package net.i2p.crypto;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import net.i2p.I2PAppContext;
import net.i2p.crypto.provider.I2PProvider;
import net.i2p.data.Base32;
import net.i2p.util.SecureFileOutputStream;
import net.i2p.util.SystemVersion;

/* loaded from: classes2.dex */
public final class KeyStoreUtil {
    private static final String[] BLACKLIST_SHA1;
    public static final String DEFAULT_KEYSTORE_PASSWORD = "changeit";
    private static final String DEFAULT_KEY_ALGORITHM = "RSA";
    private static final int DEFAULT_KEY_SIZE = 2048;
    private static final int DEFAULT_KEY_VALID_DAYS = 3652;
    private static final Set<SHA1Hash> _blacklist;
    public static boolean _blacklistLogged;

    static {
        I2PProvider.addProvider();
        BLACKLIST_SHA1 = new String[]{"8b:af:4c:9b:1d:f0:2a:92:f7:da:12:8e:b9:1b:ac:f4:98:60:4b:6f", "4f:99:aa:93:fb:2b:d1:37:26:a1:99:4a:ce:7f:f0:05:f2:93:5d:1e", "c8:64:48:48:69:d4:1d:2b:0d:32:31:9c:5a:62:f9:31:5a:af:2c:bd", "98:a0:4e:41:63:35:77:90:c4:a7:9e:6d:71:3f:f0:af:51:fe:69:27", "02:c2:d9:31:06:2d:7b:1d:c2:a5:c7:f5:f0:68:50:64:08:1f:b2:21", "a1:db:63:93:91:6f:17:e4:18:55:09:40:04:15:c7:02:40:b0:ae:6b", "74:2c:31:92:e6:07:e4:24:eb:45:49:54:2b:e1:bb:c5:3e:61:74:e2", "58:11:9f:0e:12:82:87:ea:50:fd:d9:87:45:6f:4f:78:dc:fa:d6:d4"};
        _blacklist = new HashSet(16);
        int i = 0;
        while (true) {
            String[] strArr = BLACKLIST_SHA1;
            if (i >= strArr.length) {
                return;
            }
            byte[] byteArray = new BigInteger(strArr[i].replace(":", ""), 16).toByteArray();
            if (byteArray.length == 21) {
                byte[] bArr = new byte[20];
                System.arraycopy(byteArray, 1, bArr, 0, 20);
                byteArray = bArr;
            }
            _blacklist.add(new SHA1Hash(byteArray));
            i++;
        }
    }

    public static boolean addCert(File file, String str, KeyStore keyStore) {
        return addCert(file, str, keyStore, null);
    }

    public static boolean addCert(File file, String str, KeyStore keyStore, CertStore certStore) {
        try {
            X509Certificate loadCert = CertUtil.loadCert(file);
            info("Read X509 Certificate from " + file.getAbsolutePath() + " Issuer: " + loadCert.getIssuerX500Principal() + " Serial: " + loadCert.getSerialNumber().toString(16) + "; Valid From: " + loadCert.getNotBefore() + " To: " + loadCert.getNotAfter());
            if (certStore != null && CertUtil.isRevoked(certStore, loadCert)) {
                error("Certificate is revoked: " + file, new Exception());
                return false;
            }
            keyStore.setCertificateEntry(str, loadCert);
            info("Now trusting X509 Certificate, Issuer: " + loadCert.getIssuerX500Principal());
            return true;
        } catch (IOException e) {
            error("Error reading X509 Certificate: " + file.getAbsolutePath(), e);
            return false;
        } catch (CertificateExpiredException e2) {
            String str2 = "Rejecting expired X509 Certificate: " + file.getAbsolutePath();
            if (SystemVersion.isAndroid()) {
                warn(str2, e2);
            } else {
                error(str2, e2);
            }
            return false;
        } catch (CertificateNotYetValidException e3) {
            error("Rejecting X509 Certificate not yet valid: " + file.getAbsolutePath(), e3);
            return false;
        } catch (GeneralSecurityException e4) {
            error("Error reading X509 Certificate: " + file.getAbsolutePath(), e4);
            return false;
        }
    }

    public static int addCerts(File file, KeyStore keyStore) {
        File[] listFiles;
        info("Looking for X509 Certificates in " + file.getAbsolutePath());
        if (!file.exists() || !file.isDirectory() || (listFiles = file.listFiles()) == null) {
            return 0;
        }
        CertStore loadCRLs = CertUtil.loadCRLs();
        int i = 0;
        for (File file2 : listFiles) {
            if (file2.isFile()) {
                String lowerCase = file2.getName().toLowerCase(Locale.US);
                if (lowerCase.endsWith(".crt") || lowerCase.endsWith(".pem") || lowerCase.endsWith(".key") || lowerCase.endsWith(".der") || lowerCase.endsWith(".key") || lowerCase.endsWith(".p7b") || lowerCase.endsWith(".p7c") || lowerCase.endsWith(".pfx") || lowerCase.endsWith(".p12") || lowerCase.endsWith(".cer")) {
                    lowerCase = lowerCase.substring(0, lowerCase.length() - 4);
                }
                if (addCert(file2, lowerCase, keyStore, loadCRLs)) {
                    i++;
                }
            }
        }
        return i;
    }

    public static int countCerts(KeyStore keyStore) {
        int i = 0;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                if (keyStore.isCertificateEntry(aliases.nextElement())) {
                    i++;
                }
            }
        } catch (GeneralSecurityException unused) {
        }
        return i;
    }

    public static KeyStore createKeyStore(File file, String str) throws GeneralSecurityException, IOException {
        SecureFileOutputStream secureFileOutputStream;
        boolean z = file != null && file.exists();
        FileInputStream fileInputStream = null;
        SecureFileOutputStream secureFileOutputStream2 = null;
        char[] charArray = str != null ? str.toCharArray() : null;
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        if (z) {
            try {
                FileInputStream fileInputStream2 = new FileInputStream(file);
                try {
                    keyStore.load(fileInputStream2, charArray);
                    try {
                        fileInputStream2.close();
                    } catch (IOException unused) {
                    }
                } catch (Throwable th) {
                    th = th;
                    fileInputStream = fileInputStream2;
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException unused2) {
                        }
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                th = th2;
            }
        }
        if (file != null && !z) {
            try {
                keyStore.load(null, DEFAULT_KEYSTORE_PASSWORD.toCharArray());
                secureFileOutputStream = new SecureFileOutputStream(file);
            } catch (Throwable th3) {
                th = th3;
            }
            try {
                keyStore.store(secureFileOutputStream, charArray);
                try {
                    secureFileOutputStream.close();
                } catch (IOException unused3) {
                }
            } catch (Throwable th4) {
                th = th4;
                secureFileOutputStream2 = secureFileOutputStream;
                if (secureFileOutputStream2 != null) {
                    try {
                        secureFileOutputStream2.close();
                    } catch (IOException unused4) {
                    }
                }
                throw th;
            }
        }
        return keyStore;
    }

    public static boolean createKeys(File file, String str, String str2, String str3, String str4) {
        return createKeys(file, DEFAULT_KEYSTORE_PASSWORD, str, str2, str3, DEFAULT_KEY_VALID_DAYS, DEFAULT_KEY_ALGORITHM, 2048, str4);
    }

    public static boolean createKeys(File file, String str, String str2, String str3, String str4, int i, String str5, int i2, String str6) {
        if (I2PAppContext.getGlobalContext().getBooleanProperty("crypto.useExternalKeytool")) {
            return createKeysCLI(file, str, str2, str3, str4, i, str5, i2, str6);
        }
        try {
            createKeysAndCRL(file, str, str2, str3, str4, i, str5, i2, str6);
            return true;
        } catch (IOException e) {
            error("Create keys error", e);
            return false;
        } catch (GeneralSecurityException e2) {
            error("Create keys error", e2);
            return false;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static Object[] createKeysAndCRL(File file, String str, String str2, String str3, String str4, int i, String str5, int i2, String str6) throws GeneralSecurityException, IOException {
        SigType sigType;
        String sigAlg = getSigAlg(i2, str5);
        Iterator it = EnumSet.allOf(SigType.class).iterator();
        while (true) {
            if (!it.hasNext()) {
                sigType = null;
                break;
            }
            sigType = (SigType) it.next();
            if (sigType.getAlgorithmName().equals(sigAlg)) {
                break;
            }
        }
        SigType sigType2 = sigType;
        if (sigType2 != null) {
            return createKeysAndCRL(file, str, str2, str3, str4, i, sigType2, str6);
        }
        throw new GeneralSecurityException("Unsupported algorithm/size: " + str5 + '/' + i2);
    }

    public static Object[] createKeysAndCRL(File file, String str, String str2, String str3, String str4, int i, SigType sigType, String str5) throws GeneralSecurityException, IOException {
        Object[] generate = SelfSignedGenerator.generate(str3, str4, "XX", "I2P Anonymous Network", "XX", "XX", i, sigType);
        PrivateKey privateKey = (PrivateKey) generate[1];
        X509Certificate x509Certificate = (X509Certificate) generate[2];
        storePrivateKey(file, str, str2, str5, privateKey, Collections.singletonList(x509Certificate));
        return generate;
    }

    /* JADX WARN: Removed duplicated region for block: B:23:0x01b6  */
    /* JADX WARN: Removed duplicated region for block: B:39:0x01bd  */
    /* JADX WARN: Removed duplicated region for block: B:41:0x01e1  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static boolean createKeysCLI(java.io.File r6, java.lang.String r7, java.lang.String r8, java.lang.String r9, java.lang.String r10, int r11, java.lang.String r12, int r13, java.lang.String r14) {
        /*
            Method dump skipped, instructions count: 530
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.i2p.crypto.KeyStoreUtil.createKeysCLI(java.io.File, java.lang.String, java.lang.String, java.lang.String, java.lang.String, int, java.lang.String, int, java.lang.String):boolean");
    }

    private static void error(String str, Throwable th) {
        log(I2PAppContext.getGlobalContext(), 40, str, th);
    }

    public static boolean exportCert(File file, String str, String str2, File file2) {
        try {
            Certificate cert = getCert(file, str, str2);
            if (cert != null) {
                return CertUtil.saveCert(cert, file2);
            }
            return false;
        } catch (IOException e) {
            error("Error saving ASCII SSL keys", e);
            return false;
        } catch (GeneralSecurityException e2) {
            error("Error saving ASCII SSL keys", e2);
            return false;
        }
    }

    public static void exportPrivateKey(File file, String str, String str2, String str3, OutputStream outputStream) throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream;
        char[] cArr = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            fileInputStream = new FileInputStream(file);
            if (str != null) {
                try {
                    cArr = str.toCharArray();
                } catch (Throwable th) {
                    th = th;
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException unused) {
                        }
                    }
                    throw th;
                }
            }
            keyStore.load(fileInputStream, cArr);
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str2, str3.toCharArray());
            if (privateKey != null) {
                CertUtil.exportPrivateKey(privateKey, keyStore.getCertificateChain(str2), outputStream);
                try {
                    fileInputStream.close();
                } catch (IOException unused2) {
                }
            } else {
                throw new GeneralSecurityException("private key not found: " + str2);
            }
        } catch (Throwable th2) {
            th = th2;
            fileInputStream = null;
        }
    }

    public static Certificate getCert(File file, String str, String str2) throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream = null;
        char[] charArray = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream2 = new FileInputStream(file);
            if (str != null) {
                try {
                    charArray = str.toCharArray();
                } catch (Throwable th) {
                    th = th;
                    fileInputStream = fileInputStream2;
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException unused) {
                        }
                    }
                    throw th;
                }
            }
            keyStore.load(fileInputStream2, charArray);
            Certificate certificate = keyStore.getCertificate(str2);
            try {
                fileInputStream2.close();
            } catch (IOException unused2) {
            }
            return certificate;
        } catch (Throwable th2) {
            th = th2;
        }
    }

    public static PrivateKey getPrivateKey(File file, String str, String str2, String str3) throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream;
        char[] cArr = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            fileInputStream = new FileInputStream(file);
            if (str != null) {
                try {
                    cArr = str.toCharArray();
                } catch (Throwable th) {
                    th = th;
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException unused) {
                        }
                    }
                    throw th;
                }
            }
            keyStore.load(fileInputStream, cArr);
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str2, str3.toCharArray());
            try {
                fileInputStream.close();
            } catch (IOException unused2) {
            }
            return privateKey;
        } catch (Throwable th2) {
            th = th2;
            fileInputStream = null;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:13:0x002b, code lost:
    
        if (r5 <= 384) goto L27;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x0044, code lost:
    
        if (r5 <= 3072) goto L27;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.lang.String getSigAlg(int r5, java.lang.String r6) {
        /*
            java.lang.String r0 = "EC"
            boolean r0 = r6.equals(r0)
            java.lang.String r1 = "EdDSA"
            java.lang.String r2 = "ECDSA"
            if (r0 == 0) goto Le
            r6 = r2
            goto L17
        Le:
            java.lang.String r0 = "Ed"
            boolean r0 = r6.equals(r0)
            if (r0 == 0) goto L17
            r6 = r1
        L17:
            boolean r0 = r6.equals(r2)
            java.lang.String r2 = "SHA384"
            java.lang.String r3 = "SHA256"
            java.lang.String r4 = "SHA512"
            if (r0 == 0) goto L2e
            r0 = 256(0x100, float:3.59E-43)
            if (r5 > r0) goto L29
        L27:
            r2 = r3
            goto L46
        L29:
            r0 = 384(0x180, float:5.38E-43)
            if (r5 > r0) goto L34
            goto L46
        L2e:
            boolean r0 = r6.equals(r1)
            if (r0 == 0) goto L36
        L34:
            r2 = r4
            goto L46
        L36:
            r0 = 1024(0x400, float:1.435E-42)
            if (r5 > r0) goto L3d
            java.lang.String r2 = "SHA1"
            goto L46
        L3d:
            r0 = 2048(0x800, float:2.87E-42)
            if (r5 > r0) goto L42
            goto L27
        L42:
            r0 = 3072(0xc00, float:4.305E-42)
            if (r5 > r0) goto L34
        L46:
            java.lang.StringBuilder r5 = new java.lang.StringBuilder
            r5.<init>()
            r5.append(r2)
            java.lang.String r0 = "with"
            r5.append(r0)
            r5.append(r6)
            java.lang.String r5 = r5.toString()
            return r5
        */
        throw new UnsupportedOperationException("Method not decompiled: net.i2p.crypto.KeyStoreUtil.getSigAlg(int, java.lang.String):java.lang.String");
    }

    public static String importPrivateKey(File file, String str, String str2, String str3, InputStream inputStream) throws GeneralSecurityException, IOException {
        SecureFileOutputStream secureFileOutputStream = null;
        try {
            KeyStore createKeyStore = createKeyStore(file, str);
            PrivateKey loadPrivateKey = CertUtil.loadPrivateKey(inputStream);
            List<X509Certificate> loadCerts = CertUtil.loadCerts(inputStream);
            if (str2 == null) {
                String subjectValue = CertUtil.getSubjectValue(loadCerts.get(0), "CN");
                if (subjectValue == null) {
                    throw new GeneralSecurityException("no alias specified and no Subject CN in cert");
                }
                str2 = (!subjectValue.endsWith(".family.i2p.net") || subjectValue.length() <= 15) ? subjectValue : subjectValue.substring(0, 15);
            }
            createKeyStore.setKeyEntry(str2, loadPrivateKey, str3.toCharArray(), (Certificate[]) loadCerts.toArray(new Certificate[loadCerts.size()]));
            char[] charArray = str != null ? str.toCharArray() : null;
            SecureFileOutputStream secureFileOutputStream2 = new SecureFileOutputStream(file);
            try {
                createKeyStore.store(secureFileOutputStream2, charArray);
                try {
                    secureFileOutputStream2.close();
                } catch (IOException unused) {
                }
                try {
                    inputStream.close();
                } catch (IOException unused2) {
                }
                return str2;
            } catch (Throwable th) {
                th = th;
                secureFileOutputStream = secureFileOutputStream2;
                if (secureFileOutputStream != null) {
                    try {
                        secureFileOutputStream.close();
                    } catch (IOException unused3) {
                    }
                }
                try {
                    inputStream.close();
                    throw th;
                } catch (IOException unused4) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private static void info(String str) {
        log(I2PAppContext.getGlobalContext(), 20, str, null);
    }

    /* JADX WARN: Removed duplicated region for block: B:45:0x0086 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static boolean loadCerts(java.io.File r7, java.security.KeyStore r8) {
        /*
            java.lang.String r0 = "KeyStore load error, no default keys: "
            java.lang.String r1 = "changeit"
            boolean r2 = r7.exists()
            r3 = 0
            if (r2 != 0) goto Lc
            return r3
        Lc:
            r2 = 0
            java.io.FileInputStream r4 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> L36 java.io.IOException -> L39 java.security.GeneralSecurityException -> L5e
            r4.<init>(r7)     // Catch: java.lang.Throwable -> L36 java.io.IOException -> L39 java.security.GeneralSecurityException -> L5e
            char[] r5 = r1.toCharArray()     // Catch: java.io.IOException -> L32 java.security.GeneralSecurityException -> L34 java.lang.Throwable -> L83
            r8.load(r4, r5)     // Catch: java.io.IOException -> L32 java.security.GeneralSecurityException -> L34 java.lang.Throwable -> L83
            java.lang.StringBuilder r5 = new java.lang.StringBuilder     // Catch: java.io.IOException -> L32 java.security.GeneralSecurityException -> L34 java.lang.Throwable -> L83
            r5.<init>()     // Catch: java.io.IOException -> L32 java.security.GeneralSecurityException -> L34 java.lang.Throwable -> L83
            java.lang.String r6 = "Certs loaded from "
            r5.append(r6)     // Catch: java.io.IOException -> L32 java.security.GeneralSecurityException -> L34 java.lang.Throwable -> L83
            r5.append(r7)     // Catch: java.io.IOException -> L32 java.security.GeneralSecurityException -> L34 java.lang.Throwable -> L83
            java.lang.String r5 = r5.toString()     // Catch: java.io.IOException -> L32 java.security.GeneralSecurityException -> L34 java.lang.Throwable -> L83
            info(r5)     // Catch: java.io.IOException -> L32 java.security.GeneralSecurityException -> L34 java.lang.Throwable -> L83
            r4.close()     // Catch: java.io.IOException -> L30
        L30:
            r7 = 1
            return r7
        L32:
            r5 = move-exception
            goto L3b
        L34:
            r5 = move-exception
            goto L60
        L36:
            r7 = move-exception
            r4 = r2
            goto L84
        L39:
            r5 = move-exception
            r4 = r2
        L3b:
            java.lang.StringBuilder r6 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L83
            r6.<init>()     // Catch: java.lang.Throwable -> L83
            r6.append(r0)     // Catch: java.lang.Throwable -> L83
            java.lang.String r7 = r7.getAbsolutePath()     // Catch: java.lang.Throwable -> L83
            r6.append(r7)     // Catch: java.lang.Throwable -> L83
            java.lang.String r7 = r6.toString()     // Catch: java.lang.Throwable -> L83
            error(r7, r5)     // Catch: java.lang.Throwable -> L83
            char[] r7 = r1.toCharArray()     // Catch: java.lang.Throwable -> L58 java.lang.Throwable -> L83
            r8.load(r2, r7)     // Catch: java.lang.Throwable -> L58 java.lang.Throwable -> L83
        L58:
            if (r4 == 0) goto L5d
            r4.close()     // Catch: java.io.IOException -> L5d
        L5d:
            return r3
        L5e:
            r5 = move-exception
            r4 = r2
        L60:
            java.lang.StringBuilder r6 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L83
            r6.<init>()     // Catch: java.lang.Throwable -> L83
            r6.append(r0)     // Catch: java.lang.Throwable -> L83
            java.lang.String r7 = r7.getAbsolutePath()     // Catch: java.lang.Throwable -> L83
            r6.append(r7)     // Catch: java.lang.Throwable -> L83
            java.lang.String r7 = r6.toString()     // Catch: java.lang.Throwable -> L83
            error(r7, r5)     // Catch: java.lang.Throwable -> L83
            char[] r7 = r1.toCharArray()     // Catch: java.lang.Throwable -> L7d java.lang.Throwable -> L83
            r8.load(r2, r7)     // Catch: java.lang.Throwable -> L7d java.lang.Throwable -> L83
        L7d:
            if (r4 == 0) goto L82
            r4.close()     // Catch: java.io.IOException -> L82
        L82:
            return r3
        L83:
            r7 = move-exception
        L84:
            if (r4 == 0) goto L89
            r4.close()     // Catch: java.io.IOException -> L89
        L89:
            throw r7
        */
        throw new UnsupportedOperationException("Method not decompiled: net.i2p.crypto.KeyStoreUtil.loadCerts(java.io.File, java.security.KeyStore):boolean");
    }

    public static KeyStore loadSystemKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            String property = System.getProperty("javax.net.ssl.keyStore");
            boolean loadCerts = property != null ? loadCerts(new File(property), keyStore) : false;
            if (!loadCerts) {
                if (!SystemVersion.isAndroid()) {
                    loadCerts = loadCerts(new File(System.getProperty("java.home"), "lib/security/jssecacerts"), keyStore);
                    if (!loadCerts) {
                        loadCerts = loadCerts(new File(System.getProperty("java.home"), "lib/security/cacerts"), keyStore);
                    }
                } else if (SystemVersion.getAndroidVersion() >= 14) {
                    try {
                        keyStore.load(null, DEFAULT_KEYSTORE_PASSWORD.toCharArray());
                        loadCerts = addCerts(new File(System.getProperty("java.home"), "etc/security/cacerts"), keyStore) > 0;
                    } catch (IOException | GeneralSecurityException unused) {
                    }
                } else {
                    loadCerts = loadCerts(new File(System.getProperty("java.home"), "etc/security/cacerts.bks"), keyStore);
                }
            }
            if (loadCerts) {
                removeBlacklistedCerts(keyStore);
            } else {
                try {
                    keyStore.load(null, DEFAULT_KEYSTORE_PASSWORD.toCharArray());
                } catch (IOException | GeneralSecurityException unused2) {
                }
                error("All key store loads failed, will only load local certificates", null);
            }
            return keyStore;
        } catch (GeneralSecurityException e) {
            error("Key Store init error", e);
            return null;
        }
    }

    private static void log(I2PAppContext i2PAppContext, int i, String str, Throwable th) {
        if (i >= 30 && !i2PAppContext.isRouterContext()) {
            System.out.println(str);
            if (th != null) {
                th.printStackTrace();
            }
        }
        i2PAppContext.logManager().getLog(KeyStoreUtil.class).log(i, str, th);
    }

    public static String randomString() {
        byte[] bArr = new byte[30];
        I2PAppContext.getGlobalContext().random().nextBytes(bArr);
        return Base32.encode(bArr);
    }

    private static int removeBlacklistedCerts(KeyStore keyStore) {
        Certificate certificate;
        int i = 0;
        if (SystemVersion.isAndroid()) {
            return 0;
        }
        try {
            MessageDigest sha1 = SHA1.getInstance();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement) && (certificate = keyStore.getCertificate(nextElement)) != null && (certificate instanceof X509Certificate)) {
                    byte[] encoded = certificate.getEncoded();
                    if (encoded == null) {
                        info("null encoding!!!");
                    } else if (_blacklist.contains(new SHA1Hash(sha1.digest(encoded)))) {
                        keyStore.deleteEntry(nextElement);
                        i++;
                        if (!_blacklistLogged) {
                            X509Certificate x509Certificate = (X509Certificate) certificate;
                            BigInteger serialNumber = x509Certificate.getSerialNumber();
                            warn("Ignoring blacklisted certificate \"" + nextElement + "\" CN: \"" + CertUtil.getIssuerValue(x509Certificate, "CN") + "\" OU: \"" + CertUtil.getIssuerValue(x509Certificate, "OU") + "\" s/n: " + serialNumber.toString(16), null);
                        }
                    }
                }
            }
        } catch (GeneralSecurityException unused) {
        }
        if (i > 0) {
            _blacklistLogged = true;
        }
        return i;
    }

    public static void storePrivateKey(File file, String str, String str2, String str3, PrivateKey privateKey, List<X509Certificate> list) throws GeneralSecurityException, IOException {
        SecureFileOutputStream secureFileOutputStream = null;
        try {
            KeyStore createKeyStore = createKeyStore(file, str);
            createKeyStore.setKeyEntry(str2, privateKey, str3.toCharArray(), (Certificate[]) list.toArray(new Certificate[list.size()]));
            char[] charArray = str != null ? str.toCharArray() : null;
            SecureFileOutputStream secureFileOutputStream2 = new SecureFileOutputStream(file);
            try {
                createKeyStore.store(secureFileOutputStream2, charArray);
                try {
                    secureFileOutputStream2.close();
                } catch (IOException unused) {
                }
            } catch (Throwable th) {
                th = th;
                secureFileOutputStream = secureFileOutputStream2;
                if (secureFileOutputStream != null) {
                    try {
                        secureFileOutputStream.close();
                    } catch (IOException unused2) {
                    }
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private static void warn(String str, Throwable th) {
        log(I2PAppContext.getGlobalContext(), 30, str, th);
    }
}
