package cmbc.cfca.internal.tool;

import cfca.ch.qos.logback.core.net.SyslogConstants;
import cmbc.cfca.org.bouncycastle.asn1.ASN1Encodable;
import cmbc.cfca.org.bouncycastle.asn1.ASN1EncodableVector;
import cmbc.cfca.org.bouncycastle.asn1.ASN1InputStream;
import cmbc.cfca.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cmbc.cfca.org.bouncycastle.asn1.ASN1OctetString;
import cmbc.cfca.org.bouncycastle.asn1.ASN1Sequence;
import cmbc.cfca.org.bouncycastle.asn1.DERInteger;
import cmbc.cfca.org.bouncycastle.asn1.DEROctetString;
import cmbc.cfca.org.bouncycastle.asn1.DEROutputStream;
import cmbc.cfca.org.bouncycastle.asn1.DERSequence;
import cmbc.cfca.org.bouncycastle.asn1.DERSet;
import cmbc.cfca.org.bouncycastle.asn1.pkcs.Attribute;
import cmbc.cfca.org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
import cmbc.cfca.org.bouncycastle.asn1.pkcs.CertBag;
import cmbc.cfca.org.bouncycastle.asn1.pkcs.ContentInfo;
import cmbc.cfca.org.bouncycastle.asn1.pkcs.EncryptedData;
import cmbc.cfca.org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import cmbc.cfca.org.bouncycastle.asn1.pkcs.MacData;
import cmbc.cfca.org.bouncycastle.asn1.pkcs.PBEParameter;
import cmbc.cfca.org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
import cmbc.cfca.org.bouncycastle.asn1.pkcs.Pfx;
import cmbc.cfca.org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import cmbc.cfca.org.bouncycastle.asn1.pkcs.SafeBag;
import cmbc.cfca.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cmbc.cfca.org.bouncycastle.asn1.x509.Certificate;
import cmbc.cfca.org.bouncycastle.asn1.x509.DigestInfo;
import cmbc.cfca.org.bouncycastle.crypto.CipherParameters;
import cmbc.cfca.org.bouncycastle.crypto.ExtendedDigest;
import cmbc.cfca.org.bouncycastle.crypto.digests.MD2Digest;
import cmbc.cfca.org.bouncycastle.crypto.digests.MD5Digest;
import cmbc.cfca.org.bouncycastle.crypto.digests.SHA1Digest;
import cmbc.cfca.org.bouncycastle.crypto.engines.RC2Engine;
import cmbc.cfca.org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
import cmbc.cfca.org.bouncycastle.crypto.macs.HMac;
import cmbc.cfca.org.bouncycastle.crypto.modes.CBCBlockCipher;
import cmbc.cfca.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import cmbc.cfca.org.bouncycastle.crypto.params.KeyParameter;
import cmbc.cfca.org.bouncycastle.crypto.params.ParametersWithIV;
import cmbc.cfca.org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey;
import cmbc.cfca.org.bouncycastle.util.Arrays;
import cmbc.cfca.rsa.envelope.RSASymmetricCryptoUtil;
import cmbc.cfca.rsa.signature.SafeContents;
import cmbc.cfca.sm2rsa.common.CBCParam;
import cmbc.cfca.sm2rsa.common.PKCSObjectIdentifiers;
import cmbc.cfca.sm2rsa.common.PKIException;
import cmbc.cfca.system.SecureRandoms;
import cmbc.cfca.util.Base64;
import cmbc.cfca.x509.certificate.X509Cert;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Vector;

/* loaded from: input_file:cmbc/cfca/internal/tool/PKCS12.class */
public class PKCS12 {
    private Pfx pfx = null;
    private CertBag[] certBags = null;
    private ASN1Encodable privateKeyInfo = null;
    private ContentInfo keyContent = null;
    private ContentInfo certContent = null;
    private byte[] password = null;
    private boolean decrypted;
    private static final int ITERATIONS = 2000;

    public PKCS12() {
        this.decrypted = false;
        this.decrypted = false;
    }

    public void load(Pfx pfx) {
        this.pfx = pfx;
    }

    public void load(String str) throws PKIException {
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(str);
                byte[] bArr = new byte[fileInputStream.available()];
                fileInputStream.read(bArr);
                load(bArr);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Exception e2) {
                throw new PKIException("850605", "载入P12对象错误", e2);
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e3) {
                }
            }
            throw th;
        }
    }

    public void load(InputStream inputStream) throws PKIException {
        ASN1InputStream aSN1InputStream = null;
        try {
            try {
                aSN1InputStream = new ASN1InputStream(inputStream);
                this.pfx = Pfx.getInstance(aSN1InputStream.readObject());
                if (aSN1InputStream != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Exception e2) {
                throw new PKIException("850605", "载入P12对象错误", e2);
            }
        } catch (Throwable th) {
            if (aSN1InputStream != null) {
                try {
                    aSN1InputStream.close();
                } catch (Exception e3) {
                }
            }
            throw th;
        }
    }

    public void load(byte[] bArr) throws PKIException {
        if (ASN1Parser.isBase64Encode(bArr)) {
            bArr = Base64.decode(bArr);
        }
        ByteArrayInputStream byteArrayInputStream = null;
        ASN1InputStream aSN1InputStream = null;
        try {
            try {
                byteArrayInputStream = new ByteArrayInputStream(bArr);
                aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
                this.pfx = Pfx.getInstance(aSN1InputStream.readObject());
                if (aSN1InputStream != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (Exception e) {
                    }
                }
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e2) {
                    }
                }
            } catch (Exception e3) {
                throw new PKIException("850605", "载入P12对象错误", e3);
            }
        } catch (Throwable th) {
            if (aSN1InputStream != null) {
                try {
                    aSN1InputStream.close();
                } catch (Exception e4) {
                }
            }
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e5) {
                }
            }
            throw th;
        }
    }

    private ASN1Sequence oct2Seq(ASN1OctetString aSN1OctetString) throws Exception {
        ByteArrayInputStream byteArrayInputStream = null;
        ASN1InputStream aSN1InputStream = null;
        try {
            byteArrayInputStream = new ByteArrayInputStream(aSN1OctetString.getOctets());
            aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
            ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
            if (aSN1InputStream != null) {
                try {
                    aSN1InputStream.close();
                } catch (Exception e) {
                }
            }
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e2) {
                }
            }
            return aSN1Sequence;
        } catch (Throwable th) {
            if (aSN1InputStream != null) {
                try {
                    aSN1InputStream.close();
                } catch (Exception e3) {
                }
            }
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e4) {
                }
            }
            throw th;
        }
    }

    public void decrypt(char[] cArr) throws PKIException {
        try {
            if (this.pfx == null) {
                throw new Exception("you must load Pfx first.");
            }
            this.password = PKCS12ParametersGenerator.PKCS12PasswordToBytes(cArr);
            if (!verifyMac()) {
                throw new Exception("verifyMac faulture.");
            }
            ContentInfo[] contentInfo = AuthenticatedSafe.getInstance(oct2Seq(ASN1OctetString.getInstance(this.pfx.getAuthSafe().getContent()))).getContentInfo();
            for (int i = 0; i < contentInfo.length; i++) {
                if (contentInfo[i].getContentType().equals(PKCSObjectIdentifiers.data)) {
                    this.keyContent = contentInfo[i];
                } else if (contentInfo[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) {
                    this.certContent = contentInfo[i];
                }
            }
            handleKeyContent(this.keyContent);
            handleCertContent(this.certContent);
            this.decrypted = true;
        } catch (Exception e) {
            throw new PKIException("850606", "解析P12失败，请重新确认解密口令", e);
        }
    }

    private byte[] pbeDecrypt(String str, PKCS12ParametersGenerator pKCS12ParametersGenerator, byte[] bArr) throws Exception {
        if (str.equals(PKCSObjectIdentifiers.pbeWithSHAAnd3DESCBC.getId())) {
            ParametersWithIV parametersWithIV = (ParametersWithIV) pKCS12ParametersGenerator.generateDerivedParameters(192, 64);
            return RSASymmetricCryptoUtil.decrypt(((KeyParameter) parametersWithIV.getParameters()).getKey(), bArr, new Mechanism_Inside("DESede/CBC/PKCS7Padding", new CBCParam(parametersWithIV.getIV())));
        }
        if (str.equals(PKCSObjectIdentifiers.pbeWithSHAAnd2DESCBC.getId())) {
            ParametersWithIV parametersWithIV2 = (ParametersWithIV) pKCS12ParametersGenerator.generateDerivedParameters(128, 64);
            return RSASymmetricCryptoUtil.decrypt(((KeyParameter) parametersWithIV2.getParameters()).getKey(), bArr, new Mechanism_Inside("DESede/CBC/PKCS7Padding", new CBCParam(parametersWithIV2.getIV())));
        }
        if (str.equals(PKCSObjectIdentifiers.pbeWithSHAAnd128RC2CBC.getId())) {
            return rc2doCipher(false, pKCS12ParametersGenerator.generateDerivedParameters(128, 64), bArr);
        }
        if (str.equals(PKCSObjectIdentifiers.pbeWithSHAAnd40RC2CBC.getId())) {
            return rc2doCipher(false, pKCS12ParametersGenerator.generateDerivedParameters(40, 64), bArr);
        }
        throw new Exception("not support pkcs12pbe algorithm: " + str);
    }

    private void handleCertContent(ContentInfo contentInfo) throws Exception {
        EncryptedData encryptedData = EncryptedData.getInstance(contentInfo.getContent());
        AlgorithmIdentifier encryptionAlgorithm = encryptedData.getEncryptionAlgorithm();
        PKCS12PBEParams pKCS12PBEParams = PKCS12PBEParams.getInstance(encryptionAlgorithm.getParameters());
        byte[] iv = pKCS12PBEParams.getIV();
        int intValue = pKCS12PBEParams.getIterations().intValue();
        PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
        pKCS12ParametersGenerator.init(this.password, iv, intValue);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(pbeDecrypt(encryptionAlgorithm.getAlgorithm().getId(), pKCS12ParametersGenerator, encryptedData.getContent().getOctets())));
        try {
            SafeBag[] safeBag = SafeContents.getInstance((ASN1Sequence) aSN1InputStream.readObject()).getSafeBag();
            Vector vector = new Vector();
            for (int i = 0; i < safeBag.length; i++) {
                if (safeBag[i].getBagId().equals(PKCSObjectIdentifiers.certBag)) {
                    vector.add(CertBag.getInstance(safeBag[i].getBagValue()));
                }
            }
            this.certBags = new CertBag[vector.size()];
            vector.toArray(this.certBags);
            if (aSN1InputStream != null) {
                aSN1InputStream.close();
            }
        } catch (Throwable th) {
            if (aSN1InputStream != null) {
                aSN1InputStream.close();
            }
            throw th;
        }
    }

    private void handleKeyContent(ContentInfo contentInfo) throws Exception {
        SafeBag safeBag = SafeContents.getInstance(oct2Seq(ASN1OctetString.getInstance(contentInfo.getContent()))).getSafeBag()[0];
        if (safeBag.getBagId().equals(PKCSObjectIdentifiers.keyBag)) {
            this.privateKeyInfo = new PrivateKeyInfo((ASN1Sequence) safeBag.getBagValue());
            return;
        }
        if (!safeBag.getBagId().equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag)) {
            throw new Exception("handle keyBag error. bagId = " + safeBag.getBagId().getId());
        }
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = EncryptedPrivateKeyInfo.getInstance(ASN1Parser.writeDERObj2Bytes(safeBag.getBagValue()));
        PBEParameter pBEParameter = PBEParameter.getInstance(encryptedPrivateKeyInfo.getEncryptionAlgorithm().getParameters());
        byte[] salt = pBEParameter.getSalt();
        int intValue = pBEParameter.getIterationCount().intValue();
        PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
        pKCS12ParametersGenerator.init(this.password, salt, intValue);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(pbeDecrypt(encryptedPrivateKeyInfo.getEncryptionAlgorithm().getAlgorithm().getId(), pKCS12ParametersGenerator, encryptedPrivateKeyInfo.getEncryptedData())));
        this.privateKeyInfo = (ASN1Sequence) aSN1InputStream.readObject();
        aSN1InputStream.close();
    }

    public static void generatePfxFile(X509Cert x509Cert, PrivateKey privateKey, String str, String str2) throws PKIException {
        Pfx generatePfx = generatePfx(x509Cert, privateKey, str);
        FileOutputStream fileOutputStream = null;
        DEROutputStream dEROutputStream = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(str2);
                dEROutputStream = new DEROutputStream(fileOutputStream);
                dEROutputStream.writeObject(generatePfx);
                if (dEROutputStream != null) {
                    try {
                        dEROutputStream.close();
                    } catch (Exception e) {
                    }
                }
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Exception e2) {
                    }
                }
            } catch (Exception e3) {
                throw new PKIException("can not create pfx file: " + e3.getMessage());
            }
        } catch (Throwable th) {
            if (dEROutputStream != null) {
                try {
                    dEROutputStream.close();
                } catch (Exception e4) {
                }
            }
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (Exception e5) {
                }
            }
            throw th;
        }
    }

    public static Pfx generatePfx(X509Cert x509Cert, PrivateKey privateKey, String str) throws PKIException {
        Certificate certStructure = x509Cert.getCertStructure();
        byte[] PKCS12PasswordToBytes = PKCS12ParametersGenerator.PKCS12PasswordToBytes(str.toCharArray());
        try {
            EncryptedPrivateKeyInfo generateEPKI = generateEPKI(privateKey, PKCS12PasswordToBytes);
            DEROctetString dEROctetString = new DEROctetString(ASN1Parser.writeDERObj2Bytes(certStructure.getSerialNumber()));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(dEROctetString);
            Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new DERSet(aSN1EncodableVector));
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            aSN1EncodableVector2.add(attribute);
            DERSet dERSet = new DERSet(aSN1EncodableVector2);
            ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(ASN1Parser.writeDERObj2Bytes(new AuthenticatedSafe(new ContentInfo[]{new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(ASN1Parser.writeDERObj2Bytes(new SafeContents(new SafeBag[]{new SafeBag(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, ASN1Parser.writeBytes2DERObj(generateEPKI.getEncoded()), dERSet)})))), new ContentInfo(PKCSObjectIdentifiers.encryptedData, encryptedCertContents(new SafeContents(new SafeBag[]{new SafeBag(PKCSObjectIdentifiers.certBag, new CertBag(PKCSObjectIdentifiers.x509certType, new DEROctetString(ASN1Parser.writeDERObj2Bytes(certStructure))), dERSet)}), PKCS12PasswordToBytes))}))));
            return new Pfx(contentInfo, generateMacData(contentInfo, PKCS12PasswordToBytes));
        } catch (Exception e) {
            throw new PKIException("850609", "产生PKCS12结构失败", e);
        }
    }

    private static EncryptedPrivateKeyInfo generateEPKI(PrivateKey privateKey, byte[] bArr) throws Exception {
        byte[] encoded = privateKey.getEncoded();
        byte[] genBytes = SecureRandoms.getInstance().genBytes(8);
        PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
        pKCS12ParametersGenerator.init(bArr, genBytes, ITERATIONS);
        ParametersWithIV parametersWithIV = (ParametersWithIV) pKCS12ParametersGenerator.generateDerivedParameters(192, 64);
        DEROctetString dEROctetString = new DEROctetString(RSASymmetricCryptoUtil.encrypt(((KeyParameter) parametersWithIV.getParameters()).getKey(), encoded, new Mechanism_Inside("DESede/CBC/PKCS7Padding", new CBCParam(parametersWithIV.getIV()))));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        DEROctetString dEROctetString2 = new DEROctetString(genBytes);
        DERInteger dERInteger = new DERInteger(ITERATIONS);
        aSN1EncodableVector.add(dEROctetString2);
        aSN1EncodableVector.add(dERInteger);
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.pbeWithSHAAnd3DESCBC, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(algorithmIdentifier);
        aSN1EncodableVector2.add(dEROctetString);
        return EncryptedPrivateKeyInfo.getInstance(new DERSequence(aSN1EncodableVector2));
    }

    private static EncryptedData encryptedCertContents(ASN1Encodable aSN1Encodable, byte[] bArr) throws Exception {
        byte[] genBytes = SecureRandoms.getInstance().genBytes(8);
        PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
        pKCS12ParametersGenerator.init(bArr, genBytes, ITERATIONS);
        DEROctetString dEROctetString = new DEROctetString(rc2doCipher(true, pKCS12ParametersGenerator.generateDerivedParameters(40, 64), ASN1Parser.writeDERObj2Bytes(aSN1Encodable)));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        DEROctetString dEROctetString2 = new DEROctetString(genBytes);
        DERInteger dERInteger = new DERInteger(ITERATIONS);
        aSN1EncodableVector.add(dEROctetString2);
        aSN1EncodableVector.add(dERInteger);
        return new EncryptedData(PKCSObjectIdentifiers.data, new AlgorithmIdentifier(PKCSObjectIdentifiers.pbeWithSHAAnd40RC2CBC, (ASN1Encodable) new DERSequence(aSN1EncodableVector)), dEROctetString);
    }

    private static byte[] rc2doCipher(boolean z, CipherParameters cipherParameters, byte[] bArr) throws Exception {
        PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new RC2Engine()));
        paddedBufferedBlockCipher.init(z, cipherParameters);
        byte[] bArr2 = new byte[paddedBufferedBlockCipher.getOutputSize(bArr.length)];
        int processBytes = paddedBufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr2, 0);
        int i = -1;
        if (processBytes < bArr2.length) {
            i = paddedBufferedBlockCipher.doFinal(bArr2, processBytes);
        }
        if (z) {
            return bArr2;
        }
        byte[] bArr3 = new byte[(bArr2.length - paddedBufferedBlockCipher.getBlockSize()) + i];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr3.length);
        return bArr3;
    }

    private boolean verifyMac() throws PKIException {
        PKCS12ParametersGenerator pKCS12ParametersGenerator;
        int i;
        ExtendedDigest mD5Digest;
        MacData macData = this.pfx.getMacData();
        DigestInfo mac = macData.getMac();
        ASN1ObjectIdentifier algorithm = mac.getAlgorithmId().getAlgorithm();
        if (algorithm.equals(PKCSObjectIdentifiers.sha1)) {
            pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
            i = 160;
            mD5Digest = new SHA1Digest();
        } else if (algorithm.equals(PKCSObjectIdentifiers.md2)) {
            pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new MD2Digest());
            i = 128;
            mD5Digest = new MD2Digest();
        } else {
            if (!algorithm.equals(PKCSObjectIdentifiers.md5)) {
                throw new PKIException("not support digest algorithmIdentifier:" + algorithm);
            }
            pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new MD5Digest());
            i = 128;
            mD5Digest = new MD5Digest();
        }
        pKCS12ParametersGenerator.init(this.password, macData.getSalt(), macData.getIterationCount().intValue());
        KeyParameter keyParameter = (KeyParameter) pKCS12ParametersGenerator.generateDerivedMacParameters(i);
        byte[] octets = ASN1OctetString.getInstance(this.pfx.getAuthSafe().getContent()).getOctets();
        HMac hMac = new HMac(mD5Digest);
        hMac.init(keyParameter);
        hMac.update(octets, 0, octets.length);
        byte[] bArr = new byte[hMac.getMacSize()];
        hMac.doFinal(bArr, 0);
        return Arrays.areEqual(bArr, mac.getDigest());
    }

    private static MacData generateMacData(ContentInfo contentInfo, byte[] bArr) throws Exception {
        byte[] genBytes = SecureRandoms.getInstance().genBytes(8);
        PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA1Digest());
        pKCS12ParametersGenerator.init(bArr, genBytes, ITERATIONS);
        CipherParameters generateDerivedMacParameters = pKCS12ParametersGenerator.generateDerivedMacParameters(SyslogConstants.LOG_LOCAL4);
        byte[] octets = ASN1OctetString.getInstance(contentInfo.getContent()).getOctets();
        HMac hMac = new HMac(new SHA1Digest());
        hMac.init(generateDerivedMacParameters);
        hMac.update(octets, 0, octets.length);
        byte[] bArr2 = new byte[hMac.getMacSize()];
        hMac.doFinal(bArr2, 0);
        return new MacData(new DigestInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1), bArr2), genBytes, ITERATIONS);
    }

    public X509Cert[] getCerts() throws PKIException {
        try {
            if (!this.decrypted) {
                throw new Exception("pfx file hasn't been decrypted yet.");
            }
            Vector vector = new Vector();
            for (int i = 0; i < this.certBags.length; i++) {
                ASN1ObjectIdentifier certId = this.certBags[i].getCertId();
                if (certId.equals(PKCSObjectIdentifiers.x509certType)) {
                    vector.add(new X509Cert(Certificate.getInstance(oct2Seq(ASN1OctetString.getInstance(this.certBags[i].getCertValue())))));
                } else if (!certId.equals(PKCSObjectIdentifiers.sdsiCertType)) {
                    throw new Exception("not support certBag type, id=" + certId.getId());
                }
            }
            X509Cert[] x509CertArr = new X509Cert[vector.size()];
            vector.toArray(x509CertArr);
            return x509CertArr;
        } catch (Exception e) {
            throw new PKIException("850608", "获取P12公钥证书失败", e);
        }
    }

    public PrivateKey getPrivateKey() throws PKIException {
        try {
            if (this.decrypted) {
                return new BCRSAPrivateCrtKey(PrivateKeyInfo.getInstance(new PKCS8EncodedKeySpec(ASN1Parser.writeDERObj2Bytes((ASN1Sequence) this.privateKeyInfo)).getEncoded()));
            }
            throw new Exception("pfx file hasn't been decrypted yet.");
        } catch (Exception e) {
            throw new PKIException("850607", "获取P12私钥失败", e);
        }
    }
}
