package cn.topca.sp.jce.keystore;

import cn.topca.sp.security.pkcs.EncryptedPrivateKeyInfo;
import cn.topca.sp.security.pkcs.PKCS8Key;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;

/* loaded from: classes.dex */
final class KeyProtector {
    private static final String DIGEST_ALG = "SHA";
    private static final int DIGEST_LEN = 20;
    private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
    private static final int SALT_LEN = 20;
    private MessageDigest md;
    private byte[] passwordBytes;

    public KeyProtector(char[] cArr) {
        if (cArr == null) {
            throw new IllegalArgumentException("password can't be null");
        }
        this.md = MessageDigest.getInstance(DIGEST_ALG);
        this.passwordBytes = new byte[cArr.length * 2];
        int i = 0;
        int i2 = 0;
        while (i < cArr.length) {
            int i3 = i2 + 1;
            this.passwordBytes[i2] = (byte) (cArr[i] >> '\b');
            this.passwordBytes[i3] = (byte) cArr[i];
            i++;
            i2 = i3 + 1;
        }
    }

    protected void finalize() {
        if (this.passwordBytes != null) {
            Arrays.fill(this.passwordBytes, (byte) 0);
            this.passwordBytes = null;
        }
    }

    public byte[] protect(Key key) {
        if (key == null) {
            throw new IllegalArgumentException("plaintext key can't be null");
        }
        if (!"PKCS#8".equalsIgnoreCase(key.getFormat())) {
            throw new KeyStoreException("Cannot get key bytes, not PKCS#8 encoded");
        }
        byte[] encoded = key.getEncoded();
        if (encoded == null) {
            throw new KeyStoreException("Cannot get key bytes, encoding not supported");
        }
        int length = encoded.length / 20;
        if (encoded.length % 20 != 0) {
            length++;
        }
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        byte[] bArr2 = new byte[encoded.length];
        byte[] bArr3 = bArr;
        int i = 0;
        int i2 = 0;
        while (i < length) {
            this.md.update(this.passwordBytes);
            this.md.update(bArr3);
            bArr3 = this.md.digest();
            this.md.reset();
            if (i < length - 1) {
                System.arraycopy(bArr3, 0, bArr2, i2, bArr3.length);
            } else {
                System.arraycopy(bArr3, 0, bArr2, i2, bArr2.length - i2);
            }
            i++;
            i2 += 20;
        }
        byte[] bArr4 = new byte[encoded.length];
        for (int i3 = 0; i3 < bArr4.length; i3++) {
            bArr4[i3] = (byte) (encoded[i3] ^ bArr2[i3]);
        }
        byte[] bArr5 = new byte[bArr.length + bArr4.length + 20];
        System.arraycopy(bArr, 0, bArr5, 0, bArr.length);
        int length2 = bArr.length + 0;
        System.arraycopy(bArr4, 0, bArr5, length2, bArr4.length);
        int length3 = length2 + bArr4.length;
        this.md.update(this.passwordBytes);
        Arrays.fill(this.passwordBytes, (byte) 0);
        this.passwordBytes = null;
        this.md.update(encoded);
        byte[] digest = this.md.digest();
        this.md.reset();
        System.arraycopy(digest, 0, bArr5, length3, digest.length);
        try {
            return new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(KEY_PROTECTOR_OID), bArr5).getEncoded();
        } catch (IOException e) {
            throw new KeyStoreException(e.getMessage());
        }
    }

    public Key recover(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) {
        if (!encryptedPrivateKeyInfo.getAlgorithm().getAlgorithm().getId().equals(KEY_PROTECTOR_OID)) {
            throw new UnrecoverableKeyException("Unsupported key protection algorithm");
        }
        byte[] encryptedData = encryptedPrivateKeyInfo.getEncryptedData();
        byte[] bArr = new byte[20];
        System.arraycopy(encryptedData, 0, bArr, 0, 20);
        int length = (encryptedData.length - 20) - 20;
        int i = length / 20;
        if (length % 20 != 0) {
            i++;
        }
        byte[] bArr2 = new byte[length];
        System.arraycopy(encryptedData, 20, bArr2, 0, length);
        byte[] bArr3 = new byte[bArr2.length];
        byte[] bArr4 = bArr;
        int i2 = 0;
        int i3 = 0;
        while (i2 < i) {
            this.md.update(this.passwordBytes);
            this.md.update(bArr4);
            bArr4 = this.md.digest();
            this.md.reset();
            if (i2 < i - 1) {
                System.arraycopy(bArr4, 0, bArr3, i3, bArr4.length);
            } else {
                System.arraycopy(bArr4, 0, bArr3, i3, bArr3.length - i3);
            }
            i2++;
            i3 += 20;
        }
        byte[] bArr5 = new byte[bArr2.length];
        for (int i4 = 0; i4 < bArr5.length; i4++) {
            bArr5[i4] = (byte) (bArr2[i4] ^ bArr3[i4]);
        }
        this.md.update(this.passwordBytes);
        Arrays.fill(this.passwordBytes, (byte) 0);
        this.passwordBytes = null;
        this.md.update(bArr5);
        byte[] digest = this.md.digest();
        this.md.reset();
        for (int i5 = 0; i5 < digest.length; i5++) {
            if (digest[i5] != encryptedData[length + 20 + i5]) {
                throw new UnrecoverableKeyException("Cannot recover key");
            }
        }
        try {
            return PKCS8Key.parseKey(new ASN1InputStream(bArr5));
        } catch (IOException e) {
            throw new UnrecoverableKeyException(e.getMessage());
        }
    }
}
