package sun.security.tools;

import com.itextpdf.text.Annotation;
import com.itextpdf.text.pdf.PdfWriter;
import com.itextpdf.text.pdf.security.SecurityConstants;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.net.URLClassLoader;
import java.security.Identity;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.Collator;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.Vector;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import sun.misc.BASE64Encoder;
import sun.security.pkcs.PKCS10;
import sun.security.provider.IdentityDatabase;
import sun.security.provider.SystemIdentity;
import sun.security.provider.SystemSigner;
import sun.security.provider.X509Factory;
import sun.security.util.DerOutputStream;
import sun.security.util.ObjectIdentifier;
import sun.security.util.Password;
import sun.security.util.PathList;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertAndKeyGen;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.Extension;
import sun.security.x509.X500Name;
import sun.security.x509.X500Signer;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: classes8.dex */
public final class KeyTool {
    private static final int CERTREQ = 1;
    private static final int CHANGEALIAS = 2;
    private static final int DELETE = 3;
    private static final int EXPORTCERT = 4;
    private static final int GENKEYPAIR = 5;
    private static final int GENSECKEY = 6;
    private static final int IDENTITYDB = 7;
    private static final int IMPORTCERT = 8;
    private static final int IMPORTKEYSTORE = 9;
    private static final String JKS = "jks";
    private static final int KEYCLONE = 10;
    private static final int KEYPASSWD = 11;
    private static final int LIST = 12;
    private static final String NONE = "NONE";
    private static final String P11KEYSTORE = "PKCS11";
    private static final String P12KEYSTORE = "PKCS12";
    private static final int PRINTCERT = 13;
    private static final int SELFCERT = 14;
    private static final int STOREPASSWD = 15;
    private static final Collator collator;
    private static final Class[] PARAM_STRING = {String.class};
    private static final ResourceBundle rb = ResourceBundle.getBundle("sun.security.util.Resources");
    private boolean debug = false;
    private int command = -1;
    private String sigAlgName = null;
    private String keyAlgName = null;
    private boolean verbose = false;
    private int keysize = -1;
    private boolean rfc = false;
    private long validity = 90;
    private String alias = null;
    private String dname = null;
    private String dest = null;
    private String filename = null;
    private String srcksfname = null;
    private Set<Pair<String, String>> providers = null;
    private String storetype = null;
    private String srcProviderName = null;
    private String providerName = null;
    private String pathlist = null;
    private char[] storePass = null;
    private char[] storePassNew = null;
    private char[] keyPass = null;
    private char[] keyPassNew = null;
    private char[] oldPass = null;
    private char[] newPass = null;
    private char[] destKeyPass = null;
    private char[] srckeyPass = null;
    private String ksfname = null;
    private File ksfile = null;
    private InputStream ksStream = null;
    private InputStream inStream = null;
    private KeyStore keyStore = null;
    private boolean token = false;
    private boolean nullStream = false;
    private boolean kssave = false;
    private boolean noprompt = false;
    private boolean trustcacerts = false;
    private boolean protectedPath = false;
    private boolean srcprotectedPath = false;
    private CertificateFactory cf = null;
    private KeyStore caks = null;
    private char[] srcstorePass = null;
    private String srcstoretype = null;
    private Set<char[]> passwords = new HashSet();
    private String startDate = null;
    private final String keyAlias = "mykey";

    static {
        Collator collator2 = Collator.getInstance();
        collator = collator2;
        collator2.setStrength(0);
    }

    private KeyTool() {
    }

    private boolean addTrustedCert(String str, InputStream inputStream) throws Exception {
        boolean z;
        String str2;
        KeyStore keyStore;
        if (str == null) {
            throw new Exception(rb.getString("Must specify alias"));
        }
        if (this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Certificate not imported, alias <alias> already exists")).format(new Object[]{str}));
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) this.cf.generateCertificate(inputStream);
            if (isSelfSigned(x509Certificate)) {
                x509Certificate.verify(x509Certificate.getPublicKey());
                z = true;
            } else {
                z = false;
            }
            if (this.noprompt) {
                this.keyStore.setCertificateEntry(str, x509Certificate);
                return true;
            }
            String certificateAlias = this.keyStore.getCertificateAlias(x509Certificate);
            if (certificateAlias != null) {
                ResourceBundle resourceBundle = rb;
                System.err.println(new MessageFormat(resourceBundle.getString("Certificate already exists in keystore under alias <trustalias>")).format(new Object[]{certificateAlias}));
                str2 = getYesNoReply(resourceBundle.getString("Do you still want to add it? [no]:  "));
            } else if (z) {
                if (!this.trustcacerts || (keyStore = this.caks) == null || (certificateAlias = keyStore.getCertificateAlias(x509Certificate)) == null) {
                    str2 = null;
                } else {
                    ResourceBundle resourceBundle2 = rb;
                    System.err.println(new MessageFormat(resourceBundle2.getString("Certificate already exists in system-wide CA keystore under alias <trustalias>")).format(new Object[]{certificateAlias}));
                    str2 = getYesNoReply(resourceBundle2.getString("Do you still want to add it to your own keystore? [no]:  "));
                }
                if (certificateAlias == null) {
                    printX509Cert(x509Certificate, System.out);
                    str2 = getYesNoReply(rb.getString("Trust this certificate? [no]:  "));
                }
            } else {
                str2 = null;
            }
            if (str2 != null) {
                if (!"YES".equals(str2)) {
                    return false;
                }
                this.keyStore.setCertificateEntry(str, x509Certificate);
                return true;
            }
            try {
                if (establishCertChain(null, x509Certificate) == null) {
                    return false;
                }
                this.keyStore.setCertificateEntry(str, x509Certificate);
                return true;
            } catch (Exception unused) {
                printX509Cert(x509Certificate, System.out);
                if (!"YES".equals(getYesNoReply(rb.getString("Trust this certificate? [no]:  ")))) {
                    return false;
                }
                this.keyStore.setCertificateEntry(str, x509Certificate);
                return true;
            }
        } catch (ClassCastException unused2) {
            throw new Exception(rb.getString("Input not an X.509 certificate"));
        } catch (CertificateException unused3) {
            throw new Exception(rb.getString("Input not an X.509 certificate"));
        }
    }

    private boolean buildChain(X509Certificate x509Certificate, Vector vector, Hashtable hashtable) {
        Principal subjectDN = x509Certificate.getSubjectDN();
        Principal issuerDN = x509Certificate.getIssuerDN();
        if (subjectDN.equals(issuerDN)) {
            vector.addElement(x509Certificate);
            return true;
        }
        Vector vector2 = (Vector) hashtable.get(issuerDN);
        if (vector2 == null) {
            return false;
        }
        Enumeration elements = vector2.elements();
        while (elements.hasMoreElements()) {
            X509Certificate x509Certificate2 = (X509Certificate) elements.nextElement();
            try {
                x509Certificate.verify(x509Certificate2.getPublicKey());
            } catch (Exception unused) {
            }
            if (buildChain(x509Certificate2, vector, hashtable)) {
                vector.addElement(x509Certificate);
                return true;
            }
        }
        return false;
    }

    private void byte2hex(byte b, StringBuffer stringBuffer) {
        char[] cArr = {'0', '1', PdfWriter.VERSION_1_2, PdfWriter.VERSION_1_3, PdfWriter.VERSION_1_4, PdfWriter.VERSION_1_5, PdfWriter.VERSION_1_6, PdfWriter.VERSION_1_7, '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        stringBuffer.append(cArr[(b & 240) >> 4]);
        stringBuffer.append(cArr[b & 15]);
    }

    private void doCertReq(String str, String str2, PrintStream printStream) throws Exception {
        if (str == null) {
            str = "mykey";
        }
        Object[] recoverKey = recoverKey(str, this.storePass, this.keyPass);
        PrivateKey privateKey = (PrivateKey) recoverKey[0];
        if (this.keyPass == null) {
            this.keyPass = (char[]) recoverKey[1];
        }
        Certificate certificate = this.keyStore.getCertificate(str);
        if (certificate == null) {
            throw new Exception(new MessageFormat(rb.getString("alias has no public key (certificate)")).format(new Object[]{str}));
        }
        PKCS10 pkcs10 = new PKCS10(certificate.getPublicKey());
        if (str2 == null) {
            String algorithm = privateKey.getAlgorithm();
            if (SecurityConstants.DSA.equalsIgnoreCase(algorithm) || "DSS".equalsIgnoreCase(algorithm)) {
                str2 = "SHA1WithDSA";
            } else {
                if (!SecurityConstants.RSA.equalsIgnoreCase(algorithm)) {
                    throw new Exception(rb.getString("Cannot derive signature algorithm"));
                }
                str2 = "SHA1WithRSA";
            }
        }
        Signature signature = Signature.getInstance(str2);
        signature.initSign(privateKey);
        pkcs10.encodeAndSign(new X500Signer(signature, new X500Name(((X509Certificate) certificate).getSubjectDN().toString())));
        pkcs10.print(printStream);
    }

    private void doChangeKeyPasswd(String str) throws Exception {
        if (str == null) {
            str = "mykey";
        }
        Object[] recoverKey = recoverKey(str, this.storePass, this.keyPass);
        Key key = (Key) recoverKey[0];
        if (this.keyPass == null) {
            this.keyPass = (char[]) recoverKey[1];
        }
        if (this.keyPassNew == null) {
            this.keyPassNew = getNewPasswd(new MessageFormat(rb.getString("key password for <alias>")).format(new Object[]{str}), this.keyPass);
        }
        KeyStore keyStore = this.keyStore;
        keyStore.setKeyEntry(str, key, this.keyPassNew, keyStore.getCertificateChain(str));
    }

    private void doCloneEntry(String str, String str2, boolean z) throws Exception {
        if (str == null) {
            str = "mykey";
        }
        if (this.keyStore.containsAlias(str2)) {
            throw new Exception(new MessageFormat(rb.getString("Destination alias <dest> already exists")).format(new Object[]{str2}));
        }
        Object[] recoverEntry = recoverEntry(this.keyStore, str, this.storePass, this.keyPass);
        KeyStore.Entry entry = (KeyStore.Entry) recoverEntry[0];
        char[] cArr = (char[]) recoverEntry[1];
        this.keyPass = cArr;
        KeyStore.PasswordProtection passwordProtection = null;
        if (cArr != null) {
            if (!z || P12KEYSTORE.equalsIgnoreCase(this.storetype)) {
                this.keyPassNew = this.keyPass;
            } else if (this.keyPassNew == null) {
                this.keyPassNew = promptForKeyPass(str2, str, this.keyPass);
            }
            passwordProtection = new KeyStore.PasswordProtection(this.keyPassNew);
        }
        this.keyStore.setEntry(str2, entry, passwordProtection);
    }

    private void doDeleteEntry(String str) throws Exception {
        if (!this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias <alias> does not exist")).format(new Object[]{str}));
        }
        this.keyStore.deleteEntry(str);
    }

    private void doExportCert(String str, PrintStream printStream) throws Exception {
        if (this.storePass == null && !KeyStoreUtil.isWindowsKeyStore(this.storetype)) {
            printWarning();
        }
        if (str == null) {
            str = "mykey";
        }
        if (!this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias <alias> does not exist")).format(new Object[]{str}));
        }
        X509Certificate x509Certificate = (X509Certificate) this.keyStore.getCertificate(str);
        if (x509Certificate == null) {
            throw new Exception(new MessageFormat(rb.getString("Alias <alias> has no certificate")).format(new Object[]{str}));
        }
        dumpCert(x509Certificate, printStream);
    }

    private void doGenKeyPair(String str, String str2, String str3, int i, String str4) throws Exception {
        if (i == -1) {
            i = "EC".equalsIgnoreCase(str3) ? 256 : 1024;
        }
        if (str == null) {
            str = "mykey";
        }
        if (this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Key pair not generated, alias <alias> already exists")).format(new Object[]{str}));
        }
        if (str4 == null) {
            if (SecurityConstants.DSA.equalsIgnoreCase(str3)) {
                str4 = "SHA1WithDSA";
            } else if (SecurityConstants.RSA.equalsIgnoreCase(str3)) {
                str4 = "SHA1WithRSA";
            } else {
                if (!"EC".equalsIgnoreCase(str3)) {
                    throw new Exception(rb.getString("Cannot derive signature algorithm"));
                }
                str4 = "SHA1withECDSA";
            }
        }
        CertAndKeyGen certAndKeyGen = new CertAndKeyGen(str3, str4, this.providerName);
        X500Name x500Name = str2 == null ? getX500Name() : new X500Name(str2);
        certAndKeyGen.generate(i);
        PrivateKey privateKey = certAndKeyGen.getPrivateKey();
        X509Certificate[] x509CertificateArr = {certAndKeyGen.getSelfCertificate(x500Name, getStartDate(this.startDate), this.validity * 24 * 60 * 60)};
        if (this.verbose) {
            System.err.println(new MessageFormat(rb.getString("Generating keysize bit keyAlgName key pair and self-signed certificate (sigAlgName) with a validity of validality days\n\tfor: x500Name")).format(new Object[]{new Integer(i), privateKey.getAlgorithm(), x509CertificateArr[0].getSigAlgName(), new Long(this.validity), x500Name}));
        }
        if (this.keyPass == null) {
            this.keyPass = promptForKeyPass(str, null, this.storePass);
        }
        this.keyStore.setKeyEntry(str, privateKey, this.keyPass, x509CertificateArr);
    }

    private void doGenSecretKey(String str, String str2, int i) throws Exception {
        if (str == null) {
            str = "mykey";
        }
        if (this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Secret key not generated, alias <alias> already exists")).format(new Object[]{str}));
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance(str2);
        if (i != -1) {
            keyGenerator.init(i);
        } else if ("DES".equalsIgnoreCase(str2)) {
            keyGenerator.init(56);
        } else {
            if (!"DESede".equalsIgnoreCase(str2)) {
                throw new Exception(rb.getString("Please provide -keysize for secret key generation"));
            }
            keyGenerator.init(168);
        }
        SecretKey generateKey = keyGenerator.generateKey();
        if (this.keyPass == null) {
            this.keyPass = promptForKeyPass(str, null, this.storePass);
        }
        this.keyStore.setKeyEntry(str, generateKey, this.keyPass, null);
    }

    private void doImportIdentityDatabase(InputStream inputStream) throws Exception {
        Enumeration identities = IdentityDatabase.fromStream(inputStream).identities();
        Certificate[] certificateArr = null;
        while (identities.hasMoreElements()) {
            Identity identity = (Identity) identities.nextElement();
            boolean z = identity instanceof SystemSigner;
            if ((z && ((SystemSigner) identity).isTrusted()) || ((identity instanceof SystemIdentity) && ((SystemIdentity) identity).isTrusted())) {
                if (this.keyStore.containsAlias(identity.getName())) {
                    System.err.println(new MessageFormat(rb.getString("Keystore entry for <id.getName()> already exists")).format(new Object[]{identity.getName()}));
                } else {
                    java.security.Certificate[] certificates = identity.certificates();
                    if (certificates != null && certificates.length > 0) {
                        DerOutputStream derOutputStream = new DerOutputStream();
                        certificates[0].encode(derOutputStream);
                        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(derOutputStream.toByteArray());
                        X509Certificate x509Certificate = (X509Certificate) this.cf.generateCertificate(byteArrayInputStream);
                        byteArrayInputStream.close();
                        if (isSelfSigned(x509Certificate)) {
                            try {
                                x509Certificate.verify(x509Certificate.getPublicKey());
                            } catch (Exception unused) {
                            }
                        }
                        if (z) {
                            System.err.println(new MessageFormat(rb.getString("Creating keystore entry for <id.getName()> ...")).format(new Object[]{identity.getName()}));
                            if (certificateArr == null) {
                                certificateArr = new Certificate[1];
                            }
                            certificateArr[0] = x509Certificate;
                            this.keyStore.setKeyEntry(identity.getName(), ((SystemSigner) identity).getPrivateKey(), this.storePass, certificateArr);
                        } else {
                            this.keyStore.setCertificateEntry(identity.getName(), x509Certificate);
                        }
                        this.kssave = true;
                    }
                }
            }
        }
        if (this.kssave) {
            return;
        }
        System.err.println(rb.getString("No entries from identity database added"));
    }

    private void doImportKeyStore() throws Exception {
        if (this.alias != null) {
            doImportKeyStoreSingle(loadSourceKeyStore(), this.alias);
        } else {
            if (this.dest != null || this.srckeyPass != null || this.destKeyPass != null) {
                throw new Exception(rb.getString("if alias not specified, destalias, srckeypass, and destkeypass must not be specified"));
            }
            doImportKeyStoreAll(loadSourceKeyStore());
        }
    }

    private void doImportKeyStoreAll(KeyStore keyStore) throws Exception {
        int size = keyStore.size();
        Enumeration<String> aliases = keyStore.aliases();
        int i = 0;
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            int doImportKeyStoreSingle = doImportKeyStoreSingle(keyStore, nextElement);
            if (doImportKeyStoreSingle != 1) {
                if (doImportKeyStoreSingle == 2 && !this.noprompt && "YES".equals(getYesNoReply("Do you want to quit the import process? [no]:  "))) {
                    break;
                }
            } else {
                i++;
                System.err.println(new MessageFormat(rb.getString("Entry for alias <alias> successfully imported.")).format(new Object[]{nextElement}));
            }
        }
        System.err.println(new MessageFormat(rb.getString("Import command completed:  <ok> entries successfully imported, <fail> entries failed or cancelled")).format(new Object[]{Integer.valueOf(i), Integer.valueOf(size - i)}));
    }

    private int doImportKeyStoreSingle(KeyStore keyStore, String str) throws Exception {
        String str2 = this.dest;
        if (str2 == null) {
            str2 = str;
        }
        if (this.keyStore.containsAlias(str2)) {
            Object[] objArr = {str};
            if (this.noprompt) {
                System.err.println(new MessageFormat(rb.getString("Warning: Overwriting existing alias <alias> in destination keystore")).format(objArr));
            } else {
                ResourceBundle resourceBundle = rb;
                if ("NO".equals(getYesNoReply(new MessageFormat(resourceBundle.getString("Existing entry alias <alias> exists, overwrite? [no]:  ")).format(objArr)))) {
                    str2 = inputStringFromStdin(resourceBundle.getString("Enter new alias name\t(RETURN to cancel import for this entry):  "));
                    if ("".equals(str2)) {
                        System.err.println(new MessageFormat(resourceBundle.getString("Entry for alias <alias> not imported.")).format(objArr));
                        return 0;
                    }
                }
            }
        }
        Object[] recoverEntry = recoverEntry(keyStore, str, this.srcstorePass, this.srckeyPass);
        KeyStore.Entry entry = (KeyStore.Entry) recoverEntry[0];
        KeyStore.PasswordProtection passwordProtection = null;
        if (this.destKeyPass != null) {
            passwordProtection = new KeyStore.PasswordProtection(this.destKeyPass);
        } else if (recoverEntry[1] != null) {
            passwordProtection = new KeyStore.PasswordProtection((char[]) recoverEntry[1]);
        }
        try {
            this.keyStore.setEntry(str2, entry, passwordProtection);
            return 1;
        } catch (KeyStoreException e) {
            System.err.println(new MessageFormat(rb.getString("Problem importing entry for alias <alias>: <exception>.\nEntry for alias <alias> not imported.")).format(new Object[]{str, e.toString()}));
            return 2;
        }
    }

    private void doPrintCert(InputStream inputStream, PrintStream printStream) throws Exception {
        try {
            Collection<? extends Certificate> generateCertificates = this.cf.generateCertificates(inputStream);
            if (generateCertificates.isEmpty()) {
                throw new Exception(rb.getString("Empty input"));
            }
            Certificate[] certificateArr = (Certificate[]) generateCertificates.toArray(new Certificate[generateCertificates.size()]);
            for (int i = 0; i < certificateArr.length; i++) {
                try {
                    X509Certificate x509Certificate = (X509Certificate) certificateArr[i];
                    if (certificateArr.length > 1) {
                        printStream.println(new MessageFormat(rb.getString("Certificate[(i + 1)]:")).format(new Object[]{new Integer(i + 1)}));
                    }
                    printX509Cert(x509Certificate, printStream);
                    if (i < certificateArr.length - 1) {
                        printStream.println();
                    }
                } catch (ClassCastException unused) {
                    throw new Exception(rb.getString("Not X.509 certificate"));
                }
            }
        } catch (CertificateException e) {
            throw new Exception(rb.getString("Failed to parse input"), e);
        }
    }

    private void doPrintEntries(PrintStream printStream) throws Exception {
        if (this.storePass != null || KeyStoreUtil.isWindowsKeyStore(this.storetype)) {
            printStream.println();
        } else {
            printWarning();
        }
        StringBuilder sb = new StringBuilder();
        ResourceBundle resourceBundle = rb;
        sb.append(resourceBundle.getString("Keystore type: "));
        sb.append(this.keyStore.getType());
        printStream.println(sb.toString());
        printStream.println(resourceBundle.getString("Keystore provider: ") + this.keyStore.getProvider().getName());
        printStream.println();
        printStream.println((this.keyStore.size() == 1 ? new MessageFormat(resourceBundle.getString("Your keystore contains keyStore.size() entry")) : new MessageFormat(resourceBundle.getString("Your keystore contains keyStore.size() entries"))).format(new Object[]{new Integer(this.keyStore.size())}));
        printStream.println();
        Enumeration<String> aliases = this.keyStore.aliases();
        while (aliases.hasMoreElements()) {
            doPrintEntry(aliases.nextElement(), printStream, false);
            if (this.verbose || this.rfc) {
                ResourceBundle resourceBundle2 = rb;
                printStream.println(resourceBundle2.getString("\n"));
                printStream.println(resourceBundle2.getString("*******************************************"));
                printStream.println(resourceBundle2.getString("*******************************************\n\n"));
            }
        }
    }

    private void doPrintEntry(String str, PrintStream printStream, boolean z) throws Exception {
        if (this.storePass == null && z && !KeyStoreUtil.isWindowsKeyStore(this.storetype)) {
            printWarning();
        }
        if (!this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias <alias> does not exist")).format(new Object[]{str}));
        }
        if (this.verbose || this.rfc || this.debug) {
            ResourceBundle resourceBundle = rb;
            printStream.println(new MessageFormat(resourceBundle.getString("Alias name: alias")).format(new Object[]{str}));
            if (!this.token) {
                printStream.println(new MessageFormat(resourceBundle.getString("Creation date: keyStore.getCreationDate(alias)")).format(new Object[]{this.keyStore.getCreationDate(str)}));
            }
        } else if (this.token) {
            printStream.print(new MessageFormat(rb.getString("alias, ")).format(new Object[]{str}));
        } else {
            printStream.print(new MessageFormat(rb.getString("alias, keyStore.getCreationDate(alias), ")).format(new Object[]{str, this.keyStore.getCreationDate(str)}));
        }
        if (this.keyStore.entryInstanceOf(str, KeyStore.SecretKeyEntry.class)) {
            if (this.verbose || this.rfc || this.debug) {
                printStream.println(new MessageFormat(rb.getString("Entry type: <type>")).format(new Object[]{"SecretKeyEntry"}));
                return;
            } else {
                printStream.println("SecretKeyEntry, ");
                return;
            }
        }
        if (!this.keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class)) {
            if (!this.keyStore.entryInstanceOf(str, KeyStore.TrustedCertificateEntry.class)) {
                printStream.println(rb.getString("Unknown Entry Type"));
                return;
            }
            Certificate certificate = this.keyStore.getCertificate(str);
            if (this.verbose && (certificate instanceof X509Certificate)) {
                printStream.println(rb.getString("Entry type: trustedCertEntry\n"));
                printX509Cert((X509Certificate) certificate, printStream);
                return;
            }
            if (this.rfc) {
                printStream.println(rb.getString("Entry type: trustedCertEntry\n"));
                dumpCert(certificate, printStream);
                return;
            } else {
                if (this.debug) {
                    printStream.println(certificate.toString());
                    return;
                }
                ResourceBundle resourceBundle2 = rb;
                printStream.println(resourceBundle2.getString("trustedCertEntry,"));
                printStream.println(resourceBundle2.getString("Certificate fingerprint (MD5): ") + getCertFingerPrint(MessageDigestAlgorithms.MD5, certificate));
                return;
            }
        }
        if (this.verbose || this.rfc || this.debug) {
            printStream.println(new MessageFormat(rb.getString("Entry type: <type>")).format(new Object[]{"PrivateKeyEntry"}));
        } else {
            printStream.println("PrivateKeyEntry, ");
        }
        Certificate[] certificateChain = this.keyStore.getCertificateChain(str);
        if (certificateChain != null) {
            if (!this.verbose && !this.rfc && !this.debug) {
                printStream.println(rb.getString("Certificate fingerprint (MD5): ") + getCertFingerPrint(MessageDigestAlgorithms.MD5, certificateChain[0]));
                return;
            }
            printStream.println(rb.getString("Certificate chain length: ") + certificateChain.length);
            int i = 0;
            while (i < certificateChain.length) {
                int i2 = i + 1;
                printStream.println(new MessageFormat(rb.getString("Certificate[(i + 1)]:")).format(new Object[]{new Integer(i2)}));
                if (this.verbose && (certificateChain[i] instanceof X509Certificate)) {
                    printX509Cert((X509Certificate) certificateChain[i], printStream);
                } else if (this.debug) {
                    printStream.println(certificateChain[i].toString());
                } else {
                    dumpCert(certificateChain[i], printStream);
                }
                i = i2;
            }
        }
    }

    private void doSelfCert(String str, String str2, String str3) throws Exception {
        String str4;
        X500Name x500Name;
        String str5 = str == null ? "mykey" : str;
        Object[] recoverKey = recoverKey(str5, this.storePass, this.keyPass);
        PrivateKey privateKey = (PrivateKey) recoverKey[0];
        if (this.keyPass == null) {
            this.keyPass = (char[]) recoverKey[1];
        }
        if (str3 == null) {
            String algorithm = privateKey.getAlgorithm();
            if (SecurityConstants.DSA.equalsIgnoreCase(algorithm) || "DSS".equalsIgnoreCase(algorithm)) {
                str4 = "SHA1WithDSA";
            } else if (SecurityConstants.RSA.equalsIgnoreCase(algorithm)) {
                str4 = "SHA1WithRSA";
            } else {
                if (!"EC".equalsIgnoreCase(algorithm)) {
                    throw new Exception(rb.getString("Cannot derive signature algorithm"));
                }
                str4 = "SHA1withECDSA";
            }
        } else {
            str4 = str3;
        }
        Certificate certificate = this.keyStore.getCertificate(str5);
        if (certificate == null) {
            throw new Exception(new MessageFormat(rb.getString("alias has no public key")).format(new Object[]{str5}));
        }
        if (!(certificate instanceof X509Certificate)) {
            throw new Exception(new MessageFormat(rb.getString("alias has no X.509 certificate")).format(new Object[]{str5}));
        }
        X509CertInfo x509CertInfo = (X509CertInfo) new X509CertImpl(certificate.getEncoded()).get(X509CertInfo.IDENT);
        Date startDate = getStartDate(this.startDate);
        Date date = new Date();
        date.setTime(startDate.getTime() + (this.validity * 1000 * 24 * 60 * 60));
        x509CertInfo.set("validity", new CertificateValidity(startDate, date));
        x509CertInfo.set("serialNumber", new CertificateSerialNumber((int) (startDate.getTime() / 1000)));
        if (str2 == null) {
            x500Name = (X500Name) x509CertInfo.get("subject.dname");
        } else {
            X500Name x500Name2 = new X500Name(str2);
            x509CertInfo.set("subject.dname", x500Name2);
            x500Name = x500Name2;
        }
        x509CertInfo.set("issuer.dname", x500Name);
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(privateKey, str4);
        x509CertInfo.set("algorithmID.algorithm", (AlgorithmId) x509CertImpl.get(X509CertImpl.SIG_ALG));
        x509CertInfo.set("version", new CertificateVersion(2));
        X509CertImpl x509CertImpl2 = new X509CertImpl(x509CertInfo);
        x509CertImpl2.sign(privateKey, str4);
        KeyStore keyStore = this.keyStore;
        char[] cArr = this.keyPass;
        if (cArr == null) {
            cArr = this.storePass;
        }
        keyStore.setKeyEntry(str5, privateKey, cArr, new Certificate[]{x509CertImpl2});
        if (this.verbose) {
            System.err.println(rb.getString("New certificate (self-signed):"));
            System.err.print(x509CertImpl2.toString());
            System.err.println();
        }
    }

    private void dumpCert(Certificate certificate, PrintStream printStream) throws IOException, CertificateException {
        if (!this.rfc) {
            printStream.write(certificate.getEncoded());
            return;
        }
        BASE64Encoder bASE64Encoder = new BASE64Encoder();
        printStream.println(X509Factory.BEGIN_CERT);
        bASE64Encoder.encodeBuffer(certificate.getEncoded(), printStream);
        printStream.println(X509Factory.END_CERT);
    }

    private void errorNeedArgument(String str) {
        System.err.println(new MessageFormat(rb.getString("Command option <flag> needs an argument.")).format(new Object[]{str}));
        tinyHelp();
    }

    private Certificate[] establishCertChain(Certificate certificate, Certificate certificate2) throws Exception {
        KeyStore keyStore;
        if (certificate != null) {
            if (!certificate.getPublicKey().equals(certificate2.getPublicKey())) {
                throw new Exception(rb.getString("Public keys in reply and keystore don't match"));
            }
            if (certificate2.equals(certificate)) {
                throw new Exception(rb.getString("Certificate reply and certificate in keystore are identical"));
            }
        }
        Hashtable hashtable = null;
        if (this.keyStore.size() > 0) {
            hashtable = new Hashtable(11);
            keystorecerts2Hashtable(this.keyStore, hashtable);
        }
        if (this.trustcacerts && (keyStore = this.caks) != null && keyStore.size() > 0) {
            if (hashtable == null) {
                hashtable = new Hashtable(11);
            }
            keystorecerts2Hashtable(this.caks, hashtable);
        }
        Vector vector = new Vector(2);
        if (!buildChain((X509Certificate) certificate2, vector, hashtable)) {
            throw new Exception(rb.getString("Failed to establish chain from reply"));
        }
        Certificate[] certificateArr = new Certificate[vector.size()];
        int i = 0;
        for (int size = vector.size() - 1; size >= 0; size--) {
            certificateArr[i] = (Certificate) vector.elementAt(size);
            i++;
        }
        return certificateArr;
    }

    private String getAlias(String str) throws Exception {
        if (str != null) {
            System.err.print(new MessageFormat(rb.getString("Enter prompt alias name:  ")).format(new Object[]{str}));
        } else {
            System.err.print(rb.getString("Enter alias name:  "));
        }
        return new BufferedReader(new InputStreamReader(System.in)).readLine();
    }

    private KeyStore getCacertsKeyStore() throws Exception {
        String str = File.separator;
        File file = new File(System.getProperty("java.home") + str + "lib" + str + "security" + str + "cacerts");
        if (!file.exists()) {
            return null;
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        KeyStore keyStore = KeyStore.getInstance(JKS);
        keyStore.load(fileInputStream, null);
        fileInputStream.close();
        return keyStore;
    }

    private String getCertFingerPrint(String str, Certificate certificate) throws Exception {
        return toHexString(MessageDigest.getInstance(str).digest(certificate.getEncoded()));
    }

    private char[] getKeyPasswd(String str, String str2, char[] cArr) throws Exception {
        char[] readPassword;
        int i = 0;
        do {
            if (cArr != null) {
                ResourceBundle resourceBundle = rb;
                System.err.println(new MessageFormat(resourceBundle.getString("Enter key password for <alias>")).format(new Object[]{str}));
                System.err.print(new MessageFormat(resourceBundle.getString("\t(RETURN if same as for <otherAlias>)")).format(new Object[]{str2}));
            } else {
                System.err.print(new MessageFormat(rb.getString("Enter key password for <alias>")).format(new Object[]{str}));
            }
            System.err.flush();
            readPassword = Password.readPassword(System.in);
            this.passwords.add(readPassword);
            if (readPassword == null) {
                readPassword = cArr;
            }
            i++;
            if (readPassword != null) {
                break;
            }
        } while (i < 3);
        if (readPassword != null) {
            return readPassword;
        }
        throw new Exception(rb.getString("Too many failures - try later"));
    }

    private char[] getNewPasswd(String str, char[] cArr) throws Exception {
        char[] cArr2 = null;
        for (int i = 0; i < 3; i++) {
            ResourceBundle resourceBundle = rb;
            System.err.print(new MessageFormat(resourceBundle.getString("New prompt: ")).format(new Object[]{str}));
            char[] readPassword = Password.readPassword(System.in);
            this.passwords.add(readPassword);
            if (readPassword == null || readPassword.length < 6) {
                System.err.println(resourceBundle.getString("Password is too short - must be at least 6 characters"));
            } else if (Arrays.equals(readPassword, cArr)) {
                System.err.println(resourceBundle.getString("Passwords must differ"));
            } else {
                System.err.print(new MessageFormat(resourceBundle.getString("Re-enter new prompt: ")).format(new Object[]{str}));
                cArr2 = Password.readPassword(System.in);
                this.passwords.add(cArr2);
                if (Arrays.equals(readPassword, cArr2)) {
                    Arrays.fill(cArr2, ' ');
                    return readPassword;
                }
                System.err.println(resourceBundle.getString("They don't match. Try again"));
            }
            if (readPassword != null) {
                Arrays.fill(readPassword, ' ');
            }
            if (cArr2 != null) {
                Arrays.fill(cArr2, ' ');
                cArr2 = null;
            }
        }
        throw new Exception(rb.getString("Too many failures - try later"));
    }

    private static Date getStartDate(String str) throws IOException {
        int i;
        int i2;
        String str2;
        String str3 = str;
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        if (str3 != null) {
            IOException iOException = new IOException("Illegal startdate value");
            int length = str.length();
            if (length == 0) {
                throw iOException;
            }
            int i3 = 0;
            if (str3.charAt(0) == '-' || str3.charAt(0) == '+') {
                while (i3 < length) {
                    char charAt = str3.charAt(i3);
                    if (charAt == '+') {
                        i = 1;
                    } else {
                        if (charAt != '-') {
                            throw iOException;
                        }
                        i = -1;
                    }
                    int i4 = i3 + 1;
                    int i5 = i4;
                    while (i5 < length) {
                        char charAt2 = str3.charAt(i5);
                        if (charAt2 < '0' || charAt2 > '9') {
                            break;
                        }
                        i5++;
                    }
                    if (i5 == i4) {
                        throw iOException;
                    }
                    int parseInt = Integer.parseInt(str3.substring(i4, i5));
                    if (i5 >= length) {
                        throw iOException;
                    }
                    char charAt3 = str3.charAt(i5);
                    if (charAt3 == 'H') {
                        i2 = 10;
                    } else if (charAt3 == 'M') {
                        i2 = 12;
                    } else if (charAt3 == 'S') {
                        i2 = 13;
                    } else if (charAt3 == 'd') {
                        i2 = 5;
                    } else if (charAt3 == 'm') {
                        i2 = 2;
                    } else {
                        if (charAt3 != 'y') {
                            throw iOException;
                        }
                        i2 = 1;
                    }
                    gregorianCalendar.add(i2, i * parseInt);
                    i3 = i5 + 1;
                }
            } else {
                if (length == 19) {
                    String substring = str3.substring(0, 10);
                    str2 = str3.substring(11);
                    if (str3.charAt(10) != ' ') {
                        throw iOException;
                    }
                    str3 = substring;
                } else if (length == 10) {
                    str2 = null;
                } else {
                    if (length != 8) {
                        throw iOException;
                    }
                    str2 = str3;
                    str3 = null;
                }
                if (str3 != null) {
                    if (!str3.matches("\\d\\d\\d\\d\\/\\d\\d\\/\\d\\d")) {
                        throw iOException;
                    }
                    gregorianCalendar.set(Integer.valueOf(str3.substring(0, 4)).intValue(), Integer.valueOf(str3.substring(5, 7)).intValue() - 1, Integer.valueOf(str3.substring(8, 10)).intValue());
                }
                if (str2 != null) {
                    if (!str2.matches("\\d\\d:\\d\\d:\\d\\d")) {
                        throw iOException;
                    }
                    gregorianCalendar.set(11, Integer.valueOf(str2.substring(0, 2)).intValue());
                    gregorianCalendar.set(12, Integer.valueOf(str2.substring(0, 2)).intValue());
                    gregorianCalendar.set(13, Integer.valueOf(str2.substring(0, 2)).intValue());
                    gregorianCalendar.set(14, 0);
                }
            }
        }
        return gregorianCalendar.getTime();
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x00a6, code lost:
    
        java.lang.System.err.println();
     */
    /* JADX WARN: Code restructure failed: missing block: B:11:0x00ab, code lost:
    
        return r10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private sun.security.x509.X500Name getX500Name() throws java.io.IOException {
        /*
            r18 = this;
            r0 = r18
            java.io.BufferedReader r1 = new java.io.BufferedReader
            java.io.InputStreamReader r2 = new java.io.InputStreamReader
            java.io.InputStream r3 = java.lang.System.in
            r2.<init>(r3)
            r1.<init>(r2)
            java.lang.String r2 = "Unknown"
            r3 = 20
            r3 = r2
            r4 = r3
            r5 = r4
            r6 = r5
            r7 = r6
            r8 = 20
        L19:
            int r9 = r8 + (-1)
            if (r8 < 0) goto Lac
            java.util.ResourceBundle r8 = sun.security.tools.KeyTool.rb
            java.lang.String r10 = "What is your first and last name?"
            java.lang.String r10 = r8.getString(r10)
            java.lang.String r2 = r0.inputString(r1, r10, r2)
            java.lang.String r10 = "What is the name of your organizational unit?"
            java.lang.String r10 = r8.getString(r10)
            java.lang.String r3 = r0.inputString(r1, r10, r3)
            java.lang.String r10 = "What is the name of your organization?"
            java.lang.String r10 = r8.getString(r10)
            java.lang.String r4 = r0.inputString(r1, r10, r4)
            java.lang.String r10 = "What is the name of your City or Locality?"
            java.lang.String r10 = r8.getString(r10)
            java.lang.String r5 = r0.inputString(r1, r10, r5)
            java.lang.String r10 = "What is the name of your State or Province?"
            java.lang.String r10 = r8.getString(r10)
            java.lang.String r6 = r0.inputString(r1, r10, r6)
            java.lang.String r10 = "What is the two-letter country code for this unit?"
            java.lang.String r10 = r8.getString(r10)
            java.lang.String r7 = r0.inputString(r1, r10, r7)
            sun.security.x509.X500Name r10 = new sun.security.x509.X500Name
            r11 = r10
            r12 = r2
            r13 = r3
            r14 = r4
            r15 = r5
            r16 = r6
            r17 = r7
            r11.<init>(r12, r13, r14, r15, r16, r17)
            java.text.MessageFormat r11 = new java.text.MessageFormat
            java.lang.String r12 = "Is <name> correct?"
            java.lang.String r12 = r8.getString(r12)
            r11.<init>(r12)
            r12 = 1
            java.lang.Object[] r12 = new java.lang.Object[r12]
            r13 = 0
            r12[r13] = r10
            java.lang.String r11 = r11.format(r12)
            java.lang.String r12 = "no"
            java.lang.String r12 = r8.getString(r12)
            java.lang.String r11 = r0.inputString(r1, r11, r12)
            java.text.Collator r12 = sun.security.tools.KeyTool.collator
            java.lang.String r13 = "yes"
            java.lang.String r13 = r8.getString(r13)
            int r13 = r12.compare(r11, r13)
            if (r13 == 0) goto La6
            java.lang.String r13 = "y"
            java.lang.String r8 = r8.getString(r13)
            int r8 = r12.compare(r11, r8)
            if (r8 != 0) goto La3
            goto La6
        La3:
            r8 = r9
            goto L19
        La6:
            java.io.PrintStream r1 = java.lang.System.err
            r1.println()
            return r10
        Lac:
            java.lang.RuntimeException r1 = new java.lang.RuntimeException
            java.util.ResourceBundle r2 = sun.security.tools.KeyTool.rb
            java.lang.String r3 = "Too may retries, program terminated"
            java.lang.String r2 = r2.getString(r3)
            r1.<init>(r2)
            throw r1
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.tools.KeyTool.getX500Name():sun.security.x509.X500Name");
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x0073 A[LOOP:0: B:2:0x0002->B:16:0x0073, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:17:0x0072 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String getYesNoReply(java.lang.String r6) throws java.io.IOException {
        /*
            r5 = this;
            r0 = 20
        L2:
            int r1 = r0 + (-1)
            if (r0 < 0) goto L75
            java.io.PrintStream r0 = java.lang.System.err
            r0.print(r6)
            java.io.PrintStream r0 = java.lang.System.err
            r0.flush()
            java.io.BufferedReader r0 = new java.io.BufferedReader
            java.io.InputStreamReader r2 = new java.io.InputStreamReader
            java.io.InputStream r3 = java.lang.System.in
            r2.<init>(r3)
            r0.<init>(r2)
            java.lang.String r0 = r0.readLine()
            java.text.Collator r2 = sun.security.tools.KeyTool.collator
            java.lang.String r3 = ""
            int r3 = r2.compare(r0, r3)
            if (r3 == 0) goto L6e
            java.util.ResourceBundle r3 = sun.security.tools.KeyTool.rb
            java.lang.String r4 = "n"
            java.lang.String r4 = r3.getString(r4)
            int r4 = r2.compare(r0, r4)
            if (r4 == 0) goto L6e
            java.lang.String r4 = "no"
            java.lang.String r4 = r3.getString(r4)
            int r4 = r2.compare(r0, r4)
            if (r4 != 0) goto L45
            goto L6e
        L45:
            java.lang.String r4 = "y"
            java.lang.String r4 = r3.getString(r4)
            int r4 = r2.compare(r0, r4)
            if (r4 == 0) goto L6b
            java.lang.String r4 = "yes"
            java.lang.String r4 = r3.getString(r4)
            int r0 = r2.compare(r0, r4)
            if (r0 != 0) goto L5e
            goto L6b
        L5e:
            java.io.PrintStream r0 = java.lang.System.err
            java.lang.String r2 = "Wrong answer, try again"
            java.lang.String r2 = r3.getString(r2)
            r0.println(r2)
            r0 = 0
            goto L70
        L6b:
            java.lang.String r0 = "YES"
            goto L70
        L6e:
            java.lang.String r0 = "NO"
        L70:
            if (r0 == 0) goto L73
            return r0
        L73:
            r0 = r1
            goto L2
        L75:
            java.lang.RuntimeException r6 = new java.lang.RuntimeException
            java.util.ResourceBundle r0 = sun.security.tools.KeyTool.rb
            java.lang.String r1 = "Too may retries, program terminated"
            java.lang.String r0 = r0.getString(r1)
            r6.<init>(r0)
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.tools.KeyTool.getYesNoReply(java.lang.String):java.lang.String");
    }

    private String inputString(BufferedReader bufferedReader, String str, String str2) throws IOException {
        System.err.println(str);
        System.err.print(new MessageFormat(rb.getString("  [defaultValue]:  ")).format(new Object[]{str2}));
        System.err.flush();
        String readLine = bufferedReader.readLine();
        return (readLine == null || collator.compare(readLine, "") == 0) ? str2 : readLine;
    }

    private String inputStringFromStdin(String str) throws Exception {
        System.err.print(str);
        return new BufferedReader(new InputStreamReader(System.in)).readLine();
    }

    private boolean installReply(String str, InputStream inputStream) throws Exception {
        if (str == null) {
            str = "mykey";
        }
        Object[] recoverKey = recoverKey(str, this.storePass, this.keyPass);
        PrivateKey privateKey = (PrivateKey) recoverKey[0];
        if (this.keyPass == null) {
            this.keyPass = (char[]) recoverKey[1];
        }
        Certificate certificate = this.keyStore.getCertificate(str);
        if (certificate == null) {
            throw new Exception(new MessageFormat(rb.getString("alias has no public key (certificate)")).format(new Object[]{str}));
        }
        Collection<? extends Certificate> generateCertificates = this.cf.generateCertificates(inputStream);
        if (generateCertificates.isEmpty()) {
            throw new Exception(rb.getString("Reply has no certificates"));
        }
        Certificate[] certificateArr = (Certificate[]) generateCertificates.toArray(new Certificate[generateCertificates.size()]);
        Certificate[] establishCertChain = certificateArr.length == 1 ? establishCertChain(certificate, certificateArr[0]) : validateReply(str, certificate, certificateArr);
        if (establishCertChain == null) {
            return false;
        }
        KeyStore keyStore = this.keyStore;
        char[] cArr = this.keyPass;
        if (cArr == null) {
            cArr = this.storePass;
        }
        keyStore.setKeyEntry(str, privateKey, cArr, establishCertChain);
        return true;
    }

    private boolean isSelfSigned(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    private boolean isTrusted(Certificate certificate) throws Exception {
        KeyStore keyStore;
        if (this.keyStore.getCertificateAlias(certificate) != null) {
            return true;
        }
        return (!this.trustcacerts || (keyStore = this.caks) == null || keyStore.getCertificateAlias(certificate) == null) ? false : true;
    }

    private void keystorecerts2Hashtable(KeyStore keyStore, Hashtable hashtable) throws Exception {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = keyStore.getCertificate(aliases.nextElement());
            if (certificate != null) {
                Principal subjectDN = ((X509Certificate) certificate).getSubjectDN();
                Vector vector = (Vector) hashtable.get(subjectDN);
                if (vector == null) {
                    vector = new Vector();
                    vector.addElement(certificate);
                } else if (!vector.contains(certificate)) {
                    vector.addElement(certificate);
                }
                hashtable.put(subjectDN, vector);
            }
        }
    }

    public static void main(String[] strArr) throws Exception {
        new KeyTool().run(strArr, System.out);
    }

    private void printWarning() {
        System.err.println();
        PrintStream printStream = System.err;
        ResourceBundle resourceBundle = rb;
        printStream.println(resourceBundle.getString("*****************  WARNING WARNING WARNING  *****************"));
        System.err.println(resourceBundle.getString("* The integrity of the information stored in your keystore  *"));
        System.err.println(resourceBundle.getString("* has NOT been verified!  In order to verify its integrity, *"));
        System.err.println(resourceBundle.getString("* you must provide your keystore password.                  *"));
        System.err.println(resourceBundle.getString("*****************  WARNING WARNING WARNING  *****************"));
        System.err.println();
    }

    private void printX509Cert(X509Certificate x509Certificate, PrintStream printStream) throws Exception {
        int i = 0;
        printStream.println(new MessageFormat(rb.getString("*PATTERN* printX509Cert")).format(new Object[]{x509Certificate.getSubjectDN().toString(), x509Certificate.getIssuerDN().toString(), x509Certificate.getSerialNumber().toString(16), x509Certificate.getNotBefore().toString(), x509Certificate.getNotAfter().toString(), getCertFingerPrint(MessageDigestAlgorithms.MD5, x509Certificate), getCertFingerPrint(SecurityConstants.SHA1, x509Certificate), x509Certificate.getSigAlgName(), Integer.valueOf(x509Certificate.getVersion())}));
        if (x509Certificate instanceof X509CertImpl) {
            X509CertImpl x509CertImpl = (X509CertImpl) x509Certificate;
            if (x509Certificate.getCriticalExtensionOIDs() != null) {
                for (String str : x509Certificate.getCriticalExtensionOIDs()) {
                    if (i == 0) {
                        printStream.println();
                        printStream.println(rb.getString("Extensions: "));
                        printStream.println();
                    }
                    StringBuilder sb = new StringBuilder();
                    sb.append("#");
                    i++;
                    sb.append(i);
                    sb.append(": ");
                    sb.append((Object) x509CertImpl.getExtension(new ObjectIdentifier(str)));
                    printStream.println(sb.toString());
                }
            }
            if (x509Certificate.getNonCriticalExtensionOIDs() != null) {
                for (String str2 : x509Certificate.getNonCriticalExtensionOIDs()) {
                    if (i == 0) {
                        printStream.println();
                        printStream.println(rb.getString("Extensions: "));
                        printStream.println();
                    }
                    Extension extension2 = x509CertImpl.getExtension(new ObjectIdentifier(str2));
                    if (extension2 != null) {
                        StringBuilder sb2 = new StringBuilder();
                        sb2.append("#");
                        i++;
                        sb2.append(i);
                        sb2.append(": ");
                        sb2.append((Object) extension2);
                        printStream.println(sb2.toString());
                    } else {
                        StringBuilder sb3 = new StringBuilder();
                        sb3.append("#");
                        i++;
                        sb3.append(i);
                        sb3.append(": ");
                        sb3.append((Object) x509CertImpl.getUnparseableExtension(new ObjectIdentifier(str2)));
                        printStream.println(sb3.toString());
                    }
                }
            }
        }
    }

    private char[] promptForKeyPass(String str, String str2, char[] cArr) throws Exception {
        if (P12KEYSTORE.equalsIgnoreCase(this.storetype)) {
            return cArr;
        }
        if (this.token) {
            return null;
        }
        int i = 0;
        while (i < 3) {
            ResourceBundle resourceBundle = rb;
            System.err.println(new MessageFormat(resourceBundle.getString("Enter key password for <alias>")).format(new Object[]{str}));
            if (str2 == null) {
                System.err.print(resourceBundle.getString("\t(RETURN if same as keystore password):  "));
            } else {
                System.err.print(new MessageFormat(resourceBundle.getString("\t(RETURN if same as for <otherAlias>)")).format(new Object[]{str2}));
            }
            System.err.flush();
            char[] readPassword = Password.readPassword(System.in);
            this.passwords.add(readPassword);
            if (readPassword == null) {
                return cArr;
            }
            if (readPassword.length >= 6) {
                System.err.print(resourceBundle.getString("Re-enter new password: "));
                char[] readPassword2 = Password.readPassword(System.in);
                this.passwords.add(readPassword2);
                if (Arrays.equals(readPassword, readPassword2)) {
                    return readPassword;
                }
                System.err.println(resourceBundle.getString("They don't match. Try again"));
            } else {
                System.err.println(resourceBundle.getString("Key password is too short - must be at least 6 characters"));
            }
            i++;
        }
        if (i != 3) {
            return null;
        }
        if (this.command == 10) {
            throw new Exception(rb.getString("Too many failures. Key entry not cloned"));
        }
        throw new Exception(rb.getString("Too many failures - key not added to keystore"));
    }

    private Object[] recoverEntry(KeyStore keyStore, String str, char[] cArr, char[] cArr2) throws Exception {
        KeyStore.Entry entry;
        if (!keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias <alias> does not exist")).format(new Object[]{str}));
        }
        try {
            entry = keyStore.getEntry(str, null);
            cArr = null;
        } catch (UnrecoverableEntryException e) {
            if (P11KEYSTORE.equalsIgnoreCase(keyStore.getType()) || KeyStoreUtil.isWindowsKeyStore(keyStore.getType())) {
                throw e;
            }
            if (cArr2 != null) {
                entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr2));
                cArr = cArr2;
            } else {
                try {
                    entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr));
                } catch (UnrecoverableEntryException e2) {
                    if (P12KEYSTORE.equalsIgnoreCase(keyStore.getType())) {
                        throw e2;
                    }
                    cArr = getKeyPasswd(str, null, null);
                    entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr));
                }
            }
        }
        return new Object[]{entry, cArr};
    }

    private Object[] recoverKey(String str, char[] cArr, char[] cArr2) throws Exception {
        Key key;
        if (!this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias <alias> does not exist")).format(new Object[]{str}));
        }
        if (!this.keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class) && !this.keyStore.entryInstanceOf(str, KeyStore.SecretKeyEntry.class)) {
            throw new Exception(new MessageFormat(rb.getString("Alias <alias> has no key")).format(new Object[]{str}));
        }
        if (cArr2 == null) {
            try {
                key = this.keyStore.getKey(str, cArr);
                this.passwords.add(cArr);
            } catch (UnrecoverableKeyException e) {
                if (this.token) {
                    throw e;
                }
                cArr = getKeyPasswd(str, null, null);
                key = this.keyStore.getKey(str, cArr);
            }
        } else {
            cArr = cArr2;
            key = this.keyStore.getKey(str, cArr2);
        }
        return new Object[]{key, cArr};
    }

    private void tinyHelp() {
        System.err.println(rb.getString("Try keytool -help"));
        if (this.debug) {
            throw new RuntimeException("NO BIG ERROR, SORRY");
        }
        System.exit(1);
    }

    private String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            byte2hex(bArr[i], stringBuffer);
            if (i < length - 1) {
                stringBuffer.append(":");
            }
        }
        return stringBuffer.toString();
    }

    private void usage() {
        PrintStream printStream = System.err;
        ResourceBundle resourceBundle = rb;
        printStream.println(resourceBundle.getString("keytool usage:\n"));
        System.err.println(resourceBundle.getString("-certreq     [-v] [-protected]"));
        System.err.println(resourceBundle.getString("\t     [-alias <alias>] [-sigalg <sigalg>]"));
        System.err.println(resourceBundle.getString("\t     [-file <csr_file>] [-keypass <keypass>]"));
        System.err.println(resourceBundle.getString("\t     [-keystore <keystore>] [-storepass <storepass>]"));
        System.err.println(resourceBundle.getString("\t     [-storetype <storetype>] [-providername <name>]"));
        System.err.println(resourceBundle.getString("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
        System.err.println(resourceBundle.getString("\t     [-providerpath <pathlist>]"));
        System.err.println();
        System.err.println(resourceBundle.getString("-changealias [-v] [-protected] -alias <alias> -destalias <destalias>"));
        System.err.println(resourceBundle.getString("\t     [-keypass <keypass>]"));
        System.err.println(resourceBundle.getString("\t     [-keystore <keystore>] [-storepass <storepass>]"));
        System.err.println(resourceBundle.getString("\t     [-storetype <storetype>] [-providername <name>]"));
        System.err.println(resourceBundle.getString("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
        System.err.println(resourceBundle.getString("\t     [-providerpath <pathlist>]"));
        System.err.println();
        System.err.println(resourceBundle.getString("-delete      [-v] [-protected] -alias <alias>"));
        System.err.println(resourceBundle.getString("\t     [-keystore <keystore>] [-storepass <storepass>]"));
        System.err.println(resourceBundle.getString("\t     [-storetype <storetype>] [-providername <name>]"));
        System.err.println(resourceBundle.getString("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
        System.err.println(resourceBundle.getString("\t     [-providerpath <pathlist>]"));
        System.err.println();
        System.err.println(resourceBundle.getString("-exportcert  [-v] [-rfc] [-protected]"));
        System.err.println(resourceBundle.getString("\t     [-alias <alias>] [-file <cert_file>]"));
        System.err.println(resourceBundle.getString("\t     [-keystore <keystore>] [-storepass <storepass>]"));
        System.err.println(resourceBundle.getString("\t     [-storetype <storetype>] [-providername <name>]"));
        System.err.println(resourceBundle.getString("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
        System.err.println(resourceBundle.getString("\t     [-providerpath <pathlist>]"));
        System.err.println();
        System.err.println(resourceBundle.getString("-genkeypair  [-v] [-protected]"));
        System.err.println(resourceBundle.getString("\t     [-alias <alias>]"));
        System.err.println(resourceBundle.getString("\t     [-keyalg <keyalg>] [-keysize <keysize>]"));
        System.err.println(resourceBundle.getString("\t     [-sigalg <sigalg>] [-dname <dname>]"));
        System.err.println(resourceBundle.getString("\t     [-validity <valDays>] [-keypass <keypass>]"));
        System.err.println(resourceBundle.getString("\t     [-keystore <keystore>] [-storepass <storepass>]"));
        System.err.println(resourceBundle.getString("\t     [-storetype <storetype>] [-providername <name>]"));
        System.err.println(resourceBundle.getString("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
        System.err.println(resourceBundle.getString("\t     [-providerpath <pathlist>]"));
        System.err.println();
        System.err.println(resourceBundle.getString("-genseckey   [-v] [-protected]"));
        System.err.println(resourceBundle.getString("\t     [-alias <alias>] [-keypass <keypass>]"));
        System.err.println(resourceBundle.getString("\t     [-keyalg <keyalg>] [-keysize <keysize>]"));
        System.err.println(resourceBundle.getString("\t     [-keystore <keystore>] [-storepass <storepass>]"));
        System.err.println(resourceBundle.getString("\t     [-storetype <storetype>] [-providername <name>]"));
        System.err.println(resourceBundle.getString("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
        System.err.println(resourceBundle.getString("\t     [-providerpath <pathlist>]"));
        System.err.println();
        System.err.println(resourceBundle.getString("-help"));
        System.err.println();
        System.err.println(resourceBundle.getString("-importcert  [-v] [-noprompt] [-trustcacerts] [-protected]"));
        System.err.println(resourceBundle.getString("\t     [-alias <alias>]"));
        System.err.println(resourceBundle.getString("\t     [-file <cert_file>] [-keypass <keypass>]"));
        System.err.println(resourceBundle.getString("\t     [-keystore <keystore>] [-storepass <storepass>]"));
        System.err.println(resourceBundle.getString("\t     [-storetype <storetype>] [-providername <name>]"));
        System.err.println(resourceBundle.getString("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
        System.err.println(resourceBundle.getString("\t     [-providerpath <pathlist>]"));
        System.err.println();
        System.err.println(resourceBundle.getString("-importkeystore [-v] "));
        System.err.println(resourceBundle.getString("\t     [-srckeystore <srckeystore>] [-destkeystore <destkeystore>]"));
        System.err.println(resourceBundle.getString("\t     [-srcstoretype <srcstoretype>] [-deststoretype <deststoretype>]"));
        System.err.println(resourceBundle.getString("\t     [-srcstorepass <srcstorepass>] [-deststorepass <deststorepass>]"));
        System.err.println(resourceBundle.getString("\t     [-srcprotected] [-destprotected]"));
        System.err.println(resourceBundle.getString("\t     [-srcprovidername <srcprovidername>]\n\t     [-destprovidername <destprovidername>]"));
        System.err.println(resourceBundle.getString("\t     [-srcalias <srcalias> [-destalias <destalias>]"));
        System.err.println(resourceBundle.getString("\t       [-srckeypass <srckeypass>] [-destkeypass <destkeypass>]]"));
        System.err.println(resourceBundle.getString("\t     [-noprompt]"));
        System.err.println(resourceBundle.getString("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
        System.err.println(resourceBundle.getString("\t     [-providerpath <pathlist>]"));
        System.err.println();
        System.err.println(resourceBundle.getString("-keypasswd   [-v] [-alias <alias>]"));
        System.err.println(resourceBundle.getString("\t     [-keypass <old_keypass>] [-new <new_keypass>]"));
        System.err.println(resourceBundle.getString("\t     [-keystore <keystore>] [-storepass <storepass>]"));
        System.err.println(resourceBundle.getString("\t     [-storetype <storetype>] [-providername <name>]"));
        System.err.println(resourceBundle.getString("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
        System.err.println(resourceBundle.getString("\t     [-providerpath <pathlist>]"));
        System.err.println();
        System.err.println(resourceBundle.getString("-list        [-v | -rfc] [-protected]"));
        System.err.println(resourceBundle.getString("\t     [-alias <alias>]"));
        System.err.println(resourceBundle.getString("\t     [-keystore <keystore>] [-storepass <storepass>]"));
        System.err.println(resourceBundle.getString("\t     [-storetype <storetype>] [-providername <name>]"));
        System.err.println(resourceBundle.getString("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
        System.err.println(resourceBundle.getString("\t     [-providerpath <pathlist>]"));
        System.err.println();
        System.err.println(resourceBundle.getString("-printcert   [-v] [-file <cert_file>]"));
        System.err.println();
        System.err.println(resourceBundle.getString("-storepasswd [-v] [-new <new_storepass>]"));
        System.err.println(resourceBundle.getString("\t     [-keystore <keystore>] [-storepass <storepass>]"));
        System.err.println(resourceBundle.getString("\t     [-storetype <storetype>] [-providername <name>]"));
        System.err.println(resourceBundle.getString("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
        System.err.println(resourceBundle.getString("\t     [-providerpath <pathlist>]"));
        if (this.debug) {
            throw new RuntimeException("NO ERROR, SORRY");
        }
        System.exit(1);
    }

    private Certificate[] validateReply(String str, Certificate certificate, Certificate[] certificateArr) throws Exception {
        Certificate certificate2;
        boolean z;
        KeyStore keyStore;
        PublicKey publicKey = certificate.getPublicKey();
        int i = 0;
        while (i < certificateArr.length && !publicKey.equals(certificateArr[i].getPublicKey())) {
            i++;
        }
        if (i == certificateArr.length) {
            throw new Exception(new MessageFormat(rb.getString("Certificate reply does not contain public key for <alias>")).format(new Object[]{str}));
        }
        Certificate certificate3 = certificateArr[0];
        certificateArr[0] = certificateArr[i];
        certificateArr[i] = certificate3;
        Principal issuerDN = ((X509Certificate) certificateArr[0]).getIssuerDN();
        for (int i2 = 1; i2 < certificateArr.length - 1; i2++) {
            int i3 = i2;
            while (true) {
                if (i3 >= certificateArr.length) {
                    break;
                }
                if (((X509Certificate) certificateArr[i3]).getSubjectDN().equals(issuerDN)) {
                    Certificate certificate4 = certificateArr[i2];
                    certificateArr[i2] = certificateArr[i3];
                    certificateArr[i3] = certificate4;
                    issuerDN = ((X509Certificate) certificateArr[i2]).getIssuerDN();
                    break;
                }
                i3++;
            }
            if (i3 == certificateArr.length) {
                throw new Exception(rb.getString("Incomplete certificate chain in reply"));
            }
        }
        int i4 = 0;
        while (i4 < certificateArr.length - 1) {
            int i5 = i4 + 1;
            try {
                certificateArr[i4].verify(certificateArr[i5].getPublicKey());
                i4 = i5;
            } catch (Exception e) {
                throw new Exception(rb.getString("Certificate chain in reply does not verify: ") + e.getMessage());
            }
        }
        if (this.noprompt) {
            return certificateArr;
        }
        Certificate certificate5 = certificateArr[certificateArr.length - 1];
        if (isTrusted(certificate5)) {
            return certificateArr;
        }
        if (!this.trustcacerts || (keyStore = this.caks) == null) {
            certificate2 = null;
        } else {
            Enumeration<String> aliases = keyStore.aliases();
            certificate2 = null;
            while (aliases.hasMoreElements()) {
                certificate2 = this.caks.getCertificate(aliases.nextElement());
                if (certificate2 != null) {
                    try {
                        certificate5.verify(certificate2.getPublicKey());
                        z = true;
                        break;
                    } catch (Exception unused) {
                    }
                }
            }
        }
        z = false;
        if (z) {
            if (isSelfSigned((X509Certificate) certificate5)) {
                return certificateArr;
            }
            int length = certificateArr.length + 1;
            Certificate[] certificateArr2 = new Certificate[length];
            System.arraycopy(certificateArr, 0, certificateArr2, 0, certificateArr.length);
            certificateArr2[length - 1] = certificate2;
            return certificateArr2;
        }
        System.err.println();
        PrintStream printStream = System.err;
        ResourceBundle resourceBundle = rb;
        printStream.println(resourceBundle.getString("Top-level certificate in reply:\n"));
        printX509Cert((X509Certificate) certificate5, System.out);
        System.err.println();
        System.err.print(resourceBundle.getString("... is not trusted. "));
        if ("NO".equals(getYesNoReply(resourceBundle.getString("Install reply anyway? [no]:  ")))) {
            return null;
        }
        return certificateArr;
    }

    void doCommands(PrintStream printStream) throws Exception {
        int i;
        char[] cArr;
        char[] cArr2;
        char[] cArr3;
        char[] cArr4;
        char[] cArr5;
        int i2;
        PrintStream printStream2 = printStream;
        if (this.storetype == null) {
            this.storetype = KeyStore.getDefaultType();
        }
        this.storetype = KeyStoreUtil.niceStoreTypeName(this.storetype);
        if (this.srcstoretype == null) {
            this.srcstoretype = KeyStore.getDefaultType();
        }
        this.srcstoretype = KeyStoreUtil.niceStoreTypeName(this.srcstoretype);
        if (P11KEYSTORE.equalsIgnoreCase(this.storetype) || KeyStoreUtil.isWindowsKeyStore(this.storetype)) {
            this.token = true;
            if (this.ksfname == null) {
                this.ksfname = NONE;
            }
        }
        if (NONE.equals(this.ksfname)) {
            this.nullStream = true;
        }
        if (this.token && !this.nullStream) {
            System.err.println(MessageFormat.format(rb.getString("-keystore must be NONE if -storetype is {0}"), this.storetype));
            System.err.println();
            tinyHelp();
        }
        if (this.token && ((i2 = this.command) == 11 || i2 == 15)) {
            throw new UnsupportedOperationException(MessageFormat.format(rb.getString("-storepasswd and -keypasswd commands not supported if -storetype is {0}"), this.storetype));
        }
        if (P12KEYSTORE.equalsIgnoreCase(this.storetype) && this.command == 11) {
            throw new UnsupportedOperationException(rb.getString("-keypasswd commands not supported if -storetype is PKCS12"));
        }
        if (this.token && (this.keyPass != null || this.newPass != null || this.destKeyPass != null)) {
            throw new IllegalArgumentException(MessageFormat.format(rb.getString("-keypass and -new can not be specified if -storetype is {0}"), this.storetype));
        }
        if (this.protectedPath && (this.storePass != null || this.keyPass != null || this.newPass != null || this.destKeyPass != null)) {
            throw new IllegalArgumentException(rb.getString("if -protected is specified, then -storepass, -keypass, and -new must not be specified"));
        }
        if (this.srcprotectedPath && (this.srcstorePass != null || this.srckeyPass != null)) {
            throw new IllegalArgumentException(rb.getString("if -srcprotected is specified, then -srcstorepass and -srckeypass must not be specified"));
        }
        if (KeyStoreUtil.isWindowsKeyStore(this.storetype) && (this.storePass != null || this.keyPass != null || this.newPass != null || this.destKeyPass != null)) {
            throw new IllegalArgumentException(rb.getString("if keystore is not password protected, then -storepass, -keypass, and -new must not be specified"));
        }
        if (KeyStoreUtil.isWindowsKeyStore(this.srcstoretype) && (this.srcstorePass != null || this.srckeyPass != null)) {
            throw new IllegalArgumentException(rb.getString("if source keystore is not password protected, then -srcstorepass and -srckeypass must not be specified"));
        }
        if (this.validity <= 0) {
            throw new Exception(rb.getString("Validity must be greater than zero"));
        }
        if (this.providers != null) {
            ClassLoader uRLClassLoader = this.pathlist != null ? new URLClassLoader(PathList.pathToURLs(PathList.appendPath(PathList.appendPath(PathList.appendPath(null, System.getProperty("java.class.path")), System.getProperty("env.class.path")), this.pathlist))) : ClassLoader.getSystemClassLoader();
            for (Pair<String, String> pair : this.providers) {
                String str = pair.fst;
                Class<?> loadClass = uRLClassLoader != null ? uRLClassLoader.loadClass(str) : Class.forName(str);
                String str2 = pair.snd;
                Object newInstance = str2 == null ? loadClass.newInstance() : loadClass.getConstructor(PARAM_STRING).newInstance(str2);
                if (!(newInstance instanceof Provider)) {
                    throw new Exception(new MessageFormat(rb.getString("provName not a provider")).format(new Object[]{str}));
                }
                Security.addProvider((Provider) newInstance);
            }
        }
        if (this.command == 12 && this.verbose && this.rfc) {
            System.err.println(rb.getString("Must not specify both -v and -rfc with 'list' command"));
            tinyHelp();
        }
        int i3 = this.command;
        if (i3 == 5 && (cArr5 = this.keyPass) != null && cArr5.length < 6) {
            throw new Exception(rb.getString("Key password must be at least 6 characters"));
        }
        char[] cArr6 = this.newPass;
        if (cArr6 != null && cArr6.length < 6) {
            throw new Exception(rb.getString("New password must be at least 6 characters"));
        }
        char[] cArr7 = this.destKeyPass;
        if (cArr7 != null && cArr7.length < 6) {
            throw new Exception(rb.getString("New password must be at least 6 characters"));
        }
        if (i3 != 13) {
            if (this.ksfname == null) {
                this.ksfname = System.getProperty("user.home") + File.separator + ".keystore";
            }
            if (!this.nullStream) {
                try {
                    File file = new File(this.ksfname);
                    this.ksfile = file;
                    if (file.exists() && this.ksfile.length() == 0) {
                        throw new Exception(rb.getString("Keystore file exists, but is empty: ") + this.ksfname);
                    }
                    this.ksStream = new FileInputStream(this.ksfile);
                } catch (FileNotFoundException unused) {
                    int i4 = this.command;
                    if (i4 != 5 && i4 != 6 && i4 != 7 && i4 != 8 && i4 != 9) {
                        throw new Exception(rb.getString("Keystore file does not exist: ") + this.ksfname);
                    }
                }
            }
        }
        int i5 = this.command;
        if ((i5 == 10 || i5 == 2) && this.dest == null) {
            String alias = getAlias(Annotation.DESTINATION);
            this.dest = alias;
            if ("".equals(alias)) {
                throw new Exception(rb.getString("Must specify destination alias"));
            }
        }
        if (this.command == 3 && this.alias == null) {
            String alias2 = getAlias(null);
            this.alias = alias2;
            if ("".equals(alias2)) {
                throw new Exception(rb.getString("Must specify alias"));
            }
        }
        String str3 = this.providerName;
        if (str3 == null) {
            this.keyStore = KeyStore.getInstance(this.storetype);
        } else {
            this.keyStore = KeyStore.getInstance(this.storetype, str3);
        }
        if (!this.nullStream) {
            this.keyStore.load(this.ksStream, this.storePass);
            InputStream inputStream = this.ksStream;
            if (inputStream != null) {
                inputStream.close();
            }
        }
        boolean z = this.nullStream;
        if (z && (cArr4 = this.storePass) != null) {
            this.keyStore.load(null, cArr4);
        } else if (z || (cArr3 = this.storePass) == null) {
            if (this.storePass == null) {
                if (!this.protectedPath && !KeyStoreUtil.isWindowsKeyStore(this.storetype) && ((i = this.command) == 1 || i == 3 || i == 5 || i == 6 || i == 8 || i == 9 || i == 10 || i == 2 || i == 14 || i == 15 || i == 11 || i == 7)) {
                    int i6 = 0;
                    do {
                        if (this.command == 9) {
                            System.err.print(rb.getString("Enter destination keystore password:  "));
                        } else {
                            System.err.print(rb.getString("Enter keystore password:  "));
                        }
                        System.err.flush();
                        char[] readPassword = Password.readPassword(System.in);
                        this.storePass = readPassword;
                        this.passwords.add(readPassword);
                        if (!this.nullStream && ((cArr2 = this.storePass) == null || cArr2.length < 6)) {
                            System.err.println(rb.getString("Keystore password is too short - must be at least 6 characters"));
                            this.storePass = null;
                        }
                        if (this.storePass != null && !this.nullStream && this.ksStream == null) {
                            PrintStream printStream3 = System.err;
                            ResourceBundle resourceBundle = rb;
                            printStream3.print(resourceBundle.getString("Re-enter new password: "));
                            char[] readPassword2 = Password.readPassword(System.in);
                            this.passwords.add(readPassword2);
                            if (!Arrays.equals(this.storePass, readPassword2)) {
                                System.err.println(resourceBundle.getString("They don't match. Try again"));
                                this.storePass = null;
                            }
                        }
                        i6++;
                        cArr = this.storePass;
                        if (cArr != null) {
                            break;
                        }
                    } while (i6 < 3);
                    if (cArr == null) {
                        System.err.println(rb.getString("Too many failures - try later"));
                        return;
                    }
                } else if (!this.protectedPath && !KeyStoreUtil.isWindowsKeyStore(this.storetype) && this.command != 13) {
                    System.err.print(rb.getString("Enter keystore password:  "));
                    System.err.flush();
                    char[] readPassword3 = Password.readPassword(System.in);
                    this.storePass = readPassword3;
                    this.passwords.add(readPassword3);
                }
                if (this.nullStream) {
                    this.keyStore.load(null, this.storePass);
                } else if (this.ksStream != null) {
                    FileInputStream fileInputStream = new FileInputStream(this.ksfile);
                    this.ksStream = fileInputStream;
                    this.keyStore.load(fileInputStream, this.storePass);
                    this.ksStream.close();
                }
            }
        } else if (this.ksStream == null && cArr3.length < 6) {
            throw new Exception(rb.getString("Keystore password must be at least 6 characters"));
        }
        if (this.storePass != null && P12KEYSTORE.equalsIgnoreCase(this.storetype)) {
            MessageFormat messageFormat = new MessageFormat(rb.getString("Warning:  Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified <command> value."));
            char[] cArr8 = this.keyPass;
            if (cArr8 != null && !Arrays.equals(this.storePass, cArr8)) {
                System.err.println(messageFormat.format(new Object[]{"-keypass"}));
                this.keyPass = this.storePass;
            }
            char[] cArr9 = this.newPass;
            if (cArr9 != null && !Arrays.equals(this.storePass, cArr9)) {
                System.err.println(messageFormat.format(new Object[]{"-new"}));
                this.newPass = this.storePass;
            }
            char[] cArr10 = this.destKeyPass;
            if (cArr10 != null && !Arrays.equals(this.storePass, cArr10)) {
                System.err.println(messageFormat.format(new Object[]{"-destkeypass"}));
                this.destKeyPass = this.storePass;
            }
        }
        int i7 = this.command;
        if (i7 == 13 || i7 == 8 || i7 == 7) {
            this.cf = CertificateFactory.getInstance("X509");
        }
        if (this.trustcacerts) {
            this.caks = getCacertsKeyStore();
        }
        int i8 = this.command;
        if (i8 == 1) {
            if (this.filename != null) {
                printStream2 = new PrintStream(new FileOutputStream(this.filename));
            }
            doCertReq(this.alias, this.sigAlgName, printStream2);
            if (this.verbose && this.filename != null) {
                ResourceBundle resourceBundle2 = rb;
                System.err.println(new MessageFormat(resourceBundle2.getString("Certification request stored in file <filename>")).format(new Object[]{this.filename}));
                System.err.println(resourceBundle2.getString("Submit this to your CA"));
            }
        } else if (i8 == 3) {
            doDeleteEntry(this.alias);
            this.kssave = true;
        } else if (i8 == 4) {
            if (this.filename != null) {
                printStream2 = new PrintStream(new FileOutputStream(this.filename));
            }
            doExportCert(this.alias, printStream2);
            if (this.filename != null) {
                System.err.println(new MessageFormat(rb.getString("Certificate stored in file <filename>")).format(new Object[]{this.filename}));
            }
        } else if (i8 == 5) {
            if (this.keyAlgName == null) {
                this.keyAlgName = SecurityConstants.DSA;
            }
            doGenKeyPair(this.alias, this.dname, this.keyAlgName, this.keysize, this.sigAlgName);
            this.kssave = true;
        } else if (i8 == 6) {
            if (this.keyAlgName == null) {
                this.keyAlgName = "DES";
            }
            doGenSecretKey(this.alias, this.keyAlgName, this.keysize);
            this.kssave = true;
        } else if (i8 == 7) {
            InputStream inputStream2 = System.in;
            if (this.filename != null) {
                inputStream2 = new FileInputStream(this.filename);
            }
            doImportIdentityDatabase(inputStream2);
        } else if (i8 == 8) {
            InputStream inputStream3 = System.in;
            if (this.filename != null) {
                inputStream3 = new FileInputStream(this.filename);
            }
            String str4 = this.alias;
            String str5 = str4 != null ? str4 : "mykey";
            if (this.keyStore.entryInstanceOf(str5, KeyStore.PrivateKeyEntry.class)) {
                boolean installReply = installReply(str5, inputStream3);
                this.kssave = installReply;
                if (installReply) {
                    System.err.println(rb.getString("Certificate reply was installed in keystore"));
                } else {
                    System.err.println(rb.getString("Certificate reply was not installed in keystore"));
                }
            } else if (!this.keyStore.containsAlias(str5) || this.keyStore.entryInstanceOf(str5, KeyStore.TrustedCertificateEntry.class)) {
                boolean addTrustedCert = addTrustedCert(str5, inputStream3);
                this.kssave = addTrustedCert;
                if (addTrustedCert) {
                    System.err.println(rb.getString("Certificate was added to keystore"));
                } else {
                    System.err.println(rb.getString("Certificate was not added to keystore"));
                }
            }
        } else if (i8 == 9) {
            doImportKeyStore();
            this.kssave = true;
        } else if (i8 == 10) {
            this.keyPassNew = this.newPass;
            if (this.alias == null) {
                this.alias = "mykey";
            }
            if (!this.keyStore.containsAlias(this.alias)) {
                throw new Exception(new MessageFormat(rb.getString("Alias <alias> does not exist")).format(new Object[]{this.alias}));
            }
            if (!this.keyStore.entryInstanceOf(this.alias, KeyStore.PrivateKeyEntry.class)) {
                throw new Exception(new MessageFormat(rb.getString("Alias <alias> references an entry type that is not a private key entry.  The -keyclone command only supports cloning of private key entries")).format(new Object[]{this.alias}));
            }
            doCloneEntry(this.alias, this.dest, true);
            this.kssave = true;
        } else if (i8 == 2) {
            if (this.alias == null) {
                this.alias = "mykey";
            }
            doCloneEntry(this.alias, this.dest, false);
            if (this.keyStore.containsAlias(this.alias)) {
                doDeleteEntry(this.alias);
            }
            this.kssave = true;
        } else if (i8 == 11) {
            this.keyPassNew = this.newPass;
            doChangeKeyPasswd(this.alias);
            this.kssave = true;
        } else if (i8 == 12) {
            String str6 = this.alias;
            if (str6 != null) {
                doPrintEntry(str6, printStream2, true);
            } else {
                doPrintEntries(printStream);
            }
        } else if (i8 == 13) {
            InputStream inputStream4 = System.in;
            if (this.filename != null) {
                inputStream4 = new FileInputStream(this.filename);
            }
            doPrintCert(inputStream4, printStream2);
        } else if (i8 == 14) {
            doSelfCert(this.alias, this.dname, this.sigAlgName);
            this.kssave = true;
        } else if (i8 == 15) {
            char[] cArr11 = this.newPass;
            this.storePassNew = cArr11;
            if (cArr11 == null) {
                this.storePassNew = getNewPasswd("keystore password", this.storePass);
            }
            this.kssave = true;
        }
        if (this.kssave) {
            if (this.verbose) {
                MessageFormat messageFormat2 = new MessageFormat(rb.getString("[Storing ksfname]"));
                Object[] objArr = new Object[1];
                objArr[0] = this.nullStream ? "keystore" : this.ksfname;
                System.err.println(messageFormat2.format(objArr));
            }
            if (this.token) {
                this.keyStore.store(null, null);
                return;
            }
            FileOutputStream fileOutputStream = this.nullStream ? (FileOutputStream) null : new FileOutputStream(this.ksfname);
            KeyStore keyStore = this.keyStore;
            char[] cArr12 = this.storePassNew;
            if (cArr12 == null) {
                cArr12 = this.storePass;
            }
            keyStore.store(fileOutputStream, cArr12);
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
        }
    }

    KeyStore loadSourceKeyStore() throws Exception {
        FileInputStream fileInputStream;
        char[] cArr;
        char[] cArr2;
        if (P11KEYSTORE.equalsIgnoreCase(this.srcstoretype) || KeyStoreUtil.isWindowsKeyStore(this.srcstoretype)) {
            if (!NONE.equals(this.srcksfname)) {
                System.err.println(MessageFormat.format(rb.getString("-keystore must be NONE if -storetype is {0}"), this.srcstoretype));
                System.err.println();
                tinyHelp();
            }
            fileInputStream = null;
        } else {
            if (this.srcksfname == null) {
                throw new Exception(rb.getString("Please specify -srckeystore"));
            }
            File file = new File(this.srcksfname);
            if (file.exists() && file.length() == 0) {
                throw new Exception(rb.getString("Source keystore file exists, but is empty: ") + this.srcksfname);
            }
            fileInputStream = new FileInputStream(file);
        }
        String str = this.srcProviderName;
        KeyStore keyStore = str == null ? KeyStore.getInstance(this.srcstoretype) : KeyStore.getInstance(this.srcstoretype, str);
        if (this.srcstorePass == null && !this.srcprotectedPath && !KeyStoreUtil.isWindowsKeyStore(this.srcstoretype)) {
            System.err.print(rb.getString("Enter source keystore password:  "));
            System.err.flush();
            char[] readPassword = Password.readPassword(System.in);
            this.srcstorePass = readPassword;
            this.passwords.add(readPassword);
        }
        if (P12KEYSTORE.equalsIgnoreCase(this.srcstoretype) && (cArr = this.srckeyPass) != null && (cArr2 = this.srcstorePass) != null && !Arrays.equals(cArr2, cArr)) {
            System.err.println(new MessageFormat(rb.getString("Warning:  Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified <command> value.")).format(new Object[]{"-srckeypass"}));
            this.srckeyPass = this.srcstorePass;
        }
        keyStore.load(fileInputStream, this.srcstorePass);
        if (this.srcstorePass == null && !KeyStoreUtil.isWindowsKeyStore(this.srcstoretype)) {
            System.err.println();
            PrintStream printStream = System.err;
            ResourceBundle resourceBundle = rb;
            printStream.println(resourceBundle.getString("*****************  WARNING WARNING WARNING  *****************"));
            System.err.println(resourceBundle.getString("* The integrity of the information stored in the srckeystore*"));
            System.err.println(resourceBundle.getString("* has NOT been verified!  In order to verify its integrity, *"));
            System.err.println(resourceBundle.getString("* you must provide the srckeystore password.                *"));
            System.err.println(resourceBundle.getString("*****************  WARNING WARNING WARNING  *****************"));
            System.err.println();
        }
        return keyStore;
    }

    void parseArgs(String[] strArr) {
        if (strArr.length == 0) {
            usage();
        }
        int i = 0;
        while (i < strArr.length && strArr[i].startsWith("-")) {
            String str = strArr[i];
            Collator collator2 = collator;
            if (collator2.compare(str, "-certreq") == 0) {
                this.command = 1;
            } else if (collator2.compare(str, "-delete") == 0) {
                this.command = 3;
            } else if (collator2.compare(str, "-export") == 0 || collator2.compare(str, "-exportcert") == 0) {
                this.command = 4;
            } else if (collator2.compare(str, "-genkey") == 0 || collator2.compare(str, "-genkeypair") == 0) {
                this.command = 5;
            } else {
                if (collator2.compare(str, "-help") == 0) {
                    usage();
                    return;
                }
                if (collator2.compare(str, "-identitydb") == 0) {
                    this.command = 7;
                } else if (collator2.compare(str, "-import") == 0 || collator2.compare(str, "-importcert") == 0) {
                    this.command = 8;
                } else if (collator2.compare(str, "-keyclone") == 0) {
                    this.command = 10;
                } else if (collator2.compare(str, "-changealias") == 0) {
                    this.command = 2;
                } else if (collator2.compare(str, "-keypasswd") == 0) {
                    this.command = 11;
                } else if (collator2.compare(str, "-list") == 0) {
                    this.command = 12;
                } else if (collator2.compare(str, "-printcert") == 0) {
                    this.command = 13;
                } else if (collator2.compare(str, "-selfcert") == 0) {
                    this.command = 14;
                } else if (collator2.compare(str, "-storepasswd") == 0) {
                    this.command = 15;
                } else if (collator2.compare(str, "-importkeystore") == 0) {
                    this.command = 9;
                } else if (collator2.compare(str, "-genseckey") == 0) {
                    this.command = 6;
                } else if (collator2.compare(str, "-keystore") == 0 || collator2.compare(str, "-destkeystore") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.ksfname = strArr[i];
                } else if (collator2.compare(str, "-storepass") == 0 || collator2.compare(str, "-deststorepass") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    char[] charArray = strArr[i].toCharArray();
                    this.storePass = charArray;
                    this.passwords.add(charArray);
                } else if (collator2.compare(str, "-storetype") == 0 || collator2.compare(str, "-deststoretype") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.storetype = strArr[i];
                } else if (collator2.compare(str, "-srcstorepass") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    char[] charArray2 = strArr[i].toCharArray();
                    this.srcstorePass = charArray2;
                    this.passwords.add(charArray2);
                } else if (collator2.compare(str, "-srcstoretype") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.srcstoretype = strArr[i];
                } else if (collator2.compare(str, "-srckeypass") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    char[] charArray3 = strArr[i].toCharArray();
                    this.srckeyPass = charArray3;
                    this.passwords.add(charArray3);
                } else if (collator2.compare(str, "-srcprovidername") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.srcProviderName = strArr[i];
                } else if (collator2.compare(str, "-providername") == 0 || collator2.compare(str, "-destprovidername") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.providerName = strArr[i];
                } else if (collator2.compare(str, "-providerpath") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.pathlist = strArr[i];
                } else if (collator2.compare(str, "-keypass") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    char[] charArray4 = strArr[i].toCharArray();
                    this.keyPass = charArray4;
                    this.passwords.add(charArray4);
                } else if (collator2.compare(str, "-new") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    char[] charArray5 = strArr[i].toCharArray();
                    this.newPass = charArray5;
                    this.passwords.add(charArray5);
                } else if (collator2.compare(str, "-destkeypass") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    char[] charArray6 = strArr[i].toCharArray();
                    this.destKeyPass = charArray6;
                    this.passwords.add(charArray6);
                } else if (collator2.compare(str, "-alias") == 0 || collator2.compare(str, "-srcalias") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.alias = strArr[i];
                } else if (collator2.compare(str, "-dest") == 0 || collator2.compare(str, "-destalias") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.dest = strArr[i];
                } else if (collator2.compare(str, "-dname") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.dname = strArr[i];
                } else if (collator2.compare(str, "-keysize") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.keysize = Integer.parseInt(strArr[i]);
                } else if (collator2.compare(str, "-keyalg") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.keyAlgName = strArr[i];
                } else if (collator2.compare(str, "-sigalg") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.sigAlgName = strArr[i];
                } else if (collator2.compare(str, "-startdate") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.startDate = strArr[i];
                } else if (collator2.compare(str, "-validity") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.validity = Long.parseLong(strArr[i]);
                } else if (collator2.compare(str, "-file") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.filename = strArr[i];
                } else if (collator2.compare(str, "-srckeystore") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    this.srcksfname = strArr[i];
                } else if (collator2.compare(str, "-provider") == 0 || collator2.compare(str, "-providerclass") == 0) {
                    i++;
                    if (i == strArr.length) {
                        errorNeedArgument(str);
                    }
                    if (this.providers == null) {
                        this.providers = new HashSet(3);
                    }
                    String str2 = strArr[i];
                    String str3 = null;
                    int i2 = i + 1;
                    if (strArr.length > i2) {
                        String str4 = strArr[i2];
                        if (collator2.compare(str4, "-providerarg") == 0) {
                            i += 2;
                            if (strArr.length == i) {
                                errorNeedArgument(str4);
                            }
                            str3 = strArr[i];
                        }
                    }
                    this.providers.add(new Pair<>(str2, str3));
                } else if (collator2.compare(str, "-v") == 0) {
                    this.verbose = true;
                } else if (collator2.compare(str, "-debug") == 0) {
                    this.debug = true;
                } else if (collator2.compare(str, "-rfc") == 0) {
                    this.rfc = true;
                } else if (collator2.compare(str, "-noprompt") == 0) {
                    this.noprompt = true;
                } else if (collator2.compare(str, "-trustcacerts") == 0) {
                    this.trustcacerts = true;
                } else if (collator2.compare(str, "-protected") == 0 || collator2.compare(str, "-destprotected") == 0) {
                    this.protectedPath = true;
                } else if (collator2.compare(str, "-srcprotected") == 0) {
                    this.srcprotectedPath = true;
                } else {
                    System.err.println(rb.getString("Illegal option:  ") + str);
                    tinyHelp();
                }
            }
            i++;
        }
        if (i < strArr.length) {
            throw new RuntimeException(new MessageFormat(rb.getString("Usage error, <arg> is not a legal command")).format(new Object[]{strArr[i]}));
        }
        if (this.command == -1) {
            System.err.println(rb.getString("Usage error: no command provided"));
            tinyHelp();
        }
    }

    public void run(String[] strArr, PrintStream printStream) throws Exception {
        try {
            try {
                parseArgs(strArr);
                doCommands(printStream);
                for (char[] cArr : this.passwords) {
                    if (cArr != null) {
                        Arrays.fill(cArr, ' ');
                    }
                }
            } catch (Exception e) {
                System.out.println(rb.getString("keytool error: ") + ((Object) e));
                if (this.verbose) {
                    e.printStackTrace(System.out);
                }
                if (this.debug) {
                    throw e;
                }
                System.exit(1);
                for (char[] cArr2 : this.passwords) {
                    if (cArr2 != null) {
                        Arrays.fill(cArr2, ' ');
                    }
                }
            }
        } catch (Throwable th) {
            for (char[] cArr3 : this.passwords) {
                if (cArr3 != null) {
                    Arrays.fill(cArr3, ' ');
                }
            }
            throw th;
        }
    }
}
