package sun.security.tools;

import com.facebook.internal.security.CertificateUtil;
import com.google.android.vending.expansion.downloader.Constants;
import com.google.android.vending.expansion.downloader.impl.DownloadsDB;
import com.u8.sdk.utils.RSAUtils;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.security.CodeSigner;
import java.security.Key;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.Timestamp;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.text.Collator;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Random;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.Vector;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.security.auth.x500.X500Principal;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import sun.misc.HexDumpEncoder;
import sun.security.pkcs.PKCS10;
import sun.security.pkcs.PKCS10Attribute;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.provider.X509Factory;
import sun.security.util.ObjectIdentifier;
import sun.security.util.Password;
import sun.security.x509.AlgorithmId;
import sun.security.x509.AuthorityInfoAccessExtension;
import sun.security.x509.BasicConstraintsExtension;
import sun.security.x509.CRLDistributionPointsExtension;
import sun.security.x509.CRLExtensions;
import sun.security.x509.CRLReasonCodeExtension;
import sun.security.x509.CertAndKeyGen;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.DNSName;
import sun.security.x509.DistributionPoint;
import sun.security.x509.ExtendedKeyUsageExtension;
import sun.security.x509.Extension;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNameInterface;
import sun.security.x509.GeneralNames;
import sun.security.x509.IPAddressName;
import sun.security.x509.IssuerAlternativeNameExtension;
import sun.security.x509.KeyUsageExtension;
import sun.security.x509.OIDName;
import sun.security.x509.PKIXExtensions;
import sun.security.x509.RFC822Name;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.SubjectInfoAccessExtension;
import sun.security.x509.URIName;
import sun.security.x509.X500Name;
import sun.security.x509.X509CRLEntryImpl;
import sun.security.x509.X509CRLImpl;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: classes.dex */
public final class KeyTool {
    private static final String JKS = "jks";
    private static final String NONE = "NONE";
    private static final String P11KEYSTORE = "PKCS11";
    private static final String P12KEYSTORE = "PKCS12";
    private static final String[] extSupported;
    private static final Class[] PARAM_STRING = {String.class};
    private static final ResourceBundle rb = ResourceBundle.getBundle("sun.security.util.Resources");
    private static final Collator collator = Collator.getInstance();
    private boolean debug = false;
    private Command command = null;
    private String sigAlgName = null;
    private String keyAlgName = null;
    private boolean verbose = false;
    private int keysize = -1;
    private boolean rfc = false;
    private long validity = 90;
    private String alias = null;
    private String dname = null;
    private String dest = null;
    private String filename = null;
    private String infilename = null;
    private String outfilename = null;
    private String srcksfname = null;
    private Set<Pair<String, String>> providers = null;
    private String storetype = null;
    private String srcProviderName = null;
    private String providerName = null;
    private String pathlist = null;
    private char[] storePass = null;
    private char[] storePassNew = null;
    private char[] keyPass = null;
    private char[] keyPassNew = null;
    private char[] newPass = null;
    private char[] destKeyPass = null;
    private char[] srckeyPass = null;
    private String ksfname = null;
    private File ksfile = null;
    private InputStream ksStream = null;
    private String sslserver = null;
    private String jarfile = null;
    private KeyStore keyStore = null;
    private boolean token = false;
    private boolean nullStream = false;
    private boolean kssave = false;
    private boolean noprompt = false;
    private boolean trustcacerts = false;
    private boolean protectedPath = false;
    private boolean srcprotectedPath = false;
    private CertificateFactory cf = null;
    private KeyStore caks = null;
    private char[] srcstorePass = null;
    private String srcstoretype = null;
    private Set<char[]> passwords = new HashSet();
    private String startDate = null;
    private List<String> ids = new ArrayList();
    private List<String> v3ext = new ArrayList();
    private final String keyAlias = "mykey";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum Command {
        CERTREQ("Generates.a.certificate.request", Option.ALIAS, Option.SIGALG, Option.FILEOUT, Option.KEYPASS, Option.KEYSTORE, Option.DNAME, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        CHANGEALIAS("Changes.an.entry.s.alias", Option.ALIAS, Option.DESTALIAS, Option.KEYPASS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        DELETE("Deletes.an.entry", Option.ALIAS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        EXPORTCERT("Exports.certificate", Option.RFC, Option.ALIAS, Option.FILEOUT, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        GENKEYPAIR("Generates.a.key.pair", Option.ALIAS, Option.KEYALG, Option.KEYSIZE, Option.SIGALG, Option.DESTALIAS, Option.DNAME, Option.STARTDATE, Option.EXT, Option.VALIDITY, Option.KEYPASS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        GENSECKEY("Generates.a.secret.key", Option.ALIAS, Option.KEYPASS, Option.KEYALG, Option.KEYSIZE, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        GENCERT("Generates.certificate.from.a.certificate.request", Option.RFC, Option.INFILE, Option.OUTFILE, Option.ALIAS, Option.SIGALG, Option.DNAME, Option.STARTDATE, Option.EXT, Option.VALIDITY, Option.KEYPASS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        IMPORTCERT("Imports.a.certificate.or.a.certificate.chain", Option.NOPROMPT, Option.TRUSTCACERTS, Option.PROTECTED, Option.ALIAS, Option.FILEIN, Option.KEYPASS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V),
        IMPORTKEYSTORE("Imports.one.or.all.entries.from.another.keystore", Option.SRCKEYSTORE, Option.DESTKEYSTORE, Option.SRCSTORETYPE, Option.DESTSTORETYPE, Option.SRCSTOREPASS, Option.DESTSTOREPASS, Option.SRCPROTECTED, Option.SRCPROVIDERNAME, Option.DESTPROVIDERNAME, Option.SRCALIAS, Option.DESTALIAS, Option.SRCKEYPASS, Option.DESTKEYPASS, Option.NOPROMPT, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V),
        KEYPASSWD("Changes.the.key.password.of.an.entry", Option.ALIAS, Option.KEYPASS, Option.NEW, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V),
        LIST("Lists.entries.in.a.keystore", Option.RFC, Option.ALIAS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        PRINTCERT("Prints.the.content.of.a.certificate", Option.RFC, Option.FILEIN, Option.SSLSERVER, Option.JARFILE, Option.V),
        PRINTCERTREQ("Prints.the.content.of.a.certificate.request", Option.FILEIN, Option.V),
        PRINTCRL("Prints.the.content.of.a.CRL.file", Option.FILEIN, Option.V),
        STOREPASSWD("Changes.the.store.password.of.a.keystore", Option.NEW, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V),
        KEYCLONE("Clones.a.key.entry", Option.ALIAS, Option.DESTALIAS, Option.KEYPASS, Option.NEW, Option.STORETYPE, Option.KEYSTORE, Option.STOREPASS, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V),
        SELFCERT("Generates.a.self.signed.certificate", Option.ALIAS, Option.SIGALG, Option.DNAME, Option.STARTDATE, Option.VALIDITY, Option.KEYPASS, Option.STORETYPE, Option.KEYSTORE, Option.STOREPASS, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V),
        GENCRL("Generates.CRL", Option.RFC, Option.FILEOUT, Option.ID, Option.ALIAS, Option.SIGALG, Option.EXT, Option.KEYPASS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        IDENTITYDB("Imports.entries.from.a.JDK.1.1.x.style.identity.database", Option.FILEIN, Option.STORETYPE, Option.KEYSTORE, Option.STOREPASS, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V);

        final String description;
        final Option[] options;

        Command(String str, Option... optionArr) {
            this.description = str;
            this.options = optionArr;
        }

        @Override // java.lang.Enum
        public String toString() {
            return Constants.FILENAME_SEQUENCE_SEPARATOR + name().toLowerCase(Locale.ENGLISH);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum Option {
        ALIAS("alias", "<alias>", "alias.name.of.the.entry.to.process"),
        DESTALIAS("destalias", "<destalias>", "destination.alias"),
        DESTKEYPASS("destkeypass", "<arg>", "destination.key.password"),
        DESTKEYSTORE("destkeystore", "<destkeystore>", "destination.keystore.name"),
        DESTPROTECTED("destprotected", null, "destination.keystore.password.protected"),
        DESTPROVIDERNAME("destprovidername", "<destprovidername>", "destination.keystore.provider.name"),
        DESTSTOREPASS("deststorepass", "<arg>", "destination.keystore.password"),
        DESTSTORETYPE("deststoretype", "<deststoretype>", "destination.keystore.type"),
        DNAME("dname", "<dname>", "distinguished.name"),
        EXT("ext", "<value>", "X.509.extension"),
        FILEOUT("file", "<filename>", "output.file.name"),
        FILEIN("file", "<filename>", "input.file.name"),
        ID("id", "<id:reason>", "Serial.ID.of.cert.to.revoke"),
        INFILE("infile", "<filename>", "input.file.name"),
        KEYALG("keyalg", "<keyalg>", "key.algorithm.name"),
        KEYPASS("keypass", "<arg>", "key.password"),
        KEYSIZE("keysize", "<keysize>", "key.bit.size"),
        KEYSTORE("keystore", "<keystore>", "keystore.name"),
        NEW("new", "<arg>", "new.password"),
        NOPROMPT("noprompt", null, "do.not.prompt"),
        OUTFILE("outfile", "<filename>", "output.file.name"),
        PROTECTED("protected", null, "password.through.protected.mechanism"),
        PROVIDERARG("providerarg", "<arg>", "provider.argument"),
        PROVIDERCLASS("providerclass", "<providerclass>", "provider.class.name"),
        PROVIDERNAME("providername", "<providername>", "provider.name"),
        PROVIDERPATH("providerpath", "<pathlist>", "provider.classpath"),
        RFC("rfc", null, "output.in.RFC.style"),
        SIGALG("sigalg", "<sigalg>", "signature.algorithm.name"),
        SRCALIAS("srcalias", "<srcalias>", "source.alias"),
        SRCKEYPASS("srckeypass", "<arg>", "source.key.password"),
        SRCKEYSTORE("srckeystore", "<srckeystore>", "source.keystore.name"),
        SRCPROTECTED("srcprotected", null, "source.keystore.password.protected"),
        SRCPROVIDERNAME("srcprovidername", "<srcprovidername>", "source.keystore.provider.name"),
        SRCSTOREPASS("srcstorepass", "<arg>", "source.keystore.password"),
        SRCSTORETYPE("srcstoretype", "<srcstoretype>", "source.keystore.type"),
        SSLSERVER("sslserver", "<server[:port]>", "SSL.server.host.and.port"),
        JARFILE("jarfile", "<filename>", "signed.jar.file"),
        STARTDATE("startdate", "<startdate>", "certificate.validity.start.date.time"),
        STOREPASS("storepass", "<arg>", "keystore.password"),
        STORETYPE("storetype", "<storetype>", "keystore.type"),
        TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"),
        V("v", null, "verbose.output"),
        VALIDITY("validity", "<valDays>", "validity.number.of.days");

        final String arg;
        final String description;
        final String name;

        Option(String str, String str2, String str3) {
            this.name = str;
            this.arg = str2;
            this.description = str3;
        }

        @Override // java.lang.Enum
        public String toString() {
            return Constants.FILENAME_SEQUENCE_SEPARATOR + this.name;
        }
    }

    static {
        collator.setStrength(0);
        extSupported = new String[]{BasicConstraintsExtension.NAME, KeyUsageExtension.NAME, ExtendedKeyUsageExtension.NAME, SubjectAlternativeNameExtension.NAME, IssuerAlternativeNameExtension.NAME, SubjectInfoAccessExtension.NAME, AuthorityInfoAccessExtension.NAME, null, CRLDistributionPointsExtension.NAME};
    }

    private KeyTool() {
    }

    private boolean addTrustedCert(String str, InputStream inputStream) throws Exception {
        boolean z;
        String str2;
        String str3;
        if (str == null) {
            throw new Exception(rb.getString("Must.specify.alias"));
        }
        if (this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Certificate.not.imported.alias.alias.already.exists")).format(new Object[]{str}));
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) this.cf.generateCertificate(inputStream);
            if (isSelfSigned(x509Certificate)) {
                x509Certificate.verify(x509Certificate.getPublicKey());
                z = true;
            } else {
                z = false;
            }
            if (this.noprompt) {
                this.keyStore.setCertificateEntry(str, x509Certificate);
                return true;
            }
            String certificateAlias = this.keyStore.getCertificateAlias(x509Certificate);
            if (certificateAlias != null) {
                System.err.println(new MessageFormat(rb.getString("Certificate.already.exists.in.keystore.under.alias.trustalias.")).format(new Object[]{certificateAlias}));
                str2 = getYesNoReply(rb.getString("Do.you.still.want.to.add.it.no."));
            } else if (z) {
                if (!this.trustcacerts || this.caks == null) {
                    str2 = null;
                    str3 = certificateAlias;
                } else {
                    String certificateAlias2 = this.caks.getCertificateAlias(x509Certificate);
                    if (certificateAlias2 != null) {
                        System.err.println(new MessageFormat(rb.getString("Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.")).format(new Object[]{certificateAlias2}));
                        str2 = getYesNoReply(rb.getString("Do.you.still.want.to.add.it.to.your.own.keystore.no."));
                        str3 = certificateAlias2;
                    } else {
                        str2 = null;
                        str3 = certificateAlias2;
                    }
                }
                if (str3 == null) {
                    printX509Cert(x509Certificate, System.out);
                    str2 = getYesNoReply(rb.getString("Trust.this.certificate.no."));
                }
            } else {
                str2 = null;
            }
            if (str2 != null) {
                if (!"YES".equals(str2)) {
                    return false;
                }
                this.keyStore.setCertificateEntry(str, x509Certificate);
                return true;
            }
            try {
                if (establishCertChain(null, x509Certificate) == null) {
                    return false;
                }
                this.keyStore.setCertificateEntry(str, x509Certificate);
                return true;
            } catch (Exception e) {
                printX509Cert(x509Certificate, System.out);
                if (!"YES".equals(getYesNoReply(rb.getString("Trust.this.certificate.no.")))) {
                    return false;
                }
                this.keyStore.setCertificateEntry(str, x509Certificate);
                return true;
            }
        } catch (ClassCastException e2) {
            throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
        } catch (CertificateException e3) {
            throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
        }
    }

    private boolean buildChain(X509Certificate x509Certificate, Vector<Certificate> vector, Hashtable<Principal, Vector<Certificate>> hashtable) {
        Principal issuerDN = x509Certificate.getIssuerDN();
        if (isSelfSigned(x509Certificate)) {
            vector.addElement(x509Certificate);
            return true;
        }
        Vector<Certificate> vector2 = hashtable.get(issuerDN);
        if (vector2 == null) {
            return false;
        }
        Enumeration<Certificate> elements = vector2.elements();
        while (elements.hasMoreElements()) {
            X509Certificate x509Certificate2 = (X509Certificate) elements.nextElement();
            try {
                x509Certificate.verify(x509Certificate2.getPublicKey());
            } catch (Exception e) {
            }
            if (buildChain(x509Certificate2, vector, hashtable)) {
                vector.addElement(x509Certificate);
                return true;
            }
        }
        return false;
    }

    private void byte2hex(byte b, StringBuffer stringBuffer) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        stringBuffer.append(cArr[(b & 240) >> 4]);
        stringBuffer.append(cArr[b & 15]);
    }

    private GeneralName createGeneralName(String str, String str2) throws Exception {
        GeneralNameInterface iPAddressName;
        int oneOf = oneOf(str, "EMAIL", DownloadsDB.DownloadColumns.URI, "DNS", "IP", "OID");
        if (oneOf < 0) {
            throw new Exception(rb.getString("Unrecognized.GeneralName.type.") + str);
        }
        switch (oneOf) {
            case 0:
                iPAddressName = new RFC822Name(str2);
                break;
            case 1:
                iPAddressName = new URIName(str2);
                break;
            case 2:
                iPAddressName = new DNSName(str2);
                break;
            case 3:
                iPAddressName = new IPAddressName(str2);
                break;
            default:
                iPAddressName = new OIDName(str2);
                break;
        }
        return new GeneralName(iPAddressName);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:26:0x016a. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:13:0x011c A[Catch: IOException -> 0x00bd, TryCatch #2 {IOException -> 0x00bd, blocks: (B:238:0x0015, B:239:0x0019, B:241:0x001f, B:244:0x0033, B:247:0x0053, B:248:0x0057, B:250:0x005d, B:253:0x006b, B:255:0x0076, B:256:0x007f, B:263:0x008d, B:267:0x00a6, B:270:0x00b1, B:273:0x009d, B:259:0x010c, B:282:0x00c6, B:284:0x00cc, B:288:0x00eb, B:289:0x0109, B:10:0x0112, B:11:0x0116, B:13:0x011c, B:15:0x012b, B:16:0x0138, B:18:0x0140, B:21:0x0155, B:22:0x015c, B:25:0x0164, B:26:0x016a, B:28:0x016d, B:29:0x018b, B:200:0x0195, B:203:0x01a5, B:207:0x01ac, B:209:0x01b9, B:224:0x01c5, B:225:0x01e3, B:211:0x01e4, B:213:0x01ef, B:215:0x01f6, B:216:0x01f9, B:218:0x0204, B:221:0x020c, B:222:0x022a, B:32:0x022d, B:34:0x023c, B:43:0x027c, B:44:0x029a, B:40:0x02a0, B:46:0x02a7, B:50:0x02bf, B:51:0x02dd, B:54:0x02e0, B:56:0x02ef, B:65:0x032f, B:59:0x035c, B:62:0x0367, B:69:0x033b, B:70:0x0359, B:75:0x0383, B:78:0x0393, B:79:0x03b1, B:82:0x03b4, B:84:0x03c3, B:88:0x03cd, B:89:0x03ef, B:86:0x03f0, B:97:0x040a, B:94:0x041a, B:100:0x042a, B:101:0x0448, B:139:0x044b, B:140:0x0469, B:105:0x046c, B:107:0x047c, B:110:0x04af, B:116:0x04e7, B:114:0x04ec, B:112:0x051f, B:120:0x0500, B:121:0x051e, B:123:0x0490, B:124:0x04ae, B:133:0x053b, B:130:0x0547, B:136:0x0553, B:137:0x0571, B:143:0x0574, B:145:0x0583, B:149:0x058d, B:150:0x05af, B:147:0x05b0, B:152:0x05c7, B:155:0x05de, B:156:0x05fc, B:158:0x05fd, B:160:0x0604, B:162:0x0619, B:166:0x0623, B:167:0x0625, B:169:0x0629, B:170:0x0630, B:172:0x0632, B:173:0x0650, B:178:0x063e, B:183:0x064b, B:187:0x0659, B:193:0x065d, B:194:0x067b, B:189:0x067c, B:190:0x0682, B:195:0x069a, B:231:0x069e, B:233:0x06b5, B:235:0x06bb), top: B:237:0x0015, inners: #0, #1, #3 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private sun.security.x509.CertificateExtensions createV3Extensions(sun.security.x509.CertificateExtensions r17, sun.security.x509.CertificateExtensions r18, java.util.List<java.lang.String> r19, java.security.PublicKey r20, java.security.PublicKey r21) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 1788
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.tools.KeyTool.createV3Extensions(sun.security.x509.CertificateExtensions, sun.security.x509.CertificateExtensions, java.util.List, java.security.PublicKey, java.security.PublicKey):sun.security.x509.CertificateExtensions");
    }

    private void doCertReq(String str, String str2, PrintStream printStream) throws Exception {
        if (str == null) {
            str = "mykey";
        }
        Pair<Key, char[]> recoverKey = recoverKey(str, this.storePass, this.keyPass);
        PrivateKey privateKey = (PrivateKey) recoverKey.fst;
        if (this.keyPass == null) {
            this.keyPass = recoverKey.snd;
        }
        Certificate certificate = this.keyStore.getCertificate(str);
        if (certificate == null) {
            throw new Exception(new MessageFormat(rb.getString("alias.has.no.public.key.certificate.")).format(new Object[]{str}));
        }
        PKCS10 pkcs10 = new PKCS10(certificate.getPublicKey());
        pkcs10.getAttributes().setAttribute("extensions", new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, createV3Extensions(null, null, this.v3ext, certificate.getPublicKey(), null)));
        if (str2 == null) {
            str2 = getCompatibleSigAlgName(privateKey.getAlgorithm());
        }
        Signature signature = Signature.getInstance(str2);
        signature.initSign(privateKey);
        pkcs10.encodeAndSign(this.dname == null ? new X500Name(((X509Certificate) certificate).getSubjectDN().toString()) : new X500Name(this.dname), signature);
        pkcs10.print(printStream);
    }

    private void doChangeKeyPasswd(String str) throws Exception {
        if (str == null) {
            str = "mykey";
        }
        Pair<Key, char[]> recoverKey = recoverKey(str, this.storePass, this.keyPass);
        Key key = recoverKey.fst;
        if (this.keyPass == null) {
            this.keyPass = recoverKey.snd;
        }
        if (this.keyPassNew == null) {
            this.keyPassNew = getNewPasswd(new MessageFormat(rb.getString("key.password.for.alias.")).format(new Object[]{str}), this.keyPass);
        }
        this.keyStore.setKeyEntry(str, key, this.keyPassNew, this.keyStore.getCertificateChain(str));
    }

    private void doCloneEntry(String str, String str2, boolean z) throws Exception {
        if (str == null) {
            str = "mykey";
        }
        if (this.keyStore.containsAlias(str2)) {
            throw new Exception(new MessageFormat(rb.getString("Destination.alias.dest.already.exists")).format(new Object[]{str2}));
        }
        Pair<KeyStore.Entry, char[]> recoverEntry = recoverEntry(this.keyStore, str, this.storePass, this.keyPass);
        KeyStore.Entry entry = recoverEntry.fst;
        this.keyPass = recoverEntry.snd;
        KeyStore.PasswordProtection passwordProtection = null;
        if (this.keyPass != null) {
            if (!z || P12KEYSTORE.equalsIgnoreCase(this.storetype)) {
                this.keyPassNew = this.keyPass;
            } else if (this.keyPassNew == null) {
                this.keyPassNew = promptForKeyPass(str2, str, this.keyPass);
            }
            passwordProtection = new KeyStore.PasswordProtection(this.keyPassNew);
        }
        this.keyStore.setEntry(str2, entry, passwordProtection);
    }

    private void doDeleteEntry(String str) throws Exception {
        if (!this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.does.not.exist")).format(new Object[]{str}));
        }
        this.keyStore.deleteEntry(str);
    }

    private void doExportCert(String str, PrintStream printStream) throws Exception {
        if (this.storePass == null && !KeyStoreUtil.isWindowsKeyStore(this.storetype)) {
            printWarning();
        }
        if (str == null) {
            str = "mykey";
        }
        if (!this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.does.not.exist")).format(new Object[]{str}));
        }
        X509Certificate x509Certificate = (X509Certificate) this.keyStore.getCertificate(str);
        if (x509Certificate == null) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.has.no.certificate")).format(new Object[]{str}));
        }
        dumpCert(x509Certificate, printStream);
    }

    private void doGenCRL(PrintStream printStream) throws Exception {
        if (this.ids == null) {
            throw new Exception("Must provide -id when -gencrl");
        }
        X500Name x500Name = (X500Name) ((X509CertInfo) new X509CertImpl(this.keyStore.getCertificate(this.alias).getEncoded()).get(X509CertInfo.IDENT)).get("subject.dname");
        Date startDate = getStartDate(this.startDate);
        Date date = (Date) startDate.clone();
        date.setTime(date.getTime() + (this.validity * 1000 * 24 * 60 * 60));
        new CertificateValidity(startDate, date);
        PrivateKey privateKey = (PrivateKey) recoverKey(this.alias, this.storePass, this.keyPass).fst;
        if (this.sigAlgName == null) {
            this.sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
        }
        X509CRLEntry[] x509CRLEntryArr = new X509CRLEntry[this.ids.size()];
        for (int i = 0; i < this.ids.size(); i++) {
            String str = this.ids.get(i);
            int indexOf = str.indexOf(58);
            if (indexOf >= 0) {
                CRLExtensions cRLExtensions = new CRLExtensions();
                cRLExtensions.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(str.substring(indexOf + 1))));
                x509CRLEntryArr[i] = new X509CRLEntryImpl(new BigInteger(str.substring(0, indexOf)), startDate, cRLExtensions);
            } else {
                x509CRLEntryArr[i] = new X509CRLEntryImpl(new BigInteger(this.ids.get(i)), startDate);
            }
        }
        X509CRLImpl x509CRLImpl = new X509CRLImpl(x500Name, startDate, date, x509CRLEntryArr);
        x509CRLImpl.sign(privateKey, this.sigAlgName);
        if (!this.rfc) {
            printStream.write(x509CRLImpl.getEncodedInternal());
            return;
        }
        printStream.println("-----BEGIN X509 CRL-----");
        new BASE64Encoder().encodeBuffer(x509CRLImpl.getEncodedInternal(), printStream);
        printStream.println("-----END X509 CRL-----");
    }

    private void doGenCert(String str, String str2, InputStream inputStream, PrintStream printStream) throws Exception {
        Certificate certificate = this.keyStore.getCertificate(str);
        X500Name x500Name = (X500Name) ((X509CertInfo) new X509CertImpl(certificate.getEncoded()).get(X509CertInfo.IDENT)).get("subject.dname");
        Date startDate = getStartDate(this.startDate);
        Date date = new Date();
        date.setTime(startDate.getTime() + (this.validity * 1000 * 24 * 60 * 60));
        CertificateValidity certificateValidity = new CertificateValidity(startDate, date);
        PrivateKey privateKey = (PrivateKey) recoverKey(str, this.storePass, this.keyPass).fst;
        if (str2 == null) {
            str2 = getCompatibleSigAlgName(privateKey.getAlgorithm());
        }
        Signature.getInstance(str2).initSign(privateKey);
        X509CertInfo x509CertInfo = new X509CertInfo();
        x509CertInfo.set("validity", certificateValidity);
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(new Random().nextInt() & Integer.MAX_VALUE));
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.getAlgorithmId(str2)));
        x509CertInfo.set("issuer", new CertificateIssuerName(x500Name));
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        boolean z = false;
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            if (readLine.startsWith("-----BEGIN") && readLine.indexOf("REQUEST") >= 0) {
                z = true;
            } else if (readLine.startsWith("-----END") && readLine.indexOf("REQUEST") >= 0) {
                break;
            } else if (z) {
                stringBuffer.append(readLine);
            }
        }
        PKCS10 pkcs10 = new PKCS10(new BASE64Decoder().decodeBuffer(new String(stringBuffer)));
        x509CertInfo.set("key", new CertificateX509Key(pkcs10.getSubjectPublicKeyInfo()));
        x509CertInfo.set("subject", new CertificateSubjectName(this.dname == null ? pkcs10.getSubjectName() : new X500Name(this.dname)));
        CertificateExtensions certificateExtensions = null;
        for (PKCS10Attribute pKCS10Attribute : pkcs10.getAttributes().getAttributes()) {
            certificateExtensions = pKCS10Attribute.getAttributeId().equals(PKCS9Attribute.EXTENSION_REQUEST_OID) ? (CertificateExtensions) pKCS10Attribute.getAttributeValue() : certificateExtensions;
        }
        x509CertInfo.set("extensions", createV3Extensions(certificateExtensions, null, this.v3ext, pkcs10.getSubjectPublicKeyInfo(), certificate.getPublicKey()));
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(privateKey, str2);
        dumpCert(x509CertImpl, printStream);
        for (Certificate certificate2 : this.keyStore.getCertificateChain(str)) {
            if (certificate2 instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate2;
                if (!isSelfSigned(x509Certificate)) {
                    dumpCert(x509Certificate, printStream);
                }
            }
        }
    }

    private void doGenKeyPair(String str, String str2, String str3, int i, String str4) throws Exception {
        if (i == -1) {
            i = "EC".equalsIgnoreCase(str3) ? 256 : RSAUtils.KEY_ALGORITHM.equalsIgnoreCase(str3) ? 2048 : 1024;
        }
        if (str == null) {
            str = "mykey";
        }
        if (this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Key.pair.not.generated.alias.alias.already.exists")).format(new Object[]{str}));
        }
        if (str4 == null) {
            str4 = getCompatibleSigAlgName(str3);
        }
        CertAndKeyGen certAndKeyGen = new CertAndKeyGen(str3, str4, this.providerName);
        X500Name x500Name = str2 == null ? getX500Name() : new X500Name(str2);
        certAndKeyGen.generate(i);
        PrivateKey privateKey = certAndKeyGen.getPrivateKey();
        X509Certificate[] x509CertificateArr = {certAndKeyGen.getSelfCertificate(x500Name, getStartDate(this.startDate), this.validity * 24 * 60 * 60, createV3Extensions(null, null, this.v3ext, certAndKeyGen.getPublicKeyAnyway(), null))};
        if (this.verbose) {
            System.err.println(new MessageFormat(rb.getString("Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for")).format(new Object[]{new Integer(i), privateKey.getAlgorithm(), x509CertificateArr[0].getSigAlgName(), new Long(this.validity), x500Name}));
        }
        if (this.keyPass == null) {
            this.keyPass = promptForKeyPass(str, null, this.storePass);
        }
        this.keyStore.setKeyEntry(str, privateKey, this.keyPass, x509CertificateArr);
    }

    private void doGenSecretKey(String str, String str2, int i) throws Exception {
        if (str == null) {
            str = "mykey";
        }
        if (this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Secret.key.not.generated.alias.alias.already.exists")).format(new Object[]{str}));
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance(str2);
        if (i != -1) {
            keyGenerator.init(i);
        } else if ("DES".equalsIgnoreCase(str2)) {
            keyGenerator.init(56);
        } else {
            if (!"DESede".equalsIgnoreCase(str2)) {
                throw new Exception(rb.getString("Please.provide.keysize.for.secret.key.generation"));
            }
            keyGenerator.init(168);
        }
        SecretKey generateKey = keyGenerator.generateKey();
        if (this.keyPass == null) {
            this.keyPass = promptForKeyPass(str, null, this.storePass);
        }
        this.keyStore.setKeyEntry(str, generateKey, this.keyPass, null);
    }

    private void doImportIdentityDatabase(InputStream inputStream) throws Exception {
        System.err.println(rb.getString("No.entries.from.identity.database.added"));
    }

    private void doImportKeyStore() throws Exception {
        if (this.alias != null) {
            doImportKeyStoreSingle(loadSourceKeyStore(), this.alias);
        } else {
            if (this.dest != null || this.srckeyPass != null || this.destKeyPass != null) {
                throw new Exception(rb.getString("if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified"));
            }
            doImportKeyStoreAll(loadSourceKeyStore());
        }
    }

    private void doImportKeyStoreAll(KeyStore keyStore) throws Exception {
        int size = keyStore.size();
        Enumeration<String> aliases = keyStore.aliases();
        int i = 0;
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            int doImportKeyStoreSingle = doImportKeyStoreSingle(keyStore, nextElement);
            if (doImportKeyStoreSingle != 1) {
                if (doImportKeyStoreSingle == 2 && !this.noprompt && "YES".equals(getYesNoReply("Do you want to quit the import process? [no]:  "))) {
                    break;
                }
            } else {
                i++;
                System.err.println(new MessageFormat(rb.getString("Entry.for.alias.alias.successfully.imported.")).format(new Object[]{nextElement}));
            }
            i = i;
        }
        System.err.println(new MessageFormat(rb.getString("Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled")).format(new Object[]{Integer.valueOf(i), Integer.valueOf(size - i)}));
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x0040  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x009a  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private int doImportKeyStoreSingle(java.security.KeyStore r10, java.lang.String r11) throws java.lang.Exception {
        /*
            r9 = this;
            r5 = 2
            r4 = 1
            r3 = 0
            java.lang.String r0 = r9.dest
            if (r0 != 0) goto L4e
            r0 = r11
        L8:
            java.security.KeyStore r1 = r9.keyStore
            boolean r1 = r1.containsAlias(r0)
            if (r1 == 0) goto Lcc
            java.lang.Object[] r1 = new java.lang.Object[r4]
            r1[r3] = r11
            boolean r2 = r9.noprompt
            if (r2 == 0) goto L51
            java.io.PrintStream r2 = java.lang.System.err
            java.text.MessageFormat r6 = new java.text.MessageFormat
            java.util.ResourceBundle r7 = sun.security.tools.KeyTool.rb
            java.lang.String r8 = "Warning.Overwriting.existing.alias.alias.in.destination.keystore"
            java.lang.String r7 = r7.getString(r8)
            r6.<init>(r7)
            java.lang.String r1 = r6.format(r1)
            r2.println(r1)
            r2 = r0
        L2f:
            char[] r0 = r9.srcstorePass
            char[] r1 = r9.srckeyPass
            sun.security.tools.Pair r7 = r9.recoverEntry(r10, r11, r0, r1)
            A r0 = r7.fst
            java.security.KeyStore$Entry r0 = (java.security.KeyStore.Entry) r0
            r1 = 0
            char[] r6 = r9.destKeyPass
            if (r6 == 0) goto L9a
            java.security.KeyStore$PasswordProtection r1 = new java.security.KeyStore$PasswordProtection
            char[] r6 = r9.destKeyPass
            r1.<init>(r6)
        L47:
            java.security.KeyStore r6 = r9.keyStore     // Catch: java.security.KeyStoreException -> La9
            r6.setEntry(r2, r0, r1)     // Catch: java.security.KeyStoreException -> La9
            r0 = r4
        L4d:
            return r0
        L4e:
            java.lang.String r0 = r9.dest
            goto L8
        L51:
            java.text.MessageFormat r2 = new java.text.MessageFormat
            java.util.ResourceBundle r6 = sun.security.tools.KeyTool.rb
            java.lang.String r7 = "Existing.entry.alias.alias.exists.overwrite.no."
            java.lang.String r6 = r6.getString(r7)
            r2.<init>(r6)
            java.lang.String r2 = r2.format(r1)
            java.lang.String r2 = r9.getYesNoReply(r2)
            java.lang.String r6 = "NO"
            boolean r2 = r6.equals(r2)
            if (r2 == 0) goto Lcc
            java.util.ResourceBundle r0 = sun.security.tools.KeyTool.rb
            java.lang.String r2 = "Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry."
            java.lang.String r0 = r0.getString(r2)
            java.lang.String r0 = r9.inputStringFromStdin(r0)
            java.lang.String r2 = ""
            boolean r2 = r2.equals(r0)
            if (r2 == 0) goto Lcc
            java.io.PrintStream r0 = java.lang.System.err
            java.text.MessageFormat r2 = new java.text.MessageFormat
            java.util.ResourceBundle r4 = sun.security.tools.KeyTool.rb
            java.lang.String r5 = "Entry.for.alias.alias.not.imported."
            java.lang.String r4 = r4.getString(r5)
            r2.<init>(r4)
            java.lang.String r1 = r2.format(r1)
            r0.println(r1)
            r0 = r3
            goto L4d
        L9a:
            B r6 = r7.snd
            if (r6 == 0) goto L47
            java.security.KeyStore$PasswordProtection r6 = new java.security.KeyStore$PasswordProtection
            B r1 = r7.snd
            char[] r1 = (char[]) r1
            r6.<init>(r1)
            r1 = r6
            goto L47
        La9:
            r0 = move-exception
            java.lang.Object[] r1 = new java.lang.Object[r5]
            r1[r3] = r11
            java.lang.String r0 = r0.toString()
            r1[r4] = r0
            java.text.MessageFormat r0 = new java.text.MessageFormat
            java.util.ResourceBundle r2 = sun.security.tools.KeyTool.rb
            java.lang.String r3 = "Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported."
            java.lang.String r2 = r2.getString(r3)
            r0.<init>(r2)
            java.io.PrintStream r2 = java.lang.System.err
            java.lang.String r0 = r0.format(r1)
            r2.println(r0)
            r0 = r5
            goto L4d
        Lcc:
            r2 = r0
            goto L2f
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.tools.KeyTool.doImportKeyStoreSingle(java.security.KeyStore, java.lang.String):int");
    }

    private void doPrintCRL(String str, PrintStream printStream) throws Exception {
        String str2;
        for (CRL crl : loadCRLs(str)) {
            printCRL(crl, printStream);
            String str3 = null;
            if (this.caks != null && (str3 = verifyCRL(this.caks, crl)) != null) {
                System.out.println("Verified by " + str3 + " in cacerts");
            }
            if (str3 != null || this.keyStore == null) {
                str2 = str3;
            } else {
                str2 = verifyCRL(this.keyStore, crl);
                if (str2 != null) {
                    System.out.println("Verified by " + str2 + " in keystore");
                }
            }
            if (str2 == null) {
                printStream.println(rb.getString("STAR"));
                printStream.println("WARNING: not verified. Make sure -keystore and -alias are correct.");
                printStream.println(rb.getString("STARNN"));
            }
        }
    }

    private void doPrintCert(final PrintStream printStream) throws Exception {
        InputStream inputStream;
        InputStream inputStream2;
        if (this.jarfile == null) {
            if (this.sslserver == null) {
                InputStream inputStream3 = System.in;
                if (this.filename != null) {
                    inputStream3 = new FileInputStream(this.filename);
                }
                try {
                    printCertFromStream(inputStream3, printStream);
                    if (inputStream3 != inputStream) {
                        return;
                    } else {
                        return;
                    }
                } finally {
                    if (inputStream3 != System.in) {
                        inputStream3.close();
                    }
                }
            }
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            final boolean[] zArr = new boolean[1];
            sSLContext.init(null, new TrustManager[]{new X509ExtendedTrustManager() { // from class: sun.security.tools.KeyTool.2
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    throw new UnsupportedOperationException();
                }

                @Override // javax.net.ssl.X509ExtendedTrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                    throw new UnsupportedOperationException();
                }

                @Override // javax.net.ssl.X509ExtendedTrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                    throw new UnsupportedOperationException();
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    for (int i = 0; i < x509CertificateArr.length; i++) {
                        X509Certificate x509Certificate = x509CertificateArr[i];
                        try {
                            if (KeyTool.this.rfc) {
                                KeyTool.this.dumpCert(x509Certificate, printStream);
                            } else {
                                printStream.println("Certificate #" + i);
                                printStream.println("====================================");
                                KeyTool.this.printX509Cert(x509Certificate, printStream);
                                printStream.println();
                            }
                        } catch (Exception e) {
                            if (KeyTool.this.debug) {
                                e.printStackTrace();
                            }
                        }
                    }
                    if (x509CertificateArr.length > 0) {
                        zArr[0] = true;
                    }
                }

                @Override // javax.net.ssl.X509ExtendedTrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                    checkServerTrusted(x509CertificateArr, str);
                }

                @Override // javax.net.ssl.X509ExtendedTrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                    checkServerTrusted(x509CertificateArr, str);
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }}, null);
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: sun.security.tools.KeyTool.3
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
            Exception e = null;
            try {
                new URL("https://" + this.sslserver).openConnection().connect();
            } catch (Exception e2) {
                e = e2;
            }
            if (zArr[0]) {
                return;
            }
            Exception exc = new Exception(rb.getString("No.certificate.from.the.SSL.server"));
            if (e == null) {
                throw exc;
            }
            exc.initCause(e);
            throw exc;
        }
        JarFile jarFile = new JarFile(this.jarfile, true);
        Enumeration<JarEntry> entries = jarFile.entries();
        HashSet hashSet = new HashSet();
        byte[] bArr = new byte[8192];
        int i = 0;
        while (true) {
            int i2 = i;
            if (!entries.hasMoreElements()) {
                break;
            }
            JarEntry nextElement = entries.nextElement();
            try {
                InputStream inputStream4 = jarFile.getInputStream(nextElement);
                do {
                    try {
                    } catch (Throwable th) {
                        th = th;
                        inputStream2 = inputStream4;
                        if (inputStream2 != null) {
                            inputStream2.close();
                        }
                        throw th;
                    }
                } while (inputStream4.read(bArr) != -1);
                if (inputStream4 != null) {
                    inputStream4.close();
                }
                CodeSigner[] codeSigners = nextElement.getCodeSigners();
                if (codeSigners != null) {
                    i = i2;
                    for (CodeSigner codeSigner : codeSigners) {
                        if (!hashSet.contains(codeSigner)) {
                            hashSet.add(codeSigner);
                            int i3 = i + 1;
                            printStream.printf(rb.getString("Signer.d."), Integer.valueOf(i3));
                            printStream.println();
                            printStream.println();
                            printStream.println(rb.getString("Signature."));
                            printStream.println();
                            Iterator<? extends Certificate> it = codeSigner.getSignerCertPath().getCertificates().iterator();
                            while (it.hasNext()) {
                                X509Certificate x509Certificate = (X509Certificate) it.next();
                                if (this.rfc) {
                                    printStream.println(rb.getString("Certificate.owner.") + x509Certificate.getSubjectDN() + "\n");
                                    dumpCert(x509Certificate, printStream);
                                } else {
                                    printX509Cert(x509Certificate, printStream);
                                }
                                printStream.println();
                            }
                            Timestamp timestamp = codeSigner.getTimestamp();
                            if (timestamp != null) {
                                printStream.println(rb.getString("Timestamp."));
                                printStream.println();
                                Iterator<? extends Certificate> it2 = timestamp.getSignerCertPath().getCertificates().iterator();
                                while (it2.hasNext()) {
                                    X509Certificate x509Certificate2 = (X509Certificate) it2.next();
                                    if (this.rfc) {
                                        printStream.println(rb.getString("Certificate.owner.") + x509Certificate2.getSubjectDN() + "\n");
                                        dumpCert(x509Certificate2, printStream);
                                    } else {
                                        printX509Cert(x509Certificate2, printStream);
                                    }
                                    printStream.println();
                                }
                            }
                            i = i3;
                        }
                    }
                } else {
                    i = i2;
                }
            } catch (Throwable th2) {
                th = th2;
                inputStream2 = null;
            }
        }
        jarFile.close();
        if (hashSet.size() == 0) {
            printStream.println(rb.getString("Not.a.signed.jar.file"));
        }
    }

    private void doPrintCertReq(InputStream inputStream, PrintStream printStream) throws Exception {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        StringBuffer stringBuffer = new StringBuffer();
        boolean z = false;
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            if (z) {
                if (readLine.startsWith("-----")) {
                    break;
                } else {
                    stringBuffer.append(readLine);
                }
            } else if (readLine.startsWith("-----")) {
                z = true;
            }
        }
        PKCS10 pkcs10 = new PKCS10(new BASE64Decoder().decodeBuffer(new String(stringBuffer)));
        PublicKey subjectPublicKeyInfo = pkcs10.getSubjectPublicKeyInfo();
        printStream.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."), pkcs10.getSubjectName(), subjectPublicKeyInfo.getFormat(), subjectPublicKeyInfo.getAlgorithm());
        for (PKCS10Attribute pKCS10Attribute : pkcs10.getAttributes().getAttributes()) {
            if (pKCS10Attribute.getAttributeId().equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) {
                CertificateExtensions certificateExtensions = (CertificateExtensions) pKCS10Attribute.getAttributeValue();
                if (certificateExtensions != null) {
                    printExtensions(rb.getString("Extension.Request."), certificateExtensions, printStream);
                }
            } else {
                printStream.println(pKCS10Attribute.getAttributeId());
                printStream.println(pKCS10Attribute.getAttributeValue());
            }
        }
        if (this.debug) {
            printStream.println(pkcs10);
        }
    }

    private void doPrintEntries(PrintStream printStream) throws Exception {
        if (this.storePass != null || KeyStoreUtil.isWindowsKeyStore(this.storetype)) {
            printStream.println();
        } else {
            printWarning();
        }
        printStream.println(rb.getString("Keystore.type.") + this.keyStore.getType());
        printStream.println(rb.getString("Keystore.provider.") + this.keyStore.getProvider().getName());
        printStream.println();
        printStream.println((this.keyStore.size() == 1 ? new MessageFormat(rb.getString("Your.keystore.contains.keyStore.size.entry")) : new MessageFormat(rb.getString("Your.keystore.contains.keyStore.size.entries"))).format(new Object[]{new Integer(this.keyStore.size())}));
        printStream.println();
        Enumeration<String> aliases = this.keyStore.aliases();
        while (aliases.hasMoreElements()) {
            doPrintEntry(aliases.nextElement(), printStream, false);
            if (this.verbose || this.rfc) {
                printStream.println(rb.getString("NEWLINE"));
                printStream.println(rb.getString("STAR"));
                printStream.println(rb.getString("STARNN"));
            }
        }
    }

    private void doPrintEntry(String str, PrintStream printStream, boolean z) throws Exception {
        if (this.storePass == null && z && !KeyStoreUtil.isWindowsKeyStore(this.storetype)) {
            printWarning();
        }
        if (!this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.does.not.exist")).format(new Object[]{str}));
        }
        if (this.verbose || this.rfc || this.debug) {
            printStream.println(new MessageFormat(rb.getString("Alias.name.alias")).format(new Object[]{str}));
            if (!this.token) {
                printStream.println(new MessageFormat(rb.getString("Creation.date.keyStore.getCreationDate.alias.")).format(new Object[]{this.keyStore.getCreationDate(str)}));
            }
        } else if (this.token) {
            printStream.print(new MessageFormat(rb.getString("alias.")).format(new Object[]{str}));
        } else {
            printStream.print(new MessageFormat(rb.getString("alias.keyStore.getCreationDate.alias.")).format(new Object[]{str, this.keyStore.getCreationDate(str)}));
        }
        if (this.keyStore.entryInstanceOf(str, KeyStore.SecretKeyEntry.class)) {
            if (this.verbose || this.rfc || this.debug) {
                printStream.println(new MessageFormat(rb.getString("Entry.type.type.")).format(new Object[]{"SecretKeyEntry"}));
                return;
            } else {
                printStream.println("SecretKeyEntry, ");
                return;
            }
        }
        if (!this.keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class)) {
            if (!this.keyStore.entryInstanceOf(str, KeyStore.TrustedCertificateEntry.class)) {
                printStream.println(rb.getString("Unknown.Entry.Type"));
                return;
            }
            Certificate certificate = this.keyStore.getCertificate(str);
            String str2 = new MessageFormat(rb.getString("Entry.type.type.")).format(new Object[]{"trustedCertEntry"}) + "\n";
            if (this.verbose && (certificate instanceof X509Certificate)) {
                printStream.println(str2);
                printX509Cert((X509Certificate) certificate, printStream);
                return;
            } else if (this.rfc) {
                printStream.println(str2);
                dumpCert(certificate, printStream);
                return;
            } else if (this.debug) {
                printStream.println(certificate.toString());
                return;
            } else {
                printStream.println("trustedCertEntry, ");
                printStream.println(rb.getString("Certificate.fingerprint.SHA1.") + getCertFingerPrint("SHA1", certificate));
                return;
            }
        }
        if (this.verbose || this.rfc || this.debug) {
            printStream.println(new MessageFormat(rb.getString("Entry.type.type.")).format(new Object[]{"PrivateKeyEntry"}));
        } else {
            printStream.println("PrivateKeyEntry, ");
        }
        Certificate[] certificateChain = this.keyStore.getCertificateChain(str);
        if (certificateChain != null) {
            if (!this.verbose && !this.rfc && !this.debug) {
                printStream.println(rb.getString("Certificate.fingerprint.SHA1.") + getCertFingerPrint("SHA1", certificateChain[0]));
                return;
            }
            printStream.println(rb.getString("Certificate.chain.length.") + certificateChain.length);
            for (int i = 0; i < certificateChain.length; i++) {
                printStream.println(new MessageFormat(rb.getString("Certificate.i.1.")).format(new Object[]{new Integer(i + 1)}));
                if (this.verbose && (certificateChain[i] instanceof X509Certificate)) {
                    printX509Cert((X509Certificate) certificateChain[i], printStream);
                } else if (this.debug) {
                    printStream.println(certificateChain[i].toString());
                } else {
                    dumpCert(certificateChain[i], printStream);
                }
            }
        }
    }

    private void doSelfCert(String str, String str2, String str3) throws Exception {
        X500Name x500Name;
        if (str == null) {
            str = "mykey";
        }
        Pair<Key, char[]> recoverKey = recoverKey(str, this.storePass, this.keyPass);
        PrivateKey privateKey = (PrivateKey) recoverKey.fst;
        if (this.keyPass == null) {
            this.keyPass = recoverKey.snd;
        }
        if (str3 == null) {
            str3 = getCompatibleSigAlgName(privateKey.getAlgorithm());
        }
        Certificate certificate = this.keyStore.getCertificate(str);
        if (certificate == null) {
            throw new Exception(new MessageFormat(rb.getString("alias.has.no.public.key")).format(new Object[]{str}));
        }
        if (!(certificate instanceof X509Certificate)) {
            throw new Exception(new MessageFormat(rb.getString("alias.has.no.X.509.certificate")).format(new Object[]{str}));
        }
        X509CertInfo x509CertInfo = (X509CertInfo) new X509CertImpl(certificate.getEncoded()).get(X509CertInfo.IDENT);
        Date startDate = getStartDate(this.startDate);
        Date date = new Date();
        date.setTime(startDate.getTime() + (this.validity * 1000 * 24 * 60 * 60));
        x509CertInfo.set("validity", new CertificateValidity(startDate, date));
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(new Random().nextInt() & Integer.MAX_VALUE));
        if (str2 == null) {
            x500Name = (X500Name) x509CertInfo.get("subject.dname");
        } else {
            x500Name = new X500Name(str2);
            x509CertInfo.set("subject.dname", x500Name);
        }
        x509CertInfo.set("issuer.dname", x500Name);
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(privateKey, str3);
        x509CertInfo.set("algorithmID.algorithm", (AlgorithmId) x509CertImpl.get(X509CertImpl.SIG_ALG));
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set("extensions", createV3Extensions(null, (CertificateExtensions) x509CertInfo.get("extensions"), this.v3ext, certificate.getPublicKey(), null));
        X509CertImpl x509CertImpl2 = new X509CertImpl(x509CertInfo);
        x509CertImpl2.sign(privateKey, str3);
        this.keyStore.setKeyEntry(str, privateKey, this.keyPass != null ? this.keyPass : this.storePass, new Certificate[]{x509CertImpl2});
        if (this.verbose) {
            System.err.println(rb.getString("New.certificate.self.signed."));
            System.err.print(x509CertImpl2.toString());
            System.err.println();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void dumpCert(Certificate certificate, PrintStream printStream) throws IOException, CertificateException {
        if (!this.rfc) {
            printStream.write(certificate.getEncoded());
            return;
        }
        BASE64Encoder bASE64Encoder = new BASE64Encoder();
        printStream.println(X509Factory.BEGIN_CERT);
        bASE64Encoder.encodeBuffer(certificate.getEncoded(), printStream);
        printStream.println(X509Factory.END_CERT);
    }

    private static <T> Iterable<T> e2i(final Enumeration<T> enumeration) {
        return new Iterable<T>() { // from class: sun.security.tools.KeyTool.1
            @Override // java.lang.Iterable
            public Iterator<T> iterator() {
                return new Iterator<T>() { // from class: sun.security.tools.KeyTool.1.1
                    @Override // java.util.Iterator
                    public boolean hasNext() {
                        return enumeration.hasMoreElements();
                    }

                    @Override // java.util.Iterator
                    public T next() {
                        return (T) enumeration.nextElement();
                    }

                    @Override // java.util.Iterator
                    public void remove() {
                        throw new UnsupportedOperationException("Not supported yet.");
                    }
                };
            }
        };
    }

    private void errorNeedArgument(String str) {
        System.err.println(new MessageFormat(rb.getString("Command.option.flag.needs.an.argument.")).format(new Object[]{str}));
        tinyHelp();
    }

    private Certificate[] establishCertChain(Certificate certificate, Certificate certificate2) throws Exception {
        if (certificate != null) {
            if (!certificate.getPublicKey().equals(certificate2.getPublicKey())) {
                throw new Exception(rb.getString("Public.keys.in.reply.and.keystore.don.t.match"));
            }
            if (certificate2.equals(certificate)) {
                throw new Exception(rb.getString("Certificate.reply.and.certificate.in.keystore.are.identical"));
            }
        }
        Hashtable<Principal, Vector<Certificate>> hashtable = null;
        if (this.keyStore.size() > 0) {
            hashtable = new Hashtable<>(11);
            keystorecerts2Hashtable(this.keyStore, hashtable);
        }
        if (this.trustcacerts && this.caks != null && this.caks.size() > 0) {
            if (hashtable == null) {
                hashtable = new Hashtable<>(11);
            }
            keystorecerts2Hashtable(this.caks, hashtable);
        }
        Vector<Certificate> vector = new Vector<>(2);
        if (!buildChain((X509Certificate) certificate2, vector, hashtable)) {
            throw new Exception(rb.getString("Failed.to.establish.chain.from.reply"));
        }
        Certificate[] certificateArr = new Certificate[vector.size()];
        int i = 0;
        for (int size = vector.size() - 1; size >= 0; size--) {
            certificateArr[i] = vector.elementAt(size);
            i++;
        }
        return certificateArr;
    }

    private ObjectIdentifier findOidForExtName(String str) throws Exception {
        switch (oneOf(str, extSupported)) {
            case 0:
                return PKIXExtensions.BasicConstraints_Id;
            case 1:
                return PKIXExtensions.KeyUsage_Id;
            case 2:
                return PKIXExtensions.ExtendedKeyUsage_Id;
            case 3:
                return PKIXExtensions.SubjectAlternativeName_Id;
            case 4:
                return PKIXExtensions.IssuerAlternativeName_Id;
            case 5:
                return PKIXExtensions.SubjectInfoAccess_Id;
            case 6:
                return PKIXExtensions.AuthInfoAccess_Id;
            case 7:
            default:
                return new ObjectIdentifier(str);
            case 8:
                return PKIXExtensions.CRLDistributionPoints_Id;
        }
    }

    private String getAlias(String str) throws Exception {
        if (str != null) {
            System.err.print(new MessageFormat(rb.getString("Enter.prompt.alias.name.")).format(new Object[]{str}));
        } else {
            System.err.print(rb.getString("Enter.alias.name."));
        }
        return new BufferedReader(new InputStreamReader(System.in)).readLine();
    }

    public static KeyStore getCacertsKeyStore() throws Exception {
        FileInputStream fileInputStream;
        Throwable th;
        KeyStore keyStore = null;
        String str = File.separator;
        File file = new File(System.getProperty("java.home") + str + "lib" + str + "security" + str + "cacerts");
        if (file.exists()) {
            try {
                fileInputStream = new FileInputStream(file);
            } catch (Throwable th2) {
                fileInputStream = null;
                th = th2;
            }
            try {
                keyStore = KeyStore.getInstance(JKS);
                keyStore.load(fileInputStream, null);
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            } catch (Throwable th3) {
                th = th3;
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }
        return keyStore;
    }

    private String getCertFingerPrint(String str, Certificate certificate) throws Exception {
        return toHexString(MessageDigest.getInstance(str).digest(certificate.getEncoded()));
    }

    private static String getCompatibleSigAlgName(String str) throws Exception {
        if ("DSA".equalsIgnoreCase(str)) {
            return "SHA1WithDSA";
        }
        if (RSAUtils.KEY_ALGORITHM.equalsIgnoreCase(str)) {
            return "SHA256WithRSA";
        }
        if ("EC".equalsIgnoreCase(str)) {
            return "SHA256withECDSA";
        }
        throw new Exception(rb.getString("Cannot.derive.signature.algorithm"));
    }

    private char[] getKeyPasswd(String str, String str2, char[] cArr) throws Exception {
        char[] readPassword;
        int i = 0;
        do {
            if (cArr != null) {
                System.err.println(new MessageFormat(rb.getString("Enter.key.password.for.alias.")).format(new Object[]{str}));
                System.err.print(new MessageFormat(rb.getString(".RETURN.if.same.as.for.otherAlias.")).format(new Object[]{str2}));
            } else {
                System.err.print(new MessageFormat(rb.getString("Enter.key.password.for.alias.")).format(new Object[]{str}));
            }
            System.err.flush();
            readPassword = Password.readPassword(System.in);
            this.passwords.add(readPassword);
            if (readPassword == null) {
                readPassword = cArr;
            }
            i++;
            if (readPassword != null) {
                break;
            }
        } while (i < 3);
        if (readPassword == null) {
            throw new Exception(rb.getString("Too.many.failures.try.later"));
        }
        return readPassword;
    }

    private char[] getNewPasswd(String str, char[] cArr) throws Exception {
        char[] cArr2 = null;
        for (int i = 0; i < 3; i++) {
            System.err.print(new MessageFormat(rb.getString("New.prompt.")).format(new Object[]{str}));
            char[] readPassword = Password.readPassword(System.in);
            this.passwords.add(readPassword);
            if (readPassword == null || readPassword.length < 6) {
                System.err.println(rb.getString("Password.is.too.short.must.be.at.least.6.characters"));
            } else if (Arrays.equals(readPassword, cArr)) {
                System.err.println(rb.getString("Passwords.must.differ"));
            } else {
                System.err.print(new MessageFormat(rb.getString("Re.enter.new.prompt.")).format(new Object[]{str}));
                cArr2 = Password.readPassword(System.in);
                this.passwords.add(cArr2);
                if (Arrays.equals(readPassword, cArr2)) {
                    Arrays.fill(cArr2, ' ');
                    return readPassword;
                }
                System.err.println(rb.getString("They.don.t.match.Try.again"));
            }
            if (readPassword != null) {
                Arrays.fill(readPassword, ' ');
            }
            if (cArr2 != null) {
                Arrays.fill(cArr2, ' ');
                cArr2 = null;
            }
        }
        throw new Exception(rb.getString("Too.many.failures.try.later"));
    }

    private char[] getPass(String str, String str2) {
        char[] passWithModifier = getPassWithModifier(str, str2);
        if (passWithModifier != null) {
            return passWithModifier;
        }
        tinyHelp();
        return null;
    }

    public static char[] getPassWithModifier(String str, String str2) {
        URL url;
        if (str == null) {
            return str2.toCharArray();
        }
        if (collator.compare(str, "env") == 0) {
            String str3 = System.getenv(str2);
            if (str3 != null) {
                return str3.toCharArray();
            }
            System.err.println(rb.getString("Cannot.find.environment.variable.") + str2);
            return null;
        }
        if (collator.compare(str, "file") != 0) {
            System.err.println(rb.getString("Unknown.password.type.") + str);
            return null;
        }
        try {
            try {
                url = new URL(str2);
            } catch (MalformedURLException e) {
                File file = new File(str2);
                if (!file.exists()) {
                    System.err.println(rb.getString("Cannot.find.file.") + str2);
                    return null;
                }
                url = file.toURI().toURL();
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(url.openStream()));
            String readLine = bufferedReader.readLine();
            bufferedReader.close();
            return readLine == null ? new char[0] : readLine.toCharArray();
        } catch (IOException e2) {
            System.err.println(e2);
            return null;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:48:0x0059  */
    /* JADX WARN: Removed duplicated region for block: B:69:0x0052 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.util.Date getStartDate(java.lang.String r13) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 338
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.tools.KeyTool.getStartDate(java.lang.String):java.util.Date");
    }

    private static Certificate getTrustedSigner(Certificate certificate, KeyStore keyStore) throws Exception {
        if (keyStore.getCertificateAlias(certificate) != null) {
            return certificate;
        }
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate2 = keyStore.getCertificate(aliases.nextElement());
            if (certificate2 != null) {
                try {
                    certificate.verify(certificate2.getPublicKey());
                    return certificate2;
                } catch (Exception e) {
                }
            }
        }
        return null;
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x00bc, code lost:
    
        java.lang.System.err.println();
     */
    /* JADX WARN: Code restructure failed: missing block: B:11:0x00c1, code lost:
    
        return r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private sun.security.x509.X500Name getX500Name() throws java.io.IOException {
        /*
            r13 = this;
            java.io.BufferedReader r8 = new java.io.BufferedReader
            java.io.InputStreamReader r0 = new java.io.InputStreamReader
            java.io.InputStream r1 = java.lang.System.in
            r0.<init>(r1)
            r8.<init>(r0)
            java.lang.String r1 = "Unknown"
            java.lang.String r2 = "Unknown"
            java.lang.String r3 = "Unknown"
            java.lang.String r4 = "Unknown"
            java.lang.String r5 = "Unknown"
            java.lang.String r6 = "Unknown"
            r0 = 20
        L1a:
            int r7 = r0 + (-1)
            if (r0 >= 0) goto L2c
            java.lang.RuntimeException r0 = new java.lang.RuntimeException
            java.util.ResourceBundle r1 = sun.security.tools.KeyTool.rb
            java.lang.String r2 = "Too.many.retries.program.terminated"
            java.lang.String r1 = r1.getString(r2)
            r0.<init>(r1)
            throw r0
        L2c:
            java.util.ResourceBundle r0 = sun.security.tools.KeyTool.rb
            java.lang.String r9 = "What.is.your.first.and.last.name."
            java.lang.String r0 = r0.getString(r9)
            java.lang.String r1 = r13.inputString(r8, r0, r1)
            java.util.ResourceBundle r0 = sun.security.tools.KeyTool.rb
            java.lang.String r9 = "What.is.the.name.of.your.organizational.unit."
            java.lang.String r0 = r0.getString(r9)
            java.lang.String r2 = r13.inputString(r8, r0, r2)
            java.util.ResourceBundle r0 = sun.security.tools.KeyTool.rb
            java.lang.String r9 = "What.is.the.name.of.your.organization."
            java.lang.String r0 = r0.getString(r9)
            java.lang.String r3 = r13.inputString(r8, r0, r3)
            java.util.ResourceBundle r0 = sun.security.tools.KeyTool.rb
            java.lang.String r9 = "What.is.the.name.of.your.City.or.Locality."
            java.lang.String r0 = r0.getString(r9)
            java.lang.String r4 = r13.inputString(r8, r0, r4)
            java.util.ResourceBundle r0 = sun.security.tools.KeyTool.rb
            java.lang.String r9 = "What.is.the.name.of.your.State.or.Province."
            java.lang.String r0 = r0.getString(r9)
            java.lang.String r5 = r13.inputString(r8, r0, r5)
            java.util.ResourceBundle r0 = sun.security.tools.KeyTool.rb
            java.lang.String r9 = "What.is.the.two.letter.country.code.for.this.unit."
            java.lang.String r0 = r0.getString(r9)
            java.lang.String r6 = r13.inputString(r8, r0, r6)
            sun.security.x509.X500Name r0 = new sun.security.x509.X500Name
            r0.<init>(r1, r2, r3, r4, r5, r6)
            java.text.MessageFormat r9 = new java.text.MessageFormat
            java.util.ResourceBundle r10 = sun.security.tools.KeyTool.rb
            java.lang.String r11 = "Is.name.correct."
            java.lang.String r10 = r10.getString(r11)
            r9.<init>(r10)
            r10 = 1
            java.lang.Object[] r10 = new java.lang.Object[r10]
            r11 = 0
            r10[r11] = r0
            java.lang.String r9 = r9.format(r10)
            java.util.ResourceBundle r10 = sun.security.tools.KeyTool.rb
            java.lang.String r11 = "no"
            java.lang.String r10 = r10.getString(r11)
            java.lang.String r9 = r13.inputString(r8, r9, r10)
            java.text.Collator r10 = sun.security.tools.KeyTool.collator
            java.util.ResourceBundle r11 = sun.security.tools.KeyTool.rb
            java.lang.String r12 = "yes"
            java.lang.String r11 = r11.getString(r12)
            int r10 = r10.compare(r9, r11)
            if (r10 == 0) goto Lbc
            java.text.Collator r10 = sun.security.tools.KeyTool.collator
            java.util.ResourceBundle r11 = sun.security.tools.KeyTool.rb
            java.lang.String r12 = "y"
            java.lang.String r11 = r11.getString(r12)
            int r9 = r10.compare(r9, r11)
            if (r9 != 0) goto Lc2
        Lbc:
            java.io.PrintStream r1 = java.lang.System.err
            r1.println()
            return r0
        Lc2:
            r0 = r7
            goto L1a
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.tools.KeyTool.getX500Name():sun.security.x509.X500Name");
    }

    private String getYesNoReply(String str) throws IOException {
        String str2;
        int i = 20;
        while (true) {
            int i2 = i - 1;
            if (i < 0) {
                throw new RuntimeException(rb.getString("Too.many.retries.program.terminated"));
            }
            System.err.print(str);
            System.err.flush();
            String readLine = new BufferedReader(new InputStreamReader(System.in)).readLine();
            if (collator.compare(readLine, "") == 0 || collator.compare(readLine, rb.getString("n")) == 0 || collator.compare(readLine, rb.getString("no")) == 0) {
                str2 = "NO";
            } else if (collator.compare(readLine, rb.getString("y")) == 0 || collator.compare(readLine, rb.getString("yes")) == 0) {
                str2 = "YES";
            } else {
                System.err.println(rb.getString("Wrong.answer.try.again"));
                str2 = null;
            }
            if (str2 != null) {
                return str2;
            }
            i = i2;
        }
    }

    private String inputString(BufferedReader bufferedReader, String str, String str2) throws IOException {
        System.err.println(str);
        System.err.print(new MessageFormat(rb.getString(".defaultValue.")).format(new Object[]{str2}));
        System.err.flush();
        String readLine = bufferedReader.readLine();
        return (readLine == null || collator.compare(readLine, "") == 0) ? str2 : readLine;
    }

    private String inputStringFromStdin(String str) throws Exception {
        System.err.print(str);
        return new BufferedReader(new InputStreamReader(System.in)).readLine();
    }

    private boolean installReply(String str, InputStream inputStream) throws Exception {
        if (str == null) {
            str = "mykey";
        }
        Pair<Key, char[]> recoverKey = recoverKey(str, this.storePass, this.keyPass);
        PrivateKey privateKey = (PrivateKey) recoverKey.fst;
        if (this.keyPass == null) {
            this.keyPass = recoverKey.snd;
        }
        Certificate certificate = this.keyStore.getCertificate(str);
        if (certificate == null) {
            throw new Exception(new MessageFormat(rb.getString("alias.has.no.public.key.certificate.")).format(new Object[]{str}));
        }
        Collection<? extends Certificate> generateCertificates = this.cf.generateCertificates(inputStream);
        if (generateCertificates.isEmpty()) {
            throw new Exception(rb.getString("Reply.has.no.certificates"));
        }
        Certificate[] certificateArr = (Certificate[]) generateCertificates.toArray(new Certificate[generateCertificates.size()]);
        Certificate[] establishCertChain = certificateArr.length == 1 ? establishCertChain(certificate, certificateArr[0]) : validateReply(str, certificate, certificateArr);
        if (establishCertChain == null) {
            return false;
        }
        this.keyStore.setKeyEntry(str, privateKey, this.keyPass != null ? this.keyPass : this.storePass, establishCertChain);
        return true;
    }

    private boolean isSelfSigned(X509Certificate x509Certificate) {
        return signedBy(x509Certificate, x509Certificate);
    }

    private void keystorecerts2Hashtable(KeyStore keyStore, Hashtable<Principal, Vector<Certificate>> hashtable) throws Exception {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = keyStore.getCertificate(aliases.nextElement());
            if (certificate != null) {
                Principal subjectDN = ((X509Certificate) certificate).getSubjectDN();
                Vector<Certificate> vector = hashtable.get(subjectDN);
                if (vector == null) {
                    vector = new Vector<>();
                    vector.addElement(certificate);
                } else if (!vector.contains(certificate)) {
                    vector.addElement(certificate);
                }
                hashtable.put(subjectDN, vector);
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x000a A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:5:0x0072  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.Collection<? extends java.security.cert.CRL> loadCRLs(java.lang.String r5) throws java.lang.Exception {
        /*
            r4 = 0
            r1 = 0
            if (r5 != 0) goto L34
            java.io.InputStream r0 = java.lang.System.in
            r2 = r1
            r3 = r0
        L8:
            if (r3 == 0) goto L72
            java.io.ByteArrayOutputStream r0 = new java.io.ByteArrayOutputStream     // Catch: java.lang.Throwable -> L69
            r0.<init>()     // Catch: java.lang.Throwable -> L69
            r1 = 4096(0x1000, float:5.74E-42)
            byte[] r1 = new byte[r1]     // Catch: java.lang.Throwable -> L69
        L13:
            int r2 = r3.read(r1)     // Catch: java.lang.Throwable -> L69
            if (r2 >= 0) goto L64
            java.lang.String r1 = "X509"
            java.security.cert.CertificateFactory r1 = java.security.cert.CertificateFactory.getInstance(r1)     // Catch: java.lang.Throwable -> L69
            java.io.ByteArrayInputStream r2 = new java.io.ByteArrayInputStream     // Catch: java.lang.Throwable -> L69
            byte[] r0 = r0.toByteArray()     // Catch: java.lang.Throwable -> L69
            r2.<init>(r0)     // Catch: java.lang.Throwable -> L69
            java.util.Collection r0 = r1.generateCRLs(r2)     // Catch: java.lang.Throwable -> L69
            java.io.InputStream r1 = java.lang.System.in
            if (r3 == r1) goto L33
            r3.close()
        L33:
            return r0
        L34:
            java.net.URI r2 = new java.net.URI     // Catch: java.lang.Exception -> L51
            r2.<init>(r5)     // Catch: java.lang.Exception -> L51
            java.lang.String r0 = r2.getScheme()     // Catch: java.lang.Exception -> L9a
            java.lang.String r3 = "ldap"
            boolean r0 = r0.equals(r3)     // Catch: java.lang.Exception -> L9a
            if (r0 == 0) goto L48
            r0 = r1
        L46:
            r3 = r0
            goto L8
        L48:
            java.net.URL r0 = r2.toURL()     // Catch: java.lang.Exception -> L9a
            java.io.InputStream r0 = r0.openStream()     // Catch: java.lang.Exception -> L9a
            goto L46
        L51:
            r0 = move-exception
            r2 = r1
        L53:
            java.io.FileInputStream r3 = new java.io.FileInputStream     // Catch: java.lang.Exception -> L59
            r3.<init>(r5)     // Catch: java.lang.Exception -> L59
            goto L8
        L59:
            r1 = move-exception
            if (r2 == 0) goto L62
            java.lang.String r2 = r2.getScheme()
            if (r2 != 0) goto L63
        L62:
            throw r1
        L63:
            throw r0
        L64:
            r4 = 0
            r0.write(r1, r4, r2)     // Catch: java.lang.Throwable -> L69
            goto L13
        L69:
            r0 = move-exception
            java.io.InputStream r1 = java.lang.System.in
            if (r3 == r1) goto L71
            r3.close()
        L71:
            throw r0
        L72:
            java.lang.String r0 = r2.getPath()
            char r3 = r0.charAt(r4)
            r4 = 47
            if (r3 != r4) goto L83
            r3 = 1
            java.lang.String r0 = r0.substring(r3)
        L83:
            sun.security.provider.certpath.ldap.LDAPCertStoreHelper r3 = new sun.security.provider.certpath.ldap.LDAPCertStoreHelper
            r3.<init>()
            java.security.cert.CertStore r2 = r3.getCertStore(r2)
            java.security.cert.X509CRLSelector r4 = new java.security.cert.X509CRLSelector
            r4.<init>()
            java.security.cert.X509CRLSelector r0 = r3.wrap(r4, r1, r0)
            java.util.Collection r0 = r2.getCRLs(r0)
            goto L33
        L9a:
            r0 = move-exception
            goto L53
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.tools.KeyTool.loadCRLs(java.lang.String):java.util.Collection");
    }

    public static void main(String[] strArr) throws Exception {
        new KeyTool().run(strArr, System.out);
    }

    private static int oneOf(String str, String... strArr) throws Exception {
        int[] iArr = new int[strArr.length];
        int i = Integer.MAX_VALUE;
        int i2 = 0;
        for (int i3 = 0; i3 < strArr.length; i3++) {
            String str2 = strArr[i3];
            if (str2 == null) {
                i = i3;
            } else if (str2.toLowerCase(Locale.ENGLISH).startsWith(str.toLowerCase(Locale.ENGLISH))) {
                iArr[i2] = i3;
                i2++;
            } else {
                StringBuffer stringBuffer = new StringBuffer();
                char[] charArray = str2.toCharArray();
                boolean z = true;
                for (char c : charArray) {
                    if (z) {
                        stringBuffer.append(c);
                        z = false;
                    } else if (!Character.isLowerCase(c)) {
                        stringBuffer.append(c);
                    }
                }
                if (stringBuffer.toString().equalsIgnoreCase(str)) {
                    iArr[i2] = i3;
                    i2++;
                }
            }
        }
        if (i2 == 0) {
            return -1;
        }
        if (i2 != 1 && iArr[1] <= i) {
            StringBuffer stringBuffer2 = new StringBuffer();
            stringBuffer2.append(new MessageFormat(rb.getString("command.{0}.is.ambiguous.")).format(new Object[]{str}));
            stringBuffer2.append("\n    ");
            for (int i4 = 0; i4 < i2 && iArr[i4] < i; i4++) {
                stringBuffer2.append(' ');
                stringBuffer2.append(strArr[iArr[i4]]);
            }
            throw new Exception(stringBuffer2.toString());
        }
        return iArr[0];
    }

    private void printCRL(CRL crl, PrintStream printStream) throws Exception {
        if (!this.rfc) {
            printStream.println(crl.toString());
            return;
        }
        printStream.println("-----BEGIN X509 CRL-----");
        new BASE64Encoder().encodeBuffer(((X509CRL) crl).getEncoded(), printStream);
        printStream.println("-----END X509 CRL-----");
    }

    private void printCertFromStream(InputStream inputStream, PrintStream printStream) throws Exception {
        try {
            Collection<? extends Certificate> generateCertificates = this.cf.generateCertificates(inputStream);
            if (generateCertificates.isEmpty()) {
                throw new Exception(rb.getString("Empty.input"));
            }
            Certificate[] certificateArr = (Certificate[]) generateCertificates.toArray(new Certificate[generateCertificates.size()]);
            for (int i = 0; i < certificateArr.length; i++) {
                try {
                    X509Certificate x509Certificate = (X509Certificate) certificateArr[i];
                    if (certificateArr.length > 1) {
                        printStream.println(new MessageFormat(rb.getString("Certificate.i.1.")).format(new Object[]{new Integer(i + 1)}));
                    }
                    if (this.rfc) {
                        dumpCert(x509Certificate, printStream);
                    } else {
                        printX509Cert(x509Certificate, printStream);
                    }
                    if (i < certificateArr.length - 1) {
                        printStream.println();
                    }
                } catch (ClassCastException e) {
                    throw new Exception(rb.getString("Not.X.509.certificate"));
                }
            }
        } catch (CertificateException e2) {
            throw new Exception(rb.getString("Failed.to.parse.input"), e2);
        }
    }

    private static void printExtensions(String str, CertificateExtensions certificateExtensions, PrintStream printStream) throws Exception {
        int i = 0;
        Iterator<Extension> it = certificateExtensions.getAllExtensions().iterator();
        Iterator<Extension> it2 = certificateExtensions.getUnparseableExtensions().values().iterator();
        while (true) {
            int i2 = i;
            if (!it.hasNext() && !it2.hasNext()) {
                return;
            }
            Extension next = it.hasNext() ? it.next() : it2.next();
            if (i2 == 0) {
                printStream.println();
                printStream.println(str);
                printStream.println();
            }
            i = i2 + 1;
            printStream.print("#" + i + ": " + next);
            if (next.getClass() == Extension.class) {
                if (next.getExtensionValue().length == 0) {
                    printStream.println(rb.getString(".Empty.value."));
                } else {
                    new HexDumpEncoder().encodeBuffer(next.getExtensionValue(), printStream);
                    printStream.println();
                }
            }
            printStream.println();
        }
    }

    private void printWarning() {
        System.err.println();
        System.err.println(rb.getString(".WARNING.WARNING.WARNING."));
        System.err.println(rb.getString(".The.integrity.of.the.information.stored.in.your.keystore."));
        System.err.println(rb.getString(".WARNING.WARNING.WARNING."));
        System.err.println();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void printX509Cert(X509Certificate x509Certificate, PrintStream printStream) throws Exception {
        CertificateExtensions certificateExtensions;
        printStream.println(new MessageFormat(rb.getString(".PATTERN.printX509Cert")).format(new Object[]{x509Certificate.getSubjectDN().toString(), x509Certificate.getIssuerDN().toString(), x509Certificate.getSerialNumber().toString(16), x509Certificate.getNotBefore().toString(), x509Certificate.getNotAfter().toString(), getCertFingerPrint("MD5", x509Certificate), getCertFingerPrint("SHA1", x509Certificate), getCertFingerPrint(com.adjust.sdk.Constants.SHA256, x509Certificate), x509Certificate.getSigAlgName(), Integer.valueOf(x509Certificate.getVersion())}));
        if (!(x509Certificate instanceof X509CertImpl) || (certificateExtensions = (CertificateExtensions) ((X509CertInfo) ((X509CertImpl) x509Certificate).get(X509CertInfo.IDENT)).get("extensions")) == null) {
            return;
        }
        printExtensions(rb.getString("Extensions."), certificateExtensions, printStream);
    }

    private char[] promptForKeyPass(String str, String str2, char[] cArr) throws Exception {
        if (P12KEYSTORE.equalsIgnoreCase(this.storetype)) {
            return cArr;
        }
        if (!this.token && !this.protectedPath) {
            int i = 0;
            while (i < 3) {
                System.err.println(new MessageFormat(rb.getString("Enter.key.password.for.alias.")).format(new Object[]{str}));
                if (str2 == null) {
                    System.err.print(rb.getString(".RETURN.if.same.as.keystore.password."));
                } else {
                    System.err.print(new MessageFormat(rb.getString(".RETURN.if.same.as.for.otherAlias.")).format(new Object[]{str2}));
                }
                System.err.flush();
                char[] readPassword = Password.readPassword(System.in);
                this.passwords.add(readPassword);
                if (readPassword == null) {
                    return cArr;
                }
                if (readPassword.length >= 6) {
                    System.err.print(rb.getString("Re.enter.new.password."));
                    char[] readPassword2 = Password.readPassword(System.in);
                    this.passwords.add(readPassword2);
                    if (Arrays.equals(readPassword, readPassword2)) {
                        return readPassword;
                    }
                    System.err.println(rb.getString("They.don.t.match.Try.again"));
                } else {
                    System.err.println(rb.getString("Key.password.is.too.short.must.be.at.least.6.characters"));
                }
                i++;
            }
            if (i == 3) {
                if (this.command == Command.KEYCLONE) {
                    throw new Exception(rb.getString("Too.many.failures.Key.entry.not.cloned"));
                }
                throw new Exception(rb.getString("Too.many.failures.key.not.added.to.keystore"));
            }
        }
        return null;
    }

    public static List<CRL> readCRLsFromCert(X509Certificate x509Certificate) throws Exception {
        ArrayList arrayList = new ArrayList();
        CRLDistributionPointsExtension cRLDistributionPointsExtension = X509CertImpl.toImpl(x509Certificate).getCRLDistributionPointsExtension();
        if (cRLDistributionPointsExtension == null) {
            return arrayList;
        }
        Iterator it = ((List) cRLDistributionPointsExtension.get(CRLDistributionPointsExtension.POINTS)).iterator();
        while (it.hasNext()) {
            GeneralNames fullName = ((DistributionPoint) it.next()).getFullName();
            if (fullName != null) {
                Iterator<GeneralName> it2 = fullName.names().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        GeneralName next = it2.next();
                        if (next.getType() == 6) {
                            for (CRL crl : loadCRLs(((URIName) next.getName()).getName())) {
                                if (crl instanceof X509CRL) {
                                    arrayList.add((X509CRL) crl);
                                }
                            }
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    private Pair<KeyStore.Entry, char[]> recoverEntry(KeyStore keyStore, String str, char[] cArr, char[] cArr2) throws Exception {
        KeyStore.Entry entry;
        if (!keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.does.not.exist")).format(new Object[]{str}));
        }
        try {
            entry = keyStore.getEntry(str, null);
            cArr2 = null;
        } catch (UnrecoverableEntryException e) {
            if (P11KEYSTORE.equalsIgnoreCase(keyStore.getType()) || KeyStoreUtil.isWindowsKeyStore(keyStore.getType())) {
                throw e;
            }
            if (cArr2 != null) {
                entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr2));
            } else {
                try {
                    entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr));
                    cArr2 = cArr;
                } catch (UnrecoverableEntryException e2) {
                    if (P12KEYSTORE.equalsIgnoreCase(keyStore.getType())) {
                        throw e2;
                    }
                    cArr2 = getKeyPasswd(str, null, null);
                    entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr2));
                }
            }
        }
        return Pair.of(entry, cArr2);
    }

    private Pair<Key, char[]> recoverKey(String str, char[] cArr, char[] cArr2) throws Exception {
        Key key;
        if (!this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.does.not.exist")).format(new Object[]{str}));
        }
        if (!this.keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class) && !this.keyStore.entryInstanceOf(str, KeyStore.SecretKeyEntry.class)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.has.no.key")).format(new Object[]{str}));
        }
        if (cArr2 == null) {
            try {
                key = this.keyStore.getKey(str, cArr);
                this.passwords.add(cArr);
            } catch (UnrecoverableKeyException e) {
                if (this.token) {
                    throw e;
                }
                cArr = getKeyPasswd(str, null, null);
                key = this.keyStore.getKey(str, cArr);
            }
        } else {
            key = this.keyStore.getKey(str, cArr2);
            cArr = cArr2;
        }
        return Pair.of(key, cArr);
    }

    private void run(String[] strArr, PrintStream printStream) throws Exception {
        try {
            try {
                parseArgs(strArr);
                if (this.command != null) {
                    doCommands(printStream);
                }
                for (char[] cArr : this.passwords) {
                    if (cArr != null) {
                        Arrays.fill(cArr, ' ');
                    }
                }
                if (this.ksStream != null) {
                    this.ksStream.close();
                }
            } catch (Exception e) {
                System.out.println(rb.getString("keytool.error.") + e);
                if (this.verbose) {
                    e.printStackTrace(System.out);
                }
                if (this.debug) {
                    throw e;
                }
                System.exit(1);
                for (char[] cArr2 : this.passwords) {
                    if (cArr2 != null) {
                        Arrays.fill(cArr2, ' ');
                    }
                }
                if (this.ksStream != null) {
                    this.ksStream.close();
                }
            }
        } finally {
        }
    }

    private boolean signedBy(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (!x509Certificate2.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
            return false;
        }
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private void tinyHelp() {
        usage();
        if (this.debug) {
            throw new RuntimeException("NO BIG ERROR, SORRY");
        }
        System.exit(1);
    }

    private String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            byte2hex(bArr[i], stringBuffer);
            if (i < length - 1) {
                stringBuffer.append(CertificateUtil.DELIMITER);
            }
        }
        return stringBuffer.toString();
    }

    private void usage() {
        if (this.command == null) {
            System.err.println(rb.getString("Key.and.Certificate.Management.Tool"));
            System.err.println();
            System.err.println(rb.getString("Commands."));
            System.err.println();
            for (Command command : Command.values()) {
                if (command == Command.KEYCLONE) {
                    break;
                }
                System.err.printf(" %-20s%s\n", command, rb.getString(command.description));
            }
            System.err.println();
            System.err.println(rb.getString("Use.keytool.command.name.help.for.usage.of.command.name"));
            return;
        }
        System.err.println("keytool " + this.command + rb.getString(".OPTION."));
        System.err.println();
        System.err.println(rb.getString(this.command.description));
        System.err.println();
        System.err.println(rb.getString("Options."));
        System.err.println();
        String[] strArr = new String[this.command.options.length];
        String[] strArr2 = new String[this.command.options.length];
        int i = 0;
        for (int i2 = 0; i2 < strArr.length; i2++) {
            Option option = this.command.options[i2];
            strArr[i2] = option.toString();
            if (option.arg != null) {
                strArr[i2] = strArr[i2] + " " + option.arg;
            }
            if (strArr[i2].length() > i) {
                i = strArr[i2].length();
            }
            strArr2[i2] = rb.getString(option.description);
        }
        for (int i3 = 0; i3 < strArr.length; i3++) {
            System.err.printf(" %-" + i + "s  %s\n", strArr[i3], strArr2[i3]);
        }
        System.err.println();
        System.err.println(rb.getString("Use.keytool.help.for.all.available.commands"));
    }

    private Certificate[] validateReply(String str, Certificate certificate, Certificate[] certificateArr) throws Exception {
        int i = 1;
        PublicKey publicKey = certificate.getPublicKey();
        int i2 = 0;
        while (i2 < certificateArr.length && !publicKey.equals(certificateArr[i2].getPublicKey())) {
            i2++;
        }
        if (i2 == certificateArr.length) {
            throw new Exception(new MessageFormat(rb.getString("Certificate.reply.does.not.contain.public.key.for.alias.")).format(new Object[]{str}));
        }
        Certificate certificate2 = certificateArr[0];
        certificateArr[0] = certificateArr[i2];
        certificateArr[i2] = certificate2;
        X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
        while (true) {
            int i3 = i;
            X509Certificate x509Certificate2 = x509Certificate;
            if (i3 >= certificateArr.length - 1) {
                if (this.noprompt) {
                    return certificateArr;
                }
                Certificate certificate3 = certificateArr[certificateArr.length - 1];
                Certificate trustedSigner = getTrustedSigner(certificate3, this.keyStore);
                if (trustedSigner == null && this.trustcacerts && this.caks != null) {
                    trustedSigner = getTrustedSigner(certificate3, this.caks);
                }
                if (trustedSigner != null) {
                    if (trustedSigner == certificate3) {
                        return certificateArr;
                    }
                    Certificate[] certificateArr2 = new Certificate[certificateArr.length + 1];
                    System.arraycopy(certificateArr, 0, certificateArr2, 0, certificateArr.length);
                    certificateArr2[certificateArr2.length - 1] = trustedSigner;
                    return certificateArr2;
                }
                System.err.println();
                System.err.println(rb.getString("Top.level.certificate.in.reply."));
                printX509Cert((X509Certificate) certificate3, System.out);
                System.err.println();
                System.err.print(rb.getString(".is.not.trusted."));
                if ("NO".equals(getYesNoReply(rb.getString("Install.reply.anyway.no.")))) {
                    return null;
                }
                return certificateArr;
            }
            int i4 = i3;
            while (true) {
                if (i4 >= certificateArr.length) {
                    x509Certificate = x509Certificate2;
                    break;
                }
                if (signedBy(x509Certificate2, (X509Certificate) certificateArr[i4])) {
                    Certificate certificate4 = certificateArr[i3];
                    certificateArr[i3] = certificateArr[i4];
                    certificateArr[i4] = certificate4;
                    x509Certificate = (X509Certificate) certificateArr[i3];
                    break;
                }
                i4++;
            }
            if (i4 == certificateArr.length) {
                throw new Exception(rb.getString("Incomplete.certificate.chain.in.reply"));
            }
            i = i3 + 1;
        }
    }

    private static String verifyCRL(KeyStore keyStore, CRL crl) throws Exception {
        X500Principal issuerX500Principal = ((X509CRLImpl) crl).getIssuerX500Principal();
        for (String str : e2i(keyStore.aliases())) {
            Certificate certificate = keyStore.getCertificate(str);
            if ((certificate instanceof X509Certificate) && ((X509Certificate) certificate).getSubjectX500Principal().equals(issuerX500Principal)) {
                try {
                    ((X509CRLImpl) crl).verify(certificate.getPublicKey());
                    return str;
                } catch (Exception e) {
                }
            }
        }
        return null;
    }

    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Removed duplicated region for block: B:281:0x09d7  */
    /* JADX WARN: Removed duplicated region for block: B:291:? A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    void doCommands(java.io.PrintStream r14) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 2552
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.tools.KeyTool.doCommands(java.io.PrintStream):void");
    }

    boolean isKeyStoreRelated(Command command) {
        return (command == Command.PRINTCERT || command == Command.PRINTCERTREQ) ? false : true;
    }

    KeyStore loadSourceKeyStore() throws Exception {
        FileInputStream fileInputStream;
        if (P11KEYSTORE.equalsIgnoreCase(this.srcstoretype) || KeyStoreUtil.isWindowsKeyStore(this.srcstoretype)) {
            if (!NONE.equals(this.srcksfname)) {
                System.err.println(MessageFormat.format(rb.getString(".keystore.must.be.NONE.if.storetype.is.{0}"), this.srcstoretype));
                System.err.println();
                tinyHelp();
            }
            fileInputStream = null;
        } else {
            if (this.srcksfname == null) {
                throw new Exception(rb.getString("Please.specify.srckeystore"));
            }
            File file = new File(this.srcksfname);
            if (file.exists() && file.length() == 0) {
                throw new Exception(rb.getString("Source.keystore.file.exists.but.is.empty.") + this.srcksfname);
            }
            fileInputStream = new FileInputStream(file);
        }
        try {
            KeyStore keyStore = this.srcProviderName == null ? KeyStore.getInstance(this.srcstoretype) : KeyStore.getInstance(this.srcstoretype, this.srcProviderName);
            if (this.srcstorePass == null && !this.srcprotectedPath && !KeyStoreUtil.isWindowsKeyStore(this.srcstoretype)) {
                System.err.print(rb.getString("Enter.source.keystore.password."));
                System.err.flush();
                this.srcstorePass = Password.readPassword(System.in);
                this.passwords.add(this.srcstorePass);
            }
            if (P12KEYSTORE.equalsIgnoreCase(this.srcstoretype) && this.srckeyPass != null && this.srcstorePass != null && !Arrays.equals(this.srcstorePass, this.srckeyPass)) {
                System.err.println(new MessageFormat(rb.getString("Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.")).format(new Object[]{"-srckeypass"}));
                this.srckeyPass = this.srcstorePass;
            }
            keyStore.load(fileInputStream, this.srcstorePass);
            if (this.srcstorePass == null && !KeyStoreUtil.isWindowsKeyStore(this.srcstoretype)) {
                System.err.println();
                System.err.println(rb.getString(".WARNING.WARNING.WARNING."));
                System.err.println(rb.getString(".The.integrity.of.the.information.stored.in.the.srckeystore."));
                System.err.println(rb.getString(".WARNING.WARNING.WARNING."));
                System.err.println();
            }
            return keyStore;
        } finally {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
        }
    }

    void parseArgs(String[] strArr) {
        String str;
        boolean z;
        String str2;
        boolean z2 = strArr.length == 0;
        int i = 0;
        while (i < strArr.length && strArr[i].startsWith(Constants.FILENAME_SEQUENCE_SEPARATOR)) {
            String str3 = strArr[i];
            if (i == strArr.length - 1) {
                Option[] values = Option.values();
                int length = values.length;
                int i2 = 0;
                while (true) {
                    if (i2 >= length) {
                        break;
                    }
                    Option option = values[i2];
                    if (collator.compare(str3, option.toString()) != 0) {
                        i2++;
                    } else if (option.arg != null) {
                        errorNeedArgument(str3);
                    }
                }
            }
            int indexOf = str3.indexOf(58);
            if (indexOf > 0) {
                str = str3.substring(indexOf + 1);
                str3 = str3.substring(0, indexOf);
            } else {
                str = null;
            }
            Command[] values2 = Command.values();
            int length2 = values2.length;
            int i3 = 0;
            while (true) {
                if (i3 >= length2) {
                    z = false;
                    break;
                }
                Command command = values2[i3];
                if (collator.compare(str3, command.toString()) == 0) {
                    this.command = command;
                    z = true;
                    break;
                }
                i3++;
            }
            if (!z) {
                if (collator.compare(str3, "-export") == 0) {
                    this.command = Command.EXPORTCERT;
                } else if (collator.compare(str3, "-genkey") == 0) {
                    this.command = Command.GENKEYPAIR;
                } else if (collator.compare(str3, "-import") == 0) {
                    this.command = Command.IMPORTCERT;
                } else if (collator.compare(str3, "-help") == 0) {
                    z2 = true;
                } else if (collator.compare(str3, "-keystore") == 0 || collator.compare(str3, "-destkeystore") == 0) {
                    i++;
                    this.ksfname = strArr[i];
                } else if (collator.compare(str3, "-storepass") == 0 || collator.compare(str3, "-deststorepass") == 0) {
                    i++;
                    this.storePass = getPass(str, strArr[i]);
                    this.passwords.add(this.storePass);
                } else if (collator.compare(str3, "-storetype") == 0 || collator.compare(str3, "-deststoretype") == 0) {
                    i++;
                    this.storetype = strArr[i];
                } else if (collator.compare(str3, "-srcstorepass") == 0) {
                    i++;
                    this.srcstorePass = getPass(str, strArr[i]);
                    this.passwords.add(this.srcstorePass);
                } else if (collator.compare(str3, "-srcstoretype") == 0) {
                    i++;
                    this.srcstoretype = strArr[i];
                } else if (collator.compare(str3, "-srckeypass") == 0) {
                    i++;
                    this.srckeyPass = getPass(str, strArr[i]);
                    this.passwords.add(this.srckeyPass);
                } else if (collator.compare(str3, "-srcprovidername") == 0) {
                    i++;
                    this.srcProviderName = strArr[i];
                } else if (collator.compare(str3, "-providername") == 0 || collator.compare(str3, "-destprovidername") == 0) {
                    i++;
                    this.providerName = strArr[i];
                } else if (collator.compare(str3, "-providerpath") == 0) {
                    i++;
                    this.pathlist = strArr[i];
                } else if (collator.compare(str3, "-keypass") == 0) {
                    i++;
                    this.keyPass = getPass(str, strArr[i]);
                    this.passwords.add(this.keyPass);
                } else if (collator.compare(str3, "-new") == 0) {
                    i++;
                    this.newPass = getPass(str, strArr[i]);
                    this.passwords.add(this.newPass);
                } else if (collator.compare(str3, "-destkeypass") == 0) {
                    i++;
                    this.destKeyPass = getPass(str, strArr[i]);
                    this.passwords.add(this.destKeyPass);
                } else if (collator.compare(str3, "-alias") == 0 || collator.compare(str3, "-srcalias") == 0) {
                    i++;
                    this.alias = strArr[i];
                } else if (collator.compare(str3, "-dest") == 0 || collator.compare(str3, "-destalias") == 0) {
                    i++;
                    this.dest = strArr[i];
                } else if (collator.compare(str3, "-dname") == 0) {
                    i++;
                    this.dname = strArr[i];
                } else if (collator.compare(str3, "-keysize") == 0) {
                    i++;
                    this.keysize = Integer.parseInt(strArr[i]);
                } else if (collator.compare(str3, "-keyalg") == 0) {
                    i++;
                    this.keyAlgName = strArr[i];
                } else if (collator.compare(str3, "-sigalg") == 0) {
                    i++;
                    this.sigAlgName = strArr[i];
                } else if (collator.compare(str3, "-startdate") == 0) {
                    i++;
                    this.startDate = strArr[i];
                } else if (collator.compare(str3, "-validity") == 0) {
                    i++;
                    this.validity = Long.parseLong(strArr[i]);
                } else if (collator.compare(str3, "-ext") == 0) {
                    i++;
                    this.v3ext.add(strArr[i]);
                } else if (collator.compare(str3, "-id") == 0) {
                    i++;
                    this.ids.add(strArr[i]);
                } else if (collator.compare(str3, "-file") == 0) {
                    i++;
                    this.filename = strArr[i];
                } else if (collator.compare(str3, "-infile") == 0) {
                    i++;
                    this.infilename = strArr[i];
                } else if (collator.compare(str3, "-outfile") == 0) {
                    i++;
                    this.outfilename = strArr[i];
                } else if (collator.compare(str3, "-sslserver") == 0) {
                    i++;
                    this.sslserver = strArr[i];
                } else if (collator.compare(str3, "-jarfile") == 0) {
                    i++;
                    this.jarfile = strArr[i];
                } else if (collator.compare(str3, "-srckeystore") == 0) {
                    i++;
                    this.srcksfname = strArr[i];
                } else if (collator.compare(str3, "-provider") == 0 || collator.compare(str3, "-providerclass") == 0) {
                    if (this.providers == null) {
                        this.providers = new HashSet(3);
                    }
                    int i4 = i + 1;
                    String str4 = strArr[i4];
                    if (strArr.length > i4 + 1) {
                        String str5 = strArr[i4 + 1];
                        if (collator.compare(str5, "-providerarg") == 0) {
                            if (strArr.length == i4 + 2) {
                                errorNeedArgument(str5);
                            }
                            str2 = strArr[i4 + 2];
                            i4 += 2;
                            this.providers.add(Pair.of(str4, str2));
                            i = i4;
                        }
                    }
                    str2 = null;
                    this.providers.add(Pair.of(str4, str2));
                    i = i4;
                } else if (collator.compare(str3, "-v") == 0) {
                    this.verbose = true;
                } else if (collator.compare(str3, "-debug") == 0) {
                    this.debug = true;
                } else if (collator.compare(str3, "-rfc") == 0) {
                    this.rfc = true;
                } else if (collator.compare(str3, "-noprompt") == 0) {
                    this.noprompt = true;
                } else if (collator.compare(str3, "-trustcacerts") == 0) {
                    this.trustcacerts = true;
                } else if (collator.compare(str3, "-protected") == 0 || collator.compare(str3, "-destprotected") == 0) {
                    this.protectedPath = true;
                } else if (collator.compare(str3, "-srcprotected") == 0) {
                    this.srcprotectedPath = true;
                } else {
                    System.err.println(rb.getString("Illegal.option.") + str3);
                    tinyHelp();
                }
            }
            i++;
        }
        if (i < strArr.length) {
            System.err.println(rb.getString("Illegal.option.") + strArr[i]);
            tinyHelp();
        }
        if (this.command != null) {
            if (z2) {
                usage();
                this.command = null;
                return;
            }
            return;
        }
        if (z2) {
            usage();
        } else {
            System.err.println(rb.getString("Usage.error.no.command.provided"));
            tinyHelp();
        }
    }
}
