package org.bouncycastle.jcajce.provider.keystore.bcfks;

import com.amazonaws.internal.keyvaluestore.KeyProvider18;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.bc.EncryptedObjectStoreData;
import org.bouncycastle.asn1.bc.EncryptedPrivateKeyData;
import org.bouncycastle.asn1.bc.EncryptedSecretKeyData;
import org.bouncycastle.asn1.bc.ObjectData;
import org.bouncycastle.asn1.bc.ObjectDataSequence;
import org.bouncycastle.asn1.bc.ObjectStore;
import org.bouncycastle.asn1.bc.ObjectStoreData;
import org.bouncycastle.asn1.bc.ObjectStoreIntegrityCheck;
import org.bouncycastle.asn1.bc.PbkdMacIntegrityCheck;
import org.bouncycastle.asn1.bc.SecretKeyData;
import org.bouncycastle.asn1.bc.SignatureCheck;
import org.bouncycastle.asn1.cms.CCMParameters;
import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.ScryptParams;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.nsri.NSRIObjectIdentifiers;
import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.EncryptionScheme;
import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
import org.bouncycastle.asn1.pkcs.PBES2Parameters;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.generators.SCrypt;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.util.PBKDF2Config;
import org.bouncycastle.crypto.util.PBKDFConfig;
import org.bouncycastle.crypto.util.ScryptConfig;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import org.bouncycastle.jcajce.BCFKSStoreParameter;
import org.bouncycastle.jcajce.BCLoadStoreParameter;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.interfaces.ECKey;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;
import org.spongycastle.asn1.ASN1Encoding;

/* loaded from: classes2.dex */
public class BcFKSKeyStoreSpi extends KeyStoreSpi {

    /* renamed from: l, reason: collision with root package name */
    public static final Map<String, ASN1ObjectIdentifier> f11128l = new HashMap();

    /* renamed from: m, reason: collision with root package name */
    public static final Map<ASN1ObjectIdentifier, String> f11129m = new HashMap();

    /* renamed from: n, reason: collision with root package name */
    public static final BigInteger f11130n;

    /* renamed from: o, reason: collision with root package name */
    public static final BigInteger f11131o;

    /* renamed from: p, reason: collision with root package name */
    public static final BigInteger f11132p;

    /* renamed from: q, reason: collision with root package name */
    public static final BigInteger f11133q;

    /* renamed from: r, reason: collision with root package name */
    public static final BigInteger f11134r;
    public PublicKey a;
    public BCFKSLoadStoreParameter.CertChainValidator b;
    public final JcaJceHelper c;

    /* renamed from: f, reason: collision with root package name */
    public AlgorithmIdentifier f11137f;

    /* renamed from: g, reason: collision with root package name */
    public KeyDerivationFunc f11138g;

    /* renamed from: h, reason: collision with root package name */
    public AlgorithmIdentifier f11139h;

    /* renamed from: i, reason: collision with root package name */
    public Date f11140i;

    /* renamed from: j, reason: collision with root package name */
    public Date f11141j;

    /* renamed from: d, reason: collision with root package name */
    public final Map<String, ObjectData> f11135d = new HashMap();

    /* renamed from: e, reason: collision with root package name */
    public final Map<String, PrivateKey> f11136e = new HashMap();

    /* renamed from: k, reason: collision with root package name */
    public ASN1ObjectIdentifier f11142k = NISTObjectIdentifiers.Q;

    /* loaded from: classes2.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new DefaultJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new DefaultJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        public final Throwable a;

        public ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.a = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.a;
        }
    }

    /* loaded from: classes2.dex */
    public static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers {

        /* renamed from: s, reason: collision with root package name */
        public final Map<String, byte[]> f11143s;

        /* renamed from: t, reason: collision with root package name */
        public final byte[] f11144t;

        public SharedKeyStoreSpi(JcaJceHelper jcaJceHelper) {
            super(jcaJceHelper);
            try {
                this.f11144t = new byte[32];
                jcaJceHelper.a("DEFAULT").nextBytes(this.f11144t);
                this.f11143s = new HashMap();
            } catch (GeneralSecurityException e2) {
                throw new IllegalArgumentException("can't create random - " + e2.toString());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) throws KeyStoreException {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            try {
                byte[] s2 = s(str, cArr);
                if (!this.f11143s.containsKey(str) || Arrays.v(this.f11143s.get(str), s2)) {
                    Key engineGetKey = super.engineGetKey(str, cArr);
                    if (engineGetKey != null && !this.f11143s.containsKey(str)) {
                        this.f11143s.put(str, s2);
                    }
                    return engineGetKey;
                }
                throw new UnrecoverableKeyException("unable to recover key (" + str + ")");
            } catch (InvalidKeyException e2) {
                throw new UnrecoverableKeyException("unable to recover key (" + str + "): " + e2.getMessage());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        public final byte[] s(String str, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException {
            return SCrypt.i(cArr != null ? Arrays.r(Strings.k(cArr), Strings.j(str)) : Arrays.r(this.f11144t, Strings.j(str)), this.f11144t, 16384, 8, 1, 32);
        }
    }

    /* loaded from: classes2.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BCJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new BCJcaJceHelper());
        }
    }

    static {
        f11128l.put("DESEDE", OIWObjectIdentifiers.f9493h);
        f11128l.put("TRIPLEDES", OIWObjectIdentifiers.f9493h);
        f11128l.put("TDEA", OIWObjectIdentifiers.f9493h);
        f11128l.put("HMACSHA1", PKCSObjectIdentifiers.v1);
        f11128l.put("HMACSHA224", PKCSObjectIdentifiers.w1);
        f11128l.put("HMACSHA256", PKCSObjectIdentifiers.x1);
        f11128l.put("HMACSHA384", PKCSObjectIdentifiers.y1);
        f11128l.put("HMACSHA512", PKCSObjectIdentifiers.z1);
        f11128l.put("SEED", KISAObjectIdentifiers.a);
        f11128l.put("CAMELLIA.128", NTTObjectIdentifiers.a);
        f11128l.put("CAMELLIA.192", NTTObjectIdentifiers.b);
        f11128l.put("CAMELLIA.256", NTTObjectIdentifiers.c);
        f11128l.put("ARIA.128", NSRIObjectIdentifiers.f9459e);
        f11128l.put("ARIA.192", NSRIObjectIdentifiers.f9463i);
        f11128l.put("ARIA.256", NSRIObjectIdentifiers.f9467m);
        f11129m.put(PKCSObjectIdentifiers.N0, KeyProvider18.KEY_ALGORITHM_RSA);
        f11129m.put(X9ObjectIdentifiers.a3, "EC");
        f11129m.put(OIWObjectIdentifiers.f9497l, "DH");
        f11129m.put(PKCSObjectIdentifiers.d1, "DH");
        f11129m.put(X9ObjectIdentifiers.G3, "DSA");
        f11130n = BigInteger.valueOf(0L);
        f11131o = BigInteger.valueOf(1L);
        f11132p = BigInteger.valueOf(2L);
        f11133q = BigInteger.valueOf(3L);
        f11134r = BigInteger.valueOf(4L);
    }

    public BcFKSKeyStoreSpi(JcaJceHelper jcaJceHelper) {
        this.c = jcaJceHelper;
    }

    public static String o(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        String str = f11129m.get(aSN1ObjectIdentifier);
        return str != null ? str : aSN1ObjectIdentifier.w();
    }

    public final byte[] a(byte[] bArr, AlgorithmIdentifier algorithmIdentifier, KeyDerivationFunc keyDerivationFunc, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String w = algorithmIdentifier.j().w();
        Mac createMac = this.c.createMac(w);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            createMac.init(new SecretKeySpec(h(keyDerivationFunc, "INTEGRITY_CHECK", cArr, -1), w));
            return createMac.doFinal(bArr);
        } catch (InvalidKeyException e2) {
            throw new IOException("Cannot set up MAC calculation: " + e2.getMessage());
        }
    }

    public final Cipher b(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher createCipher = this.c.createCipher(str);
        createCipher.init(1, new SecretKeySpec(bArr, "AES"));
        return createCipher;
    }

    public final EncryptedPrivateKeyData c(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, Certificate[] certificateArr) throws CertificateEncodingException {
        org.bouncycastle.asn1.x509.Certificate[] certificateArr2 = new org.bouncycastle.asn1.x509.Certificate[certificateArr.length];
        for (int i2 = 0; i2 != certificateArr.length; i2++) {
            certificateArr2[i2] = org.bouncycastle.asn1.x509.Certificate.k(certificateArr[i2].getEncoded());
        }
        return new EncryptedPrivateKeyData(encryptedPrivateKeyInfo, certificateArr2);
    }

    public final Certificate d(Object obj) {
        JcaJceHelper jcaJceHelper = this.c;
        if (jcaJceHelper != null) {
            try {
                return jcaJceHelper.createCertificateFactory("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.Certificate.k(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.Certificate.k(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    public final byte[] e(String str, AlgorithmIdentifier algorithmIdentifier, char[] cArr, byte[] bArr) throws IOException {
        Cipher createCipher;
        AlgorithmParameters algorithmParameters;
        if (!algorithmIdentifier.j().n(PKCSObjectIdentifiers.l1)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        PBES2Parameters k2 = PBES2Parameters.k(algorithmIdentifier.m());
        EncryptionScheme j2 = k2.j();
        try {
            if (j2.j().n(NISTObjectIdentifiers.Q)) {
                createCipher = this.c.createCipher("AES/CCM/NoPadding");
                algorithmParameters = this.c.createAlgorithmParameters("CCM");
                algorithmParameters.init(CCMParameters.k(j2.l()).getEncoded());
            } else {
                if (!j2.j().n(NISTObjectIdentifiers.R)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                createCipher = this.c.createCipher("AESKWP");
                algorithmParameters = null;
            }
            KeyDerivationFunc l2 = k2.l();
            if (cArr == null) {
                cArr = new char[0];
            }
            createCipher.init(2, new SecretKeySpec(h(l2, str, cArr, 32), "AES"), algorithmParameters);
            return createCipher.doFinal(bArr);
        } catch (IOException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new IOException(e3.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it2 = new HashSet(this.f11135d.keySet()).iterator();
        return new Enumeration(this) { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it2.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it2.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.f11135d.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.f11135d.get(str) == null) {
            return;
        }
        this.f11136e.remove(str);
        this.f11135d.remove(str);
        this.f11141j = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        ObjectData objectData = this.f11135d.get(str);
        if (objectData == null) {
            return null;
        }
        if (objectData.o().equals(f11131o) || objectData.o().equals(f11133q)) {
            return d(EncryptedPrivateKeyData.l(objectData.k()).j()[0]);
        }
        if (objectData.o().equals(f11130n)) {
            return d(objectData.k());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.f11135d.keySet()) {
                ObjectData objectData = this.f11135d.get(str);
                if (objectData.o().equals(f11130n)) {
                    if (Arrays.b(objectData.k(), encoded)) {
                        return str;
                    }
                } else if (objectData.o().equals(f11131o) || objectData.o().equals(f11133q)) {
                    try {
                        if (Arrays.b(EncryptedPrivateKeyData.l(objectData.k()).j()[0].toASN1Primitive().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                        continue;
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        ObjectData objectData = this.f11135d.get(str);
        if (objectData == null) {
            return null;
        }
        if (!objectData.o().equals(f11131o) && !objectData.o().equals(f11133q)) {
            return null;
        }
        org.bouncycastle.asn1.x509.Certificate[] j2 = EncryptedPrivateKeyData.l(objectData.k()).j();
        int length = j2.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i2 = 0; i2 != length; i2++) {
            x509CertificateArr[i2] = d(j2[i2]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        ObjectData objectData = this.f11135d.get(str);
        if (objectData == null) {
            return null;
        }
        try {
            return objectData.n().v();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        ObjectData objectData = this.f11135d.get(str);
        if (objectData == null) {
            return null;
        }
        if (objectData.o().equals(f11131o) || objectData.o().equals(f11133q)) {
            PrivateKey privateKey = this.f11136e.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            EncryptedPrivateKeyInfo l2 = EncryptedPrivateKeyInfo.l(EncryptedPrivateKeyData.l(objectData.k()).k());
            try {
                PrivateKeyInfo k2 = PrivateKeyInfo.k(e("PRIVATE_KEY_ENCRYPTION", l2.k(), cArr, l2.j()));
                PrivateKey generatePrivate = this.c.createKeyFactory(o(k2.m().j())).generatePrivate(new PKCS8EncodedKeySpec(k2.getEncoded()));
                this.f11136e.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e2) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e2.getMessage());
            }
        }
        if (!objectData.o().equals(f11132p) && !objectData.o().equals(f11134r)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        EncryptedSecretKeyData k3 = EncryptedSecretKeyData.k(objectData.k());
        try {
            SecretKeyData j2 = SecretKeyData.j(e("SECRET_KEY_ENCRYPTION", k3.l(), cArr, k3.j()));
            return this.c.c(j2.k().w()).generateSecret(new SecretKeySpec(j2.l(), j2.k().w()));
        } catch (Exception e3) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        ObjectData objectData = this.f11135d.get(str);
        if (objectData != null) {
            return objectData.o().equals(f11130n);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        ObjectData objectData = this.f11135d.get(str);
        if (objectData == null) {
            return false;
        }
        BigInteger o2 = objectData.o();
        return o2.equals(f11131o) || o2.equals(f11132p) || o2.equals(f11133q) || o2.equals(f11134r);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        AlgorithmIdentifier m2;
        ASN1Encodable l2;
        PublicKey publicKey;
        ObjectStoreData k2;
        this.f11135d.clear();
        this.f11136e.clear();
        this.f11140i = null;
        this.f11141j = null;
        this.f11137f = null;
        if (inputStream == null) {
            Date date = new Date();
            this.f11140i = date;
            this.f11141j = date;
            this.a = null;
            this.b = null;
            this.f11137f = new AlgorithmIdentifier(PKCSObjectIdentifiers.z1, DERNull.a);
            this.f11138g = i(PKCSObjectIdentifiers.m1, 64);
            return;
        }
        try {
            ObjectStore j2 = ObjectStore.j(new ASN1InputStream(inputStream).n());
            ObjectStoreIntegrityCheck k3 = j2.k();
            if (k3.l() == 0) {
                PbkdMacIntegrityCheck j3 = PbkdMacIntegrityCheck.j(k3.k());
                this.f11137f = j3.l();
                this.f11138g = j3.m();
                m2 = this.f11137f;
                try {
                    q(j2.l().toASN1Primitive().getEncoded(), j3, cArr);
                } catch (NoSuchProviderException e2) {
                    throw new IOException(e2.getMessage());
                }
            } else {
                if (k3.l() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                SignatureCheck k4 = SignatureCheck.k(k3.k());
                m2 = k4.m();
                try {
                    org.bouncycastle.asn1.x509.Certificate[] j4 = k4.j();
                    if (this.b == null) {
                        l2 = j2.l();
                        publicKey = this.a;
                    } else {
                        if (j4 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory createCertificateFactory = this.c.createCertificateFactory("X.509");
                        int length = j4.length;
                        X509Certificate[] x509CertificateArr = new X509Certificate[length];
                        for (int i2 = 0; i2 != length; i2++) {
                            x509CertificateArr[i2] = (X509Certificate) createCertificateFactory.generateCertificate(new ByteArrayInputStream(j4[i2].getEncoded()));
                        }
                        if (!this.b.a(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        l2 = j2.l();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    r(l2, k4, publicKey);
                } catch (GeneralSecurityException e3) {
                    throw new IOException("error verifying signature: " + e3.getMessage(), e3);
                }
            }
            ASN1Encodable l3 = j2.l();
            if (l3 instanceof EncryptedObjectStoreData) {
                EncryptedObjectStoreData encryptedObjectStoreData = (EncryptedObjectStoreData) l3;
                k2 = ObjectStoreData.k(e("STORE_ENCRYPTION", encryptedObjectStoreData.k(), cArr, encryptedObjectStoreData.j().u()));
            } else {
                k2 = ObjectStoreData.k(l3);
            }
            try {
                this.f11140i = k2.j().v();
                this.f11141j = k2.m().v();
                if (!k2.l().equals(m2)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<ASN1Encodable> it2 = k2.n().iterator();
                while (it2.hasNext()) {
                    ObjectData m3 = ObjectData.m(it2.next());
                    this.f11135d.put(m3.l(), m3);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e4) {
            throw new IOException(e4.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineLoad(((BCLoadStoreParameter) loadStoreParameter).a(), g(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        char[] g2 = g(bCFKSLoadStoreParameter);
        this.f11138g = k(bCFKSLoadStoreParameter.g(), 64);
        this.f11142k = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? NISTObjectIdentifiers.Q : NISTObjectIdentifiers.R;
        this.f11137f = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new AlgorithmIdentifier(PKCSObjectIdentifiers.z1, DERNull.a) : new AlgorithmIdentifier(NISTObjectIdentifiers.f9455r, DERNull.a);
        this.a = (PublicKey) bCFKSLoadStoreParameter.i();
        this.b = bCFKSLoadStoreParameter.c();
        this.f11139h = l(this.a, bCFKSLoadStoreParameter.h());
        ASN1ObjectIdentifier aSN1ObjectIdentifier = this.f11142k;
        InputStream a = bCFKSLoadStoreParameter.a();
        engineLoad(a, g2);
        if (a != null) {
            if (!p(bCFKSLoadStoreParameter.g(), this.f11138g) || !aSN1ObjectIdentifier.n(this.f11142k)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        ObjectData objectData = this.f11135d.get(str);
        Date date2 = new Date();
        if (objectData == null) {
            date = date2;
        } else {
            if (!objectData.o().equals(f11130n)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = f(objectData, date2);
        }
        try {
            this.f11135d.put(str, new ObjectData(f11130n, str, date, date2, certificate.getEncoded(), null));
            this.f11141j = date2;
        } catch (CertificateEncodingException e2) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e2.getMessage(), e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        SecretKeyData secretKeyData;
        EncryptedSecretKeyData encryptedSecretKeyData;
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo;
        Date date = new Date();
        ObjectData objectData = this.f11135d.get(str);
        Date f2 = objectData != null ? f(objectData, date) : date;
        this.f11136e.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                KeyDerivationFunc i2 = i(PKCSObjectIdentifiers.m1, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] h2 = h(i2, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                if (this.f11142k.n(NISTObjectIdentifiers.Q)) {
                    Cipher b = b("AES/CCM/NoPadding", h2);
                    encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.l1, new PBES2Parameters(i2, new EncryptionScheme(NISTObjectIdentifiers.Q, CCMParameters.k(b.getParameters().getEncoded())))), b.doFinal(encoded));
                } else {
                    encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.l1, new PBES2Parameters(i2, new EncryptionScheme(NISTObjectIdentifiers.R))), b("AESKWP", h2).doFinal(encoded));
                }
                this.f11135d.put(str, new ObjectData(f11131o, str, f2, date, c(encryptedPrivateKeyInfo, certificateArr).getEncoded(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                KeyDerivationFunc i3 = i(PKCSObjectIdentifiers.m1, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] h3 = h(i3, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String l2 = Strings.l(key.getAlgorithm());
                if (l2.indexOf("AES") > -1) {
                    secretKeyData = new SecretKeyData(NISTObjectIdentifiers.f9457t, encoded2);
                } else {
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = f11128l.get(l2);
                    if (aSN1ObjectIdentifier != null) {
                        secretKeyData = new SecretKeyData(aSN1ObjectIdentifier, encoded2);
                    } else {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = f11128l.get(l2 + "." + (encoded2.length * 8));
                        if (aSN1ObjectIdentifier2 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + l2 + ") for storage.");
                        }
                        secretKeyData = new SecretKeyData(aSN1ObjectIdentifier2, encoded2);
                    }
                }
                if (this.f11142k.n(NISTObjectIdentifiers.Q)) {
                    Cipher b2 = b("AES/CCM/NoPadding", h3);
                    encryptedSecretKeyData = new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.l1, new PBES2Parameters(i3, new EncryptionScheme(NISTObjectIdentifiers.Q, CCMParameters.k(b2.getParameters().getEncoded())))), b2.doFinal(secretKeyData.getEncoded()));
                } else {
                    encryptedSecretKeyData = new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.l1, new PBES2Parameters(i3, new EncryptionScheme(NISTObjectIdentifiers.R))), b("AESKWP", h3).doFinal(secretKeyData.getEncoded()));
                }
                this.f11135d.put(str, new ObjectData(f11132p, str, f2, date, encryptedSecretKeyData.getEncoded(), null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e3.toString(), e3);
            }
        }
        this.f11141j = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        ObjectData objectData = this.f11135d.get(str);
        Date f2 = objectData != null ? f(objectData, date) : date;
        if (certificateArr != null) {
            try {
                EncryptedPrivateKeyInfo l2 = EncryptedPrivateKeyInfo.l(bArr);
                try {
                    this.f11136e.remove(str);
                    this.f11135d.put(str, new ObjectData(f11133q, str, f2, date, c(l2, certificateArr).getEncoded(), null));
                } catch (Exception e2) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e2.toString(), e2);
                }
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e3);
            }
        } else {
            try {
                this.f11135d.put(str, new ObjectData(f11134r, str, f2, date, bArr, null));
            } catch (Exception e4) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e4.toString(), e4);
            }
        }
        this.f11141j = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.f11135d.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        KeyDerivationFunc keyDerivationFunc;
        BigInteger l2;
        if (this.f11140i == null) {
            throw new IOException("KeyStore not initialized");
        }
        EncryptedObjectStoreData n2 = n(this.f11137f, cArr);
        if (MiscObjectIdentifiers.y.n(this.f11138g.j())) {
            ScryptParams l3 = ScryptParams.l(this.f11138g.l());
            keyDerivationFunc = this.f11138g;
            l2 = l3.m();
        } else {
            PBKDF2Params j2 = PBKDF2Params.j(this.f11138g.l());
            keyDerivationFunc = this.f11138g;
            l2 = j2.l();
        }
        this.f11138g = j(keyDerivationFunc, l2.intValue());
        try {
            outputStream.write(new ObjectStore(n2, new ObjectStoreIntegrityCheck(new PbkdMacIntegrityCheck(this.f11137f, this.f11138g, a(n2.getEncoded(), this.f11137f, this.f11138g, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e2) {
            throw new IOException("cannot calculate mac: " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        SignatureCheck signatureCheck;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof BCFKSStoreParameter) {
            BCFKSStoreParameter bCFKSStoreParameter = (BCFKSStoreParameter) loadStoreParameter;
            char[] g2 = g(loadStoreParameter);
            this.f11138g = k(bCFKSStoreParameter.b(), 64);
            engineStore(bCFKSStoreParameter.a(), g2);
            return;
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineStore(((BCLoadStoreParameter) loadStoreParameter).b(), g(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        if (bCFKSLoadStoreParameter.i() == null) {
            char[] g3 = g(bCFKSLoadStoreParameter);
            this.f11138g = k(bCFKSLoadStoreParameter.g(), 64);
            this.f11142k = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? NISTObjectIdentifiers.Q : NISTObjectIdentifiers.R;
            this.f11137f = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new AlgorithmIdentifier(PKCSObjectIdentifiers.z1, DERNull.a) : new AlgorithmIdentifier(NISTObjectIdentifiers.f9455r, DERNull.a);
            engineStore(bCFKSLoadStoreParameter.b(), g3);
            return;
        }
        this.f11139h = l(bCFKSLoadStoreParameter.i(), bCFKSLoadStoreParameter.h());
        this.f11138g = k(bCFKSLoadStoreParameter.g(), 64);
        this.f11142k = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? NISTObjectIdentifiers.Q : NISTObjectIdentifiers.R;
        this.f11137f = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new AlgorithmIdentifier(PKCSObjectIdentifiers.z1, DERNull.a) : new AlgorithmIdentifier(NISTObjectIdentifiers.f9455r, DERNull.a);
        EncryptedObjectStoreData n2 = n(this.f11139h, g(bCFKSLoadStoreParameter));
        try {
            Signature createSignature = this.c.createSignature(this.f11139h.j().w());
            createSignature.initSign((PrivateKey) bCFKSLoadStoreParameter.i());
            createSignature.update(n2.getEncoded());
            X509Certificate[] d2 = bCFKSLoadStoreParameter.d();
            if (d2 != null) {
                int length = d2.length;
                org.bouncycastle.asn1.x509.Certificate[] certificateArr = new org.bouncycastle.asn1.x509.Certificate[length];
                for (int i2 = 0; i2 != length; i2++) {
                    certificateArr[i2] = org.bouncycastle.asn1.x509.Certificate.k(d2[i2].getEncoded());
                }
                signatureCheck = new SignatureCheck(this.f11139h, certificateArr, createSignature.sign());
            } else {
                signatureCheck = new SignatureCheck(this.f11139h, createSignature.sign());
            }
            bCFKSLoadStoreParameter.b().write(new ObjectStore(n2, new ObjectStoreIntegrityCheck(signatureCheck)).getEncoded());
            bCFKSLoadStoreParameter.b().flush();
        } catch (GeneralSecurityException e2) {
            throw new IOException("error creating signature: " + e2.getMessage(), e2);
        }
    }

    public final Date f(ObjectData objectData, Date date) {
        try {
            return objectData.j().v();
        } catch (ParseException unused) {
            return date;
        }
    }

    public final char[] g(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException {
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            return null;
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
            throw new IllegalArgumentException("no support for protection parameter of type " + protectionParameter.getClass().getName());
        }
        CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (UnsupportedCallbackException e2) {
            throw new IllegalArgumentException("PasswordCallback not recognised: " + e2.getMessage(), e2);
        }
    }

    public final byte[] h(KeyDerivationFunc keyDerivationFunc, String str, char[] cArr, int i2) throws IOException {
        byte[] a = PBEParametersGenerator.a(cArr);
        byte[] a2 = PBEParametersGenerator.a(str.toCharArray());
        if (MiscObjectIdentifiers.y.n(keyDerivationFunc.j())) {
            ScryptParams l2 = ScryptParams.l(keyDerivationFunc.l());
            if (l2.m() != null) {
                i2 = l2.m().intValue();
            } else if (i2 == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return SCrypt.i(Arrays.r(a, a2), l2.o(), l2.k().intValue(), l2.j().intValue(), l2.j().intValue(), i2);
        }
        if (!keyDerivationFunc.j().n(PKCSObjectIdentifiers.m1)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        PBKDF2Params j2 = PBKDF2Params.j(keyDerivationFunc.l());
        if (j2.l() != null) {
            i2 = j2.l().intValue();
        } else if (i2 == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (j2.m().j().n(PKCSObjectIdentifiers.z1)) {
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA512Digest());
            pKCS5S2ParametersGenerator.g(Arrays.r(a, a2), j2.n(), j2.k().intValue());
            return ((KeyParameter) pKCS5S2ParametersGenerator.e(i2 * 8)).a();
        }
        if (j2.m().j().n(NISTObjectIdentifiers.f9455r)) {
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator2 = new PKCS5S2ParametersGenerator(new SHA3Digest(512));
            pKCS5S2ParametersGenerator2.g(Arrays.r(a, a2), j2.n(), j2.k().intValue());
            return ((KeyParameter) pKCS5S2ParametersGenerator2.e(i2 * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + j2.m().j());
    }

    public final KeyDerivationFunc i(ASN1ObjectIdentifier aSN1ObjectIdentifier, int i2) {
        byte[] bArr = new byte[64];
        m().nextBytes(bArr);
        if (PKCSObjectIdentifiers.m1.n(aSN1ObjectIdentifier)) {
            return new KeyDerivationFunc(PKCSObjectIdentifiers.m1, new PBKDF2Params(bArr, 51200, i2, new AlgorithmIdentifier(PKCSObjectIdentifiers.z1, DERNull.a)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + aSN1ObjectIdentifier);
    }

    public final KeyDerivationFunc j(KeyDerivationFunc keyDerivationFunc, int i2) {
        boolean n2 = MiscObjectIdentifiers.y.n(keyDerivationFunc.j());
        ASN1Encodable l2 = keyDerivationFunc.l();
        if (n2) {
            ScryptParams l3 = ScryptParams.l(l2);
            byte[] bArr = new byte[l3.o().length];
            m().nextBytes(bArr);
            return new KeyDerivationFunc(MiscObjectIdentifiers.y, new ScryptParams(bArr, l3.k(), l3.j(), l3.n(), BigInteger.valueOf(i2)));
        }
        PBKDF2Params j2 = PBKDF2Params.j(l2);
        byte[] bArr2 = new byte[j2.n().length];
        m().nextBytes(bArr2);
        return new KeyDerivationFunc(PKCSObjectIdentifiers.m1, new PBKDF2Params(bArr2, j2.k().intValue(), i2, j2.m()));
    }

    public final KeyDerivationFunc k(PBKDFConfig pBKDFConfig, int i2) {
        if (!MiscObjectIdentifiers.y.n(pBKDFConfig.a())) {
            PBKDF2Config pBKDF2Config = (PBKDF2Config) pBKDFConfig;
            byte[] bArr = new byte[pBKDF2Config.d()];
            m().nextBytes(bArr);
            return new KeyDerivationFunc(PKCSObjectIdentifiers.m1, new PBKDF2Params(bArr, pBKDF2Config.b(), i2, pBKDF2Config.c()));
        }
        ScryptConfig scryptConfig = (ScryptConfig) pBKDFConfig;
        byte[] bArr2 = new byte[scryptConfig.e()];
        m().nextBytes(bArr2);
        return new KeyDerivationFunc(MiscObjectIdentifiers.y, new ScryptParams(bArr2, scryptConfig.c(), scryptConfig.b(), scryptConfig.d(), i2));
    }

    public final AlgorithmIdentifier l(Key key, BCFKSLoadStoreParameter.SignatureAlgorithm signatureAlgorithm) throws IOException {
        if (key == null) {
            return null;
        }
        if (key instanceof ECKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA) {
                return new AlgorithmIdentifier(X9ObjectIdentifiers.f3);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withECDSA) {
                return new AlgorithmIdentifier(NISTObjectIdentifiers.e0);
            }
        }
        if (key instanceof DSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA) {
                return new AlgorithmIdentifier(NISTObjectIdentifiers.W);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withDSA) {
                return new AlgorithmIdentifier(NISTObjectIdentifiers.a0);
            }
        }
        if (key instanceof RSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA) {
                return new AlgorithmIdentifier(PKCSObjectIdentifiers.Y0, DERNull.a);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withRSA) {
                return new AlgorithmIdentifier(NISTObjectIdentifiers.i0, DERNull.a);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    public final SecureRandom m() {
        return CryptoServicesRegistrar.b();
    }

    public final EncryptedObjectStoreData n(AlgorithmIdentifier algorithmIdentifier, char[] cArr) throws IOException, NoSuchAlgorithmException {
        ObjectData[] objectDataArr = (ObjectData[]) this.f11135d.values().toArray(new ObjectData[this.f11135d.size()]);
        KeyDerivationFunc j2 = j(this.f11138g, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] h2 = h(j2, "STORE_ENCRYPTION", cArr, 32);
        ObjectStoreData objectStoreData = new ObjectStoreData(algorithmIdentifier, this.f11140i, this.f11141j, new ObjectDataSequence(objectDataArr), null);
        try {
            if (!this.f11142k.n(NISTObjectIdentifiers.Q)) {
                return new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.l1, new PBES2Parameters(j2, new EncryptionScheme(NISTObjectIdentifiers.R))), b("AESKWP", h2).doFinal(objectStoreData.getEncoded()));
            }
            Cipher b = b("AES/CCM/NoPadding", h2);
            return new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.l1, new PBES2Parameters(j2, new EncryptionScheme(NISTObjectIdentifiers.Q, CCMParameters.k(b.getParameters().getEncoded())))), b.doFinal(objectStoreData.getEncoded()));
        } catch (InvalidKeyException e2) {
            throw new IOException(e2.toString());
        } catch (NoSuchProviderException e3) {
            throw new IOException(e3.toString());
        } catch (BadPaddingException e4) {
            throw new IOException(e4.toString());
        } catch (IllegalBlockSizeException e5) {
            throw new IOException(e5.toString());
        } catch (NoSuchPaddingException e6) {
            throw new NoSuchAlgorithmException(e6.toString());
        }
    }

    public final boolean p(PBKDFConfig pBKDFConfig, KeyDerivationFunc keyDerivationFunc) {
        if (!pBKDFConfig.a().n(keyDerivationFunc.j())) {
            return false;
        }
        if (MiscObjectIdentifiers.y.n(keyDerivationFunc.j())) {
            if (!(pBKDFConfig instanceof ScryptConfig)) {
                return false;
            }
            ScryptConfig scryptConfig = (ScryptConfig) pBKDFConfig;
            ScryptParams l2 = ScryptParams.l(keyDerivationFunc.l());
            return scryptConfig.e() == l2.o().length && scryptConfig.b() == l2.j().intValue() && scryptConfig.c() == l2.k().intValue() && scryptConfig.d() == l2.n().intValue();
        }
        if (!(pBKDFConfig instanceof PBKDF2Config)) {
            return false;
        }
        PBKDF2Config pBKDF2Config = (PBKDF2Config) pBKDFConfig;
        PBKDF2Params j2 = PBKDF2Params.j(keyDerivationFunc.l());
        return pBKDF2Config.d() == j2.n().length && pBKDF2Config.b() == j2.k().intValue();
    }

    public final void q(byte[] bArr, PbkdMacIntegrityCheck pbkdMacIntegrityCheck, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (!Arrays.v(a(bArr, pbkdMacIntegrityCheck.l(), pbkdMacIntegrityCheck.m(), cArr), pbkdMacIntegrityCheck.k())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    public final void r(ASN1Encodable aSN1Encodable, SignatureCheck signatureCheck, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature createSignature = this.c.createSignature(signatureCheck.m().j().w());
        createSignature.initVerify(publicKey);
        createSignature.update(aSN1Encodable.toASN1Primitive().i(ASN1Encoding.DER));
        if (!createSignature.verify(signatureCheck.l().w())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }
}
