package org.cryptacular.generator;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.crypto.ExtendedDigest;
import org.bouncycastle.operator.OutputEncryptor;
import org.bouncycastle.pkcs.PKCS12PfxPdu;
import org.bouncycastle.pkcs.PKCS12PfxPduBuilder;
import org.bouncycastle.pkcs.PKCS12SafeBag;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder;
import org.cryptacular.CryptoException;
import org.cryptacular.spec.DigestSpec;

/* loaded from: input_file:repository/org/cryptacular/cryptacular/1.2.7/cryptacular-1.2.7.jar:org/cryptacular/generator/AbstractP12Generator.class */
public abstract class AbstractP12Generator implements P12Generator {
    @Override // org.cryptacular.generator.P12Generator
    public PKCS12PfxPdu generate(char[] cArr, PrivateKey privateKey, String str, X509Certificate... x509CertificateArr) {
        if (x509CertificateArr.length < 1) {
            throw new IllegalArgumentException("At least one certificate must be provided");
        }
        if (cArr == null || cArr.length == 0) {
            throw new IllegalArgumentException("Password cannot be null or empty");
        }
        PKCS12PfxPduBuilder pKCS12PfxPduBuilder = new PKCS12PfxPduBuilder();
        PKCS12SafeBag[] pKCS12SafeBagArr = new PKCS12SafeBag[x509CertificateArr.length];
        try {
            JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
            JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder = new JcaPKCS12SafeBagBuilder(privateKey, keyOutputEncryptor(cArr));
            jcaPKCS12SafeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str));
            jcaPKCS12SafeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, jcaX509ExtensionUtils.createSubjectKeyIdentifier(x509CertificateArr[0].getPublicKey()));
            pKCS12SafeBagArr[0] = new JcaPKCS12SafeBagBuilder(x509CertificateArr[0]).addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str)).addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, jcaX509ExtensionUtils.createSubjectKeyIdentifier(x509CertificateArr[0].getPublicKey())).build();
            for (int i = 1; i < x509CertificateArr.length; i++) {
                pKCS12SafeBagArr[i] = new JcaPKCS12SafeBagBuilder(x509CertificateArr[i]).addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("ca-cert-" + i)).build();
            }
            pKCS12PfxPduBuilder.addEncryptedData(dataOutputEncryptor(cArr), pKCS12SafeBagArr);
            pKCS12PfxPduBuilder.addData(jcaPKCS12SafeBagBuilder.build());
            return pKCS12PfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder((ExtendedDigest) getDigestSpec().newInstance(), new AlgorithmIdentifier(getDigestAlgorithmId(), DERNull.INSTANCE)).setIterationCount(getIterations()), cArr);
        } catch (IOException | NoSuchAlgorithmException | PKCSException e) {
            throw new CryptoException("P12 generation failed", e);
        }
    }

    @Override // org.cryptacular.generator.P12Generator
    public PKCS12PfxPdu generate(char[] cArr, PrivateKey privateKey, X509Certificate... x509CertificateArr) {
        return generate(cArr, privateKey, "end-entity-cert", x509CertificateArr);
    }

    public abstract int getIterations();

    protected abstract ASN1ObjectIdentifier getDigestAlgorithmId();

    protected abstract DigestSpec getDigestSpec();

    protected abstract OutputEncryptor keyOutputEncryptor(char[] cArr);

    protected abstract OutputEncryptor dataOutputEncryptor(char[] cArr);
}
