package org.cesecore.keys.util;

import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import javax.crypto.KeyGenerator;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.bouncycastle.jce.ECKeyUtil;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.operator.BufferingContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCSException;
import org.cesecore.certificates.util.AlgorithmConstants;
import org.cesecore.certificates.util.AlgorithmTools;
import org.cesecore.config.CesecoreConfiguration;
import org.cesecore.internal.InternalResources;
import org.cesecore.keys.KeyCreationException;
import org.cesecore.keys.token.CachingKeyStoreWrapper;
import org.cesecore.keys.token.p11.PKCS11Utils;
import org.cesecore.util.CertTools;
import org.cesecore.util.SimpleTime;

/* loaded from: input_file:org/cesecore/keys/util/KeyStoreTools.class */
public class KeyStoreTools {
    private static final Logger log = Logger.getLogger(KeyStoreTools.class);
    private static final InternalResources intres = InternalResources.getInstance();
    protected final CachingKeyStoreWrapper keyStore;
    private final String providerName;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/cesecore/keys/util/KeyStoreTools$CertificateSignOperation.class */
    public class CertificateSignOperation implements ISignOperation {
        private final PrivateKey privateKey;
        private final X509v3CertificateBuilder certificateBuilder;
        private X509CertificateHolder result;

        public CertificateSignOperation(PrivateKey privateKey, X509v3CertificateBuilder x509v3CertificateBuilder) {
            this.privateKey = privateKey;
            this.certificateBuilder = x509v3CertificateBuilder;
        }

        @Override // org.cesecore.keys.util.ISignOperation
        public void taskWithSigning(String str, Provider provider) throws TaskWithSigningException {
            KeyStoreTools.log.debug("Keystore signing algorithm " + str);
            try {
                this.result = this.certificateBuilder.build(new BufferingContentSigner(new JcaContentSignerBuilder(str).setProvider(provider.getName()).build(this.privateKey), 20480));
            } catch (OperatorCreationException e) {
                throw new TaskWithSigningException(String.format("Signing certificate failed: %s", e.getMessage()), e);
            }
        }

        public X509CertificateHolder getResult() {
            return this.result;
        }
    }

    /* loaded from: input_file:org/cesecore/keys/util/KeyStoreTools$SignCsrOperation.class */
    private class SignCsrOperation implements ISignOperation {
        private final String alias;
        private final String sDN;
        private final boolean explicitEccParameters;
        private final PublicKey publicKeyTmp;
        private PKCS10CertificationRequest certReq = null;

        public SignCsrOperation(String str, String str2, boolean z, PublicKey publicKey) {
            this.alias = str;
            this.sDN = str2;
            this.explicitEccParameters = z;
            this.publicKeyTmp = publicKey;
        }

        private void signCSR(String str, Provider provider) throws NoSuchAlgorithmException, NoSuchProviderException, UnrecoverableKeyException, KeyStoreException, OperatorCreationException, TaskWithSigningException {
            PublicKey publicKey;
            if (KeyStoreTools.log.isDebugEnabled()) {
                KeyStoreTools.log.debug(String.format("alias: %s SHA1 of public key: %s", this.alias, CertTools.getFingerprintAsString(this.publicKeyTmp.getEncoded())));
            }
            if (str.contains(AlgorithmConstants.KEYALGORITHM_ECDSA) && this.explicitEccParameters) {
                KeyStoreTools.log.info("Using explicit parameter encoding for ECC key.");
                publicKey = ECKeyUtil.publicToExplicitParameters(this.publicKeyTmp, "BC");
            } else {
                KeyStoreTools.log.info("Using named curve parameter encoding for ECC key.");
                publicKey = this.publicKeyTmp;
            }
            this.certReq = CertTools.genPKCS10CertificationRequest(str, this.sDN != null ? new X500Name(this.sDN) : new X500Name("CN=" + this.alias), publicKey, new DERSet(), KeyStoreTools.this.getPrivateKey(this.alias), provider.getName());
            if (this.certReq == null) {
                throw new TaskWithSigningException("Not possible to sign CSR.");
            }
        }

        @Override // org.cesecore.keys.util.ISignOperation
        public void taskWithSigning(String str, Provider provider) throws TaskWithSigningException {
            try {
                signCSR(str, provider);
            } catch (TaskWithSigningException e) {
                throw e;
            } catch (OperatorCreationException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException e2) {
                throw new TaskWithSigningException(String.format("Not possible to sign CSR: %s", e2.getMessage()), e2);
            }
        }

        public PKCS10CertificationRequest getResult() {
            return this.certReq;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/cesecore/keys/util/KeyStoreTools$SizeAlgorithmParameterSpec.class */
    public class SizeAlgorithmParameterSpec implements AlgorithmParameterSpec {
        final int keySize;

        public SizeAlgorithmParameterSpec(int i) {
            this.keySize = i;
        }
    }

    public KeyStoreTools(CachingKeyStoreWrapper cachingKeyStoreWrapper, String str) {
        this.keyStore = cachingKeyStoreWrapper;
        this.providerName = str;
    }

    public String getProviderName() {
        return this.providerName;
    }

    public CachingKeyStoreWrapper getKeyStore() {
        return this.keyStore;
    }

    public void setKeyEntry(String str, Key key, Certificate[] certificateArr) throws KeyStoreException {
        getKeyStore().deleteEntry(str);
        getKeyStore().setKeyEntry(str, key, null, certificateArr);
    }

    private void deleteAlias(String str) throws KeyStoreException {
        getKeyStore().deleteEntry(str);
    }

    public void deleteEntry(String str) throws KeyStoreException {
        if (str != null) {
            deleteAlias(str);
            return;
        }
        Enumeration<String> aliases = getKeyStore().aliases();
        while (aliases.hasMoreElements()) {
            deleteAlias(aliases.nextElement());
        }
    }

    public void renameEntry(String str, String str2) {
        try {
            getKeyStore().setEntry(str2, getKeyStore().getEntry(str, null), null);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            throw new KeyUtilRuntimeException("Renaming entry failed.", e);
        }
    }

    private X509Certificate getSelfCertificate(String str, long j, List<String> list, KeyPair keyPair) throws InvalidKeyException, CertificateException {
        long time = new Date().getTime();
        Date date = new Date(time - SimpleTime.MILLISECONDS_PER_DAY);
        Date date2 = new Date(time + (j * 1000));
        X500Name x500Name = new X500Name(str);
        BigInteger valueOf = BigInteger.valueOf(date.getTime());
        PublicKey publicKey = keyPair.getPublic();
        if (publicKey == null) {
            throw new InvalidKeyException("Public key is null");
        }
        try {
            CertificateSignOperation certificateSignOperation = new CertificateSignOperation(keyPair.getPrivate(), new JcaX509v3CertificateBuilder(x500Name, valueOf, date, date2, x500Name, publicKey));
            SignWithWorkingAlgorithm.doSignTask(list, this.providerName, certificateSignOperation);
            X509CertificateHolder result = certificateSignOperation.getResult();
            if (result == null) {
                throw new CertificateException("Self signing of certificate failed.");
            }
            return (X509Certificate) CertTools.getCertfromByteArray(result.getEncoded(), X509Certificate.class);
        } catch (IOException e) {
            throw new CertificateException("Could not read certificate", e);
        } catch (NoSuchProviderException e2) {
            throw new CertificateException(String.format("Provider '%s' does not exist.", this.providerName), e2);
        } catch (TaskWithSigningException e3) {
            log.error("Error creating content signer: ", e3);
            throw new CertificateException(e3);
        }
    }

    private void generateEC(String str, String str2) throws InvalidAlgorithmParameterException {
        ECGenParameterSpec eCParameterSpec;
        if (log.isTraceEnabled()) {
            log.trace(">generate EC: curve name " + str + ", keyEntryName " + str2);
        }
        if (StringUtils.contains(Security.getProvider(this.providerName).getClass().getName(), "iaik")) {
            throw new InvalidAlgorithmParameterException("IAIK ECC key generation not implemented.");
        }
        if (StringUtils.equals(str, "implicitlyCA")) {
            if (log.isDebugEnabled()) {
                log.debug("Generating implicitlyCA encoded ECDSA key pair");
            }
            eCParameterSpec = null;
        } else if (ECUtil.getNamedCurveOid(str) != null) {
            String ecKeySpecOidFromBcName = AlgorithmTools.getEcKeySpecOidFromBcName(str);
            if (log.isDebugEnabled()) {
                log.debug("keySpecification '" + str + "' transformed into OID " + ecKeySpecOidFromBcName);
            }
            eCParameterSpec = new ECGenParameterSpec(ecKeySpecOidFromBcName);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Curve did not have an OID in BC, trying to pick up Parameter spec: " + str);
            }
            X9ECParameters byName = CustomNamedCurves.getByName(str);
            if (byName == null) {
                throw new InvalidAlgorithmParameterException("Can not generate EC curve, no OID and no ECParameters found: " + str);
            }
            eCParameterSpec = new ECParameterSpec(byName.getCurve(), byName.getG(), byName.getN(), byName.getH(), byName.getSeed());
        }
        try {
            generateKeyPair(eCParameterSpec, str2, AlgorithmConstants.KEYALGORITHM_EC, AlgorithmTools.SIG_ALGS_ECDSA);
            if (log.isTraceEnabled()) {
                log.trace("<generate: curve name " + str + ", keyEntryName " + str2);
            }
        } catch (InvalidAlgorithmParameterException e) {
            log.debug("EC name " + str + " not supported.");
            throw e;
        }
    }

    private void generateExtraEC(String str, String str2, String str3, List<String> list) throws InvalidAlgorithmParameterException {
        if (log.isTraceEnabled()) {
            log.trace(">generate " + str3 + ": curve name " + str + ", keyEntryName " + str2);
        }
        try {
            generateKeyPair(new ECGenParameterSpec(str), str2, str3, list);
            if (log.isTraceEnabled()) {
                log.trace("<generate: curve name " + str + ", keyEntryName " + str2);
            }
        } catch (InvalidAlgorithmParameterException e) {
            log.debug("EC " + str3 + " name " + str + " not supported.");
            throw e;
        }
    }

    private void generateGOST3410(String str, String str2) throws InvalidAlgorithmParameterException {
        generateExtraEC(str, str2, AlgorithmConstants.KEYALGORITHM_ECGOST3410, AlgorithmTools.SIG_ALGS_ECGOST3410);
    }

    private void generateDSTU4145(String str, String str2) throws InvalidAlgorithmParameterException {
        generateExtraEC(str, str2, AlgorithmConstants.KEYALGORITHM_DSTU4145, AlgorithmTools.SIG_ALGS_DSTU4145);
    }

    private void generateRSA(int i, String str) throws InvalidAlgorithmParameterException {
        if (log.isTraceEnabled()) {
            log.trace(">generate: keySize " + i + ", keyEntryName " + str);
        }
        generateKeyPair(new SizeAlgorithmParameterSpec(i), str, AlgorithmConstants.KEYALGORITHM_RSA, AlgorithmTools.SIG_ALGS_RSA);
        if (log.isTraceEnabled()) {
            log.trace("<generate: keySize " + i + ", keyEntryName " + str);
        }
    }

    private void generateDSA(int i, String str) throws InvalidAlgorithmParameterException {
        if (log.isTraceEnabled()) {
            log.trace(">generate: keySize " + i + ", keyEntryName " + str);
        }
        try {
            KeyPairGenerator.getInstance(AlgorithmConstants.KEYALGORITHM_DSA, this.providerName).initialize(i);
            generateKeyPair(new SizeAlgorithmParameterSpec(i), str, AlgorithmConstants.KEYALGORITHM_DSA, AlgorithmTools.SIG_ALGS_DSA);
            if (log.isTraceEnabled()) {
                log.trace("<generate: keySize " + i + ", keyEntryName " + str);
            }
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Algorithm DSA was not recognized.", e);
        } catch (NoSuchProviderException e2) {
            throw new IllegalStateException("BouncyCastle was not found as a provider.", e2);
        }
    }

    public void generateKeyPair(String str, String str2) throws InvalidAlgorithmParameterException {
        if (str.toUpperCase().startsWith(AlgorithmConstants.KEYALGORITHM_DSA)) {
            generateDSA(Integer.parseInt(str.substring(3).trim()), str2);
            return;
        }
        if (AlgorithmTools.isGost3410Enabled() && str.startsWith(AlgorithmConstants.KEYSPECPREFIX_ECGOST3410)) {
            generateGOST3410(str, str2);
            return;
        }
        if (AlgorithmTools.isDstu4145Enabled() && str.startsWith(CesecoreConfiguration.getOidDstu4145() + ".")) {
            generateDSTU4145(str, str2);
            return;
        }
        try {
            generateRSA(Integer.parseInt(str.trim()), str2);
        } catch (NumberFormatException e) {
            generateEC(str, str2);
        }
    }

    public void generateKey(String str, int i, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, KeyStoreException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(str, this.providerName);
        keyGenerator.init(i);
        setKeyEntry(str2, keyGenerator.generateKey(), null);
    }

    public void generateKeyPair(AlgorithmParameterSpec algorithmParameterSpec, String str) throws InvalidAlgorithmParameterException {
        String str2;
        List<String> list;
        if (log.isTraceEnabled()) {
            log.trace(">generate from AlgorithmParameterSpec: " + algorithmParameterSpec.getClass().getName());
        }
        String name = algorithmParameterSpec.getClass().getName();
        if (name.contains(AlgorithmConstants.KEYALGORITHM_DSA)) {
            str2 = AlgorithmConstants.KEYALGORITHM_DSA;
            list = AlgorithmTools.SIG_ALGS_DSA;
        } else if (name.contains(AlgorithmConstants.KEYALGORITHM_RSA)) {
            str2 = AlgorithmConstants.KEYALGORITHM_RSA;
            list = AlgorithmTools.SIG_ALGS_RSA;
        } else {
            str2 = AlgorithmConstants.KEYALGORITHM_EC;
            list = AlgorithmTools.SIG_ALGS_ECDSA;
        }
        generateKeyPair(algorithmParameterSpec, str, str2, list);
    }

    private void generateKeyPair(AlgorithmParameterSpec algorithmParameterSpec, String str, String str2, List<String> list) throws InvalidAlgorithmParameterException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str2, this.providerName);
            try {
                if (algorithmParameterSpec instanceof SizeAlgorithmParameterSpec) {
                    keyPairGenerator.initialize(((SizeAlgorithmParameterSpec) algorithmParameterSpec).keySize);
                } else {
                    keyPairGenerator.initialize(algorithmParameterSpec);
                }
                for (int i = 0; i < 3; i++) {
                    try {
                        log.debug("generating...");
                        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                        X509Certificate[] x509CertificateArr = {getSelfCertificate("CN=Dummy certificate created by a CESeCore application", 946080000L, list, generateKeyPair)};
                        log.debug("Creating certificate with entry " + str + '.');
                        setKeyEntry(str, generateKeyPair.getPrivate(), x509CertificateArr);
                        if (CesecoreConfiguration.makeKeyUnmodifiableAfterGeneration()) {
                            PKCS11Utils.getInstance().makeKeyUnmodifiable(generateKeyPair.getPrivate(), this.providerName);
                        }
                        break;
                    } catch (InvalidKeyException e) {
                        throw new KeyCreationException("Dummy certificate chain was created with an invalid key", e);
                    } catch (KeyStoreException e2) {
                        if (i >= 3) {
                            throw new KeyCreationException("Signing failed.", e2);
                        }
                        log.info("Failed to generate or store new key, will try 3 times. This was try: " + i, e2);
                    } catch (CertificateException e3) {
                        throw new KeyCreationException("Can't create keystore because dummy certificate chain creation failed.", e3);
                    }
                }
                if (log.isTraceEnabled()) {
                    log.trace("<generate from AlgorithmParameterSpec: " + (algorithmParameterSpec != null ? algorithmParameterSpec.getClass().getName() : "null"));
                }
            } catch (InvalidAlgorithmParameterException e4) {
                log.debug("Algorithm parameters not supported: " + e4.getMessage());
                throw e4;
            }
        } catch (NoSuchAlgorithmException e5) {
            throw new IllegalStateException("Algorithm " + str2 + " was not recognized.", e5);
        } catch (NoSuchProviderException e6) {
            throw new IllegalStateException(this.providerName + " was not found as a provider.", e6);
        }
    }

    public void generateCertReq(String str, String str2, boolean z) {
        try {
            PublicKey publicKey = getCertificate(str).getPublicKey();
            if (log.isDebugEnabled()) {
                log.debug("alias: " + str + " SHA1 of public key: " + CertTools.getFingerprintAsString(publicKey.getEncoded()));
            }
            List<String> signatureAlgorithms = AlgorithmTools.getSignatureAlgorithms(publicKey);
            SignCsrOperation signCsrOperation = new SignCsrOperation(str, str2, z, publicKey);
            SignWithWorkingAlgorithm.doSignTask(signatureAlgorithms, this.providerName, signCsrOperation);
            PKCS10CertificationRequest result = signCsrOperation.getResult();
            if (!result.isSignatureValid(CertTools.genContentVerifierProvider(publicKey))) {
                throw new KeyUtilRuntimeException(intres.getLocalizedMessage("token.errorcertreqverify", str));
            }
            String str3 = str + ".pem";
            FileOutputStream fileOutputStream = new FileOutputStream(str3);
            Throwable th = null;
            try {
                try {
                    fileOutputStream.write(CertTools.getPEMFromCertificateRequest(result.getEncoded()));
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                    log.info("Wrote csr to file: " + str3);
                } finally {
                }
            } finally {
            }
        } catch (KeyStoreException | NoSuchProviderException | TaskWithSigningException | OperatorCreationException | PKCSException | IOException e) {
            throw new KeyUtilRuntimeException("Failed to generate a certificate request.", e);
        }
    }

    public void installCertificate(String str) {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                try {
                    X509Certificate[] x509CertificateArr = (X509Certificate[]) CertTools.getCertsFromPEM(fileInputStream, X509Certificate.class).toArray(new X509Certificate[0]);
                    PublicKey publicKey = x509CertificateArr[0].getPublicKey();
                    String fingerprintAsString = CertTools.getFingerprintAsString(publicKey.getEncoded());
                    Enumeration<String> aliases = getKeyStore().aliases();
                    boolean z = true;
                    while (aliases.hasMoreElements() && z) {
                        String nextElement = aliases.nextElement();
                        PublicKey publicKey2 = getCertificate(nextElement).getPublicKey();
                        if (log.isDebugEnabled()) {
                            log.debug("alias: " + nextElement + " SHA1 of public hsm key: " + CertTools.getFingerprintAsString(publicKey2.getEncoded()) + " SHA1 of first public key in chain: " + fingerprintAsString + (x509CertificateArr.length == 1 ? "" : "SHA1 of last public key in chain: " + CertTools.getFingerprintAsString(x509CertificateArr[x509CertificateArr.length - 1].getPublicKey().getEncoded())));
                        }
                        if (publicKey2.equals(publicKey)) {
                            log.info("Found a matching public key for alias \"" + nextElement + "\".");
                            getKeyStore().setKeyEntry(nextElement, getPrivateKey(nextElement), null, x509CertificateArr);
                            z = false;
                        }
                    }
                    if (z) {
                        throw new KeyUtilRuntimeException(intres.getLocalizedMessage("token.errorkeynottoken", fingerprintAsString));
                    }
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateParsingException e) {
            throw new KeyUtilRuntimeException("Failed to install cert chain into keystore.", e);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r8v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x006f: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:25:0x006f */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x0073: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:27:0x0073 */
    /* JADX WARN: Type inference failed for: r8v1, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.Throwable] */
    public void installTrustedRoot(String str) {
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                Throwable th = null;
                List certsFromPEM = CertTools.getCertsFromPEM(fileInputStream, Certificate.class);
                if (certsFromPEM.size() < 1) {
                    throw new KeyUtilRuntimeException("No certificate in file");
                }
                getKeyStore().setCertificateEntry("trusted", (Certificate) certsFromPEM.get(certsFromPEM.size() - 1));
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | CertificateParsingException e) {
            throw new KeyUtilRuntimeException("Failing to install trusted certificate.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PrivateKey getPrivateKey(String str) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        PrivateKey privateKey = (PrivateKey) getKey(str);
        if (privateKey == null) {
            log.info(intres.getLocalizedMessage("token.errornokeyalias", str));
        }
        return privateKey;
    }

    private Key getKey(String str) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        return getKeyStore().getKey(str, null);
    }

    private X509Certificate getCertificate(String str) throws KeyStoreException {
        X509Certificate x509Certificate = (X509Certificate) this.keyStore.getCertificate(str);
        if (x509Certificate == null) {
            log.info(intres.getLocalizedMessage("token.errornocertalias", str));
        }
        return x509Certificate;
    }

    public static byte[] getAsByteArray(KeyStore keyStore, String str) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Throwable th = null;
            try {
                try {
                    keyStore.store(byteArrayOutputStream, str.toCharArray());
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    if (byteArrayOutputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            byteArrayOutputStream.close();
                        }
                    }
                    return byteArray;
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            log.error(e);
            return null;
        }
    }
}
