package sun.security.tools.keytool;

import com.sun.xml.internal.ws.transport.http.DeploymentDescriptorParser;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.math.BigInteger;
import java.net.URI;
import java.net.URLClassLoader;
import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.CodeSigner;
import java.security.CryptoPrimitive;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.Timestamp;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRL;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.security.spec.PSSParameterSpec;
import java.text.Collator;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.EnumSet;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Random;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.Vector;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.security.auth.x500.X500Principal;
import jdk.internal.dynalink.CallSiteDescriptor;
import sun.misc.HexDumpEncoder;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs10.PKCS10;
import sun.security.pkcs10.PKCS10Attribute;
import sun.security.provider.X509Factory;
import sun.security.provider.certpath.CertStoreHelper;
import sun.security.tools.KeyStoreUtil;
import sun.security.tools.PathList;
import sun.security.util.DerValue;
import sun.security.util.DisabledAlgorithmConstraints;
import sun.security.util.KeyUtil;
import sun.security.util.ObjectIdentifier;
import sun.security.util.Password;
import sun.security.util.Pem;
import sun.security.util.SecurityProviderConstants;
import sun.security.util.SignatureUtil;
import sun.security.x509.AccessDescription;
import sun.security.x509.AlgorithmId;
import sun.security.x509.AuthorityInfoAccessExtension;
import sun.security.x509.AuthorityKeyIdentifierExtension;
import sun.security.x509.BasicConstraintsExtension;
import sun.security.x509.CRLDistributionPointsExtension;
import sun.security.x509.CRLExtensions;
import sun.security.x509.CRLReasonCodeExtension;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.DNSName;
import sun.security.x509.DistributionPoint;
import sun.security.x509.ExtendedKeyUsageExtension;
import sun.security.x509.Extension;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNameInterface;
import sun.security.x509.GeneralNames;
import sun.security.x509.IPAddressName;
import sun.security.x509.IssuerAlternativeNameExtension;
import sun.security.x509.KeyIdentifier;
import sun.security.x509.KeyUsageExtension;
import sun.security.x509.OIDName;
import sun.security.x509.PKIXExtensions;
import sun.security.x509.RFC822Name;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.SubjectInfoAccessExtension;
import sun.security.x509.SubjectKeyIdentifierExtension;
import sun.security.x509.URIName;
import sun.security.x509.X500Name;
import sun.security.x509.X509CRLEntryImpl;
import sun.security.x509.X509CRLImpl;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
import sun.util.locale.LanguageTag;

/* loaded from: input_file:Contents/Home/lib/rt.jar:sun/security/tools/keytool/Main.class */
public final class Main {
    private boolean debug = false;
    private Command command = null;
    private String sigAlgName = null;
    private String keyAlgName = null;
    private boolean verbose = false;
    private int keysize = -1;
    private boolean rfc = false;
    private long validity = 90;
    private String alias = null;
    private String dname = null;
    private String dest = null;
    private String filename = null;
    private String infilename = null;
    private String outfilename = null;
    private String srcksfname = null;
    private Set<Pair<String, String>> providers = null;
    private String storetype = null;
    private String srcProviderName = null;
    private String providerName = null;
    private String pathlist = null;
    private char[] storePass = null;
    private char[] storePassNew = null;
    private char[] keyPass = null;
    private char[] keyPassNew = null;
    private char[] newPass = null;
    private char[] destKeyPass = null;
    private char[] srckeyPass = null;
    private String ksfname = null;
    private File ksfile = null;
    private InputStream ksStream = null;
    private String sslserver = null;
    private String jarfile = null;
    private KeyStore keyStore = null;
    private boolean token = false;
    private boolean nullStream = false;
    private boolean kssave = false;
    private boolean noprompt = false;
    private boolean trustcacerts = false;
    private boolean nowarn = false;
    private boolean protectedPath = false;
    private boolean srcprotectedPath = false;
    private CertificateFactory cf = null;
    private KeyStore caks = null;
    private char[] srcstorePass = null;
    private String srcstoretype = null;
    private Set<char[]> passwords = new HashSet();
    private String startDate = null;
    private List<String> ids = new ArrayList();
    private List<String> v3ext = new ArrayList();
    private boolean inplaceImport = false;
    private String inplaceBackupName = null;
    private List<String> weakWarnings = new ArrayList();
    private static final String NONE = "NONE";
    private static final String P11KEYSTORE = "PKCS11";
    private static final String P12KEYSTORE = "PKCS12";
    private static final String keyAlias = "mykey";
    private static final String[] extSupported;
    private static final byte[] CRLF = {13, 10};
    private static final DisabledAlgorithmConstraints DISABLED_CHECK = new DisabledAlgorithmConstraints(DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);
    private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET = Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
    private static final Class<?>[] PARAM_STRING = {String.class};
    private static final ResourceBundle rb = ResourceBundle.getBundle("sun.security.tools.keytool.Resources");
    private static final Collator collator = Collator.getInstance();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:Contents/Home/lib/rt.jar:sun/security/tools/keytool/Main$Command.class */
    public enum Command {
        CERTREQ("Generates.a.certificate.request", Option.ALIAS, Option.SIGALG, Option.FILEOUT, Option.KEYPASS, Option.KEYSTORE, Option.DNAME, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        CHANGEALIAS("Changes.an.entry.s.alias", Option.ALIAS, Option.DESTALIAS, Option.KEYPASS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        DELETE("Deletes.an.entry", Option.ALIAS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        EXPORTCERT("Exports.certificate", Option.RFC, Option.ALIAS, Option.FILEOUT, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        GENKEYPAIR("Generates.a.key.pair", Option.ALIAS, Option.KEYALG, Option.KEYSIZE, Option.SIGALG, Option.DESTALIAS, Option.DNAME, Option.STARTDATE, Option.EXT, Option.VALIDITY, Option.KEYPASS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        GENSECKEY("Generates.a.secret.key", Option.ALIAS, Option.KEYPASS, Option.KEYALG, Option.KEYSIZE, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        GENCERT("Generates.certificate.from.a.certificate.request", Option.RFC, Option.INFILE, Option.OUTFILE, Option.ALIAS, Option.SIGALG, Option.DNAME, Option.STARTDATE, Option.EXT, Option.VALIDITY, Option.KEYPASS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        IMPORTCERT("Imports.a.certificate.or.a.certificate.chain", Option.NOPROMPT, Option.TRUSTCACERTS, Option.PROTECTED, Option.ALIAS, Option.FILEIN, Option.KEYPASS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V),
        IMPORTPASS("Imports.a.password", Option.ALIAS, Option.KEYPASS, Option.KEYALG, Option.KEYSIZE, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        IMPORTKEYSTORE("Imports.one.or.all.entries.from.another.keystore", Option.SRCKEYSTORE, Option.DESTKEYSTORE, Option.SRCSTORETYPE, Option.DESTSTORETYPE, Option.SRCSTOREPASS, Option.DESTSTOREPASS, Option.SRCPROTECTED, Option.SRCPROVIDERNAME, Option.DESTPROVIDERNAME, Option.SRCALIAS, Option.DESTALIAS, Option.SRCKEYPASS, Option.DESTKEYPASS, Option.NOPROMPT, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V),
        KEYPASSWD("Changes.the.key.password.of.an.entry", Option.ALIAS, Option.KEYPASS, Option.NEW, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V),
        LIST("Lists.entries.in.a.keystore", Option.RFC, Option.ALIAS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        PRINTCERT("Prints.the.content.of.a.certificate", Option.RFC, Option.FILEIN, Option.SSLSERVER, Option.JARFILE, Option.V),
        PRINTCERTREQ("Prints.the.content.of.a.certificate.request", Option.FILEIN, Option.V),
        PRINTCRL("Prints.the.content.of.a.CRL.file", Option.FILEIN, Option.V),
        STOREPASSWD("Changes.the.store.password.of.a.keystore", Option.NEW, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V),
        KEYCLONE("Clones.a.key.entry", Option.ALIAS, Option.DESTALIAS, Option.KEYPASS, Option.NEW, Option.STORETYPE, Option.KEYSTORE, Option.STOREPASS, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V),
        SELFCERT("Generates.a.self.signed.certificate", Option.ALIAS, Option.SIGALG, Option.DNAME, Option.STARTDATE, Option.VALIDITY, Option.KEYPASS, Option.STORETYPE, Option.KEYSTORE, Option.STOREPASS, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V),
        GENCRL("Generates.CRL", Option.RFC, Option.FILEOUT, Option.ID, Option.ALIAS, Option.SIGALG, Option.EXT, Option.KEYPASS, Option.KEYSTORE, Option.STOREPASS, Option.STORETYPE, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V, Option.PROTECTED),
        IDENTITYDB("Imports.entries.from.a.JDK.1.1.x.style.identity.database", Option.FILEIN, Option.STORETYPE, Option.KEYSTORE, Option.STOREPASS, Option.PROVIDERNAME, Option.PROVIDERCLASS, Option.PROVIDERARG, Option.PROVIDERPATH, Option.V);

        final String description;
        final Option[] options;

        Command(String str, Option... optionArr) {
            this.description = str;
            this.options = optionArr;
        }

        @Override // java.lang.Enum
        public String toString() {
            return LanguageTag.SEP + name().toLowerCase(Locale.ENGLISH);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:Contents/Home/lib/rt.jar:sun/security/tools/keytool/Main$Option.class */
    public enum Option {
        ALIAS("alias", "<alias>", "alias.name.of.the.entry.to.process"),
        DESTALIAS("destalias", "<destalias>", "destination.alias"),
        DESTKEYPASS("destkeypass", "<arg>", "destination.key.password"),
        DESTKEYSTORE("destkeystore", "<destkeystore>", "destination.keystore.name"),
        DESTPROTECTED("destprotected", null, "destination.keystore.password.protected"),
        DESTPROVIDERNAME("destprovidername", "<destprovidername>", "destination.keystore.provider.name"),
        DESTSTOREPASS("deststorepass", "<arg>", "destination.keystore.password"),
        DESTSTORETYPE("deststoretype", "<deststoretype>", "destination.keystore.type"),
        DNAME("dname", "<dname>", "distinguished.name"),
        EXT("ext", "<value>", "X.509.extension"),
        FILEOUT(DeploymentDescriptorParser.ATTR_FILE, "<filename>", "output.file.name"),
        FILEIN(DeploymentDescriptorParser.ATTR_FILE, "<filename>", "input.file.name"),
        ID("id", "<id:reason>", "Serial.ID.of.cert.to.revoke"),
        INFILE("infile", "<filename>", "input.file.name"),
        KEYALG("keyalg", "<keyalg>", "key.algorithm.name"),
        KEYPASS("keypass", "<arg>", "key.password"),
        KEYSIZE("keysize", "<keysize>", "key.bit.size"),
        KEYSTORE("keystore", "<keystore>", "keystore.name"),
        NEW("new", "<arg>", "new.password"),
        NOPROMPT("noprompt", null, "do.not.prompt"),
        OUTFILE("outfile", "<filename>", "output.file.name"),
        PROTECTED("protected", null, "password.through.protected.mechanism"),
        PROVIDERARG("providerarg", "<arg>", "provider.argument"),
        PROVIDERCLASS("providerclass", "<providerclass>", "provider.class.name"),
        PROVIDERNAME("providername", "<providername>", "provider.name"),
        PROVIDERPATH("providerpath", "<pathlist>", "provider.classpath"),
        RFC("rfc", null, "output.in.RFC.style"),
        SIGALG("sigalg", "<sigalg>", "signature.algorithm.name"),
        SRCALIAS("srcalias", "<srcalias>", "source.alias"),
        SRCKEYPASS("srckeypass", "<arg>", "source.key.password"),
        SRCKEYSTORE("srckeystore", "<srckeystore>", "source.keystore.name"),
        SRCPROTECTED("srcprotected", null, "source.keystore.password.protected"),
        SRCPROVIDERNAME("srcprovidername", "<srcprovidername>", "source.keystore.provider.name"),
        SRCSTOREPASS("srcstorepass", "<arg>", "source.keystore.password"),
        SRCSTORETYPE("srcstoretype", "<srcstoretype>", "source.keystore.type"),
        SSLSERVER("sslserver", "<server[:port]>", "SSL.server.host.and.port"),
        JARFILE("jarfile", "<filename>", "signed.jar.file"),
        STARTDATE("startdate", "<startdate>", "certificate.validity.start.date.time"),
        STOREPASS("storepass", "<arg>", "keystore.password"),
        STORETYPE("storetype", "<storetype>", "keystore.type"),
        TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"),
        V("v", null, "verbose.output"),
        VALIDITY("validity", "<valDays>", "validity.number.of.days");

        final String name;
        final String arg;
        final String description;

        Option(String str, String str2, String str3) {
            this.name = str;
            this.arg = str2;
            this.description = str3;
        }

        @Override // java.lang.Enum
        public String toString() {
            return LanguageTag.SEP + this.name;
        }
    }

    private Main() {
    }

    public static void main(String[] strArr) throws Exception {
        new Main().run(strArr, System.out);
    }

    private void run(String[] strArr, PrintStream printStream) throws Exception {
        try {
            try {
                parseArgs(strArr);
                if (this.command != null) {
                    doCommands(printStream);
                }
                printWeakWarnings(false);
                for (char[] cArr : this.passwords) {
                    if (cArr != null) {
                        Arrays.fill(cArr, ' ');
                    }
                }
                if (this.ksStream != null) {
                    this.ksStream.close();
                }
            } catch (Exception e) {
                System.out.println(rb.getString("keytool.error.") + ((Object) e));
                if (this.verbose) {
                    e.printStackTrace(System.out);
                }
                if (this.debug) {
                    throw e;
                }
                System.exit(1);
                printWeakWarnings(false);
                for (char[] cArr2 : this.passwords) {
                    if (cArr2 != null) {
                        Arrays.fill(cArr2, ' ');
                    }
                }
                if (this.ksStream != null) {
                    this.ksStream.close();
                }
            }
        } catch (Throwable th) {
            printWeakWarnings(false);
            for (char[] cArr3 : this.passwords) {
                if (cArr3 != null) {
                    Arrays.fill(cArr3, ' ');
                }
            }
            if (this.ksStream != null) {
                this.ksStream.close();
            }
            throw th;
        }
    }

    void parseArgs(String[] strArr) {
        boolean z = strArr.length == 0;
        int i = 0;
        while (i < strArr.length && strArr[i].startsWith(LanguageTag.SEP)) {
            String str = strArr[i];
            if (i == strArr.length - 1) {
                Option[] values = Option.values();
                int length = values.length;
                int i2 = 0;
                while (true) {
                    if (i2 >= length) {
                        break;
                    }
                    Option option = values[i2];
                    if (collator.compare(str, option.toString()) != 0) {
                        i2++;
                    } else if (option.arg != null) {
                        errorNeedArgument(str);
                    }
                }
            }
            String str2 = null;
            int indexOf = str.indexOf(58);
            if (indexOf > 0) {
                str2 = str.substring(indexOf + 1);
                str = str.substring(0, indexOf);
            }
            boolean z2 = false;
            Command[] values2 = Command.values();
            int length2 = values2.length;
            int i3 = 0;
            while (true) {
                if (i3 >= length2) {
                    break;
                }
                Command command = values2[i3];
                if (collator.compare(str, command.toString()) == 0) {
                    this.command = command;
                    z2 = true;
                    break;
                }
                i3++;
            }
            if (!z2) {
                if (collator.compare(str, "-export") == 0) {
                    this.command = Command.EXPORTCERT;
                } else if (collator.compare(str, "-genkey") == 0) {
                    this.command = Command.GENKEYPAIR;
                } else if (collator.compare(str, "-import") == 0) {
                    this.command = Command.IMPORTCERT;
                } else if (collator.compare(str, "-importpassword") == 0) {
                    this.command = Command.IMPORTPASS;
                } else if (collator.compare(str, "-help") == 0) {
                    z = true;
                } else if (collator.compare(str, "-nowarn") == 0) {
                    this.nowarn = true;
                } else if (collator.compare(str, "-keystore") == 0 || collator.compare(str, "-destkeystore") == 0) {
                    i++;
                    this.ksfname = strArr[i];
                } else if (collator.compare(str, "-storepass") == 0 || collator.compare(str, "-deststorepass") == 0) {
                    i++;
                    this.storePass = getPass(str2, strArr[i]);
                    this.passwords.add(this.storePass);
                } else if (collator.compare(str, "-storetype") == 0 || collator.compare(str, "-deststoretype") == 0) {
                    i++;
                    this.storetype = KeyStoreUtil.niceStoreTypeName(strArr[i]);
                } else if (collator.compare(str, "-srcstorepass") == 0) {
                    i++;
                    this.srcstorePass = getPass(str2, strArr[i]);
                    this.passwords.add(this.srcstorePass);
                } else if (collator.compare(str, "-srcstoretype") == 0) {
                    i++;
                    this.srcstoretype = KeyStoreUtil.niceStoreTypeName(strArr[i]);
                } else if (collator.compare(str, "-srckeypass") == 0) {
                    i++;
                    this.srckeyPass = getPass(str2, strArr[i]);
                    this.passwords.add(this.srckeyPass);
                } else if (collator.compare(str, "-srcprovidername") == 0) {
                    i++;
                    this.srcProviderName = strArr[i];
                } else if (collator.compare(str, "-providername") == 0 || collator.compare(str, "-destprovidername") == 0) {
                    i++;
                    this.providerName = strArr[i];
                } else if (collator.compare(str, "-providerpath") == 0) {
                    i++;
                    this.pathlist = strArr[i];
                } else if (collator.compare(str, "-keypass") == 0) {
                    i++;
                    this.keyPass = getPass(str2, strArr[i]);
                    this.passwords.add(this.keyPass);
                } else if (collator.compare(str, "-new") == 0) {
                    i++;
                    this.newPass = getPass(str2, strArr[i]);
                    this.passwords.add(this.newPass);
                } else if (collator.compare(str, "-destkeypass") == 0) {
                    i++;
                    this.destKeyPass = getPass(str2, strArr[i]);
                    this.passwords.add(this.destKeyPass);
                } else if (collator.compare(str, "-alias") == 0 || collator.compare(str, "-srcalias") == 0) {
                    i++;
                    this.alias = strArr[i];
                } else if (collator.compare(str, "-dest") == 0 || collator.compare(str, "-destalias") == 0) {
                    i++;
                    this.dest = strArr[i];
                } else if (collator.compare(str, "-dname") == 0) {
                    i++;
                    this.dname = strArr[i];
                } else if (collator.compare(str, "-keysize") == 0) {
                    i++;
                    this.keysize = Integer.parseInt(strArr[i]);
                } else if (collator.compare(str, "-keyalg") == 0) {
                    i++;
                    this.keyAlgName = strArr[i];
                } else if (collator.compare(str, "-sigalg") == 0) {
                    i++;
                    this.sigAlgName = strArr[i];
                } else if (collator.compare(str, "-startdate") == 0) {
                    i++;
                    this.startDate = strArr[i];
                } else if (collator.compare(str, "-validity") == 0) {
                    i++;
                    this.validity = Long.parseLong(strArr[i]);
                } else if (collator.compare(str, "-ext") == 0) {
                    i++;
                    this.v3ext.add(strArr[i]);
                } else if (collator.compare(str, "-id") == 0) {
                    i++;
                    this.ids.add(strArr[i]);
                } else if (collator.compare(str, "-file") == 0) {
                    i++;
                    this.filename = strArr[i];
                } else if (collator.compare(str, "-infile") == 0) {
                    i++;
                    this.infilename = strArr[i];
                } else if (collator.compare(str, "-outfile") == 0) {
                    i++;
                    this.outfilename = strArr[i];
                } else if (collator.compare(str, "-sslserver") == 0) {
                    i++;
                    this.sslserver = strArr[i];
                } else if (collator.compare(str, "-jarfile") == 0) {
                    i++;
                    this.jarfile = strArr[i];
                } else if (collator.compare(str, "-srckeystore") == 0) {
                    i++;
                    this.srcksfname = strArr[i];
                } else if (collator.compare(str, "-provider") == 0 || collator.compare(str, "-providerclass") == 0) {
                    if (this.providers == null) {
                        this.providers = new HashSet(3);
                    }
                    i++;
                    String str3 = strArr[i];
                    String str4 = null;
                    if (strArr.length > i + 1) {
                        String str5 = strArr[i + 1];
                        if (collator.compare(str5, "-providerarg") == 0) {
                            if (strArr.length == i + 2) {
                                errorNeedArgument(str5);
                            }
                            str4 = strArr[i + 2];
                            i += 2;
                        }
                    }
                    this.providers.add(Pair.of(str3, str4));
                } else if (collator.compare(str, "-v") == 0) {
                    this.verbose = true;
                } else if (collator.compare(str, "-debug") == 0) {
                    this.debug = true;
                } else if (collator.compare(str, "-rfc") == 0) {
                    this.rfc = true;
                } else if (collator.compare(str, "-noprompt") == 0) {
                    this.noprompt = true;
                } else if (collator.compare(str, "-trustcacerts") == 0) {
                    this.trustcacerts = true;
                } else if (collator.compare(str, "-protected") == 0 || collator.compare(str, "-destprotected") == 0) {
                    this.protectedPath = true;
                } else if (collator.compare(str, "-srcprotected") == 0) {
                    this.srcprotectedPath = true;
                } else {
                    System.err.println(rb.getString("Illegal.option.") + str);
                    tinyHelp();
                }
            }
            i++;
        }
        if (i < strArr.length) {
            System.err.println(rb.getString("Illegal.option.") + strArr[i]);
            tinyHelp();
        }
        if (this.command != null) {
            if (z) {
                usage();
                this.command = null;
                return;
            }
            return;
        }
        if (z) {
            usage();
        } else {
            System.err.println(rb.getString("Usage.error.no.command.provided"));
            tinyHelp();
        }
    }

    boolean isKeyStoreRelated(Command command) {
        return (command == Command.PRINTCERT || command == Command.PRINTCERTREQ) ? false : true;
    }

    void doCommands(PrintStream printStream) throws Exception {
        FileInputStream fileInputStream;
        PrintStream printStream2;
        if (P11KEYSTORE.equalsIgnoreCase(this.storetype) || KeyStoreUtil.isWindowsKeyStore(this.storetype)) {
            this.token = true;
            if (this.ksfname == null) {
                this.ksfname = NONE;
            }
        }
        if (NONE.equals(this.ksfname)) {
            this.nullStream = true;
        }
        if (this.token && !this.nullStream) {
            System.err.println(MessageFormat.format(rb.getString(".keystore.must.be.NONE.if.storetype.is.{0}"), this.storetype));
            System.err.println();
            tinyHelp();
        }
        if (this.token && (this.command == Command.KEYPASSWD || this.command == Command.STOREPASSWD)) {
            throw new UnsupportedOperationException(MessageFormat.format(rb.getString(".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}"), this.storetype));
        }
        if (this.token && (this.keyPass != null || this.newPass != null || this.destKeyPass != null)) {
            throw new IllegalArgumentException(MessageFormat.format(rb.getString(".keypass.and.new.can.not.be.specified.if.storetype.is.{0}"), this.storetype));
        }
        if (this.protectedPath && (this.storePass != null || this.keyPass != null || this.newPass != null || this.destKeyPass != null)) {
            throw new IllegalArgumentException(rb.getString("if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified"));
        }
        if (this.srcprotectedPath && (this.srcstorePass != null || this.srckeyPass != null)) {
            throw new IllegalArgumentException(rb.getString("if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified"));
        }
        if (KeyStoreUtil.isWindowsKeyStore(this.storetype) && (this.storePass != null || this.keyPass != null || this.newPass != null || this.destKeyPass != null)) {
            throw new IllegalArgumentException(rb.getString("if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified"));
        }
        if (KeyStoreUtil.isWindowsKeyStore(this.srcstoretype) && (this.srcstorePass != null || this.srckeyPass != null)) {
            throw new IllegalArgumentException(rb.getString("if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified"));
        }
        if (this.validity <= 0) {
            throw new Exception(rb.getString("Validity.must.be.greater.than.zero"));
        }
        if (this.providers != null) {
            ClassLoader uRLClassLoader = this.pathlist != null ? new URLClassLoader(PathList.pathToURLs(PathList.appendPath(PathList.appendPath(PathList.appendPath(null, System.getProperty("java.class.path")), System.getProperty("env.class.path")), this.pathlist))) : ClassLoader.getSystemClassLoader();
            for (Pair<String, String> pair : this.providers) {
                String str = pair.fst;
                Class<?> loadClass = uRLClassLoader != null ? uRLClassLoader.loadClass(str) : Class.forName(str);
                String str2 = pair.snd;
                Object newInstance = str2 == null ? loadClass.newInstance() : loadClass.getConstructor(PARAM_STRING).newInstance(str2);
                if (!(newInstance instanceof Provider)) {
                    throw new Exception(new MessageFormat(rb.getString("provName.not.a.provider")).format(new Object[]{str}));
                }
                Security.addProvider((Provider) newInstance);
            }
        }
        if (this.command == Command.LIST && this.verbose && this.rfc) {
            System.err.println(rb.getString("Must.not.specify.both.v.and.rfc.with.list.command"));
            tinyHelp();
        }
        if (this.command == Command.GENKEYPAIR && this.keyPass != null && this.keyPass.length < 6) {
            throw new Exception(rb.getString("Key.password.must.be.at.least.6.characters"));
        }
        if (this.newPass != null && this.newPass.length < 6) {
            throw new Exception(rb.getString("New.password.must.be.at.least.6.characters"));
        }
        if (this.destKeyPass != null && this.destKeyPass.length < 6) {
            throw new Exception(rb.getString("New.password.must.be.at.least.6.characters"));
        }
        if (this.ksfname == null) {
            this.ksfname = System.getProperty("user.home") + File.separator + ".keystore";
        }
        KeyStore keyStore = null;
        if (this.command == Command.IMPORTKEYSTORE) {
            this.inplaceImport = inplaceImportCheck();
            if (this.inplaceImport) {
                keyStore = loadSourceKeyStore();
                if (this.storePass == null) {
                    this.storePass = this.srcstorePass;
                }
            }
        }
        if (isKeyStoreRelated(this.command) && !this.nullStream && !this.inplaceImport) {
            try {
                this.ksfile = new File(this.ksfname);
                if (this.ksfile.exists() && this.ksfile.length() == 0) {
                    throw new Exception(rb.getString("Keystore.file.exists.but.is.empty.") + this.ksfname);
                }
                this.ksStream = new FileInputStream(this.ksfile);
            } catch (FileNotFoundException e) {
                if (this.command != Command.GENKEYPAIR && this.command != Command.GENSECKEY && this.command != Command.IDENTITYDB && this.command != Command.IMPORTCERT && this.command != Command.IMPORTPASS && this.command != Command.IMPORTKEYSTORE && this.command != Command.PRINTCRL) {
                    throw new Exception(rb.getString("Keystore.file.does.not.exist.") + this.ksfname);
                }
            }
        }
        if ((this.command == Command.KEYCLONE || this.command == Command.CHANGEALIAS) && this.dest == null) {
            this.dest = getAlias("destination");
            if ("".equals(this.dest)) {
                throw new Exception(rb.getString("Must.specify.destination.alias"));
            }
        }
        if (this.command == Command.DELETE && this.alias == null) {
            this.alias = getAlias(null);
            if ("".equals(this.alias)) {
                throw new Exception(rb.getString("Must.specify.alias"));
            }
        }
        if (this.storetype == null) {
            this.storetype = KeyStore.getDefaultType();
        }
        if (this.providerName == null) {
            this.keyStore = KeyStore.getInstance(this.storetype);
        } else {
            this.keyStore = KeyStore.getInstance(this.storetype, this.providerName);
        }
        if (!this.nullStream) {
            if (this.inplaceImport) {
                this.keyStore.load(null, this.storePass);
            } else {
                this.keyStore.load(this.ksStream, this.storePass);
            }
            if (this.ksStream != null) {
                this.ksStream.close();
            }
        }
        if (P12KEYSTORE.equalsIgnoreCase(this.storetype) && this.command == Command.KEYPASSWD) {
            throw new UnsupportedOperationException(rb.getString(".keypasswd.commands.not.supported.if.storetype.is.PKCS12"));
        }
        if (this.nullStream && this.storePass != null) {
            this.keyStore.load(null, this.storePass);
        } else if (this.nullStream || this.storePass == null) {
            if (this.storePass == null) {
                if (!this.protectedPath && !KeyStoreUtil.isWindowsKeyStore(this.storetype) && (this.command == Command.CERTREQ || this.command == Command.DELETE || this.command == Command.GENKEYPAIR || this.command == Command.GENSECKEY || this.command == Command.IMPORTCERT || this.command == Command.IMPORTPASS || this.command == Command.IMPORTKEYSTORE || this.command == Command.KEYCLONE || this.command == Command.CHANGEALIAS || this.command == Command.SELFCERT || this.command == Command.STOREPASSWD || this.command == Command.KEYPASSWD || this.command == Command.IDENTITYDB)) {
                    int i = 0;
                    do {
                        if (this.command == Command.IMPORTKEYSTORE) {
                            System.err.print(rb.getString("Enter.destination.keystore.password."));
                        } else {
                            System.err.print(rb.getString("Enter.keystore.password."));
                        }
                        System.err.flush();
                        this.storePass = Password.readPassword(System.in);
                        this.passwords.add(this.storePass);
                        if (!this.nullStream && (this.storePass == null || this.storePass.length < 6)) {
                            System.err.println(rb.getString("Keystore.password.is.too.short.must.be.at.least.6.characters"));
                            this.storePass = null;
                        }
                        if (this.storePass != null && !this.nullStream && this.ksStream == null) {
                            System.err.print(rb.getString("Re.enter.new.password."));
                            char[] readPassword = Password.readPassword(System.in);
                            this.passwords.add(readPassword);
                            if (!Arrays.equals(this.storePass, readPassword)) {
                                System.err.println(rb.getString("They.don.t.match.Try.again"));
                                this.storePass = null;
                            }
                        }
                        i++;
                        if (this.storePass != null) {
                            break;
                        }
                    } while (i < 3);
                    if (this.storePass == null) {
                        System.err.println(rb.getString("Too.many.failures.try.later"));
                        return;
                    }
                } else if (!this.protectedPath && !KeyStoreUtil.isWindowsKeyStore(this.storetype) && isKeyStoreRelated(this.command) && this.command != Command.PRINTCRL) {
                    System.err.print(rb.getString("Enter.keystore.password."));
                    System.err.flush();
                    this.storePass = Password.readPassword(System.in);
                    this.passwords.add(this.storePass);
                }
                if (this.nullStream) {
                    this.keyStore.load(null, this.storePass);
                } else if (this.ksStream != null) {
                    this.ksStream = new FileInputStream(this.ksfile);
                    this.keyStore.load(this.ksStream, this.storePass);
                    this.ksStream.close();
                }
            }
        } else if (this.ksStream == null && this.storePass.length < 6) {
            throw new Exception(rb.getString("Keystore.password.must.be.at.least.6.characters"));
        }
        if (this.storePass != null && P12KEYSTORE.equalsIgnoreCase(this.storetype)) {
            MessageFormat messageFormat = new MessageFormat(rb.getString("Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value."));
            if (this.keyPass != null && !Arrays.equals(this.storePass, this.keyPass)) {
                System.err.println(messageFormat.format(new Object[]{"-keypass"}));
                this.keyPass = this.storePass;
            }
            if (this.newPass != null && !Arrays.equals(this.storePass, this.newPass)) {
                System.err.println(messageFormat.format(new Object[]{"-new"}));
                this.newPass = this.storePass;
            }
            if (this.destKeyPass != null && !Arrays.equals(this.storePass, this.destKeyPass)) {
                System.err.println(messageFormat.format(new Object[]{"-destkeypass"}));
                this.destKeyPass = this.storePass;
            }
        }
        if (this.command == Command.PRINTCERT || this.command == Command.IMPORTCERT || this.command == Command.IDENTITYDB || this.command == Command.PRINTCRL) {
            this.cf = CertificateFactory.getInstance("X509");
        }
        if (this.command != Command.IMPORTCERT) {
            this.trustcacerts = false;
        }
        if (this.trustcacerts) {
            this.caks = KeyStoreUtil.getCacertsKeyStore();
        }
        if (this.command == Command.CERTREQ) {
            if (this.filename != null) {
                printStream2 = new PrintStream(new FileOutputStream(this.filename));
                Throwable th = null;
                try {
                    try {
                        doCertReq(this.alias, this.sigAlgName, printStream2);
                        if (printStream2 != null) {
                            if (0 != 0) {
                                try {
                                    printStream2.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                printStream2.close();
                            }
                        }
                    } catch (Throwable th3) {
                        th = th3;
                        throw th3;
                    }
                } finally {
                }
            } else {
                doCertReq(this.alias, this.sigAlgName, printStream);
            }
            if (this.verbose && this.filename != null) {
                System.err.println(new MessageFormat(rb.getString("Certification.request.stored.in.file.filename.")).format(new Object[]{this.filename}));
                System.err.println(rb.getString("Submit.this.to.your.CA"));
            }
        } else if (this.command == Command.DELETE) {
            doDeleteEntry(this.alias);
            this.kssave = true;
        } else if (this.command == Command.EXPORTCERT) {
            if (this.filename != null) {
                printStream2 = new PrintStream(new FileOutputStream(this.filename));
                Throwable th4 = null;
                try {
                    try {
                        doExportCert(this.alias, printStream2);
                        if (printStream2 != null) {
                            if (0 != 0) {
                                try {
                                    printStream2.close();
                                } catch (Throwable th5) {
                                    th4.addSuppressed(th5);
                                }
                            } else {
                                printStream2.close();
                            }
                        }
                    } catch (Throwable th6) {
                        th4 = th6;
                        throw th6;
                    }
                } finally {
                }
            } else {
                doExportCert(this.alias, printStream);
            }
            if (this.filename != null) {
                System.err.println(new MessageFormat(rb.getString("Certificate.stored.in.file.filename.")).format(new Object[]{this.filename}));
            }
        } else if (this.command == Command.GENKEYPAIR) {
            if (this.keyAlgName == null) {
                this.keyAlgName = "DSA";
            }
            doGenKeyPair(this.alias, this.dname, this.keyAlgName, this.keysize, this.sigAlgName);
            this.kssave = true;
        } else if (this.command == Command.GENSECKEY) {
            if (this.keyAlgName == null) {
                this.keyAlgName = "DES";
            }
            doGenSecretKey(this.alias, this.keyAlgName, this.keysize);
            this.kssave = true;
        } else if (this.command == Command.IMPORTPASS) {
            if (this.keyAlgName == null) {
                this.keyAlgName = "PBE";
            }
            doGenSecretKey(this.alias, this.keyAlgName, this.keysize);
            this.kssave = true;
        } else if (this.command == Command.IDENTITYDB) {
            if (this.filename != null) {
                fileInputStream = new FileInputStream(this.filename);
                Throwable th7 = null;
                try {
                    try {
                        doImportIdentityDatabase(fileInputStream);
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th8) {
                                    th7.addSuppressed(th8);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } catch (Throwable th9) {
                        th7 = th9;
                        throw th9;
                    }
                } finally {
                }
            } else {
                doImportIdentityDatabase(System.in);
            }
        } else if (this.command == Command.IMPORTCERT) {
            InputStream inputStream = System.in;
            if (this.filename != null) {
                inputStream = new FileInputStream(this.filename);
            }
            String str3 = this.alias != null ? this.alias : keyAlias;
            try {
                if (this.keyStore.entryInstanceOf(str3, KeyStore.PrivateKeyEntry.class)) {
                    this.kssave = installReply(str3, inputStream);
                    if (this.kssave) {
                        System.err.println(rb.getString("Certificate.reply.was.installed.in.keystore"));
                    } else {
                        System.err.println(rb.getString("Certificate.reply.was.not.installed.in.keystore"));
                    }
                } else if (!this.keyStore.containsAlias(str3) || this.keyStore.entryInstanceOf(str3, KeyStore.TrustedCertificateEntry.class)) {
                    this.kssave = addTrustedCert(str3, inputStream);
                    if (this.kssave) {
                        System.err.println(rb.getString("Certificate.was.added.to.keystore"));
                    } else {
                        System.err.println(rb.getString("Certificate.was.not.added.to.keystore"));
                    }
                }
            } finally {
                if (inputStream != System.in) {
                    inputStream.close();
                }
            }
        } else if (this.command == Command.IMPORTKEYSTORE) {
            if (keyStore == null) {
                keyStore = loadSourceKeyStore();
            }
            doImportKeyStore(keyStore);
            this.kssave = true;
        } else if (this.command == Command.KEYCLONE) {
            this.keyPassNew = this.newPass;
            if (this.alias == null) {
                this.alias = keyAlias;
            }
            if (!this.keyStore.containsAlias(this.alias)) {
                throw new Exception(new MessageFormat(rb.getString("Alias.alias.does.not.exist")).format(new Object[]{this.alias}));
            }
            if (!this.keyStore.entryInstanceOf(this.alias, KeyStore.PrivateKeyEntry.class)) {
                throw new Exception(new MessageFormat(rb.getString("Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key")).format(new Object[]{this.alias}));
            }
            doCloneEntry(this.alias, this.dest, true);
            this.kssave = true;
        } else if (this.command == Command.CHANGEALIAS) {
            if (this.alias == null) {
                this.alias = keyAlias;
            }
            doCloneEntry(this.alias, this.dest, false);
            if (this.keyStore.containsAlias(this.alias)) {
                doDeleteEntry(this.alias);
            }
            this.kssave = true;
        } else if (this.command == Command.KEYPASSWD) {
            this.keyPassNew = this.newPass;
            doChangeKeyPasswd(this.alias);
            this.kssave = true;
        } else if (this.command == Command.LIST) {
            if (this.storePass == null && !KeyStoreUtil.isWindowsKeyStore(this.storetype)) {
                printNoIntegrityWarning();
            }
            if (this.alias != null) {
                doPrintEntry(rb.getString("the.certificate"), this.alias, printStream);
            } else {
                doPrintEntries(printStream);
            }
        } else if (this.command == Command.PRINTCERT) {
            doPrintCert(printStream);
        } else if (this.command == Command.SELFCERT) {
            doSelfCert(this.alias, this.dname, this.sigAlgName);
            this.kssave = true;
        } else if (this.command == Command.STOREPASSWD) {
            this.storePassNew = this.newPass;
            if (this.storePassNew == null) {
                this.storePassNew = getNewPasswd("keystore password", this.storePass);
            }
            this.kssave = true;
        } else if (this.command == Command.GENCERT) {
            if (this.alias == null) {
                this.alias = keyAlias;
            }
            InputStream inputStream2 = System.in;
            if (this.infilename != null) {
                inputStream2 = new FileInputStream(this.infilename);
            }
            PrintStream printStream3 = null;
            if (this.outfilename != null) {
                printStream3 = new PrintStream(new FileOutputStream(this.outfilename));
                printStream = printStream3;
            }
            try {
                doGenCert(this.alias, this.sigAlgName, inputStream2, printStream);
                if (inputStream2 != System.in) {
                    inputStream2.close();
                }
                if (printStream3 != null) {
                    printStream3.close();
                }
            } catch (Throwable th10) {
                if (inputStream2 != System.in) {
                    inputStream2.close();
                }
                if (printStream3 != null) {
                    printStream3.close();
                }
                throw th10;
            }
        } else if (this.command == Command.GENCRL) {
            if (this.alias == null) {
                this.alias = keyAlias;
            }
            if (this.filename != null) {
                PrintStream printStream4 = new PrintStream(new FileOutputStream(this.filename));
                Throwable th11 = null;
                try {
                    try {
                        doGenCRL(printStream4);
                        if (printStream4 != null) {
                            if (0 != 0) {
                                try {
                                    printStream4.close();
                                } catch (Throwable th12) {
                                    th11.addSuppressed(th12);
                                }
                            } else {
                                printStream4.close();
                            }
                        }
                    } catch (Throwable th13) {
                        th11 = th13;
                        throw th13;
                    }
                } finally {
                    if (printStream4 != null) {
                        if (th11 != null) {
                            try {
                                printStream4.close();
                            } catch (Throwable th14) {
                                th11.addSuppressed(th14);
                            }
                        } else {
                            printStream4.close();
                        }
                    }
                }
            } else {
                doGenCRL(printStream);
            }
        } else if (this.command == Command.PRINTCERTREQ) {
            if (this.filename != null) {
                fileInputStream = new FileInputStream(this.filename);
                Throwable th15 = null;
                try {
                    try {
                        doPrintCertReq(fileInputStream, printStream);
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th16) {
                                    th15.addSuppressed(th16);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } catch (Throwable th17) {
                        th15 = th17;
                        throw th17;
                    }
                } finally {
                }
            } else {
                doPrintCertReq(System.in, printStream);
            }
        } else if (this.command == Command.PRINTCRL) {
            doPrintCRL(this.filename, printStream);
        }
        if (this.kssave) {
            if (this.verbose) {
                MessageFormat messageFormat2 = new MessageFormat(rb.getString(".Storing.ksfname."));
                Object[] objArr = new Object[1];
                objArr[0] = this.nullStream ? "keystore" : this.ksfname;
                System.err.println(messageFormat2.format(objArr));
            }
            if (this.token) {
                this.keyStore.store(null, null);
            } else {
                char[] cArr = this.storePassNew != null ? this.storePassNew : this.storePass;
                if (this.nullStream) {
                    this.keyStore.store(null, cArr);
                } else {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    this.keyStore.store(byteArrayOutputStream, cArr);
                    FileOutputStream fileOutputStream = new FileOutputStream(this.ksfname);
                    Throwable th18 = null;
                    try {
                        try {
                            fileOutputStream.write(byteArrayOutputStream.toByteArray());
                            if (fileOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileOutputStream.close();
                                    } catch (Throwable th19) {
                                        th18.addSuppressed(th19);
                                    }
                                } else {
                                    fileOutputStream.close();
                                }
                            }
                        } catch (Throwable th20) {
                            th18 = th20;
                            throw th20;
                        }
                    } catch (Throwable th21) {
                        if (fileOutputStream != null) {
                            if (th18 != null) {
                                try {
                                    fileOutputStream.close();
                                } catch (Throwable th22) {
                                    th18.addSuppressed(th22);
                                }
                            } else {
                                fileOutputStream.close();
                            }
                        }
                        throw th21;
                    }
                }
            }
        }
        if (!isKeyStoreRelated(this.command) || this.token || this.nullStream || this.ksfname == null) {
            return;
        }
        File file = new File(this.ksfname);
        if (file.exists()) {
            String keyStoreType = keyStoreType(file);
            if (keyStoreType.equalsIgnoreCase("JKS") || keyStoreType.equalsIgnoreCase("JCEKS")) {
                boolean z = true;
                Iterator it = Collections.list(this.keyStore.aliases()).iterator();
                while (true) {
                    if (it.hasNext()) {
                        if (!this.keyStore.entryInstanceOf((String) it.next(), KeyStore.TrustedCertificateEntry.class)) {
                            z = false;
                            break;
                        }
                    } else {
                        break;
                    }
                }
                if (!z) {
                    this.weakWarnings.add(String.format(rb.getString("jks.storetype.warning"), keyStoreType, this.ksfname));
                }
            }
            if (this.inplaceImport) {
                String keyStoreType2 = keyStoreType(new File(this.inplaceBackupName));
                this.weakWarnings.add(String.format(keyStoreType.equalsIgnoreCase(keyStoreType2) ? rb.getString("backup.keystore.warning") : rb.getString("migrate.keystore.warning"), this.srcksfname, keyStoreType2, this.inplaceBackupName, keyStoreType));
            }
        }
    }

    private String keyStoreType(File file) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new FileInputStream(file));
        Throwable th = null;
        try {
            try {
                int readInt = dataInputStream.readInt();
                if (readInt == -17957139) {
                    if (dataInputStream != null) {
                        if (0 != 0) {
                            try {
                                dataInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            dataInputStream.close();
                        }
                    }
                    return "JKS";
                }
                if (readInt == -825307442) {
                    if (dataInputStream != null) {
                        if (0 != 0) {
                            try {
                                dataInputStream.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            dataInputStream.close();
                        }
                    }
                    return "JCEKS";
                }
                if (dataInputStream != null) {
                    if (0 != 0) {
                        try {
                            dataInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        dataInputStream.close();
                    }
                }
                return "Non JKS/JCEKS";
            } finally {
            }
        } catch (Throwable th5) {
            if (dataInputStream != null) {
                if (th != null) {
                    try {
                        dataInputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    dataInputStream.close();
                }
            }
            throw th5;
        }
    }

    private void doGenCert(String str, String str2, InputStream inputStream, PrintStream printStream) throws Exception {
        if (!this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.does.not.exist")).format(new Object[]{str}));
        }
        Certificate certificate = this.keyStore.getCertificate(str);
        X500Name x500Name = (X500Name) ((X509CertInfo) new X509CertImpl(certificate.getEncoded()).get(X509CertInfo.IDENT)).get("subject.dname");
        Date startDate = getStartDate(this.startDate);
        Date date = new Date();
        date.setTime(startDate.getTime() + (this.validity * 1000 * 24 * 60 * 60));
        CertificateValidity certificateValidity = new CertificateValidity(startDate, date);
        PrivateKey privateKey = (PrivateKey) recoverKey(str, this.storePass, this.keyPass).fst;
        if (str2 == null) {
            str2 = getCompatibleSigAlgName(privateKey.getAlgorithm());
        }
        Signature signature = Signature.getInstance(str2);
        PSSParameterSpec defaultAlgorithmParameterSpec = AlgorithmId.getDefaultAlgorithmParameterSpec(str2, privateKey);
        SignatureUtil.initSignWithParam(signature, privateKey, defaultAlgorithmParameterSpec, null);
        X509CertInfo x509CertInfo = new X509CertInfo();
        AlgorithmId withParameterSpec = AlgorithmId.getWithParameterSpec(str2, defaultAlgorithmParameterSpec);
        x509CertInfo.set("validity", certificateValidity);
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(new Random().nextInt() & Integer.MAX_VALUE));
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(withParameterSpec));
        x509CertInfo.set("issuer", x500Name);
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        boolean z = false;
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            if (readLine.startsWith("-----BEGIN") && readLine.indexOf("REQUEST") >= 0) {
                z = true;
            } else if (readLine.startsWith("-----END") && readLine.indexOf("REQUEST") >= 0) {
                break;
            } else if (z) {
                stringBuffer.append(readLine);
            }
        }
        PKCS10 pkcs10 = new PKCS10(Pem.decode(new String(stringBuffer)));
        checkWeak(rb.getString("the.certificate.request"), pkcs10);
        x509CertInfo.set("key", new CertificateX509Key(pkcs10.getSubjectPublicKeyInfo()));
        x509CertInfo.set("subject", this.dname == null ? pkcs10.getSubjectName() : new X500Name(this.dname));
        CertificateExtensions certificateExtensions = null;
        for (PKCS10Attribute pKCS10Attribute : pkcs10.getAttributes().getAttributes()) {
            if (pKCS10Attribute.getAttributeId().equals((Object) PKCS9Attribute.EXTENSION_REQUEST_OID)) {
                certificateExtensions = (CertificateExtensions) pKCS10Attribute.getAttributeValue();
            }
        }
        x509CertInfo.set("extensions", createV3Extensions(certificateExtensions, null, this.v3ext, pkcs10.getSubjectPublicKeyInfo(), certificate.getPublicKey()));
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(privateKey, defaultAlgorithmParameterSpec, str2, null);
        dumpCert(x509CertImpl, printStream);
        for (Certificate certificate2 : this.keyStore.getCertificateChain(str)) {
            if (certificate2 instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate2;
                if (!KeyStoreUtil.isSelfSigned(x509Certificate)) {
                    dumpCert(x509Certificate, printStream);
                }
            }
        }
        checkWeak(rb.getString("the.issuer"), this.keyStore.getCertificateChain(str));
        checkWeak(rb.getString("the.generated.certificate"), x509CertImpl);
    }

    private void doGenCRL(PrintStream printStream) throws Exception {
        if (this.ids == null) {
            throw new Exception("Must provide -id when -gencrl");
        }
        X500Name x500Name = (X500Name) ((X509CertInfo) new X509CertImpl(this.keyStore.getCertificate(this.alias).getEncoded()).get(X509CertInfo.IDENT)).get("subject.dname");
        Date startDate = getStartDate(this.startDate);
        Date date = (Date) startDate.clone();
        date.setTime(date.getTime() + (this.validity * 1000 * 24 * 60 * 60));
        new CertificateValidity(startDate, date);
        PrivateKey privateKey = (PrivateKey) recoverKey(this.alias, this.storePass, this.keyPass).fst;
        if (this.sigAlgName == null) {
            this.sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
        }
        X509CRLEntry[] x509CRLEntryArr = new X509CRLEntry[this.ids.size()];
        for (int i = 0; i < this.ids.size(); i++) {
            String str = this.ids.get(i);
            int indexOf = str.indexOf(58);
            if (indexOf >= 0) {
                CRLExtensions cRLExtensions = new CRLExtensions();
                cRLExtensions.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(str.substring(indexOf + 1))));
                x509CRLEntryArr[i] = new X509CRLEntryImpl(new BigInteger(str.substring(0, indexOf)), startDate, cRLExtensions);
            } else {
                x509CRLEntryArr[i] = new X509CRLEntryImpl(new BigInteger(this.ids.get(i)), startDate);
            }
        }
        X509CRLImpl x509CRLImpl = new X509CRLImpl(x500Name, startDate, date, x509CRLEntryArr);
        x509CRLImpl.sign(privateKey, this.sigAlgName);
        if (this.rfc) {
            printStream.println("-----BEGIN X509 CRL-----");
            printStream.println(Base64.getMimeEncoder(64, CRLF).encodeToString(x509CRLImpl.getEncodedInternal()));
            printStream.println("-----END X509 CRL-----");
        } else {
            printStream.write(x509CRLImpl.getEncodedInternal());
        }
        checkWeak(rb.getString("the.generated.crl"), x509CRLImpl, privateKey);
    }

    private void doCertReq(String str, String str2, PrintStream printStream) throws Exception {
        if (str == null) {
            str = keyAlias;
        }
        Pair<Key, char[]> recoverKey = recoverKey(str, this.storePass, this.keyPass);
        PrivateKey privateKey = (PrivateKey) recoverKey.fst;
        if (this.keyPass == null) {
            this.keyPass = recoverKey.snd;
        }
        Certificate certificate = this.keyStore.getCertificate(str);
        if (certificate == null) {
            throw new Exception(new MessageFormat(rb.getString("alias.has.no.public.key.certificate.")).format(new Object[]{str}));
        }
        PKCS10 pkcs10 = new PKCS10(certificate.getPublicKey());
        pkcs10.getAttributes().setAttribute("extensions", new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, createV3Extensions(null, null, this.v3ext, certificate.getPublicKey(), null)));
        if (str2 == null) {
            str2 = getCompatibleSigAlgName(privateKey.getAlgorithm());
        }
        Signature signature = Signature.getInstance(str2);
        SignatureUtil.initSignWithParam(signature, privateKey, AlgorithmId.getDefaultAlgorithmParameterSpec(str2, privateKey), null);
        pkcs10.encodeAndSign(this.dname == null ? new X500Name(((X509Certificate) certificate).getSubjectDN().toString()) : new X500Name(this.dname), signature);
        pkcs10.print(printStream);
        checkWeak(rb.getString("the.generated.certificate.request"), pkcs10);
    }

    private void doDeleteEntry(String str) throws Exception {
        if (!this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.does.not.exist")).format(new Object[]{str}));
        }
        this.keyStore.deleteEntry(str);
    }

    private void doExportCert(String str, PrintStream printStream) throws Exception {
        if (this.storePass == null && !KeyStoreUtil.isWindowsKeyStore(this.storetype)) {
            printNoIntegrityWarning();
        }
        if (str == null) {
            str = keyAlias;
        }
        if (!this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.does.not.exist")).format(new Object[]{str}));
        }
        X509Certificate x509Certificate = (X509Certificate) this.keyStore.getCertificate(str);
        if (x509Certificate == null) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.has.no.certificate")).format(new Object[]{str}));
        }
        dumpCert(x509Certificate, printStream);
        checkWeak(rb.getString("the.certificate"), x509Certificate);
    }

    private char[] promptForKeyPass(String str, String str2, char[] cArr) throws Exception {
        if (P12KEYSTORE.equalsIgnoreCase(this.storetype)) {
            return cArr;
        }
        if (this.token || this.protectedPath) {
            return null;
        }
        int i = 0;
        while (i < 3) {
            System.err.println(new MessageFormat(rb.getString("Enter.key.password.for.alias.")).format(new Object[]{str}));
            if (str2 == null) {
                System.err.print(rb.getString(".RETURN.if.same.as.keystore.password."));
            } else {
                System.err.print(new MessageFormat(rb.getString(".RETURN.if.same.as.for.otherAlias.")).format(new Object[]{str2}));
            }
            System.err.flush();
            char[] readPassword = Password.readPassword(System.in);
            this.passwords.add(readPassword);
            if (readPassword == null) {
                return cArr;
            }
            if (readPassword.length >= 6) {
                System.err.print(rb.getString("Re.enter.new.password."));
                char[] readPassword2 = Password.readPassword(System.in);
                this.passwords.add(readPassword2);
                if (Arrays.equals(readPassword, readPassword2)) {
                    return readPassword;
                }
                System.err.println(rb.getString("They.don.t.match.Try.again"));
            } else {
                System.err.println(rb.getString("Key.password.is.too.short.must.be.at.least.6.characters"));
            }
            i++;
        }
        if (i != 3) {
            return null;
        }
        if (this.command == Command.KEYCLONE) {
            throw new Exception(rb.getString("Too.many.failures.Key.entry.not.cloned"));
        }
        throw new Exception(rb.getString("Too.many.failures.key.not.added.to.keystore"));
    }

    private char[] promptForCredential() throws Exception {
        if (System.console() == null) {
            char[] readPassword = Password.readPassword(System.in);
            this.passwords.add(readPassword);
            return readPassword;
        }
        int i = 0;
        while (i < 3) {
            System.err.print(rb.getString("Enter.the.password.to.be.stored."));
            System.err.flush();
            char[] readPassword2 = Password.readPassword(System.in);
            this.passwords.add(readPassword2);
            System.err.print(rb.getString("Re.enter.password."));
            char[] readPassword3 = Password.readPassword(System.in);
            this.passwords.add(readPassword3);
            if (Arrays.equals(readPassword2, readPassword3)) {
                return readPassword2;
            }
            System.err.println(rb.getString("They.don.t.match.Try.again"));
            i++;
        }
        if (i == 3) {
            throw new Exception(rb.getString("Too.many.failures.key.not.added.to.keystore"));
        }
        return null;
    }

    private void doGenSecretKey(String str, String str2, int i) throws Exception {
        SecretKey generateKey;
        if (str == null) {
            str = keyAlias;
        }
        if (this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Secret.key.not.generated.alias.alias.already.exists")).format(new Object[]{str}));
        }
        boolean z = true;
        if (str2.toUpperCase(Locale.ENGLISH).startsWith("PBE")) {
            generateKey = SecretKeyFactory.getInstance("PBE").generateSecret(new PBEKeySpec(promptForCredential()));
            if (!"PBE".equalsIgnoreCase(str2)) {
                z = false;
            }
            if (this.verbose) {
                MessageFormat messageFormat = new MessageFormat(rb.getString("Generated.keyAlgName.secret.key"));
                Object[] objArr = new Object[1];
                objArr[0] = z ? "PBE" : generateKey.getAlgorithm();
                System.err.println(messageFormat.format(objArr));
            }
        } else {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str2);
            if (i == -1) {
                if ("DES".equalsIgnoreCase(str2)) {
                    i = 56;
                } else {
                    if (!"DESede".equalsIgnoreCase(str2)) {
                        throw new Exception(rb.getString("Please.provide.keysize.for.secret.key.generation"));
                    }
                    i = 168;
                }
            }
            keyGenerator.init(i);
            generateKey = keyGenerator.generateKey();
            if (this.verbose) {
                System.err.println(new MessageFormat(rb.getString("Generated.keysize.bit.keyAlgName.secret.key")).format(new Object[]{new Integer(i), generateKey.getAlgorithm()}));
            }
        }
        if (this.keyPass == null) {
            this.keyPass = promptForKeyPass(str, null, this.storePass);
        }
        if (z) {
            this.keyStore.setKeyEntry(str, generateKey, this.keyPass, null);
        } else {
            this.keyStore.setEntry(str, new KeyStore.SecretKeyEntry(generateKey), new KeyStore.PasswordProtection(this.keyPass, str2, null));
        }
    }

    private static String getCompatibleSigAlgName(String str) throws Exception {
        if ("DSA".equalsIgnoreCase(str)) {
            return "SHA256WithDSA";
        }
        if ("RSA".equalsIgnoreCase(str)) {
            return "SHA256WithRSA";
        }
        if ("EC".equalsIgnoreCase(str)) {
            return "SHA256withECDSA";
        }
        throw new Exception(rb.getString("Cannot.derive.signature.algorithm"));
    }

    private void doGenKeyPair(String str, String str2, String str3, int i, String str4) throws Exception {
        if (i == -1) {
            if ("EC".equalsIgnoreCase(str3)) {
                i = SecurityProviderConstants.DEF_EC_KEY_SIZE;
            } else if ("RSA".equalsIgnoreCase(str3)) {
                i = SecurityProviderConstants.DEF_RSA_KEY_SIZE;
            } else if ("RSASSA-PSS".equalsIgnoreCase(str3)) {
                i = SecurityProviderConstants.DEF_RSASSA_PSS_KEY_SIZE;
            } else if ("DSA".equalsIgnoreCase(str3)) {
                i = SecurityProviderConstants.DEF_DSA_KEY_SIZE;
            }
        }
        if (str == null) {
            str = keyAlias;
        }
        if (this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Key.pair.not.generated.alias.alias.already.exists")).format(new Object[]{str}));
        }
        if (str4 == null) {
            str4 = getCompatibleSigAlgName(str3);
        }
        CertAndKeyGen certAndKeyGen = new CertAndKeyGen(str3, str4, this.providerName);
        X500Name x500Name = str2 == null ? getX500Name() : new X500Name(str2);
        certAndKeyGen.generate(i);
        PrivateKey privateKey = certAndKeyGen.getPrivateKey();
        X509Certificate[] x509CertificateArr = {certAndKeyGen.getSelfCertificate(x500Name, getStartDate(this.startDate), this.validity * 24 * 60 * 60, createV3Extensions(null, null, this.v3ext, certAndKeyGen.getPublicKeyAnyway(), null))};
        if (this.verbose) {
            System.err.println(new MessageFormat(rb.getString("Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for")).format(new Object[]{new Integer(i), privateKey.getAlgorithm(), x509CertificateArr[0].getSigAlgName(), new Long(this.validity), x500Name}));
        }
        if (this.keyPass == null) {
            this.keyPass = promptForKeyPass(str, null, this.storePass);
        }
        checkWeak(rb.getString("the.generated.certificate"), x509CertificateArr[0]);
        this.keyStore.setKeyEntry(str, privateKey, this.keyPass, x509CertificateArr);
    }

    private void doCloneEntry(String str, String str2, boolean z) throws Exception {
        if (str == null) {
            str = keyAlias;
        }
        if (this.keyStore.containsAlias(str2)) {
            throw new Exception(new MessageFormat(rb.getString("Destination.alias.dest.already.exists")).format(new Object[]{str2}));
        }
        Pair<KeyStore.Entry, char[]> recoverEntry = recoverEntry(this.keyStore, str, this.storePass, this.keyPass);
        KeyStore.Entry entry = recoverEntry.fst;
        this.keyPass = recoverEntry.snd;
        KeyStore.PasswordProtection passwordProtection = null;
        if (this.keyPass != null) {
            if (!z || P12KEYSTORE.equalsIgnoreCase(this.storetype)) {
                this.keyPassNew = this.keyPass;
            } else if (this.keyPassNew == null) {
                this.keyPassNew = promptForKeyPass(str2, str, this.keyPass);
            }
            passwordProtection = new KeyStore.PasswordProtection(this.keyPassNew);
        }
        this.keyStore.setEntry(str2, entry, passwordProtection);
    }

    private void doChangeKeyPasswd(String str) throws Exception {
        if (str == null) {
            str = keyAlias;
        }
        Pair<Key, char[]> recoverKey = recoverKey(str, this.storePass, this.keyPass);
        Key key = recoverKey.fst;
        if (this.keyPass == null) {
            this.keyPass = recoverKey.snd;
        }
        if (this.keyPassNew == null) {
            this.keyPassNew = getNewPasswd(new MessageFormat(rb.getString("key.password.for.alias.")).format(new Object[]{str}), this.keyPass);
        }
        this.keyStore.setKeyEntry(str, key, this.keyPassNew, this.keyStore.getCertificateChain(str));
    }

    private void doImportIdentityDatabase(InputStream inputStream) throws Exception {
        System.err.println(rb.getString("No.entries.from.identity.database.added"));
    }

    private void doPrintEntry(String str, String str2, PrintStream printStream) throws Exception {
        if (!this.keyStore.containsAlias(str2)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.does.not.exist")).format(new Object[]{str2}));
        }
        if (this.verbose || this.rfc || this.debug) {
            printStream.println(new MessageFormat(rb.getString("Alias.name.alias")).format(new Object[]{str2}));
            if (!this.token) {
                printStream.println(new MessageFormat(rb.getString("Creation.date.keyStore.getCreationDate.alias.")).format(new Object[]{this.keyStore.getCreationDate(str2)}));
            }
        } else if (this.token) {
            printStream.print(new MessageFormat(rb.getString("alias.")).format(new Object[]{str2}));
        } else {
            printStream.print(new MessageFormat(rb.getString("alias.keyStore.getCreationDate.alias.")).format(new Object[]{str2, this.keyStore.getCreationDate(str2)}));
        }
        if (this.keyStore.entryInstanceOf(str2, KeyStore.SecretKeyEntry.class)) {
            if (this.verbose || this.rfc || this.debug) {
                printStream.println(new MessageFormat(rb.getString("Entry.type.type.")).format(new Object[]{"SecretKeyEntry"}));
                return;
            } else {
                printStream.println("SecretKeyEntry, ");
                return;
            }
        }
        if (!this.keyStore.entryInstanceOf(str2, KeyStore.PrivateKeyEntry.class)) {
            if (!this.keyStore.entryInstanceOf(str2, KeyStore.TrustedCertificateEntry.class)) {
                printStream.println(rb.getString("Unknown.Entry.Type"));
                return;
            }
            Certificate certificate = this.keyStore.getCertificate(str2);
            String str3 = new MessageFormat(rb.getString("Entry.type.type.")).format(new Object[]{"trustedCertEntry"}) + "\n";
            if (this.verbose && (certificate instanceof X509Certificate)) {
                printStream.println(str3);
                printX509Cert((X509Certificate) certificate, printStream);
            } else if (this.rfc) {
                printStream.println(str3);
                dumpCert(certificate, printStream);
            } else if (this.debug) {
                printStream.println(certificate.toString());
            } else {
                printStream.println("trustedCertEntry, ");
                printStream.println(rb.getString("Certificate.fingerprint.SHA1.") + getCertFingerPrint("SHA1", certificate));
            }
            checkWeak(str, certificate);
            return;
        }
        if (this.verbose || this.rfc || this.debug) {
            printStream.println(new MessageFormat(rb.getString("Entry.type.type.")).format(new Object[]{"PrivateKeyEntry"}));
        } else {
            printStream.println("PrivateKeyEntry, ");
        }
        Certificate[] certificateChain = this.keyStore.getCertificateChain(str2);
        if (certificateChain != null) {
            if (!this.verbose && !this.rfc && !this.debug) {
                printStream.println(rb.getString("Certificate.fingerprint.SHA1.") + getCertFingerPrint("SHA1", certificateChain[0]));
                checkWeak(str, certificateChain[0]);
                return;
            }
            printStream.println(rb.getString("Certificate.chain.length.") + certificateChain.length);
            for (int i = 0; i < certificateChain.length; i++) {
                printStream.println(new MessageFormat(rb.getString("Certificate.i.1.")).format(new Object[]{new Integer(i + 1)}));
                if (this.verbose && (certificateChain[i] instanceof X509Certificate)) {
                    printX509Cert((X509Certificate) certificateChain[i], printStream);
                } else if (this.debug) {
                    printStream.println(certificateChain[i].toString());
                } else {
                    dumpCert(certificateChain[i], printStream);
                }
                checkWeak(str, certificateChain[i]);
            }
        }
    }

    boolean inplaceImportCheck() throws Exception {
        if (P11KEYSTORE.equalsIgnoreCase(this.srcstoretype) || KeyStoreUtil.isWindowsKeyStore(this.srcstoretype)) {
            return false;
        }
        if (this.srcksfname == null) {
            throw new Exception(rb.getString("Please.specify.srckeystore"));
        }
        File file = new File(this.srcksfname);
        if (file.exists() && file.length() == 0) {
            throw new Exception(rb.getString("Source.keystore.file.exists.but.is.empty.") + this.srcksfname);
        }
        if (file.getCanonicalFile().equals(new File(this.ksfname).getCanonicalFile())) {
            return true;
        }
        System.err.println(String.format(rb.getString("importing.keystore.status"), this.srcksfname, this.ksfname));
        return false;
    }

    KeyStore loadSourceKeyStore() throws Exception {
        FileInputStream fileInputStream = null;
        if (!P11KEYSTORE.equalsIgnoreCase(this.srcstoretype) && !KeyStoreUtil.isWindowsKeyStore(this.srcstoretype)) {
            fileInputStream = new FileInputStream(new File(this.srcksfname));
        } else if (!NONE.equals(this.srcksfname)) {
            System.err.println(MessageFormat.format(rb.getString(".keystore.must.be.NONE.if.storetype.is.{0}"), this.srcstoretype));
            System.err.println();
            tinyHelp();
        }
        try {
            if (this.srcstoretype == null) {
                this.srcstoretype = KeyStore.getDefaultType();
            }
            KeyStore keyStore = this.srcProviderName == null ? KeyStore.getInstance(this.srcstoretype) : KeyStore.getInstance(this.srcstoretype, this.srcProviderName);
            if (this.srcstorePass == null && !this.srcprotectedPath && !KeyStoreUtil.isWindowsKeyStore(this.srcstoretype)) {
                System.err.print(rb.getString("Enter.source.keystore.password."));
                System.err.flush();
                this.srcstorePass = Password.readPassword(System.in);
                this.passwords.add(this.srcstorePass);
            }
            if (P12KEYSTORE.equalsIgnoreCase(this.srcstoretype) && this.srckeyPass != null && this.srcstorePass != null && !Arrays.equals(this.srcstorePass, this.srckeyPass)) {
                System.err.println(new MessageFormat(rb.getString("Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.")).format(new Object[]{"-srckeypass"}));
                this.srckeyPass = this.srcstorePass;
            }
            keyStore.load(fileInputStream, this.srcstorePass);
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            if (this.srcstorePass == null && !KeyStoreUtil.isWindowsKeyStore(this.srcstoretype)) {
                System.err.println();
                System.err.println(rb.getString(".WARNING.WARNING.WARNING."));
                System.err.println(rb.getString(".The.integrity.of.the.information.stored.in.the.srckeystore."));
                System.err.println(rb.getString(".WARNING.WARNING.WARNING."));
                System.err.println();
            }
            return keyStore;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private void doImportKeyStore(KeyStore keyStore) throws Exception {
        if (this.alias != null) {
            doImportKeyStoreSingle(keyStore, this.alias);
        } else {
            if (this.dest != null || this.srckeyPass != null) {
                throw new Exception(rb.getString("if.alias.not.specified.destalias.and.srckeypass.must.not.be.specified"));
            }
            doImportKeyStoreAll(keyStore);
        }
        if (!this.inplaceImport) {
            return;
        }
        int i = 1;
        while (true) {
            this.inplaceBackupName = this.srcksfname + ".old" + (i == 1 ? "" : Integer.valueOf(i));
            File file = new File(this.inplaceBackupName);
            if (!file.exists()) {
                Files.copy(Paths.get(this.srcksfname, new String[0]), file.toPath(), new CopyOption[0]);
                return;
            }
            i++;
        }
    }

    private int doImportKeyStoreSingle(KeyStore keyStore, String str) throws Exception {
        String str2 = this.dest == null ? str : this.dest;
        if (this.keyStore.containsAlias(str2)) {
            Object[] objArr = {str};
            if (this.noprompt) {
                System.err.println(new MessageFormat(rb.getString("Warning.Overwriting.existing.alias.alias.in.destination.keystore")).format(objArr));
            } else if ("NO".equals(getYesNoReply(new MessageFormat(rb.getString("Existing.entry.alias.alias.exists.overwrite.no.")).format(objArr)))) {
                str2 = inputStringFromStdin(rb.getString("Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry."));
                if ("".equals(str2)) {
                    System.err.println(new MessageFormat(rb.getString("Entry.for.alias.alias.not.imported.")).format(objArr));
                    return 0;
                }
            }
        }
        Pair<KeyStore.Entry, char[]> recoverEntry = recoverEntry(keyStore, str, this.srcstorePass, this.srckeyPass);
        KeyStore.Entry entry = recoverEntry.fst;
        KeyStore.PasswordProtection passwordProtection = null;
        char[] cArr = null;
        if (this.destKeyPass != null) {
            cArr = this.destKeyPass;
            passwordProtection = new KeyStore.PasswordProtection(this.destKeyPass);
        } else if (recoverEntry.snd != null) {
            cArr = recoverEntry.snd;
            passwordProtection = new KeyStore.PasswordProtection(recoverEntry.snd);
        }
        try {
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate != null) {
                checkWeak("<" + str2 + ">", certificate);
            }
            this.keyStore.setEntry(str2, entry, passwordProtection);
            if (!P12KEYSTORE.equalsIgnoreCase(this.storetype) || cArr == null || Arrays.equals(cArr, this.storePass)) {
                return 1;
            }
            throw new Exception(rb.getString("The.destination.pkcs12.keystore.has.different.storepass.and.keypass.Please.retry.with.destkeypass.specified."));
        } catch (KeyStoreException e) {
            System.err.println(new MessageFormat(rb.getString("Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.")).format(new Object[]{str, e.toString()}));
            return 2;
        }
    }

    private void doImportKeyStoreAll(KeyStore keyStore) throws Exception {
        int i = 0;
        int size = keyStore.size();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement2 = aliases.nextElement2();
            int doImportKeyStoreSingle = doImportKeyStoreSingle(keyStore, nextElement2);
            if (doImportKeyStoreSingle != 1) {
                if (doImportKeyStoreSingle == 2 && !this.noprompt && "YES".equals(getYesNoReply("Do you want to quit the import process? [no]:  "))) {
                    break;
                }
            } else {
                i++;
                System.err.println(new MessageFormat(rb.getString("Entry.for.alias.alias.successfully.imported.")).format(new Object[]{nextElement2}));
            }
        }
        System.err.println(new MessageFormat(rb.getString("Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled")).format(new Object[]{Integer.valueOf(i), Integer.valueOf(size - i)}));
    }

    private void doPrintEntries(PrintStream printStream) throws Exception {
        String type = this.keyStore.getType();
        if ("JKS".equalsIgnoreCase(type) && this.ksfile != null && this.ksfile.exists() && !"JKS".equalsIgnoreCase(keyStoreType(this.ksfile))) {
            type = P12KEYSTORE;
        }
        printStream.println(rb.getString("Keystore.type.") + type);
        printStream.println(rb.getString("Keystore.provider.") + this.keyStore.getProvider().getName());
        printStream.println();
        printStream.println((this.keyStore.size() == 1 ? new MessageFormat(rb.getString("Your.keystore.contains.keyStore.size.entry")) : new MessageFormat(rb.getString("Your.keystore.contains.keyStore.size.entries"))).format(new Object[]{new Integer(this.keyStore.size())}));
        printStream.println();
        ArrayList<String> list = Collections.list(this.keyStore.aliases());
        list.sort((v0, v1) -> {
            return v0.compareTo(v1);
        });
        for (String str : list) {
            doPrintEntry("<" + str + ">", str, printStream);
            if (this.verbose || this.rfc) {
                printStream.println(rb.getString("NEWLINE"));
                printStream.println(rb.getString("STAR"));
                printStream.println(rb.getString("STARNN"));
            }
        }
    }

    private static <T> Iterable<T> e2i(final Enumeration<T> enumeration) {
        return new Iterable<T>() { // from class: sun.security.tools.keytool.Main.1
            @Override // java.lang.Iterable, java.util.Set
            public Iterator<T> iterator() {
                return new Iterator<T>() { // from class: sun.security.tools.keytool.Main.1.1
                    @Override // java.util.Iterator
                    public boolean hasNext() {
                        return Enumeration.this.hasMoreElements();
                    }

                    @Override // java.util.Iterator
                    public T next() {
                        return (T) Enumeration.this.nextElement2();
                    }

                    @Override // java.util.Iterator
                    public void remove() {
                        throw new UnsupportedOperationException("Not supported yet.");
                    }
                };
            }
        };
    }

    /* JADX WARN: Finally extract failed */
    public static Collection<? extends CRL> loadCRLs(String str) throws Exception {
        InputStream inputStream = null;
        URI uri = null;
        if (str == null) {
            inputStream = System.in;
        } else {
            try {
                uri = new URI(str);
                if (!uri.getScheme().equals("ldap")) {
                    inputStream = uri.toURL().openStream();
                }
            } catch (Exception e) {
                try {
                    inputStream = new FileInputStream(str);
                } catch (Exception e2) {
                    if (uri == null || uri.getScheme() == null) {
                        throw e2;
                    }
                    throw e;
                }
            }
        }
        if (inputStream == null) {
            CertStoreHelper certStoreHelper = CertStoreHelper.getInstance("LDAP");
            String path = uri.getPath();
            if (path.charAt(0) == '/') {
                path = path.substring(1);
            }
            return certStoreHelper.getCertStore(uri).getCRLs(certStoreHelper.wrap(new X509CRLSelector(), (Collection<X500Principal>) null, path));
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[4096];
            while (true) {
                int read = inputStream.read(bArr);
                if (read < 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            Collection<? extends CRL> generateCRLs = CertificateFactory.getInstance("X509").generateCRLs(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
            if (inputStream != System.in) {
                inputStream.close();
            }
            return generateCRLs;
        } catch (Throwable th) {
            if (inputStream != System.in) {
                inputStream.close();
            }
            throw th;
        }
    }

    public static List<CRL> readCRLsFromCert(X509Certificate x509Certificate) throws Exception {
        ArrayList arrayList = new ArrayList();
        CRLDistributionPointsExtension cRLDistributionPointsExtension = X509CertImpl.toImpl(x509Certificate).getCRLDistributionPointsExtension();
        if (cRLDistributionPointsExtension == null) {
            return arrayList;
        }
        Iterator<DistributionPoint> it = cRLDistributionPointsExtension.get(CRLDistributionPointsExtension.POINTS).iterator();
        while (it.hasNext()) {
            GeneralNames fullName = it.next().getFullName();
            if (fullName != null) {
                Iterator<GeneralName> it2 = fullName.names().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        GeneralName next = it2.next();
                        if (next.getType() == 6) {
                            for (CRL crl : loadCRLs(((URIName) next.getName()).getName())) {
                                if (crl instanceof X509CRL) {
                                    arrayList.add((X509CRL) crl);
                                }
                            }
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    private static String verifyCRL(KeyStore keyStore, CRL crl) throws Exception {
        X500Principal issuerX500Principal = ((X509CRLImpl) crl).getIssuerX500Principal();
        for (String str : e2i(keyStore.aliases())) {
            Certificate certificate = keyStore.getCertificate(str);
            if ((certificate instanceof X509Certificate) && ((X509Certificate) certificate).getSubjectX500Principal().equals(issuerX500Principal)) {
                try {
                    ((X509CRLImpl) crl).verify(certificate.getPublicKey());
                    return str;
                } catch (Exception e) {
                }
            }
        }
        return null;
    }

    private void doPrintCRL(String str, PrintStream printStream) throws Exception {
        for (CRL crl : loadCRLs(str)) {
            printCRL(crl, printStream);
            String str2 = null;
            Certificate certificate = null;
            if (this.caks != null) {
                str2 = verifyCRL(this.caks, crl);
                if (str2 != null) {
                    certificate = this.caks.getCertificate(str2);
                    printStream.printf(rb.getString("verified.by.s.in.s.weak"), str2, "cacerts", withWeak(certificate.getPublicKey()));
                    printStream.println();
                }
            }
            if (str2 == null && this.keyStore != null) {
                str2 = verifyCRL(this.keyStore, crl);
                if (str2 != null) {
                    certificate = this.keyStore.getCertificate(str2);
                    printStream.printf(rb.getString("verified.by.s.in.s.weak"), str2, "keystore", withWeak(certificate.getPublicKey()));
                    printStream.println();
                }
            }
            if (str2 == null) {
                printStream.println(rb.getString("STAR"));
                printStream.println(rb.getString("warning.not.verified.make.sure.keystore.is.correct"));
                printStream.println(rb.getString("STARNN"));
            }
            checkWeak(rb.getString("the.crl"), crl, certificate == null ? null : certificate.getPublicKey());
        }
    }

    private void printCRL(CRL crl, PrintStream printStream) throws Exception {
        String crl2;
        X509CRL x509crl = (X509CRL) crl;
        if (this.rfc) {
            printStream.println("-----BEGIN X509 CRL-----");
            printStream.println(Base64.getMimeEncoder(64, CRLF).encodeToString(x509crl.getEncoded()));
            printStream.println("-----END X509 CRL-----");
        } else {
            if (crl instanceof X509CRLImpl) {
                X509CRLImpl x509CRLImpl = (X509CRLImpl) crl;
                crl2 = x509CRLImpl.toStringWithAlgName(withWeak("" + ((Object) x509CRLImpl.getSigAlgId())));
            } else {
                crl2 = crl.toString();
            }
            printStream.println(crl2);
        }
    }

    private void doPrintCertReq(InputStream inputStream, PrintStream printStream) throws Exception {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        StringBuffer stringBuffer = new StringBuffer();
        boolean z = false;
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            if (z) {
                if (readLine.startsWith("-----")) {
                    break;
                } else {
                    stringBuffer.append(readLine);
                }
            } else if (readLine.startsWith("-----")) {
                z = true;
            }
        }
        PKCS10 pkcs10 = new PKCS10(Pem.decode(new String(stringBuffer)));
        PublicKey subjectPublicKeyInfo = pkcs10.getSubjectPublicKeyInfo();
        printStream.printf(rb.getString("PKCS.10.with.weak"), pkcs10.getSubjectName(), subjectPublicKeyInfo.getFormat(), withWeak(subjectPublicKeyInfo), withWeak(pkcs10.getSigAlg()));
        for (PKCS10Attribute pKCS10Attribute : pkcs10.getAttributes().getAttributes()) {
            if (pKCS10Attribute.getAttributeId().equals((Object) PKCS9Attribute.EXTENSION_REQUEST_OID)) {
                CertificateExtensions certificateExtensions = (CertificateExtensions) pKCS10Attribute.getAttributeValue();
                if (certificateExtensions != null) {
                    printExtensions(rb.getString("Extension.Request."), certificateExtensions, printStream);
                }
            } else {
                printStream.println("Attribute: " + ((Object) pKCS10Attribute.getAttributeId()));
                printStream.print(new PKCS9Attribute(pKCS10Attribute.getAttributeId(), pKCS10Attribute.getAttributeValue()).getName() + ": ");
                Object attributeValue = pKCS10Attribute.getAttributeValue();
                printStream.println(attributeValue instanceof String[] ? Arrays.toString((String[]) attributeValue) : attributeValue);
            }
        }
        if (this.debug) {
            printStream.println(pkcs10);
        }
        checkWeak(rb.getString("the.certificate.request"), pkcs10);
    }

    private void printCertFromStream(InputStream inputStream, PrintStream printStream) throws Exception {
        try {
            Collection<? extends Certificate> generateCertificates = this.cf.generateCertificates(inputStream);
            if (generateCertificates.isEmpty()) {
                throw new Exception(rb.getString("Empty.input"));
            }
            Certificate[] certificateArr = (Certificate[]) generateCertificates.toArray(new Certificate[generateCertificates.size()]);
            for (int i = 0; i < certificateArr.length; i++) {
                try {
                    X509Certificate x509Certificate = (X509Certificate) certificateArr[i];
                    if (certificateArr.length > 1) {
                        printStream.println(new MessageFormat(rb.getString("Certificate.i.1.")).format(new Object[]{new Integer(i + 1)}));
                    }
                    if (this.rfc) {
                        dumpCert(x509Certificate, printStream);
                    } else {
                        printX509Cert(x509Certificate, printStream);
                    }
                    if (i < certificateArr.length - 1) {
                        printStream.println();
                    }
                    checkWeak(oneInMany(rb.getString("the.certificate"), i, certificateArr.length), x509Certificate);
                } catch (ClassCastException e) {
                    throw new Exception(rb.getString("Not.X.509.certificate"));
                }
            }
        } catch (CertificateException e2) {
            throw new Exception(rb.getString("Failed.to.parse.input"), e2);
        }
    }

    private static String oneInMany(String str, int i, int i2) {
        return i2 == 1 ? str : String.format(rb.getString("one.in.many"), str, Integer.valueOf(i + 1), Integer.valueOf(i2));
    }

    private void doPrintCert(PrintStream printStream) throws Exception {
        if (this.jarfile == null) {
            if (this.sslserver != null) {
                try {
                    Collection<? extends Certificate> certificates = CertStoreHelper.getInstance("SSLServer").getCertStore(new URI("https://" + this.sslserver)).getCertificates(null);
                    if (certificates.isEmpty()) {
                        throw new Exception(rb.getString("No.certificate.from.the.SSL.server"));
                    }
                    int i = 0;
                    for (Certificate certificate : certificates) {
                        try {
                            if (this.rfc) {
                                dumpCert(certificate, printStream);
                            } else {
                                printStream.println("Certificate #" + i);
                                printStream.println("====================================");
                                printX509Cert((X509Certificate) certificate, printStream);
                                printStream.println();
                            }
                            int i2 = i;
                            i++;
                            checkWeak(oneInMany(rb.getString("the.certificate"), i2, certificates.size()), certificate);
                        } catch (Exception e) {
                            if (this.debug) {
                                e.printStackTrace();
                            }
                        }
                    }
                    return;
                } catch (CertStoreException e2) {
                    if (!(e2.getCause() instanceof IOException)) {
                        throw e2;
                    }
                    throw new Exception(rb.getString("No.certificate.from.the.SSL.server"), e2.getCause());
                }
            }
            if (this.filename == null) {
                printCertFromStream(System.in, printStream);
                return;
            }
            InputStream fileInputStream = new FileInputStream(this.filename);
            Throwable th = null;
            try {
                try {
                    printCertFromStream(fileInputStream, printStream);
                    if (fileInputStream != null) {
                        if (0 == 0) {
                            fileInputStream.close();
                            return;
                        }
                        try {
                            fileInputStream.close();
                            return;
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                            return;
                        }
                    }
                    return;
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th4;
            }
        }
        JarFile jarFile = new JarFile(this.jarfile, true);
        Enumeration<JarEntry> entries = jarFile.entries();
        HashSet hashSet = new HashSet();
        byte[] bArr = new byte[8192];
        int i3 = 0;
        while (entries.hasMoreElements()) {
            JarEntry nextElement2 = entries.nextElement2();
            InputStream inputStream = jarFile.getInputStream(nextElement2);
            Throwable th6 = null;
            do {
                try {
                    try {
                    } catch (Throwable th7) {
                        th6 = th7;
                        throw th7;
                    }
                } catch (Throwable th8) {
                    if (inputStream != null) {
                        if (th6 != null) {
                            try {
                                inputStream.close();
                            } catch (Throwable th9) {
                                th6.addSuppressed(th9);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    throw th8;
                }
            } while (inputStream.read(bArr) != -1);
            if (inputStream != null) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (Throwable th10) {
                        th6.addSuppressed(th10);
                    }
                } else {
                    inputStream.close();
                }
            }
            CodeSigner[] codeSigners = nextElement2.getCodeSigners();
            if (codeSigners != null) {
                for (CodeSigner codeSigner : codeSigners) {
                    if (!hashSet.contains(codeSigner)) {
                        hashSet.add(codeSigner);
                        i3++;
                        printStream.printf(rb.getString("Signer.d."), Integer.valueOf(i3));
                        printStream.println();
                        printStream.println();
                        printStream.println(rb.getString("Signature."));
                        printStream.println();
                        List<? extends Certificate> certificates2 = codeSigner.getSignerCertPath().getCertificates();
                        int i4 = 0;
                        Iterator<? extends Certificate> it = certificates2.iterator();
                        while (it.hasNext()) {
                            X509Certificate x509Certificate = (X509Certificate) it.next();
                            if (this.rfc) {
                                printStream.println(rb.getString("Certificate.owner.") + ((Object) x509Certificate.getSubjectDN()) + "\n");
                                dumpCert(x509Certificate, printStream);
                            } else {
                                printX509Cert(x509Certificate, printStream);
                            }
                            printStream.println();
                            int i5 = i4;
                            i4++;
                            checkWeak(oneInMany(rb.getString("the.certificate"), i5, certificates2.size()), x509Certificate);
                        }
                        Timestamp timestamp = codeSigner.getTimestamp();
                        if (timestamp != null) {
                            printStream.println(rb.getString("Timestamp."));
                            printStream.println();
                            List<? extends Certificate> certificates3 = timestamp.getSignerCertPath().getCertificates();
                            int i6 = 0;
                            Iterator<? extends Certificate> it2 = certificates3.iterator();
                            while (it2.hasNext()) {
                                X509Certificate x509Certificate2 = (X509Certificate) it2.next();
                                if (this.rfc) {
                                    printStream.println(rb.getString("Certificate.owner.") + ((Object) x509Certificate2.getSubjectDN()) + "\n");
                                    dumpCert(x509Certificate2, printStream);
                                } else {
                                    printX509Cert(x509Certificate2, printStream);
                                }
                                printStream.println();
                                int i7 = i6;
                                i6++;
                                checkWeak(oneInMany(rb.getString("the.tsa.certificate"), i7, certificates3.size()), x509Certificate2);
                            }
                        }
                    }
                }
            }
        }
        jarFile.close();
        if (hashSet.isEmpty()) {
            printStream.println(rb.getString("Not.a.signed.jar.file"));
        }
    }

    private void doSelfCert(String str, String str2, String str3) throws Exception {
        X500Name x500Name;
        if (str == null) {
            str = keyAlias;
        }
        Pair<Key, char[]> recoverKey = recoverKey(str, this.storePass, this.keyPass);
        PrivateKey privateKey = (PrivateKey) recoverKey.fst;
        if (this.keyPass == null) {
            this.keyPass = recoverKey.snd;
        }
        if (str3 == null) {
            str3 = getCompatibleSigAlgName(privateKey.getAlgorithm());
        }
        Certificate certificate = this.keyStore.getCertificate(str);
        if (certificate == null) {
            throw new Exception(new MessageFormat(rb.getString("alias.has.no.public.key")).format(new Object[]{str}));
        }
        if (!(certificate instanceof X509Certificate)) {
            throw new Exception(new MessageFormat(rb.getString("alias.has.no.X.509.certificate")).format(new Object[]{str}));
        }
        X509CertInfo x509CertInfo = (X509CertInfo) new X509CertImpl(certificate.getEncoded()).get(X509CertInfo.IDENT);
        Date startDate = getStartDate(this.startDate);
        Date date = new Date();
        date.setTime(startDate.getTime() + (this.validity * 1000 * 24 * 60 * 60));
        x509CertInfo.set("validity", new CertificateValidity(startDate, date));
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(new Random().nextInt() & Integer.MAX_VALUE));
        if (str2 == null) {
            x500Name = (X500Name) x509CertInfo.get("subject.dname");
        } else {
            x500Name = new X500Name(str2);
            x509CertInfo.set("subject.dname", x500Name);
        }
        x509CertInfo.set("issuer.dname", x500Name);
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        PSSParameterSpec defaultAlgorithmParameterSpec = AlgorithmId.getDefaultAlgorithmParameterSpec(str3, privateKey);
        x509CertImpl.sign(privateKey, defaultAlgorithmParameterSpec, str3, null);
        x509CertInfo.set("algorithmID.algorithm", (AlgorithmId) x509CertImpl.get(X509CertImpl.SIG_ALG));
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set("extensions", createV3Extensions(null, (CertificateExtensions) x509CertInfo.get("extensions"), this.v3ext, certificate.getPublicKey(), null));
        X509CertImpl x509CertImpl2 = new X509CertImpl(x509CertInfo);
        x509CertImpl2.sign(privateKey, defaultAlgorithmParameterSpec, str3, null);
        this.keyStore.setKeyEntry(str, privateKey, this.keyPass != null ? this.keyPass : this.storePass, new Certificate[]{x509CertImpl2});
        if (this.verbose) {
            System.err.println(rb.getString("New.certificate.self.signed."));
            System.err.print(x509CertImpl2.toString());
            System.err.println();
        }
    }

    private boolean installReply(String str, InputStream inputStream) throws Exception {
        if (str == null) {
            str = keyAlias;
        }
        Pair<Key, char[]> recoverKey = recoverKey(str, this.storePass, this.keyPass);
        PrivateKey privateKey = (PrivateKey) recoverKey.fst;
        if (this.keyPass == null) {
            this.keyPass = recoverKey.snd;
        }
        Certificate certificate = this.keyStore.getCertificate(str);
        if (certificate == null) {
            throw new Exception(new MessageFormat(rb.getString("alias.has.no.public.key.certificate.")).format(new Object[]{str}));
        }
        Collection<? extends Certificate> generateCertificates = this.cf.generateCertificates(inputStream);
        if (generateCertificates.isEmpty()) {
            throw new Exception(rb.getString("Reply.has.no.certificates"));
        }
        Certificate[] certificateArr = (Certificate[]) generateCertificates.toArray(new Certificate[generateCertificates.size()]);
        Certificate[] establishCertChain = certificateArr.length == 1 ? establishCertChain(certificate, certificateArr[0]) : validateReply(str, certificate, certificateArr);
        if (establishCertChain == null) {
            return false;
        }
        this.keyStore.setKeyEntry(str, privateKey, this.keyPass != null ? this.keyPass : this.storePass, establishCertChain);
        return true;
    }

    private boolean addTrustedCert(String str, InputStream inputStream) throws Exception {
        if (str == null) {
            throw new Exception(rb.getString("Must.specify.alias"));
        }
        if (this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Certificate.not.imported.alias.alias.already.exists")).format(new Object[]{str}));
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) this.cf.generateCertificate(inputStream);
            if (this.noprompt) {
                checkWeak(rb.getString("the.input"), x509Certificate);
                this.keyStore.setCertificateEntry(str, x509Certificate);
                return true;
            }
            boolean z = false;
            if (KeyStoreUtil.isSelfSigned(x509Certificate)) {
                x509Certificate.verify(x509Certificate.getPublicKey());
                z = true;
            }
            String str2 = null;
            String certificateAlias = this.keyStore.getCertificateAlias(x509Certificate);
            if (certificateAlias != null) {
                System.err.println(new MessageFormat(rb.getString("Certificate.already.exists.in.keystore.under.alias.trustalias.")).format(new Object[]{certificateAlias}));
                checkWeak(rb.getString("the.input"), x509Certificate);
                printWeakWarnings(true);
                str2 = getYesNoReply(rb.getString("Do.you.still.want.to.add.it.no."));
            } else if (z) {
                if (this.trustcacerts && this.caks != null) {
                    String certificateAlias2 = this.caks.getCertificateAlias(x509Certificate);
                    certificateAlias = certificateAlias2;
                    if (certificateAlias2 != null) {
                        System.err.println(new MessageFormat(rb.getString("Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.")).format(new Object[]{certificateAlias}));
                        checkWeak(rb.getString("the.input"), x509Certificate);
                        printWeakWarnings(true);
                        str2 = getYesNoReply(rb.getString("Do.you.still.want.to.add.it.to.your.own.keystore.no."));
                    }
                }
                if (certificateAlias == null) {
                    printX509Cert(x509Certificate, System.out);
                    checkWeak(rb.getString("the.input"), x509Certificate);
                    printWeakWarnings(true);
                    str2 = getYesNoReply(rb.getString("Trust.this.certificate.no."));
                }
            }
            if (str2 != null) {
                if (!"YES".equals(str2)) {
                    return false;
                }
                this.keyStore.setCertificateEntry(str, x509Certificate);
                return true;
            }
            try {
                if (establishCertChain(null, x509Certificate) == null) {
                    return false;
                }
                this.keyStore.setCertificateEntry(str, x509Certificate);
                return true;
            } catch (Exception e) {
                printX509Cert(x509Certificate, System.out);
                checkWeak(rb.getString("the.input"), x509Certificate);
                printWeakWarnings(true);
                if (!"YES".equals(getYesNoReply(rb.getString("Trust.this.certificate.no.")))) {
                    return false;
                }
                this.keyStore.setCertificateEntry(str, x509Certificate);
                return true;
            }
        } catch (ClassCastException | CertificateException e2) {
            throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
        }
    }

    private char[] getNewPasswd(String str, char[] cArr) throws Exception {
        char[] cArr2 = null;
        for (int i = 0; i < 3; i++) {
            System.err.print(new MessageFormat(rb.getString("New.prompt.")).format(new Object[]{str}));
            char[] readPassword = Password.readPassword(System.in);
            this.passwords.add(readPassword);
            if (readPassword == null || readPassword.length < 6) {
                System.err.println(rb.getString("Password.is.too.short.must.be.at.least.6.characters"));
            } else if (Arrays.equals(readPassword, cArr)) {
                System.err.println(rb.getString("Passwords.must.differ"));
            } else {
                System.err.print(new MessageFormat(rb.getString("Re.enter.new.prompt.")).format(new Object[]{str}));
                cArr2 = Password.readPassword(System.in);
                this.passwords.add(cArr2);
                if (Arrays.equals(readPassword, cArr2)) {
                    Arrays.fill(cArr2, ' ');
                    return readPassword;
                }
                System.err.println(rb.getString("They.don.t.match.Try.again"));
            }
            if (readPassword != null) {
                Arrays.fill(readPassword, ' ');
            }
            if (cArr2 != null) {
                Arrays.fill(cArr2, ' ');
                cArr2 = null;
            }
        }
        throw new Exception(rb.getString("Too.many.failures.try.later"));
    }

    private String getAlias(String str) throws Exception {
        if (str != null) {
            System.err.print(new MessageFormat(rb.getString("Enter.prompt.alias.name.")).format(new Object[]{str}));
        } else {
            System.err.print(rb.getString("Enter.alias.name."));
        }
        return new BufferedReader(new InputStreamReader(System.in)).readLine();
    }

    private String inputStringFromStdin(String str) throws Exception {
        System.err.print(str);
        return new BufferedReader(new InputStreamReader(System.in)).readLine();
    }

    private char[] getKeyPasswd(String str, String str2, char[] cArr) throws Exception {
        char[] readPassword;
        int i = 0;
        do {
            if (cArr != null) {
                System.err.println(new MessageFormat(rb.getString("Enter.key.password.for.alias.")).format(new Object[]{str}));
                System.err.print(new MessageFormat(rb.getString(".RETURN.if.same.as.for.otherAlias.")).format(new Object[]{str2}));
            } else {
                System.err.print(new MessageFormat(rb.getString("Enter.key.password.for.alias.")).format(new Object[]{str}));
            }
            System.err.flush();
            readPassword = Password.readPassword(System.in);
            this.passwords.add(readPassword);
            if (readPassword == null) {
                readPassword = cArr;
            }
            i++;
            if (readPassword != null) {
                break;
            }
        } while (i < 3);
        if (readPassword == null) {
            throw new Exception(rb.getString("Too.many.failures.try.later"));
        }
        return readPassword;
    }

    private String withWeak(String str) {
        return DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, str, null) ? str : String.format(rb.getString("with.weak"), str);
    }

    private String withWeak(PublicKey publicKey) {
        return DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, publicKey) ? String.format(rb.getString("key.bit"), Integer.valueOf(KeyUtil.getKeySize(publicKey)), publicKey.getAlgorithm()) : String.format(rb.getString("key.bit.weak"), Integer.valueOf(KeyUtil.getKeySize(publicKey)), publicKey.getAlgorithm());
    }

    private void printX509Cert(X509Certificate x509Certificate, PrintStream printStream) throws Exception {
        CertificateExtensions certificateExtensions;
        MessageFormat messageFormat = new MessageFormat(rb.getString(".PATTERN.printX509Cert.with.weak"));
        PublicKey publicKey = x509Certificate.getPublicKey();
        String sigAlgName = x509Certificate.getSigAlgName();
        if (!isTrustedCert(x509Certificate)) {
            sigAlgName = withWeak(sigAlgName);
        }
        printStream.println(messageFormat.format(new Object[]{x509Certificate.getSubjectDN().toString(), x509Certificate.getIssuerDN().toString(), x509Certificate.getSerialNumber().toString(16), x509Certificate.getNotBefore().toString(), x509Certificate.getNotAfter().toString(), getCertFingerPrint("MD5", x509Certificate), getCertFingerPrint("SHA1", x509Certificate), getCertFingerPrint("SHA-256", x509Certificate), sigAlgName, withWeak(publicKey), Integer.valueOf(x509Certificate.getVersion())}));
        if (!(x509Certificate instanceof X509CertImpl) || (certificateExtensions = (CertificateExtensions) ((X509CertInfo) ((X509CertImpl) x509Certificate).get(X509CertInfo.IDENT)).get("extensions")) == null) {
            return;
        }
        printExtensions(rb.getString("Extensions."), certificateExtensions, printStream);
    }

    private static void printExtensions(String str, CertificateExtensions certificateExtensions, PrintStream printStream) throws Exception {
        int i = 0;
        Iterator<Extension> it = certificateExtensions.getAllExtensions().iterator();
        Iterator<Extension> it2 = certificateExtensions.getUnparseableExtensions().values().iterator();
        while (true) {
            if (!it.hasNext() && !it2.hasNext()) {
                return;
            }
            Extension next = it.hasNext() ? it.next() : it2.next();
            if (i == 0) {
                printStream.println();
                printStream.println(str);
                printStream.println();
            }
            i++;
            printStream.print("#" + i + ": " + ((Object) next));
            if (next.getClass() == Extension.class) {
                if (next.getExtensionValue().length == 0) {
                    printStream.println(rb.getString(".Empty.value."));
                } else {
                    new HexDumpEncoder().encodeBuffer(next.getExtensionValue(), printStream);
                    printStream.println();
                }
            }
            printStream.println();
        }
    }

    private static Pair<String, Certificate> getSigner(Certificate certificate, KeyStore keyStore) throws Exception {
        if (keyStore.getCertificateAlias(certificate) != null) {
            return new Pair<>("", certificate);
        }
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement2 = aliases.nextElement2();
            Certificate certificate2 = keyStore.getCertificate(nextElement2);
            if (certificate2 != null) {
                try {
                    certificate.verify(certificate2.getPublicKey());
                    return new Pair<>(nextElement2, certificate2);
                } catch (Exception e) {
                }
            }
        }
        return null;
    }

    private X500Name getX500Name() throws IOException {
        X500Name x500Name;
        String inputString;
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
        String str = "Unknown";
        String str2 = "Unknown";
        String str3 = "Unknown";
        String str4 = "Unknown";
        String str5 = "Unknown";
        String str6 = "Unknown";
        int i = 20;
        do {
            int i2 = i;
            i--;
            if (i2 >= 0) {
                str = inputString(bufferedReader, rb.getString("What.is.your.first.and.last.name."), str);
                str2 = inputString(bufferedReader, rb.getString("What.is.the.name.of.your.organizational.unit."), str2);
                str3 = inputString(bufferedReader, rb.getString("What.is.the.name.of.your.organization."), str3);
                str4 = inputString(bufferedReader, rb.getString("What.is.the.name.of.your.City.or.Locality."), str4);
                str5 = inputString(bufferedReader, rb.getString("What.is.the.name.of.your.State.or.Province."), str5);
                str6 = inputString(bufferedReader, rb.getString("What.is.the.two.letter.country.code.for.this.unit."), str6);
                x500Name = new X500Name(str, str2, str3, str4, str5, str6);
                inputString = inputString(bufferedReader, new MessageFormat(rb.getString("Is.name.correct.")).format(new Object[]{x500Name}), rb.getString("no"));
                if (collator.compare(inputString, rb.getString("yes")) == 0) {
                    break;
                }
            } else {
                throw new RuntimeException(rb.getString("Too.many.retries.program.terminated"));
            }
        } while (collator.compare(inputString, rb.getString("y")) != 0);
        System.err.println();
        return x500Name;
    }

    private String inputString(BufferedReader bufferedReader, String str, String str2) throws IOException {
        System.err.println(str);
        System.err.print(new MessageFormat(rb.getString(".defaultValue.")).format(new Object[]{str2}));
        System.err.flush();
        String readLine = bufferedReader.readLine();
        if (readLine == null || collator.compare(readLine, "") == 0) {
            readLine = str2;
        }
        return readLine;
    }

    private void dumpCert(Certificate certificate, PrintStream printStream) throws IOException, CertificateException {
        if (!this.rfc) {
            printStream.write(certificate.getEncoded());
            return;
        }
        printStream.println(X509Factory.BEGIN_CERT);
        printStream.println(Base64.getMimeEncoder(64, CRLF).encodeToString(certificate.getEncoded()));
        printStream.println(X509Factory.END_CERT);
    }

    private void byte2hex(byte b, StringBuffer stringBuffer) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        stringBuffer.append(cArr[(b & 240) >> 4]);
        stringBuffer.append(cArr[b & 15]);
    }

    private String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            byte2hex(bArr[i], stringBuffer);
            if (i < length - 1) {
                stringBuffer.append(CallSiteDescriptor.TOKEN_DELIMITER);
            }
        }
        return stringBuffer.toString();
    }

    private Pair<Key, char[]> recoverKey(String str, char[] cArr, char[] cArr2) throws Exception {
        Key key;
        if (KeyStoreUtil.isWindowsKeyStore(this.storetype)) {
            return Pair.of(this.keyStore.getKey(str, null), null);
        }
        if (!this.keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.does.not.exist")).format(new Object[]{str}));
        }
        if (!this.keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class) && !this.keyStore.entryInstanceOf(str, KeyStore.SecretKeyEntry.class)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.has.no.key")).format(new Object[]{str}));
        }
        if (cArr2 == null) {
            try {
                key = this.keyStore.getKey(str, cArr);
                cArr2 = cArr;
                this.passwords.add(cArr2);
            } catch (UnrecoverableKeyException e) {
                if (this.token) {
                    throw e;
                }
                cArr2 = getKeyPasswd(str, null, null);
                key = this.keyStore.getKey(str, cArr2);
            }
        } else {
            key = this.keyStore.getKey(str, cArr2);
        }
        return Pair.of(key, cArr2);
    }

    private Pair<KeyStore.Entry, char[]> recoverEntry(KeyStore keyStore, String str, char[] cArr, char[] cArr2) throws Exception {
        KeyStore.Entry entry;
        if (!keyStore.containsAlias(str)) {
            throw new Exception(new MessageFormat(rb.getString("Alias.alias.does.not.exist")).format(new Object[]{str}));
        }
        try {
            entry = keyStore.getEntry(str, null);
            cArr2 = null;
        } catch (UnrecoverableEntryException e) {
            if (P11KEYSTORE.equalsIgnoreCase(keyStore.getType()) || KeyStoreUtil.isWindowsKeyStore(keyStore.getType())) {
                throw e;
            }
            if (cArr2 != null) {
                entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr2));
            } else {
                try {
                    entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr));
                    cArr2 = cArr;
                } catch (UnrecoverableEntryException e2) {
                    if (P12KEYSTORE.equalsIgnoreCase(keyStore.getType())) {
                        throw e2;
                    }
                    cArr2 = getKeyPasswd(str, null, null);
                    entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr2));
                }
            }
        }
        return Pair.of(entry, cArr2);
    }

    private String getCertFingerPrint(String str, Certificate certificate) throws Exception {
        return toHexString(MessageDigest.getInstance(str).digest(certificate.getEncoded()));
    }

    private void printNoIntegrityWarning() {
        System.err.println();
        System.err.println(rb.getString(".WARNING.WARNING.WARNING."));
        System.err.println(rb.getString(".The.integrity.of.the.information.stored.in.your.keystore."));
        System.err.println(rb.getString(".WARNING.WARNING.WARNING."));
        System.err.println();
    }

    private Certificate[] validateReply(String str, Certificate certificate, Certificate[] certificateArr) throws Exception {
        checkWeak(rb.getString("reply"), certificateArr);
        PublicKey publicKey = certificate.getPublicKey();
        int i = 0;
        while (i < certificateArr.length && !publicKey.equals(certificateArr[i].getPublicKey())) {
            i++;
        }
        if (i == certificateArr.length) {
            throw new Exception(new MessageFormat(rb.getString("Certificate.reply.does.not.contain.public.key.for.alias.")).format(new Object[]{str}));
        }
        Certificate certificate2 = certificateArr[0];
        certificateArr[0] = certificateArr[i];
        certificateArr[i] = certificate2;
        X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
        for (int i2 = 1; i2 < certificateArr.length - 1; i2++) {
            int i3 = i2;
            while (true) {
                if (i3 >= certificateArr.length) {
                    break;
                }
                if (KeyStoreUtil.signedBy(x509Certificate, (X509Certificate) certificateArr[i3])) {
                    Certificate certificate3 = certificateArr[i2];
                    certificateArr[i2] = certificateArr[i3];
                    certificateArr[i3] = certificate3;
                    x509Certificate = (X509Certificate) certificateArr[i2];
                    break;
                }
                i3++;
            }
            if (i3 == certificateArr.length) {
                throw new Exception(rb.getString("Incomplete.certificate.chain.in.reply"));
            }
        }
        if (this.noprompt) {
            return certificateArr;
        }
        Certificate certificate4 = certificateArr[certificateArr.length - 1];
        boolean z = true;
        Pair<String, Certificate> signer = getSigner(certificate4, this.keyStore);
        if (signer == null && this.trustcacerts && this.caks != null) {
            signer = getSigner(certificate4, this.caks);
            z = false;
        }
        if (signer == null) {
            System.err.println();
            System.err.println(rb.getString("Top.level.certificate.in.reply."));
            printX509Cert((X509Certificate) certificate4, System.out);
            System.err.println();
            System.err.print(rb.getString(".is.not.trusted."));
            printWeakWarnings(true);
            if ("NO".equals(getYesNoReply(rb.getString("Install.reply.anyway.no.")))) {
                return null;
            }
        } else if (signer.snd != certificate4) {
            Certificate[] certificateArr2 = new Certificate[certificateArr.length + 1];
            System.arraycopy(certificateArr, 0, certificateArr2, 0, certificateArr.length);
            certificateArr2[certificateArr2.length - 1] = signer.snd;
            certificateArr = certificateArr2;
            checkWeak(String.format(rb.getString(z ? "alias.in.keystore" : "alias.in.cacerts"), signer.fst), signer.snd);
        }
        return certificateArr;
    }

    private Certificate[] establishCertChain(Certificate certificate, Certificate certificate2) throws Exception {
        if (certificate != null) {
            if (!certificate.getPublicKey().equals(certificate2.getPublicKey())) {
                throw new Exception(rb.getString("Public.keys.in.reply.and.keystore.don.t.match"));
            }
            if (certificate2.equals(certificate)) {
                throw new Exception(rb.getString("Certificate.reply.and.certificate.in.keystore.are.identical"));
            }
        }
        Hashtable<Principal, Vector<Pair<String, X509Certificate>>> hashtable = null;
        if (this.keyStore.size() > 0) {
            hashtable = new Hashtable<>(11);
            keystorecerts2Hashtable(this.keyStore, hashtable);
        }
        if (this.trustcacerts && this.caks != null && this.caks.size() > 0) {
            if (hashtable == null) {
                hashtable = new Hashtable<>(11);
            }
            keystorecerts2Hashtable(this.caks, hashtable);
        }
        Vector<Pair<String, X509Certificate>> vector = new Vector<>(2);
        if (!buildChain(new Pair<>(rb.getString("the.input"), (X509Certificate) certificate2), vector, hashtable)) {
            throw new Exception(rb.getString("Failed.to.establish.chain.from.reply"));
        }
        Iterator<Pair<String, X509Certificate>> it = vector.iterator();
        while (it.hasNext()) {
            Pair<String, X509Certificate> next = it.next();
            checkWeak(next.fst, next.snd);
        }
        Certificate[] certificateArr = new Certificate[vector.size()];
        int i = 0;
        for (int size = vector.size() - 1; size >= 0; size--) {
            certificateArr[i] = vector.elementAt(size).snd;
            i++;
        }
        return certificateArr;
    }

    private boolean buildChain(Pair<String, X509Certificate> pair, Vector<Pair<String, X509Certificate>> vector, Hashtable<Principal, Vector<Pair<String, X509Certificate>>> hashtable) {
        if (KeyStoreUtil.isSelfSigned(pair.snd)) {
            vector.addElement(pair);
            return true;
        }
        Vector<Pair<String, X509Certificate>> vector2 = hashtable.get(pair.snd.getIssuerDN());
        if (vector2 == null) {
            return false;
        }
        Enumeration<Pair<String, X509Certificate>> elements = vector2.elements();
        while (elements.hasMoreElements()) {
            Pair<String, X509Certificate> nextElement2 = elements.nextElement2();
            try {
                pair.snd.verify(nextElement2.snd.getPublicKey());
            } catch (Exception e) {
            }
            if (buildChain(nextElement2, vector, hashtable)) {
                vector.addElement(pair);
                return true;
            }
        }
        return false;
    }

    private String getYesNoReply(String str) throws IOException {
        String str2;
        int i = 20;
        do {
            int i2 = i;
            i--;
            if (i2 < 0) {
                throw new RuntimeException(rb.getString("Too.many.retries.program.terminated"));
            }
            System.err.print(str);
            System.err.flush();
            String readLine = new BufferedReader(new InputStreamReader(System.in)).readLine();
            if (collator.compare(readLine, "") == 0 || collator.compare(readLine, rb.getString("n")) == 0 || collator.compare(readLine, rb.getString("no")) == 0) {
                str2 = "NO";
            } else if (collator.compare(readLine, rb.getString("y")) == 0 || collator.compare(readLine, rb.getString("yes")) == 0) {
                str2 = "YES";
            } else {
                System.err.println(rb.getString("Wrong.answer.try.again"));
                str2 = null;
            }
        } while (str2 == null);
        return str2;
    }

    private void keystorecerts2Hashtable(KeyStore keyStore, Hashtable<Principal, Vector<Pair<String, X509Certificate>>> hashtable) throws Exception {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement2 = aliases.nextElement2();
            Certificate certificate = keyStore.getCertificate(nextElement2);
            if (certificate != null) {
                Principal subjectDN = ((X509Certificate) certificate).getSubjectDN();
                Pair<String, X509Certificate> pair = new Pair<>(String.format(rb.getString(keyStore == this.caks ? "alias.in.cacerts" : "alias.in.keystore"), nextElement2), (X509Certificate) certificate);
                Vector<Pair<String, X509Certificate>> vector = hashtable.get(subjectDN);
                if (vector == null) {
                    vector = new Vector<>();
                    vector.addElement(pair);
                } else if (!vector.contains(pair)) {
                    vector.addElement(pair);
                }
                hashtable.put(subjectDN, vector);
            }
        }
    }

    private static Date getStartDate(String str) throws IOException {
        int i;
        int i2;
        char charAt;
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        if (str != null) {
            IOException iOException = new IOException(rb.getString("Illegal.startdate.value"));
            int length = str.length();
            if (length == 0) {
                throw iOException;
            }
            if (str.charAt(0) == '-' || str.charAt(0) == '+') {
                int i3 = 0;
                while (true) {
                    int i4 = i3;
                    if (i4 < length) {
                        switch (str.charAt(i4)) {
                            case '+':
                                i = 1;
                                break;
                            case '-':
                                i = -1;
                                break;
                            default:
                                throw iOException;
                        }
                        int i5 = i4 + 1;
                        while (i5 < length && (charAt = str.charAt(i5)) >= '0' && charAt <= '9') {
                            i5++;
                        }
                        if (i5 == i4 + 1) {
                            throw iOException;
                        }
                        int parseInt = Integer.parseInt(str.substring(i4 + 1, i5));
                        if (i5 >= length) {
                            throw iOException;
                        }
                        switch (str.charAt(i5)) {
                            case 'H':
                                i2 = 10;
                                break;
                            case 'M':
                                i2 = 12;
                                break;
                            case 'S':
                                i2 = 13;
                                break;
                            case 'd':
                                i2 = 5;
                                break;
                            case 'm':
                                i2 = 2;
                                break;
                            case 'y':
                                i2 = 1;
                                break;
                            default:
                                throw iOException;
                        }
                        gregorianCalendar.add(i2, i * parseInt);
                        i3 = i5 + 1;
                    }
                }
            } else {
                String str2 = null;
                String str3 = null;
                if (length == 19) {
                    str2 = str.substring(0, 10);
                    str3 = str.substring(11);
                    if (str.charAt(10) != ' ') {
                        throw iOException;
                    }
                } else if (length == 10) {
                    str2 = str;
                } else {
                    if (length != 8) {
                        throw iOException;
                    }
                    str3 = str;
                }
                if (str2 != null) {
                    if (!str2.matches("\\d\\d\\d\\d\\/\\d\\d\\/\\d\\d")) {
                        throw iOException;
                    }
                    gregorianCalendar.set(Integer.valueOf(str2.substring(0, 4)).intValue(), Integer.valueOf(str2.substring(5, 7)).intValue() - 1, Integer.valueOf(str2.substring(8, 10)).intValue());
                }
                if (str3 != null) {
                    if (!str3.matches("\\d\\d:\\d\\d:\\d\\d")) {
                        throw iOException;
                    }
                    gregorianCalendar.set(11, Integer.valueOf(str3.substring(0, 2)).intValue());
                    gregorianCalendar.set(12, Integer.valueOf(str3.substring(0, 2)).intValue());
                    gregorianCalendar.set(13, Integer.valueOf(str3.substring(0, 2)).intValue());
                    gregorianCalendar.set(14, 0);
                }
            }
        }
        return gregorianCalendar.getTime();
    }

    private static int oneOf(String str, String... strArr) throws Exception {
        int[] iArr = new int[strArr.length];
        int i = 0;
        int i2 = Integer.MAX_VALUE;
        for (int i3 = 0; i3 < strArr.length; i3++) {
            String str2 = strArr[i3];
            if (str2 == null) {
                i2 = i3;
            } else if (str2.toLowerCase(Locale.ENGLISH).startsWith(str.toLowerCase(Locale.ENGLISH))) {
                int i4 = i;
                i++;
                iArr[i4] = i3;
            } else {
                StringBuffer stringBuffer = new StringBuffer();
                boolean z = true;
                for (char c : str2.toCharArray()) {
                    if (z) {
                        stringBuffer.append(c);
                        z = false;
                    } else if (!Character.isLowerCase(c)) {
                        stringBuffer.append(c);
                    }
                }
                if (stringBuffer.toString().equalsIgnoreCase(str)) {
                    int i5 = i;
                    i++;
                    iArr[i5] = i3;
                }
            }
        }
        if (i == 0) {
            return -1;
        }
        if (i != 1 && iArr[1] <= i2) {
            StringBuffer stringBuffer2 = new StringBuffer();
            stringBuffer2.append(new MessageFormat(rb.getString("command.{0}.is.ambiguous.")).format(new Object[]{str}));
            stringBuffer2.append("\n    ");
            for (int i6 = 0; i6 < i && iArr[i6] < i2; i6++) {
                stringBuffer2.append(' ');
                stringBuffer2.append(strArr[iArr[i6]]);
            }
            throw new Exception(stringBuffer2.toString());
        }
        return iArr[0];
    }

    private GeneralName createGeneralName(String str, String str2) throws Exception {
        GeneralNameInterface oIDName;
        int oneOf = oneOf(str, "EMAIL", "URI", "DNS", "IP", "OID");
        if (oneOf < 0) {
            throw new Exception(rb.getString("Unrecognized.GeneralName.type.") + str);
        }
        switch (oneOf) {
            case 0:
                oIDName = new RFC822Name(str2);
                break;
            case 1:
                oIDName = new URIName(str2);
                break;
            case 2:
                oIDName = new DNSName(str2);
                break;
            case 3:
                oIDName = new IPAddressName(str2);
                break;
            default:
                oIDName = new OIDName(str2);
                break;
        }
        return new GeneralName(oIDName);
    }

    private ObjectIdentifier findOidForExtName(String str) throws Exception {
        switch (oneOf(str, extSupported)) {
            case 0:
                return PKIXExtensions.BasicConstraints_Id;
            case 1:
                return PKIXExtensions.KeyUsage_Id;
            case 2:
                return PKIXExtensions.ExtendedKeyUsage_Id;
            case 3:
                return PKIXExtensions.SubjectAlternativeName_Id;
            case 4:
                return PKIXExtensions.IssuerAlternativeName_Id;
            case 5:
                return PKIXExtensions.SubjectInfoAccess_Id;
            case 6:
                return PKIXExtensions.AuthInfoAccess_Id;
            case 7:
            default:
                return new ObjectIdentifier(str);
            case 8:
                return PKIXExtensions.CRLDistributionPoints_Id;
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:29:0x022c. Please report as an issue. */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v124, types: [int] */
    /* JADX WARN: Type inference failed for: r0v128, types: [int] */
    /* JADX WARN: Type inference failed for: r0v135, types: [int] */
    private CertificateExtensions createV3Extensions(CertificateExtensions certificateExtensions, CertificateExtensions certificateExtensions2, List<String> list, PublicKey publicKey, PublicKey publicKey2) throws Exception {
        String str;
        String str2;
        byte[] bArr;
        byte b;
        ObjectIdentifier objectIdentifier;
        if (certificateExtensions2 != null && certificateExtensions != null) {
            throw new Exception("One of request and original should be null.");
        }
        if (certificateExtensions2 == null) {
            certificateExtensions2 = new CertificateExtensions();
        }
        if (certificateExtensions != null) {
            try {
                Iterator<String> it = list.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String next = it.next();
                    if (next.toLowerCase(Locale.ENGLISH).startsWith("honored=")) {
                        List<String> asList = Arrays.asList(next.toLowerCase(Locale.ENGLISH).substring(8).split(","));
                        if (asList.contains("all")) {
                            certificateExtensions2 = certificateExtensions;
                        }
                        for (String str3 : asList) {
                            if (!str3.equals("all")) {
                                boolean z = true;
                                int i = -1;
                                String str4 = null;
                                if (str3.startsWith(LanguageTag.SEP)) {
                                    z = false;
                                    str4 = str3.substring(1);
                                } else {
                                    int indexOf = str3.indexOf(58);
                                    if (indexOf >= 0) {
                                        str4 = str3.substring(0, indexOf);
                                        i = oneOf(str3.substring(indexOf + 1), "critical", "non-critical");
                                        if (i == -1) {
                                            throw new Exception(rb.getString("Illegal.value.") + str3);
                                        }
                                    }
                                }
                                String nameByOid = certificateExtensions.getNameByOid(findOidForExtName(str4));
                                if (z) {
                                    Extension extension = certificateExtensions.get(nameByOid);
                                    if ((!extension.isCritical() && i == 0) || (extension.isCritical() && i == 1)) {
                                        certificateExtensions2.set(nameByOid, Extension.newExtension(extension.getExtensionId(), !extension.isCritical(), extension.getExtensionValue()));
                                    }
                                } else {
                                    certificateExtensions2.delete(nameByOid);
                                }
                            }
                        }
                    }
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        for (String str5 : list) {
            int indexOf2 = str5.indexOf(61);
            if (indexOf2 >= 0) {
                str = str5.substring(0, indexOf2);
                str2 = str5.substring(indexOf2 + 1);
            } else {
                str = str5;
                str2 = null;
            }
            int indexOf3 = str.indexOf(58);
            if (indexOf3 >= 0) {
                r21 = oneOf(str.substring(indexOf3 + 1), "critical") == 0;
                str = str.substring(0, indexOf3);
            }
            if (!str.equalsIgnoreCase("honored")) {
                int oneOf = oneOf(str, extSupported);
                switch (oneOf) {
                    case -1:
                        ObjectIdentifier objectIdentifier2 = new ObjectIdentifier(str);
                        if (str2 != null) {
                            byte[] bArr2 = new byte[(str2.length() / 2) + 1];
                            int i2 = 0;
                            for (char c : str2.toCharArray()) {
                                if (c >= '0' && c <= '9') {
                                    b = c - '0';
                                } else if (c < 'A' || c > 'F') {
                                    if (c >= 'a' && c <= 'f') {
                                        b = (c - 'a') + 10;
                                    }
                                } else {
                                    b = (c - 'A') + 10;
                                }
                                if (i2 % 2 == 0) {
                                    bArr2[i2 / 2] = (byte) (b << 4);
                                } else {
                                    int i3 = i2 / 2;
                                    bArr2[i3] = (byte) (bArr2[i3] + b);
                                }
                                i2++;
                            }
                            if (i2 % 2 != 0) {
                                throw new Exception(rb.getString("Odd.number.of.hex.digits.found.") + str5);
                            }
                            bArr = Arrays.copyOf(bArr2, i2 / 2);
                        } else {
                            bArr = new byte[0];
                        }
                        certificateExtensions2.set(objectIdentifier2.toString(), new Extension(objectIdentifier2, r21, new DerValue((byte) 4, bArr).toByteArray()));
                        break;
                    case 0:
                        int i4 = -1;
                        boolean z2 = false;
                        if (str2 == null) {
                            z2 = true;
                        } else {
                            try {
                                i4 = Integer.parseInt(str2);
                                z2 = true;
                            } catch (NumberFormatException e2) {
                                for (String str6 : str2.split(",")) {
                                    String[] split = str6.split(CallSiteDescriptor.TOKEN_DELIMITER);
                                    if (split.length != 2) {
                                        throw new Exception(rb.getString("Illegal.value.") + str5);
                                    }
                                    if (split[0].equalsIgnoreCase("ca")) {
                                        z2 = Boolean.parseBoolean(split[1]);
                                    } else {
                                        if (!split[0].equalsIgnoreCase("pathlen")) {
                                            throw new Exception(rb.getString("Illegal.value.") + str5);
                                        }
                                        i4 = Integer.parseInt(split[1]);
                                    }
                                }
                            }
                        }
                        certificateExtensions2.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(Boolean.valueOf(r21), z2, i4));
                        break;
                    case 1:
                        if (str2 == null) {
                            throw new Exception(rb.getString("Illegal.value.") + str5);
                        }
                        boolean[] zArr = new boolean[9];
                        for (String str7 : str2.split(",")) {
                            int oneOf2 = oneOf(str7, "digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", "decipherOnly", "contentCommitment");
                            if (oneOf2 < 0) {
                                throw new Exception(rb.getString("Unknown.keyUsage.type.") + str7);
                            }
                            if (oneOf2 == 9) {
                                oneOf2 = 1;
                            }
                            zArr[oneOf2] = true;
                        }
                        KeyUsageExtension keyUsageExtension = new KeyUsageExtension(zArr);
                        certificateExtensions2.set(KeyUsageExtension.NAME, Extension.newExtension(keyUsageExtension.getExtensionId(), r21, keyUsageExtension.getExtensionValue()));
                        break;
                    case 2:
                        if (str2 == null) {
                            throw new Exception(rb.getString("Illegal.value.") + str5);
                        }
                        Vector vector = new Vector();
                        for (String str8 : str2.split(",")) {
                            int oneOf3 = oneOf(str8, "anyExtendedKeyUsage", "serverAuth", "clientAuth", "codeSigning", "emailProtection", "", "", "", "timeStamping", "OCSPSigning");
                            if (oneOf3 < 0) {
                                try {
                                    vector.add(new ObjectIdentifier(str8));
                                } catch (Exception e3) {
                                    throw new Exception(rb.getString("Unknown.extendedkeyUsage.type.") + str8);
                                }
                            } else if (oneOf3 == 0) {
                                vector.add(new ObjectIdentifier("2.5.29.37.0"));
                            } else {
                                vector.add(new ObjectIdentifier("1.3.6.1.5.5.7.3." + oneOf3));
                            }
                        }
                        certificateExtensions2.set(ExtendedKeyUsageExtension.NAME, new ExtendedKeyUsageExtension(Boolean.valueOf(r21), (Vector<ObjectIdentifier>) vector));
                        break;
                    case 3:
                    case 4:
                        if (str2 == null) {
                            throw new Exception(rb.getString("Illegal.value.") + str5);
                        }
                        String[] split2 = str2.split(",");
                        GeneralNames generalNames = new GeneralNames();
                        for (String str9 : split2) {
                            int indexOf4 = str9.indexOf(58);
                            if (indexOf4 < 0) {
                                throw new Exception("Illegal item " + str9 + " in " + str5);
                            }
                            generalNames.add(createGeneralName(str9.substring(0, indexOf4), str9.substring(indexOf4 + 1)));
                        }
                        if (oneOf == 3) {
                            certificateExtensions2.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(Boolean.valueOf(r21), generalNames));
                        } else {
                            certificateExtensions2.set(IssuerAlternativeNameExtension.NAME, new IssuerAlternativeNameExtension(Boolean.valueOf(r21), generalNames));
                        }
                        break;
                    case 5:
                    case 6:
                        if (r21) {
                            throw new Exception(rb.getString("This.extension.cannot.be.marked.as.critical.") + str5);
                        }
                        if (str2 == null) {
                            throw new Exception(rb.getString("Illegal.value.") + str5);
                        }
                        ArrayList arrayList = new ArrayList();
                        for (String str10 : str2.split(",")) {
                            int indexOf5 = str10.indexOf(58);
                            int indexOf6 = str10.indexOf(58, indexOf5 + 1);
                            if (indexOf5 < 0 || indexOf6 < 0) {
                                throw new Exception(rb.getString("Illegal.value.") + str5);
                            }
                            String substring = str10.substring(0, indexOf5);
                            String substring2 = str10.substring(indexOf5 + 1, indexOf6);
                            String substring3 = str10.substring(indexOf6 + 1);
                            int oneOf4 = oneOf(substring, "", "ocsp", "caIssuers", "timeStamping", "", "caRepository");
                            if (oneOf4 < 0) {
                                try {
                                    objectIdentifier = new ObjectIdentifier(substring);
                                } catch (Exception e4) {
                                    throw new Exception(rb.getString("Unknown.AccessDescription.type.") + substring);
                                }
                            } else {
                                objectIdentifier = new ObjectIdentifier("1.3.6.1.5.5.7.48." + oneOf4);
                            }
                            arrayList.add(new AccessDescription(objectIdentifier, createGeneralName(substring2, substring3)));
                        }
                        if (oneOf == 5) {
                            certificateExtensions2.set(SubjectInfoAccessExtension.NAME, new SubjectInfoAccessExtension(arrayList));
                        } else {
                            certificateExtensions2.set(AuthorityInfoAccessExtension.NAME, new AuthorityInfoAccessExtension(arrayList));
                        }
                        break;
                        break;
                    case 7:
                    default:
                        throw new Exception(rb.getString("Unknown.extension.type.") + str5);
                    case 8:
                        if (str2 == null) {
                            throw new Exception(rb.getString("Illegal.value.") + str5);
                        }
                        String[] split3 = str2.split(",");
                        GeneralNames generalNames2 = new GeneralNames();
                        for (String str11 : split3) {
                            int indexOf7 = str11.indexOf(58);
                            if (indexOf7 < 0) {
                                throw new Exception("Illegal item " + str11 + " in " + str5);
                            }
                            generalNames2.add(createGeneralName(str11.substring(0, indexOf7), str11.substring(indexOf7 + 1)));
                        }
                        certificateExtensions2.set(CRLDistributionPointsExtension.NAME, new CRLDistributionPointsExtension(r21, (List<DistributionPoint>) Collections.singletonList(new DistributionPoint(generalNames2, (boolean[]) null, (GeneralNames) null))));
                        break;
                }
            }
        }
        certificateExtensions2.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
        if (publicKey2 != null && !publicKey.equals(publicKey2)) {
            certificateExtensions2.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(publicKey2), null, null));
        }
        return certificateExtensions2;
    }

    private boolean isTrustedCert(Certificate certificate) throws KeyStoreException {
        if (this.caks != null && this.caks.getCertificateAlias(certificate) != null) {
            return true;
        }
        String certificateAlias = this.keyStore.getCertificateAlias(certificate);
        return certificateAlias != null && this.keyStore.isCertificateEntry(certificateAlias);
    }

    private void checkWeak(String str, String str2, Key key) {
        if (str2 != null && !DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, str2, null)) {
            this.weakWarnings.add(String.format(rb.getString("whose.sigalg.risk"), str, str2));
        }
        if (key == null || DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
            return;
        }
        this.weakWarnings.add(String.format(rb.getString("whose.key.risk"), str, String.format(rb.getString("key.bit"), Integer.valueOf(KeyUtil.getKeySize(key)), key.getAlgorithm())));
    }

    private void checkWeak(String str, Certificate[] certificateArr) throws KeyStoreException {
        for (int i = 0; i < certificateArr.length; i++) {
            Certificate certificate = certificateArr[i];
            if (certificate instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                String str2 = str;
                if (certificateArr.length > 1) {
                    str2 = oneInMany(str, i, certificateArr.length);
                }
                checkWeak(str2, x509Certificate);
            }
        }
    }

    private void checkWeak(String str, Certificate certificate) throws KeyStoreException {
        if (certificate instanceof X509Certificate) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            checkWeak(str, isTrustedCert(certificate) ? null : x509Certificate.getSigAlgName(), x509Certificate.getPublicKey());
        }
    }

    private void checkWeak(String str, PKCS10 pkcs10) {
        checkWeak(str, pkcs10.getSigAlg(), pkcs10.getSubjectPublicKeyInfo());
    }

    private void checkWeak(String str, CRL crl, Key key) {
        if (crl instanceof X509CRLImpl) {
            checkWeak(str, ((X509CRLImpl) crl).getSigAlgName(), key);
        }
    }

    private void printWeakWarnings(boolean z) {
        if (!this.weakWarnings.isEmpty() && !this.nowarn) {
            System.err.println("\nWarning:");
            Iterator<String> it = this.weakWarnings.iterator();
            while (it.hasNext()) {
                System.err.println(it.next());
            }
            if (z) {
                System.err.println();
            }
        }
        this.weakWarnings.clear();
    }

    private void usage() {
        Command command;
        if (this.command == null) {
            System.err.println(rb.getString("Key.and.Certificate.Management.Tool"));
            System.err.println();
            System.err.println(rb.getString("Commands."));
            System.err.println();
            Command[] values = Command.values();
            int length = values.length;
            for (int i = 0; i < length && (command = values[i]) != Command.KEYCLONE; i++) {
                System.err.printf(" %-20s%s\n", command, rb.getString(command.description));
            }
            System.err.println();
            System.err.println(rb.getString("Use.keytool.command.name.help.for.usage.of.command.name"));
            return;
        }
        System.err.println("keytool " + ((Object) this.command) + rb.getString(".OPTION."));
        System.err.println();
        System.err.println(rb.getString(this.command.description));
        System.err.println();
        System.err.println(rb.getString("Options."));
        System.err.println();
        String[] strArr = new String[this.command.options.length];
        String[] strArr2 = new String[this.command.options.length];
        int i2 = 0;
        for (int i3 = 0; i3 < strArr.length; i3++) {
            Option option = this.command.options[i3];
            strArr[i3] = option.toString();
            if (option.arg != null) {
                int i4 = i3;
                strArr[i4] = strArr[i4] + " " + option.arg;
            }
            if (strArr[i3].length() > i2) {
                i2 = strArr[i3].length();
            }
            strArr2[i3] = rb.getString(option.description);
        }
        for (int i5 = 0; i5 < strArr.length; i5++) {
            System.err.printf(" %-" + i2 + "s  %s\n", strArr[i5], strArr2[i5]);
        }
        System.err.println();
        System.err.println(rb.getString("Use.keytool.help.for.all.available.commands"));
    }

    private void tinyHelp() {
        usage();
        if (this.debug) {
            throw new RuntimeException("NO BIG ERROR, SORRY");
        }
        System.exit(1);
    }

    private void errorNeedArgument(String str) {
        System.err.println(new MessageFormat(rb.getString("Command.option.flag.needs.an.argument.")).format(new Object[]{str}));
        tinyHelp();
    }

    private char[] getPass(String str, String str2) {
        char[] passWithModifier = KeyStoreUtil.getPassWithModifier(str, str2, rb);
        if (passWithModifier != null) {
            return passWithModifier;
        }
        tinyHelp();
        return null;
    }

    static {
        collator.setStrength(0);
        extSupported = new String[]{BasicConstraintsExtension.NAME, KeyUsageExtension.NAME, ExtendedKeyUsageExtension.NAME, SubjectAlternativeNameExtension.NAME, IssuerAlternativeNameExtension.NAME, SubjectInfoAccessExtension.NAME, AuthorityInfoAccessExtension.NAME, null, CRLDistributionPointsExtension.NAME};
    }
}
