEntry(str)) {
                oraclePKIX509CertImpl = (OraclePKIX509CertImpl) engineGetCertificate(str);
                if (oraclePKIX509CertImpl != null && x500Name.equals(new X500Name(oraclePKIX509CertImpl.getSubjectDN().toString()))) {
                    z = true;
                    break;
                }
            }
        }
        if (z) {
            return a(oraclePKIX509CertImpl, hashMap);
        }
        OraclePKIDebug.a("internalIsTrustedCertUsedInChain: No trusted cert in wallet with matching DN.");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(String str, HashMap hashMap) throws IOException, KeyStoreException, CertificateEncodingException {
        OraclePKIX509CertImpl oraclePKIX509CertImpl = null;
        boolean z = false;
        Enumeration engineAliases = engineAliases();
        while (true) {
            if (!engineAliases.hasMoreElements()) {
                break;
            }
            String str2 = (String) engineAliases.nextElement();
            if (engineIsCertificateEntry(str2)) {
                oraclePKIX509CertImpl = (OraclePKIX509CertImpl) engineGetCertificate(str2);
                if (str.equals(str2) && oraclePKIX509CertImpl != null) {
                    z = true;
                    break;
                }
            }
        }
        if (z) {
            return a(oraclePKIX509CertImpl, hashMap);
        }
        OraclePKIDebug.a("internalIsTrustedCertUsedInChain: No trusted cert in wallet with matching alias.");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int i(InputStream inputStream, char[] cArr, String str) throws IOException, KeyStoreException, CertificateEncodingException {
        OraclePKIX509CertImpl oraclePKIX509CertImpl = null;
        boolean z = false;
        Enumeration engineAliases = engineAliases();
        while (true) {
            if (!engineAliases.hasMoreElements()) {
                break;
            }
            String str2 = (String) engineAliases.nextElement();
            if (engineIsKeyEntry(str2)) {
                oraclePKIX509CertImpl = (OraclePKIX509CertImpl) engineGetCertificate(str2);
                if (oraclePKIX509CertImpl != null && str.equals(str2)) {
                    z = true;
                    break;
                }
            }
        }
        if (!z) {
            OraclePKIDebug.a("internalGetCertCompNum: No user cert in wallet with matching alias.");
            throw new IOException(a.getString(OraclePKIMsgID.Y) + str);
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
        ArrayList bagsAsList = ((PKCS12Safe) pkcs12.getAuthSafesAsList().get(0)).getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i2);
            if (a((PKCS12Bag) pKCS12CertBag) && OracleLocalKeyId.c(pKCS12CertBag.getLocalKeyID())) {
                if (new X509(oraclePKIX509CertImpl.getEncoded()).equals(pKCS12CertBag.getCert())) {
                    return OracleLocalKeyId.l(pKCS12CertBag.getLocalKeyID());
                }
            }
        }
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int j(InputStream inputStream, char[] cArr, String str) throws IOException, KeyStoreException, CertificateEncodingException {
        OraclePKIX509CertImpl oraclePKIX509CertImpl = null;
        boolean z = false;
        Enumeration engineAliases = engineAliases();
        while (true) {
            if (!engineAliases.hasMoreElements()) {
                break;
            }
            String str2 = (String) engineAliases.nextElement();
            if (engineIsCertificateEntry(str2)) {
                oraclePKIX509CertImpl = (OraclePKIX509CertImpl) engineGetCertificate(str2);
                if (oraclePKIX509CertImpl != null && str.equals(str2)) {
                    z = true;
                    break;
                }
            }
        }
        if (!z) {
            OraclePKIDebug.a("internalGetTCertCompNum: No trusted cert in wallet with matching DN.");
            throw new IOException("No trusted cert in wallet with matching DN.");
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
        ArrayList bagsAsList = ((PKCS12Safe) pkcs12.getAuthSafesAsList().get(0)).getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i2);
            if (a((PKCS12Bag) pKCS12CertBag) && OracleLocalKeyId.d(pKCS12CertBag.getLocalKeyID())) {
                if (new X509(oraclePKIX509CertImpl.getEncoded()).equals(pKCS12CertBag.getCert())) {
                    return OracleLocalKeyId.l(pKCS12CertBag.getLocalKeyID());
                }
            }
        }
        return 0;
    }

    byte[] a(InputStream inputStream, char[] cArr, X500Principal x500Principal, HashMap hashMap) throws IOException, KeyStoreException, CertificateEncodingException {
        return a(inputStream, cArr, x500Principal, (String) null, (String) null, hashMap);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, X500Principal x500Principal, String str, String str2, HashMap hashMap) throws IOException, KeyStoreException, CertificateEncodingException {
        OraclePKIX509CertImpl oraclePKIX509CertImpl;
        OraclePKIX509CertImpl oraclePKIX509CertImpl2 = null;
        boolean z = false;
        X500Name x500Name = new X500Name(x500Principal.toString());
        X500Name x500Name2 = str != null ? new X500Name(str) : null;
        BigInteger calculateSerialNumber = OraclePKIGenFunc.calculateSerialNumber(str2);
        Enumeration engineAliases = engineAliases();
        while (engineAliases.hasMoreElements()) {
            String str3 = (String) engineAliases.nextElement();
            if (engineIsCertificateEntry(str3) && (oraclePKIX509CertImpl = (OraclePKIX509CertImpl) engineGetCertificate(str3)) != null) {
                String principal = oraclePKIX509CertImpl.getSubjectDN().toString();
                String principal2 = oraclePKIX509CertImpl.getIssuerDN().toString();
                BigInteger serialNumber = oraclePKIX509CertImpl.getSerialNumber();
                boolean z2 = false;
                boolean z3 = false;
                if (x500Name.equals(new X500Name(principal))) {
                    if (str == null || (str != null && x500Name2.equals(new X500Name(principal2)))) {
                        z2 = true;
                    }
                    if (str2 == null || (str2 != null && calculateSerialNumber.equals(serialNumber))) {
                        z3 = true;
                    }
                    if (z2 && z3) {
                        if (z) {
                            OraclePKIDebug.a("Multiple certs with matching params exist.");
                            throw new IOException(a.getString(OraclePKIMsgID.an) + " " + oraclePKIX509CertImpl.getSubjectDN().toString());
                        }
                        z = true;
                        oraclePKIX509CertImpl2 = oraclePKIX509CertImpl;
                    }
                } else {
                    continue;
                }
            }
        }
        if (!z) {
            OraclePKIDebug.a("internalRemoveTrustedCert: No trusted cert in wallet with matching inputs.");
            throw new IOException(a.getString(OraclePKIMsgID.V));
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
        PKCS12Safe pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        ArrayList arrayList = new ArrayList(bagsAsList.size());
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + "bags");
        int i2 = 0;
        for (int i3 = 0; i3 < bagsAsList.size(); i3++) {
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i3);
            if (a((PKCS12Bag) pKCS12CertBag) && OracleLocalKeyId.d(pKCS12CertBag.getLocalKeyID())) {
                X509 cert = pKCS12CertBag.getCert();
                X509 x509 = new X509(oraclePKIX509CertImpl2.getEncoded());
                if (x509 == null || !x509.equals(cert)) {
                    PKCS12CertBag pKCS12CertBag2 = new PKCS12CertBag(pKCS12Safe, cert);
                    pKCS12CertBag2.setLocalKeyID(OracleLocalKeyId.b(0, i2));
                    String a2 = OracleLocalKeyId.a(pKCS12CertBag.getLocalKeyID());
                    if (a2 != null && !"".equals(a2)) {
                        byte[] localKeyID = pKCS12CertBag2.getLocalKeyID();
                        OracleLocalKeyId.a(localKeyID, a2);
                        pKCS12CertBag2.setLocalKeyID(localKeyID);
                    }
                    String friendlyName = pKCS12CertBag.getFriendlyName();
                    if (friendlyName != null) {
                        pKCS12CertBag2.setFriendlyName(friendlyName);
                    }
                    arrayList.add(pKCS12CertBag2);
                    OraclePKIDebug.a("OracleWallet: added cert bag " + i2);
                    i2++;
                }
            } else {
                arrayList.add(pKCS12CertBag);
            }
        }
        pKCS12Safe.setBags(arrayList);
        if (arrayList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, String str, HashMap hashMap) throws IOException, KeyStoreException, CertificateEncodingException {
        OraclePKIX509CertImpl oraclePKIX509CertImpl = null;
        boolean z = false;
        Enumeration engineAliases = engineAliases();
        while (true) {
            if (!engineAliases.hasMoreElements()) {
                break;
            }
            String str2 = (String) engineAliases.nextElement();
            if (engineIsCertificateEntry(str2)) {
                oraclePKIX509CertImpl = (OraclePKIX509CertImpl) engineGetCertificate(str2);
                if (oraclePKIX509CertImpl != null && str.equals(str2)) {
                    z = true;
                    break;
                }
            }
        }
        if (!z) {
            OraclePKIDebug.a("internalRemoveTrustedCert: No trusted cert in wallet with matching DN.");
            throw new IOException("No trusted cert in wallet with matching DN.");
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
        PKCS12Safe pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        ArrayList arrayList = new ArrayList(bagsAsList.size());
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        int i2 = 0;
        for (int i3 = 0; i3 < bagsAsList.size(); i3++) {
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i3);
            if (a((PKCS12Bag) pKCS12CertBag) && OracleLocalKeyId.d(pKCS12CertBag.getLocalKeyID())) {
                X509 cert = pKCS12CertBag.getCert();
                if (!new X509(oraclePKIX509CertImpl.getEncoded()).equals(cert)) {
                    PKCS12CertBag pKCS12CertBag2 = new PKCS12CertBag(pKCS12Safe, cert);
                    pKCS12CertBag2.setLocalKeyID(OracleLocalKeyId.b(0, i2));
                    String a2 = OracleLocalKeyId.a(pKCS12CertBag.getLocalKeyID());
                    if (a2 != null && !"".equals(a2)) {
                        byte[] localKeyID = pKCS12CertBag2.getLocalKeyID();
                        OracleLocalKeyId.a(localKeyID, a2);
                        pKCS12CertBag2.setLocalKeyID(localKeyID);
                    }
                    String friendlyName = pKCS12CertBag.getFriendlyName();
                    if (friendlyName != null) {
                        pKCS12CertBag2.setFriendlyName(friendlyName);
                    }
                    arrayList.add(pKCS12CertBag2);
                    OraclePKIDebug.a("OracleWallet: added cert bag " + i2);
                    i2++;
                }
            } else {
                arrayList.add(pKCS12CertBag);
            }
        }
        pKCS12Safe.setBags(arrayList);
        if (arrayList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public int retainOnlyLatestAndValidCertificateForUniquePrivateKey() {
        int i2 = 0;
        Hashtable hashtable = new Hashtable();
        HashMap hashMap = new HashMap();
        for (String str : this.c.keySet()) {
            if (engineIsKeyEntry(str)) {
                OracleKSEntry oracleKSEntry = (OracleKSEntry) this.c.get(str);
                Key a2 = oracleKSEntry.a();
                Certificate[] c = oracleKSEntry.c();
                for (Certificate certificate : c) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    try {
                        x509Certificate.checkValidity();
                    } catch (CertificateExpiredException e) {
                        X509Certificate x509Certificate2 = (X509Certificate) c[0];
                        StringBuilder append = new StringBuilder("Certificate with Subject DN=").append(x509Certificate.getSubjectDN().getName());
                        append.append(", Issuer DN=").append(x509Certificate.getIssuerDN().getName());
                        append.append(", Serial No.=").append(x509Certificate.getSerialNumber());
                        append.append(" has already expired. ");
                        append.append("So import of private key, certificate chain pair having user certificate with SubjectDN=");
                        append.append(x509Certificate2.getSubjectDN().getName());
                        append.append(", Issuer DN=").append(x509Certificate2.getIssuerDN().getName());
                        append.append(", Serial No.=").append(x509Certificate2.getSerialNumber());
                        append.append(" is skipped.");
                        System.out.println(append);
                        if (OraclePKIDebug.getDebugFlag()) {
                            e.printStackTrace();
                        }
                        i2++;
                    } catch (CertificateNotYetValidException e2) {
                        X509Certificate x509Certificate3 = (X509Certificate) c[0];
                        StringBuilder append2 = new StringBuilder("Certificate with Subject DN=").append(x509Certificate.getSubjectDN().getName());
                        append2.append(", Issuer DN=").append(x509Certificate.getIssuerDN().getName());
                        append2.append(", Serial No.=").append(x509Certificate.getSerialNumber());
                        append2.append(" is not yet into its validity period. ");
                        append2.append("So import of private key, certificate chain pair having user certificate with SubjectDN=");
                        append2.append(x509Certificate3.getSubjectDN().getName());
                        append2.append(", Issuer DN=").append(x509Certificate3.getIssuerDN().getName());
                        append2.append(", Serial No.=").append(x509Certificate3.getSerialNumber());
                        append2.append(" is skipped.");
                        System.out.println(append2);
                        if (OraclePKIDebug.getDebugFlag()) {
                            e2.printStackTrace();
                        }
                        i2++;
                    }
                }
                if (hashMap.containsKey(a2)) {
                    X509Certificate x509Certificate4 = (X509Certificate) ((OracleKSEntry) hashMap.get(a2)).c()[0];
                    X509Certificate x509Certificate5 = (X509Certificate) c[0];
                    if (x509Certificate4.getNotBefore().compareTo(x509Certificate5.getNotBefore()) < 0) {
                        hashMap.put(a2, oracleKSEntry);
                        StringBuilder append3 = new StringBuilder("User certificate with Subject DN=").append(x509Certificate4.getSubjectDN());
                        append3.append(", Issuer DN=").append(x509Certificate4.getIssuerDN());
                        append3.append(", Serial No.=").append(x509Certificate4.getSerialNumber());
                        append3.append(" and corresponding certificate chain are not imported because another user certificate for same private key is more recently issued.");
                        System.out.println(append3);
                    } else {
                        StringBuilder append4 = new StringBuilder("User certificate with Subject DN=").append(x509Certificate5.getSubjectDN());
                        append4.append(", Issuer DN=").append(x509Certificate5.getIssuerDN());
                        append4.append(", Serial No.=").append(x509Certificate5.getSerialNumber());
                        append4.append(" and corresponding certificate chain are not imported because another user certificate for same private key is more recently issued.");
                        System.out.println(append4);
                    }
                } else {
                    hashMap.put(a2, oracleKSEntry);
                }
            }
        }
        int i3 = 0;
        Iterator it = hashMap.keySet().iterator();
        while (it.hasNext()) {
            int i4 = i3;
            i3++;
            hashtable.put(o + i4, hashMap.get((Key) it.next()));
        }
        this.c = hashtable;
        return i2;
    }

    public static ArrayList<String> getAliases(PKCS12 pkcs12) {
        ArrayList<String> arrayList = new ArrayList<>();
        Iterator it = pkcs12.getAuthSafesAsList().iterator();
        while (it.hasNext()) {
            Iterator it2 = ((PKCS12Safe) it.next()).getBagsAsList().iterator();
            while (it2.hasNext()) {
                PKCS12Bag pKCS12Bag = (PKCS12Bag) it2.next();
                if (pKCS12Bag.getFriendlyName() != null) {
                    arrayList.add(pKCS12Bag.getFriendlyName());
                }
            }
        }
        return arrayList;
    }

    public static int getHighestIndexForAliasWithOrakeyPrefix(List<String> list) {
        int i2 = -1;
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String lowerCase = it.next().toLowerCase();
            if (lowerCase.startsWith(o)) {
                try {
                    int parseInt = Integer.parseInt(lowerCase.substring(o.length()));
                    if (parseInt > i2) {
                        i2 = parseInt;
                    }
                } catch (NumberFormatException e) {
                }
            }
        }
        return i2;
    }

    public static int getHighestComponentNumber(PKCS12 pkcs12) throws IOException {
        int i2 = 0;
        Iterator it = pkcs12.getAuthSafesAsList().iterator();
        while (it.hasNext()) {
            Iterator it2 = ((PKCS12Safe) it.next()).getBagsAsList().iterator();
            while (it2.hasNext()) {
                PKCS12Bag pKCS12Bag = (PKCS12Bag) it2.next();
                if (c(pKCS12Bag) || b(pKCS12Bag)) {
                    int l2 = OracleLocalKeyId.l(pKCS12Bag.getLocalKeyID());
                    if (c(pKCS12Bag) && l2 > i2) {
                        i2 = l2;
                    } else if (b(pKCS12Bag) && !a(pkcs12, l2) && l2 > i2) {
                        i2 = l2;
                    }
                }
            }
        }
        return i2;
    }

    private boolean a(Key key, Certificate[] certificateArr) {
        Key a2;
        Certificate[] c;
        OraclePKIDebug.a("OracleKeyStoreSpi::isPrivateKeyAndCertificateChainPresentAlready: Entry");
        for (String str : this.c.keySet()) {
            OracleKSEntry oracleKSEntry = (OracleKSEntry) this.c.get(str);
            if (engineIsKeyEntry(str) && (a2 = oracleKSEntry.a()) != null && (c = oracleKSEntry.c()) != null && c.length > 0) {
                Certificate certificate = c[0];
                if (Arrays.equals(key.getEncoded(), a2.getEncoded()) && certificateArr[0].equals(certificate)) {
                    OraclePKIDebug.a("OracleKeyStoreSpi::isPrivateKeyAndCertificateChainPresentAlready: Exit");
                    return true;
                }
            }
        }
        OraclePKIDebug.a("OracleKeyStoreSpi::isPrivateKeyAndCertificateChainPresentAlready: Exit");
        return false;
    }

    private boolean a(Key key) {
        Key a2;
        OraclePKIDebug.a("OracleKeyStoreSpi::isPrivateKeyPresentAlready: Entry");
        for (String str : this.c.keySet()) {
            OracleKSEntry oracleKSEntry = (OracleKSEntry) this.c.get(str);
            if (engineIsKeyEntry(str) && (a2 = oracleKSEntry.a()) != null && Arrays.equals(key.getEncoded(), a2.getEncoded())) {
                OraclePKIDebug.a("OracleKeyStoreSpi::isPrivateKeyPresentAlready: Exit");
                return true;
            }
        }
        OraclePKIDebug.a("OracleKeyStoreSpi::isPrivateKeyPresentAlready: Exit");
        return false;
    }

    public byte[] internalAddPrivateKeyAndCertificateChain(InputStream inputStream, char[] cArr, String str, Key key, Certificate[] certificateArr) throws IOException, CertificateEncodingException {
        ArrayList arrayList;
        ArrayList<String> arrayList2;
        X509 cert;
        OraclePKIDebug.a("OracleKeyStoreSpi::internalAddPrivateKeyAndCertificateChain: Entry");
        X509 x509 = new X509(certificateArr[0].getEncoded());
        X500Name x500Name = new X500Name(x509.getSubject().toString());
        X500Name x500Name2 = new X500Name(x509.getIssuer().toString());
        boolean z = false;
        if (x500Name != null && x500Name.equals(x500Name2)) {
            z = true;
        }
        boolean a2 = a(key);
        if (a(key, certificateArr)) {
            PKCS12 pkcs12 = new PKCS12(new String(cArr), inputStream);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(pkcs12.length());
            StringBuilder sb = new StringBuilder("Skipped import of private key, certificate chain pair having user certificate with Subject DN=");
            sb.append(x509.getSubject());
            sb.append(", Issuer DN=").append(x509.getIssuer());
            sb.append(", Serial No.=").append(x509.getSerialNo());
            sb.append(", because this private key and certificate chain are already present in the wallet.");
            System.out.println(sb);
            pkcs12.output(byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        }
        PKCS12 pkcs122 = new PKCS12();
        pkcs122.setPasswd(cArr);
        int i2 = 1;
        if (inputStream != null) {
            PKCS12 pkcs123 = new PKCS12(new String(cArr), inputStream);
            arrayList = pkcs123.getAuthSafesAsList();
            i2 = getHighestComponentNumber(pkcs123) + 1;
            arrayList2 = getAliases(pkcs123);
        } else {
            arrayList = new ArrayList();
            arrayList.add(new PKCS12Safe(pkcs122));
            arrayList2 = new ArrayList<>();
        }
        int highestIndexForAliasWithOrakeyPrefix = getHighestIndexForAliasWithOrakeyPrefix(arrayList2) + 1;
        PKCS12Safe pKCS12Safe = (PKCS12Safe) arrayList.get(0);
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        PKCS12KeyBag pKCS12KeyBag = new PKCS12KeyBag(pKCS12Safe, (java.security.PrivateKey) key);
        if (!a2) {
            pKCS12KeyBag.setFriendlyName(o + highestIndexForAliasWithOrakeyPrefix);
            pKCS12KeyBag.setLocalKeyID(OracleLocalKeyId.c(0, i2));
            pKCS12Safe.getBagsAsList().add(pKCS12KeyBag);
            StringBuilder sb2 = new StringBuilder("Imported private key, certificate chain pair having Subject DN=");
            sb2.append(x509.getSubject());
            sb2.append(", Issuer DN=").append(x509.getIssuer());
            sb2.append(", Serial No.=").append(x509.getSerialNo());
            sb2.append(" with alias (inside wallet) as ").append(o).append(highestIndexForAliasWithOrakeyPrefix);
            OraclePKIDebug.a(sb2.toString());
        }
        ArrayList arrayList3 = new ArrayList();
        for (int length = certificateArr.length - 1; length >= 0; length--) {
            boolean z2 = false;
            boolean z3 = false;
            boolean z4 = true;
            boolean z5 = false;
            X509 x5092 = new X509(certificateArr[length].getEncoded());
            int i3 = 0;
            while (i3 < bagsAsList.size()) {
                PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i3);
                if (a((PKCS12Bag) pKCS12CertBag) && OracleLocalKeyId.d(pKCS12CertBag.getLocalKeyID())) {
                    X509 cert2 = pKCS12CertBag.getCert();
                    if (cert2 != null && cert2.equals(x5092)) {
                        z2 = true;
                        if (length != 0) {
                            break;
                        }
                    } else {
                        X500Name x500Name3 = new X500Name(x5092.getSubject().toString());
                        X500Name x500Name4 = new X500Name(x5092.getIssuer().toString());
                        X500Name x500Name5 = new X500Name(cert2.getSubject().toString());
                        X500Name x500Name6 = new X500Name(cert2.getIssuer().toString());
                        if (x500Name3 != null && x500Name3.equals(x500Name5) && x500Name4 != null && x500Name4.equals(x500Name6) && IsPubKeyMatching(new OraclePKIX509CertImpl(x5092), new OraclePKIX509CertImpl(cert2))) {
                            if (x5092.getNotBefore().compareTo(cert2.getNotBefore()) > 0) {
                                bagsAsList.remove(i3);
                                if (length != 0) {
                                    break;
                                }
                                i3--;
                            } else {
                                z4 = false;
                            }
                        }
                    }
                }
                if (length == 0 && a((PKCS12Bag) pKCS12CertBag) && OracleLocalKeyId.c(pKCS12CertBag.getLocalKeyID()) && (((cert = pKCS12CertBag.getCert()) == null || !cert.equals(x5092)) && IsPubKeyMatching(new OraclePKIX509CertImpl(x509), new OraclePKIX509CertImpl(cert)))) {
                    z3 = true;
                    X500Name x500Name7 = new X500Name(cert.getSubject().toString());
                    X500Name x500Name8 = new X500Name(cert.getIssuer().toString());
                    if (x500Name != null && x500Name.equals(x500Name7) && x500Name2 != null && x500Name2.equals(x500Name8) && x509.getNotBefore().compareTo(cert.getNotBefore()) > 0) {
                        z5 = true;
                        bagsAsList.remove(i3);
                    }
                }
                i3++;
            }
            PKCS12CertBag pKCS12CertBag2 = new PKCS12CertBag(pKCS12Safe, x5092);
            if (length != 0 && !z2 && z4) {
                pKCS12CertBag2.setLocalKeyID(OracleLocalKeyId.b(0, 0));
                arrayList3.add(pKCS12CertBag2);
            } else if (length == 0) {
                if (z && !z2 && z4) {
                    PKCS12CertBag pKCS12CertBag3 = new PKCS12CertBag(pKCS12Safe, x5092);
                    pKCS12CertBag3.setLocalKeyID(OracleLocalKeyId.b(0, 0));
                    arrayList3.add(pKCS12CertBag3);
                }
                if (!z3 || z5) {
                    pKCS12CertBag2.setFriendlyName(o + highestIndexForAliasWithOrakeyPrefix);
                    pKCS12CertBag2.setLocalKeyID(OracleLocalKeyId.c(0, i2));
                    arrayList3.add(pKCS12CertBag2);
                } else {
                    StringBuilder sb3 = new StringBuilder("Skipped import of user certificate with Subject DN=");
                    sb3.append(x509.getSubject());
                    sb3.append(", Issuer DN=").append(x509.getIssuer());
                    sb3.append(", Serial No.=").append(x509.getSerialNo());
                    sb3.append(", because a user cert with same private key is already present in the wallet and that is most recently issued certificate.");
                    System.out.println(sb3);
                }
            }
        }
        bagsAsList.addAll(arrayList3);
        pKCS12Safe.setBags(bagsAsList);
        if (!a2) {
            this.c.put(str, new OracleKSIdentityEntry(pKCS12KeyBag, new Vector(arrayList3), new Vector()));
        }
        pkcs122.setAuthSafes(arrayList);
        int length2 = pkcs122.length();
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + pkcs122.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length2);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream(length2);
        pkcs122.output(byteArrayOutputStream2);
        OraclePKIDebug.a("OracleKeyStoreSpi::internalAddPrivateKeyAndCertificateChain: Exit");
        return byteArrayOutputStream2.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, OraclePKIX509CertImpl oraclePKIX509CertImpl, String str, HashMap hashMap, boolean z) throws IOException, KeyStoreException {
        PKCS12Safe pKCS12Safe;
        PrivateKey privateKey;
        BigInteger bigInteger;
        PrivateKey privateKey2;
        BigInteger bigInteger2;
        ((ByteArrayInputStream) inputStream).mark(((ByteArrayInputStream) inputStream).available());
        byte[] a2 = a(inputStream, cArr, oraclePKIX509CertImpl, hashMap);
        ((ByteArrayInputStream) inputStream).reset();
        if (a2 == null && getP11Lib() != null) {
            a2 = a(inputStream, cArr, oraclePKIX509CertImpl);
        }
        ((ByteArrayInputStream) inputStream).reset();
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        if (pkcs12.getAuthSafesAsList().isEmpty()) {
            OraclePKIDebug.a("OracleKeyStoreSpi: creating new key store");
            pKCS12Safe = new PKCS12Safe(pkcs12);
            pKCS12Safe.setMode(3);
        } else {
            OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
            pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        }
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        int i2 = 0;
        for (int i3 = 0; i3 < bagsAsList.size(); i3++) {
            PKCS12Bag pKCS12Bag = (PKCS12Bag) bagsAsList.get(i3);
            if (a(pKCS12Bag) && OracleLocalKeyId.c(pKCS12Bag.getLocalKeyID())) {
                OraclePKIDebug.a("OracleKeyStoreSpi: found cert bag");
                i2++;
            }
        }
        PKCS12CertBag pKCS12CertBag = new PKCS12CertBag(pKCS12Safe, oraclePKIX509CertImpl.getX509());
        if (z) {
            OracleLocalKeyId.a(a2, TrustFlags.NZTF_USER_CERT.c());
        }
        pKCS12CertBag.setLocalKeyID(a2);
        String algorithm = oraclePKIX509CertImpl.getPublicKey().getAlgorithm();
        RSA rsa = null;
        BigInteger bigInteger3 = null;
        byte[] bArr = null;
        BigInteger bigInteger4 = BigInteger.TEN;
        KeyPair keyPair = null;
        byte[] bArr2 = null;
        if (algorithm.equals(PKIConstants.RSA)) {
            if (TransitionMode.isJCEUseEnabled()) {
                try {
                    javax.crypto.Cipher cipherInstance = JCEUtil.getCipherInstance("RSA/ECB/PKCS1Padding");
                    cipherInstance.init(1, oraclePKIX509CertImpl.getPublicKey());
                    bArr = cipherInstance.doFinal(bigInteger4.toByteArray());
                } catch (GeneralSecurityException e) {
                    if (OraclePKIDebug.getDebugFlag()) {
                        e.printStackTrace();
                    }
                }
            } else {
                rsa = new RSA();
                rsa.setKey(new RSAPublicKey(oraclePKIX509CertImpl.getPublicKey().getEncoded()));
                bigInteger3 = rsa.performOp(bigInteger4);
            }
        } else if (algorithm.equals(PKIConstants.EC)) {
            try {
                KeyPairGenerator keyPairGeneratorInstance = JCEUtil.getKeyPairGeneratorInstance(PKIConstants.EC);
                keyPairGeneratorInstance.initialize(((ECPublicKey) oraclePKIX509CertImpl.getPublicKey()).getParams());
                keyPair = keyPairGeneratorInstance.generateKeyPair();
                KeyAgreement keyAgreementInstance = JCEUtil.getKeyAgreementInstance(PKIConstants.ECDH_KEY_AGREEMENT);
                keyAgreementInstance.init(keyPair.getPrivate());
                keyAgreementInstance.doPhase((ECPublicKey) oraclePKIX509CertImpl.getPublicKey(), true);
                bArr2 = keyAgreementInstance.generateSecret();
            } catch (GeneralSecurityException e2) {
                e2.printStackTrace();
            }
        }
        if (str == null) {
            int i4 = 0;
            while (true) {
                if (i4 >= bagsAsList.size()) {
                    break;
                }
                PKCS12KeyBag pKCS12KeyBag = (PKCS12Bag) bagsAsList.get(i4);
                if (pKCS12KeyBag instanceof PKCS12KeyBag) {
                    privateKey = pKCS12KeyBag.getPrivateKey();
                } else if (pKCS12KeyBag instanceof PKCS12ShroudedKeyBag) {
                    privateKey = ((PKCS12ShroudedKeyBag) pKCS12KeyBag).getPrivateKey();
                } else {
                    continue;
                    i4++;
                }
                String algorithm2 = privateKey.getAlgorithm();
                if (!algorithm2.equals(algorithm)) {
                    continue;
                } else if (algorithm2.equals(PKIConstants.RSA)) {
                    if (TransitionMode.isJCEUseEnabled()) {
                        try {
                            javax.crypto.Cipher cipherInstance2 = JCEUtil.getCipherInstance("RSA/ECB/PKCS1Padding");
                            cipherInstance2.init(2, (Key) privateKey);
                            bigInteger = new BigInteger(cipherInstance2.doFinal(bArr));
                        } catch (GeneralSecurityException e3) {
                            if (OraclePKIDebug.getDebugFlag()) {
                                e3.printStackTrace();
                            }
                            bigInteger = BigInteger.ZERO;
                        }
                    } else {
                        rsa.setKey((RSAPrivateKey) privateKey);
                        bigInteger = rsa.performOp(bigInteger3);
                    }
                    if (bigInteger.equals(bigInteger4)) {
                        str = pKCS12KeyBag.getFriendlyName();
                        break;
                    }
                } else if (algorithm2.equals(PKIConstants.EC)) {
                    try {
                        KeyAgreement keyAgreementInstance2 = JCEUtil.getKeyAgreementInstance(PKIConstants.ECDH_KEY_AGREEMENT);
                        keyAgreementInstance2.init((ECPrivateKey) privateKey);
                        keyAgreementInstance2.doPhase(keyPair.getPublic(), true);
                        if (Arrays.equals(bArr2, keyAgreementInstance2.generateSecret())) {
                            str = pKCS12KeyBag.getFriendlyName();
                            break;
                        }
                        continue;
                    } catch (GeneralSecurityException e4) {
                    }
                } else {
                    continue;
                }
                i4++;
            }
        } else {
            boolean z2 = false;
            int i5 = 0;
            while (true) {
                if (i5 >= bagsAsList.size()) {
                    break;
                }
                PKCS12KeyBag pKCS12KeyBag2 = (PKCS12Bag) bagsAsList.get(i5);
                if (pKCS12KeyBag2.getFriendlyName() != null && pKCS12KeyBag2.getFriendlyName().equals(str)) {
                    if (pKCS12KeyBag2 instanceof PKCS12KeyBag) {
                        privateKey2 = pKCS12KeyBag2.getPrivateKey();
                    } else if (pKCS12KeyBag2 instanceof PKCS12ShroudedKeyBag) {
                        privateKey2 = ((PKCS12ShroudedKeyBag) pKCS12KeyBag2).getPrivateKey();
                    } else {
                        continue;
                    }
                    String algorithm3 = privateKey2.getAlgorithm();
                    if (!algorithm3.equals(algorithm)) {
                        continue;
                    } else if (algorithm3.equals(PKIConstants.RSA)) {
                        if (TransitionMode.isJCEUseEnabled()) {
                            try {
                                javax.crypto.Cipher cipherInstance3 = JCEUtil.getCipherInstance("RSA/ECB/PKCS1Padding");
                                cipherInstance3.init(2, (Key) privateKey2);
                                bigInteger2 = new BigInteger(cipherInstance3.doFinal(bArr));
                            } catch (GeneralSecurityException e5) {
                                if (OraclePKIDebug.getDebugFlag()) {
                                    e5.printStackTrace();
                                }
                                bigInteger2 = BigInteger.ZERO;
                            }
                        } else {
                            rsa.setKey((RSAPrivateKey) privateKey2);
                            bigInteger2 = rsa.performOp(bigInteger3);
                        }
                        if (bigInteger2.equals(bigInteger4)) {
                            z2 = true;
                            break;
                        }
                    } else if (algorithm3.equals(PKIConstants.EC)) {
                        try {
                            KeyAgreement keyAgreementInstance3 = JCEUtil.getKeyAgreementInstance(PKIConstants.ECDH_KEY_AGREEMENT);
                            keyAgreementInstance3.init((ECPrivateKey) privateKey2);
                            keyAgreementInstance3.doPhase(keyPair.getPublic(), true);
                            if (Arrays.equals(bArr2, keyAgreementInstance3.generateSecret())) {
                                z2 = true;
                                break;
                            }
                        } catch (GeneralSecurityException e6) {
                        }
                    } else {
                        continue;
                    }
                }
                i5++;
            }
            if (!z2) {
                throw new IOException(a.getString(OraclePKIMsgID.X) + str);
            }
        }
        if (str != null) {
            pKCS12CertBag.setFriendlyName(str.toLowerCase());
        }
        bagsAsList.add(pKCS12CertBag);
        OraclePKIDebug.a("OracleWallet: added key bag " + i2);
        pKCS12Safe.setBags(bagsAsList);
        if (bagsAsList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, OraclePKIX509CertImpl oraclePKIX509CertImpl, String str, String str2, HashMap hashMap) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        OraclePKIX509CertImpl oraclePKIX509CertImpl2 = null;
        boolean z = false;
        Enumeration engineAliases = engineAliases();
        while (true) {
            if (!engineAliases.hasMoreElements()) {
                break;
            }
            String str3 = (String) engineAliases.nextElement();
            if (engineIsCertificateEntry(str3)) {
                oraclePKIX509CertImpl2 = (OraclePKIX509CertImpl) engineGetCertificate(str3);
                if (oraclePKIX509CertImpl2 != null && str.equals(str3)) {
                    z = true;
                    break;
                }
            }
        }
        if (!z) {
            OraclePKIDebug.a("internalReplaceTrustedCert: No trusted cert in wallet with matching DN.");
            throw new IOException("No trusted cert in wallet with matching DN.");
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
        PKCS12Safe pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        ArrayList arrayList = new ArrayList(bagsAsList.size());
        Vector vector = new Vector();
        Vector vector2 = new Vector(bagsAsList.size());
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        int i2 = 0;
        for (int i3 = 0; i3 < bagsAsList.size(); i3++) {
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i3);
            if (a((PKCS12Bag) pKCS12CertBag) && OracleLocalKeyId.d(pKCS12CertBag.getLocalKeyID())) {
                X509 cert = pKCS12CertBag.getCert();
                X509 x509 = new X509(oraclePKIX509CertImpl2.getEncoded());
                if (cert.equals(oraclePKIX509CertImpl.getX509()) && (x509 == null || !x509.equals(oraclePKIX509CertImpl.getX509()))) {
                    OraclePKIDebug.a("Certificate is already present in wallet.");
                    throw new IOException(a.getString(OraclePKIMsgID.R) + " " + oraclePKIX509CertImpl.getSubjectDN().toString());
                }
                if (x509 != null && x509.equals(cert)) {
                    PKCS12CertBag pKCS12CertBag2 = new PKCS12CertBag(pKCS12Safe, oraclePKIX509CertImpl.getX509());
                    pKCS12CertBag2.setLocalKeyID(OracleLocalKeyId.b(0, i2));
                    if (str2 == null) {
                        str2 = OracleLocalKeyId.a(pKCS12CertBag.getLocalKeyID());
                    }
                    if (str2 != null) {
                        byte[] localKeyID = pKCS12CertBag2.getLocalKeyID();
                        OracleLocalKeyId.a(localKeyID, str2);
                        pKCS12CertBag2.setLocalKeyID(localKeyID);
                    }
                    pKCS12CertBag2.setFriendlyName(str.toLowerCase());
                    arrayList.add(pKCS12CertBag2);
                    vector2.addElement(pKCS12CertBag2);
                    OraclePKIDebug.a("OracleWallet: added cert bag " + i2);
                } else {
                    if (pKCS12CertBag.getFriendlyName() != null && pKCS12CertBag.getFriendlyName().equalsIgnoreCase(str)) {
                        throw new IOException(a.getString(OraclePKIMsgID.W) + str);
                    }
                    PKCS12CertBag pKCS12CertBag3 = new PKCS12CertBag(pKCS12Safe, cert);
                    pKCS12CertBag3.setLocalKeyID(OracleLocalKeyId.b(0, i2));
                    String a2 = OracleLocalKeyId.a(pKCS12CertBag.getLocalKeyID());
                    if (a2 != null && !"".equals(a2)) {
                        byte[] localKeyID2 = pKCS12CertBag3.getLocalKeyID();
                        OracleLocalKeyId.a(localKeyID2, a2);
                        pKCS12CertBag3.setLocalKeyID(localKeyID2);
                    }
                    String friendlyName = pKCS12CertBag.getFriendlyName();
                    if (friendlyName != null) {
                        pKCS12CertBag3.setFriendlyName(friendlyName);
                    }
                    arrayList.add(pKCS12CertBag3);
                    vector2.addElement(pKCS12CertBag3);
                    OraclePKIDebug.a("OracleWallet: added cert bag " + i2);
                    i2++;
                }
            } else {
                arrayList.add(pKCS12CertBag);
                if (a((PKCS12Bag) pKCS12CertBag)) {
                    vector2.addElement(pKCS12CertBag);
                    if (OracleLocalKeyId.d(pKCS12CertBag.getLocalKeyID())) {
                        vector.addElement(pKCS12CertBag);
                    }
                }
            }
        }
        pKCS12Safe.setBags(arrayList);
        if (arrayList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, OraclePKIX509CertImpl oraclePKIX509CertImpl, String str, String str2, String str3, HashMap hashMap) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        OraclePKIX509CertImpl oraclePKIX509CertImpl2;
        OraclePKIX509CertImpl oraclePKIX509CertImpl3 = null;
        boolean z = false;
        X500Name x500Name = new X500Name(oraclePKIX509CertImpl.getSubjectDN().toString());
        X500Name x500Name2 = str != null ? new X500Name(str) : null;
        BigInteger calculateSerialNumber = OraclePKIGenFunc.calculateSerialNumber(str2);
        Enumeration engineAliases = engineAliases();
        while (engineAliases.hasMoreElements()) {
            String str4 = (String) engineAliases.nextElement();
            if (engineIsCertificateEntry(str4) && (oraclePKIX509CertImpl2 = (OraclePKIX509CertImpl) engineGetCertificate(str4)) != null) {
                String principal = oraclePKIX509CertImpl2.getSubjectDN().toString();
                String principal2 = oraclePKIX509CertImpl2.getIssuerDN().toString();
                BigInteger serialNumber = oraclePKIX509CertImpl2.getSerialNumber();
                boolean z2 = false;
                boolean z3 = false;
                if (x500Name.equals(new X500Name(principal))) {
                    if (str == null || (x500Name2 != null && x500Name2.equals(new X500Name(principal2)))) {
                        z2 = true;
                    }
                    if (calculateSerialNumber == null || (calculateSerialNumber != null && calculateSerialNumber.equals(serialNumber))) {
                        z3 = true;
                    }
                    boolean z4 = IsPubKeyMatching(oraclePKIX509CertImpl, oraclePKIX509CertImpl2);
                    if (z2 && z3 && z4) {
                        if (z) {
                            OraclePKIDebug.a("Multiple certs with matching params exist.");
                            throw new IOException(a.getString(OraclePKIMsgID.an) + " " + oraclePKIX509CertImpl2.getSubjectDN().toString());
                        }
                        z = true;
                        oraclePKIX509CertImpl3 = oraclePKIX509CertImpl2;
                    }
                } else {
                    continue;
                }
            }
        }
        if (!z) {
            OraclePKIDebug.a("internalReplaceTrustedCert: No trusted cert in wallet with matching inputs.");
            throw new IOException(a.getString(OraclePKIMsgID.V));
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
        PKCS12Safe pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        ArrayList arrayList = new ArrayList(bagsAsList.size());
        Vector vector = new Vector();
        Vector vector2 = new Vector(bagsAsList.size());
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        int i2 = 0;
        for (int i3 = 0; i3 < bagsAsList.size(); i3++) {
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i3);
            if (a((PKCS12Bag) pKCS12CertBag) && OracleLocalKeyId.d(pKCS12CertBag.getLocalKeyID())) {
                X509 cert = pKCS12CertBag.getCert();
                X509 x509 = new X509(oraclePKIX509CertImpl3.getEncoded());
                if (cert.equals(oraclePKIX509CertImpl.getX509()) && (x509 == null || !x509.equals(oraclePKIX509CertImpl.getX509()))) {
                    OraclePKIDebug.a("Certificate is already present in wallet.");
                    throw new IOException(a.getString(OraclePKIMsgID.R) + " " + oraclePKIX509CertImpl.getSubjectDN().toString());
                }
                if (x509 == null || !x509.equals(cert)) {
                    PKCS12CertBag pKCS12CertBag2 = new PKCS12CertBag(pKCS12Safe, cert);
                    pKCS12CertBag2.setLocalKeyID(OracleLocalKeyId.b(0, i2));
                    String a2 = OracleLocalKeyId.a(pKCS12CertBag.getLocalKeyID());
                    if (a2 != null && !"".equals(a2)) {
                        byte[] localKeyID = pKCS12CertBag2.getLocalKeyID();
                        OracleLocalKeyId.a(localKeyID, a2);
                        pKCS12CertBag2.setLocalKeyID(localKeyID);
                    }
                    String friendlyName = pKCS12CertBag.getFriendlyName();
                    if (friendlyName != null) {
                        pKCS12CertBag2.setFriendlyName(friendlyName);
                    }
                    arrayList.add(pKCS12CertBag2);
                    vector2.addElement(pKCS12CertBag2);
                    OraclePKIDebug.a("OracleWallet: added cert bag " + i2);
                    i2++;
                } else {
                    PKCS12CertBag pKCS12CertBag3 = new PKCS12CertBag(pKCS12Safe, oraclePKIX509CertImpl.getX509());
                    pKCS12CertBag3.setLocalKeyID(OracleLocalKeyId.b(0, i2));
                    if (str3 == null) {
                        str3 = OracleLocalKeyId.a(pKCS12CertBag.getLocalKeyID());
                    }
                    if (str3 != null) {
                        byte[] localKeyID2 = pKCS12CertBag3.getLocalKeyID();
                        OracleLocalKeyId.a(localKeyID2, str3);
                        pKCS12CertBag3.setLocalKeyID(localKeyID2);
                    }
                    arrayList.add(pKCS12CertBag3);
                    vector2.addElement(pKCS12CertBag3);
                    OraclePKIDebug.a("OracleWallet: added cert bag " + i2);
                }
            } else {
                arrayList.add(pKCS12CertBag);
                if (a((PKCS12Bag) pKCS12CertBag)) {
                    vector2.addElement(pKCS12CertBag);
                    if (OracleLocalKeyId.c(pKCS12CertBag.getLocalKeyID())) {
                        vector.addElement(pKCS12CertBag);
                    }
                }
            }
        }
        pKCS12Safe.setBags(arrayList);
        if (arrayList.size() > 0 && pkcs12.getAuthSafesAsList().isEmpty()) {
            pkcs12.addAuthSafe(pKCS12Safe);
        }
        int length = pkcs12.length();
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet has " + pkcs12.getAuthSafesAsList().size() + " safes");
        OraclePKIDebug.a("OracleKeyStoreSpi: wallet size " + length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
        pkcs12.output(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    byte[] a(InputStream inputStream, char[] cArr, OraclePKIX509CertImpl oraclePKIX509CertImpl) throws IOException {
        int i2 = -1;
        try {
            if (NZNative.Pkcs11HasMatchingPvtKey(getP11Lib(), getP11TokenLabel(), getP11TokenPassphrase(), oraclePKIX509CertImpl.getEncoded()) != 0) {
                OraclePKIDebug.a("OracleKeyStoreSpi: No matching private key for cert in HSM");
                throw new IOException(a.getString(OraclePKIMsgID.U));
            }
            Iterator it = this.c.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Map.Entry entry = (Map.Entry) it.next();
                if (((OracleKSEntry) entry.getValue()) instanceof OracleKSIdentityEntry) {
                    OraclePKIRSAPrivateKey oraclePKIRSAPrivateKey = (OraclePKIRSAPrivateKey) ((OracleKSIdentityEntry) entry.getValue()).a();
                    CertificateRequest certificateRequest = oraclePKIRSAPrivateKey.getCertificateRequest();
                    OraclePKIRSAPublicKey oraclePKIRSAPublicKey = (OraclePKIRSAPublicKey) oraclePKIX509CertImpl.getPublicKey();
                    if (!oraclePKIRSAPrivateKey.isPvtKeyPresent() && certificateRequest != null && a(oraclePKIRSAPublicKey, certificateRequest)) {
                        i2 = ((OracleKSIdentityEntry) entry.getValue()).i();
                        if (((OracleKSIdentityEntry) entry.getValue()).b() != null) {
                            throw new IOException(a.getString(OraclePKIMsgID.S));
                        }
                    }
                }
            }
            if (i2 != -1) {
                return OracleLocalKeyId.e(0, i2);
            }
            OraclePKIDebug.a("OracleKeyStoreSpi: Could not generate localkeyID");
            throw new IOException("OracleKeyStoreSpi: Could not generate localkeyID");
        } catch (CertificateEncodingException e) {
            IOException iOException = new IOException();
            iOException.initCause(e);
            throw iOException;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:33:0x016e  */
    /* JADX WARN: Removed duplicated region for block: B:37:0x0186  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    byte[] a(java.io.InputStream r6, char[] r7, oracle.security.pki.OraclePKIX509CertImpl r8, java.util.HashMap r9) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 421
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: oracle.security.pki.OracleKeyStoreSpi.a(java.io.InputStream, char[], oracle.security.pki.OraclePKIX509CertImpl, java.util.HashMap):byte[]");
    }

    boolean a(OraclePKIRSAPublicKey oraclePKIRSAPublicKey, CertificateRequest certificateRequest) {
        boolean z = false;
        BigInteger publicExponent = oraclePKIRSAPublicKey.getPublicExponent();
        BigInteger modulus = oraclePKIRSAPublicKey.getModulus();
        BigInteger exponent = certificateRequest.getPublicKey().getExponent();
        BigInteger modulus2 = certificateRequest.getPublicKey().getModulus();
        if (publicExponent.equals(exponent) && modulus.equals(modulus2)) {
            z = true;
        }
        return z;
    }

    boolean a(OraclePKIRSAPublicKey oraclePKIRSAPublicKey, OraclePKIRSAPrivateKey oraclePKIRSAPrivateKey) {
        boolean z = false;
        BigInteger publicExponent = oraclePKIRSAPrivateKey.getPublicExponent();
        BigInteger modulus = oraclePKIRSAPrivateKey.getModulus();
        if (publicExponent.equals(oraclePKIRSAPublicKey.getPublicExponent()) && modulus.equals(oraclePKIRSAPublicKey.getModulus())) {
            z = true;
        }
        return z;
    }

    boolean a(OraclePKIECPublicKey oraclePKIECPublicKey, OraclePKIECPrivateKey oraclePKIECPrivateKey) {
        try {
            byte[] bytes = "abcxyz".getBytes();
            Signature signatureInstance = JCEUtil.getSignatureInstance(PKIConstants.SHA256_WITH_ECDSA_SIGNATURE);
            signatureInstance.initSign(oraclePKIECPrivateKey);
            signatureInstance.update(bytes, 0, bytes.length);
            byte[] sign = signatureInstance.sign();
            Signature signatureInstance2 = JCEUtil.getSignatureInstance(PKIConstants.SHA256_WITH_ECDSA_SIGNATURE);
            signatureInstance2.initVerify(oraclePKIECPublicKey);
            signatureInstance2.update(bytes, 0, bytes.length);
            return signatureInstance2.verify(sign);
        } catch (GeneralSecurityException e) {
            return false;
        }
    }

    boolean a(OraclePKIX509CertImpl oraclePKIX509CertImpl, HashMap hashMap) throws IOException {
        Certificate[] c;
        String str;
        boolean z = false;
        boolean z2 = false;
        if (hashMap != null && hashMap.size() > 0) {
            z2 = true;
        }
        Iterator it = this.c.entrySet().iterator();
        while (it.hasNext() && !z) {
            Map.Entry entry = (Map.Entry) it.next();
            if ((((OracleKSEntry) entry.getValue()) instanceof OracleKSIdentityEntry) && (c = ((OracleKSIdentityEntry) entry.getValue()).c()) != null) {
                int i2 = 0;
                while (true) {
                    if (i2 < c.length && (i2 <= 0 || !z2 || (str = (String) hashMap.get(CertType.TRUSTED.b() + ((X509Certificate) c[i2]).getSubjectDN().getName() + ((X509Certificate) c[i2]).getIssuerDN().getName() + ((X509Certificate) c[i2]).getSerialNumber().toString())) == null || str.indexOf(TrustFlags.NZTF_SERVER_AUTH.c()) == -1)) {
                        if (oraclePKIX509CertImpl.equals(c[i2])) {
                            z = true;
                            break;
                        }
                        i2++;
                    }
                }
            }
        }
        return z;
    }

    boolean a(OraclePKIX509CertImpl oraclePKIX509CertImpl) throws IOException {
        boolean z = false;
        Iterator it = this.c.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry entry = (Map.Entry) it.next();
            if ((((OracleKSEntry) entry.getValue()) instanceof OracleKSTrustedCertEntry) && ((OracleKSEntry) entry.getValue()).b().equals(oraclePKIX509CertImpl)) {
                z = true;
                break;
            }
        }
        return z;
    }

    private boolean a(byte[] bArr, byte[] bArr2) {
        if (((bArr == null) || (bArr2 == null)) || bArr.length != bArr2.length) {
            return false;
        }
        for (int i2 = 0; i2 < bArr.length; i2++) {
            if (bArr[i2] != bArr2[i2]) {
                return false;
            }
        }
        return true;
    }

    private static boolean a(PKCS12 pkcs12, int i2) throws IOException {
        PKCS12Safe pKCS12Safe;
        boolean z = false;
        if (pkcs12.getAuthSafesAsList().isEmpty()) {
            OraclePKIDebug.a("OracleKeyStoreSpi: creating new key store");
            pKCS12Safe = new PKCS12Safe(pkcs12);
            pKCS12Safe.setMode(3);
        } else {
            OraclePKIDebug.a("OracleKeyStoreSpi: using safe 0");
            pKCS12Safe = (PKCS12Safe) pkcs12.getAuthSafesAsList().get(0);
        }
        ArrayList bagsAsList = pKCS12Safe.getBagsAsList();
        OraclePKIDebug.a("OracleKeyStoreSpi: safe has " + bagsAsList.size() + " bags");
        int i3 = 0;
        while (true) {
            if (i3 >= bagsAsList.size()) {
                break;
            }
            PKCS12Bag pKCS12Bag = (PKCS12Bag) bagsAsList.get(i3);
            if (c(pKCS12Bag) && OracleLocalKeyId.l(pKCS12Bag.getLocalKeyID()) == i2) {
                z = true;
                break;
            }
            i3++;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(InputStream inputStream, char[] cArr, HashMap hashMap, boolean z) throws Exception {
        OraclePKIX509CertImpl oraclePKIX509CertImpl;
        String str = null;
        HashMap hashMap2 = new HashMap();
        Enumeration engineAliases = engineAliases();
        while (engineAliases.hasMoreElements()) {
            String str2 = (String) engineAliases.nextElement();
            if (null != str2 && !str2.isEmpty() && null != (oraclePKIX509CertImpl = (OraclePKIX509CertImpl) engineGetCertificate(str2))) {
                Principal subjectDN = oraclePKIX509CertImpl.getSubjectDN();
                String name = subjectDN != null ? subjectDN.getName() : null;
                if (z) {
                    str = TrustFlags.NZTF_NULL.c();
                } else if (null != str2) {
                    Principal issuerDN = oraclePKIX509CertImpl.getIssuerDN();
                    str = OracleTrustFlagHelper.evaluateTrustFlagForCert(name, issuerDN != null ? issuerDN.getName() : null, oraclePKIX509CertImpl.getBasicConstraints(), engineIsCertificateEntry(str2) ? CertType.TRUSTED.name() : CertType.USER.name());
                }
                hashMap2.put(name, str);
            }
        }
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.setPasswd(cArr);
        if (inputStream != null) {
            pkcs12.setAuthSafes(new PKCS12(new String(cArr), inputStream).getAuthSafesAsList());
        }
        ArrayList bagsAsList = ((PKCS12Safe) pkcs12.getAuthSafesAsList().get(0)).getBagsAsList();
        for (int i2 = 0; i2 < bagsAsList.size(); i2++) {
            PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bagsAsList.get(i2);
            if (a((PKCS12Bag) pKCS12CertBag)) {
                byte[] localKeyID = pKCS12CertBag.getLocalKeyID();
                OracleLocalKeyId.a(localKeyID, (String) hashMap2.get(pKCS12CertBag.getCert().getSubjectDN().getName()));
                pKCS12CertBag.setLocalKeyID(localKeyID);
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(pkcs12.length());
        pkcs12.output(byteArrayOutputStream);
        OraclePKIDebug.a("OracleKeyStoreSpi::assignTrustFlagsto Cert: Exit");
        return byteArrayOutputStream.toByteArray();
    }
}
