package org.bouncycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import k.b.a.e3.a;
import k.b.a.e3.b0;
import k.b.a.e3.g;
import k.b.a.f3.m;
import k.b.a.g2.c;
import k.b.a.g2.e;
import k.b.a.g2.j;
import k.b.a.o;
import k.b.a.t2.b;
import k.b.a.x2.f;
import k.b.a.x2.h;
import k.b.a.x2.k;
import k.b.a.x2.l;
import k.b.a.x2.n;
import k.b.a.x2.p;
import k.b.a.z0;
import k.b.b.l0.w;
import k.b.b.l0.x;
import k.b.b.p0.y;
import k.b.b.u0.b1;
import k.b.b.y0.d;
import k.b.f.i;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import org.bouncycastle.jcajce.BCFKSStoreParameter;
import org.bouncycastle.jcajce.BCLoadStoreParameter;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;

/* loaded from: classes2.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final Map<o, String> C2;
    private static final Map<String, o> K1;
    private static final BigInteger K2;
    private static final BigInteger Ma;
    private static final BigInteger Na;
    private static final BigInteger Oa;
    private static final BigInteger Pa;
    private Date K0;
    private PublicKey a;

    /* renamed from: b, reason: collision with root package name */
    private BCFKSLoadStoreParameter.CertChainValidator f8060b;

    /* renamed from: c, reason: collision with root package name */
    private final JcaJceHelper f8061c;

    /* renamed from: g, reason: collision with root package name */
    private a f8064g;
    private a k0;
    private Date k1;
    private h p;

    /* renamed from: d, reason: collision with root package name */
    private final Map<String, e> f8062d = new HashMap();

    /* renamed from: f, reason: collision with root package name */
    private final Map<String, PrivateKey> f8063f = new HashMap();
    private o C1 = b.P;

    /* loaded from: classes2.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new DefaultJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new DefaultJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    private static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable a;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.a = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.a;
        }
    }

    /* loaded from: classes2.dex */
    private static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements n, b0 {
        private final Map<String, byte[]> Qa;
        private final byte[] Ra;

        public SharedKeyStoreSpi(JcaJceHelper jcaJceHelper) {
            super(jcaJceHelper);
            try {
                byte[] bArr = new byte[32];
                this.Ra = bArr;
                jcaJceHelper.a("DEFAULT").nextBytes(bArr);
                this.Qa = new HashMap();
            } catch (GeneralSecurityException e2) {
                throw new IllegalArgumentException("can't create random - " + e2.toString());
            }
        }

        private byte[] s(String str, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException {
            return k.b.b.p0.b0.i(cArr != null ? k.b.f.a.n(i.j(cArr), i.i(str)) : k.b.f.a.n(this.Ra, i.i(str)), this.Ra, 16384, 8, 1, 32);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) throws KeyStoreException {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            try {
                byte[] s = s(str, cArr);
                if (!this.Qa.containsKey(str) || k.b.f.a.q(this.Qa.get(str), s)) {
                    Key engineGetKey = super.engineGetKey(str, cArr);
                    if (engineGetKey != null && !this.Qa.containsKey(str)) {
                        this.Qa.put(str, s);
                    }
                    return engineGetKey;
                }
                throw new UnrecoverableKeyException("unable to recover key (" + str + ")");
            } catch (InvalidKeyException e2) {
                throw new UnrecoverableKeyException("unable to recover key (" + str + "): " + e2.getMessage());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes2.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BCJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new BCJcaJceHelper());
        }
    }

    static {
        HashMap hashMap = new HashMap();
        K1 = hashMap;
        HashMap hashMap2 = new HashMap();
        C2 = hashMap2;
        o oVar = k.b.a.w2.b.f5847e;
        hashMap.put("DESEDE", oVar);
        hashMap.put("TRIPLEDES", oVar);
        hashMap.put("TDEA", oVar);
        hashMap.put("HMACSHA1", n.P8);
        hashMap.put("HMACSHA224", n.Q8);
        hashMap.put("HMACSHA256", n.R8);
        hashMap.put("HMACSHA384", n.S8);
        hashMap.put("HMACSHA512", n.T8);
        hashMap.put("SEED", k.b.a.r2.a.a);
        hashMap.put("CAMELLIA.128", k.b.a.v2.a.a);
        hashMap.put("CAMELLIA.192", k.b.a.v2.a.f5835b);
        hashMap.put("CAMELLIA.256", k.b.a.v2.a.f5836c);
        hashMap.put("ARIA.128", k.b.a.u2.a.f5827e);
        hashMap.put("ARIA.192", k.b.a.u2.a.f5831i);
        hashMap.put("ARIA.256", k.b.a.u2.a.m);
        hashMap2.put(n.h8, "RSA");
        hashMap2.put(m.V9, "EC");
        hashMap2.put(k.b.a.w2.b.f5851i, "DH");
        hashMap2.put(n.x8, "DH");
        hashMap2.put(m.Ba, "DSA");
        K2 = BigInteger.valueOf(0L);
        Ma = BigInteger.valueOf(1L);
        Na = BigInteger.valueOf(2L);
        Oa = BigInteger.valueOf(3L);
        Pa = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(JcaJceHelper jcaJceHelper) {
        this.f8061c = jcaJceHelper;
    }

    private byte[] a(byte[] bArr, a aVar, h hVar, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String r = aVar.g().r();
        Mac c2 = this.f8061c.c(r);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            c2.init(new SecretKeySpec(h(hVar, "INTEGRITY_CHECK", cArr, -1), r));
            return c2.doFinal(bArr);
        } catch (InvalidKeyException e2) {
            throw new IOException("Cannot set up MAC calculation: " + e2.getMessage());
        }
    }

    private Cipher b(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher b2 = this.f8061c.b(str);
        b2.init(1, new SecretKeySpec(bArr, "AES"));
        return b2;
    }

    private c c(f fVar, Certificate[] certificateArr) throws CertificateEncodingException {
        g[] gVarArr = new g[certificateArr.length];
        for (int i2 = 0; i2 != certificateArr.length; i2++) {
            gVarArr[i2] = g.h(certificateArr[i2].getEncoded());
        }
        return new c(fVar, gVarArr);
    }

    private Certificate d(Object obj) {
        JcaJceHelper jcaJceHelper = this.f8061c;
        if (jcaJceHelper != null) {
            try {
                return jcaJceHelper.d("X.509").generateCertificate(new ByteArrayInputStream(g.h(obj).e()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(g.h(obj).e()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] e(String str, a aVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher b2;
        AlgorithmParameters algorithmParameters;
        if (!aVar.g().equals(n.F8)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        k h2 = k.h(aVar.j());
        k.b.a.x2.g g2 = h2.g();
        try {
            if (g2.g().equals(b.P)) {
                b2 = this.f8061c.b("AES/CCM/NoPadding");
                algorithmParameters = this.f8061c.e("CCM");
                algorithmParameters.init(k.b.a.i2.a.h(g2.i()).e());
            } else {
                if (!g2.g().equals(b.Q)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                b2 = this.f8061c.b("AESKWP");
                algorithmParameters = null;
            }
            h i2 = h2.i();
            if (cArr == null) {
                cArr = new char[0];
            }
            b2.init(2, new SecretKeySpec(h(i2, str, cArr, 32), "AES"), algorithmParameters);
            return b2.doFinal(bArr);
        } catch (IOException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new IOException(e3.toString());
        }
    }

    private Date f(e eVar, Date date) {
        try {
            return eVar.g().p();
        } catch (ParseException unused) {
            return date;
        }
    }

    private char[] g(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException {
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            return null;
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
            throw new IllegalArgumentException("no support for protection parameter of type " + protectionParameter.getClass().getName());
        }
        CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (UnsupportedCallbackException e2) {
            throw new IllegalArgumentException("PasswordCallback not recognised: " + e2.getMessage(), e2);
        }
    }

    private byte[] h(h hVar, String str, char[] cArr, int i2) throws IOException {
        byte[] a = k.b.b.b0.a(cArr);
        byte[] a2 = k.b.b.b0.a(str.toCharArray());
        if (k.b.a.s2.c.y.equals(hVar.g())) {
            k.b.a.s2.f i3 = k.b.a.s2.f.i(hVar.i());
            if (i3.j() != null) {
                i2 = i3.j().intValue();
            } else if (i2 == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return k.b.b.p0.b0.i(k.b.f.a.n(a, a2), i3.l(), i3.h().intValue(), i3.g().intValue(), i3.g().intValue(), i2);
        }
        if (!hVar.g().equals(n.G8)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        l g2 = l.g(hVar.i());
        if (g2.i() != null) {
            i2 = g2.i().intValue();
        } else if (i2 == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (g2.j().g().equals(n.T8)) {
            y yVar = new y(new x());
            yVar.g(k.b.f.a.n(a, a2), g2.k(), g2.h().intValue());
            return ((b1) yVar.e(i2 * 8)).a();
        }
        if (g2.j().g().equals(b.r)) {
            y yVar2 = new y(new w(512));
            yVar2.g(k.b.f.a.n(a, a2), g2.k(), g2.h().intValue());
            return ((b1) yVar2.e(i2 * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + g2.j().g());
    }

    private h i(o oVar, int i2) {
        byte[] bArr = new byte[64];
        m().nextBytes(bArr);
        o oVar2 = n.G8;
        if (oVar2.equals(oVar)) {
            return new h(oVar2, new l(bArr, 51200, i2, new a(n.T8, z0.a)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + oVar);
    }

    private h j(h hVar, int i2) {
        o oVar = k.b.a.s2.c.y;
        boolean equals = oVar.equals(hVar.g());
        k.b.a.e i3 = hVar.i();
        if (equals) {
            k.b.a.s2.f i4 = k.b.a.s2.f.i(i3);
            byte[] bArr = new byte[i4.l().length];
            m().nextBytes(bArr);
            return new h(oVar, new k.b.a.s2.f(bArr, i4.h(), i4.g(), i4.k(), BigInteger.valueOf(i2)));
        }
        l g2 = l.g(i3);
        byte[] bArr2 = new byte[g2.k().length];
        m().nextBytes(bArr2);
        return new h(n.G8, new l(bArr2, g2.h().intValue(), i2, g2.j()));
    }

    private h k(k.b.b.y0.e eVar, int i2) {
        o oVar = k.b.a.s2.c.y;
        if (oVar.equals(eVar.a())) {
            k.b.b.y0.i iVar = (k.b.b.y0.i) eVar;
            byte[] bArr = new byte[iVar.e()];
            m().nextBytes(bArr);
            return new h(oVar, new k.b.a.s2.f(bArr, iVar.c(), iVar.b(), iVar.d(), i2));
        }
        d dVar = (d) eVar;
        byte[] bArr2 = new byte[dVar.d()];
        m().nextBytes(bArr2);
        return new h(n.G8, new l(bArr2, dVar.b(), i2, dVar.c()));
    }

    private a l(Key key, BCFKSLoadStoreParameter.SignatureAlgorithm signatureAlgorithm) throws IOException {
        if (key == null) {
            return null;
        }
        if (key instanceof k.b.c.c.a) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA) {
                return new a(m.aa);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withECDSA) {
                return new a(b.d0);
            }
        }
        if (key instanceof DSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA) {
                return new a(b.V);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withDSA) {
                return new a(b.Z);
            }
        }
        if (key instanceof RSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA) {
                return new a(n.s8, z0.a);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withRSA) {
                return new a(b.h0, z0.a);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private SecureRandom m() {
        return k.b.b.l.b();
    }

    private k.b.a.g2.b n(a aVar, char[] cArr) throws IOException, NoSuchAlgorithmException {
        e[] eVarArr = (e[]) this.f8062d.values().toArray(new e[this.f8062d.size()]);
        h j2 = j(this.p, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] h2 = h(j2, "STORE_ENCRYPTION", cArr, 32);
        k.b.a.g2.h hVar = new k.b.a.g2.h(aVar, this.K0, this.k1, new k.b.a.g2.f(eVarArr), null);
        try {
            o oVar = this.C1;
            o oVar2 = b.P;
            if (!oVar.equals(oVar2)) {
                return new k.b.a.g2.b(new a(n.F8, new k(j2, new k.b.a.x2.g(b.Q))), b("AESKWP", h2).doFinal(hVar.e()));
            }
            Cipher b2 = b("AES/CCM/NoPadding", h2);
            return new k.b.a.g2.b(new a(n.F8, new k(j2, new k.b.a.x2.g(oVar2, k.b.a.i2.a.h(b2.getParameters().getEncoded())))), b2.doFinal(hVar.e()));
        } catch (InvalidKeyException e2) {
            throw new IOException(e2.toString());
        } catch (NoSuchProviderException e3) {
            throw new IOException(e3.toString());
        } catch (BadPaddingException e4) {
            throw new IOException(e4.toString());
        } catch (IllegalBlockSizeException e5) {
            throw new IOException(e5.toString());
        } catch (NoSuchPaddingException e6) {
            throw new NoSuchAlgorithmException(e6.toString());
        }
    }

    private static String o(o oVar) {
        String str = C2.get(oVar);
        return str != null ? str : oVar.r();
    }

    private boolean p(k.b.b.y0.e eVar, h hVar) {
        if (!eVar.a().equals(hVar.g())) {
            return false;
        }
        if (k.b.a.s2.c.y.equals(hVar.g())) {
            if (!(eVar instanceof k.b.b.y0.i)) {
                return false;
            }
            k.b.b.y0.i iVar = (k.b.b.y0.i) eVar;
            k.b.a.s2.f i2 = k.b.a.s2.f.i(hVar.i());
            return iVar.e() == i2.l().length && iVar.b() == i2.g().intValue() && iVar.c() == i2.h().intValue() && iVar.d() == i2.k().intValue();
        }
        if (!(eVar instanceof d)) {
            return false;
        }
        d dVar = (d) eVar;
        l g2 = l.g(hVar.i());
        return dVar.d() == g2.k().length && dVar.b() == g2.h().intValue();
    }

    private void q(byte[] bArr, j jVar, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (!k.b.f.a.q(a(bArr, jVar.i(), jVar.j(), cArr), jVar.h())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private void r(k.b.a.e eVar, k.b.a.g2.l lVar, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature g2 = this.f8061c.g(lVar.j().g().r());
        g2.initVerify(publicKey);
        g2.update(eVar.b().f("DER"));
        g2.verify(lVar.i().r());
        if (1 == 0) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.f8062d.keySet()).iterator();
        return new Enumeration(this) { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        Objects.requireNonNull(str, "alias value is null");
        return this.f8062d.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.f8062d.get(str) == null) {
            return;
        }
        this.f8063f.remove(str);
        this.f8062d.remove(str);
        this.k1 = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        e eVar = this.f8062d.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.l().equals(Ma) || eVar.l().equals(Oa)) {
            return d(c.i(eVar.h()).g()[0]);
        }
        if (eVar.l().equals(K2)) {
            return d(eVar.h());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.f8062d.keySet()) {
                e eVar = this.f8062d.get(str);
                if (eVar.l().equals(K2)) {
                    if (k.b.f.a.b(eVar.h(), encoded)) {
                        return str;
                    }
                } else if (eVar.l().equals(Ma) || eVar.l().equals(Oa)) {
                    try {
                        if (k.b.f.a.b(c.i(eVar.h()).g()[0].b().e(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                        continue;
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        e eVar = this.f8062d.get(str);
        if (eVar == null) {
            return null;
        }
        if (!eVar.l().equals(Ma) && !eVar.l().equals(Oa)) {
            return null;
        }
        g[] g2 = c.i(eVar.h()).g();
        int length = g2.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i2 = 0; i2 != length; i2++) {
            x509CertificateArr[i2] = d(g2[i2]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        e eVar = this.f8062d.get(str);
        if (eVar == null) {
            return null;
        }
        try {
            return eVar.k().p();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        e eVar = this.f8062d.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.l().equals(Ma) || eVar.l().equals(Oa)) {
            PrivateKey privateKey = this.f8063f.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            f i2 = f.i(c.i(eVar.h()).h());
            try {
                p h2 = p.h(e("PRIVATE_KEY_ENCRYPTION", i2.h(), cArr, i2.g()));
                PrivateKey generatePrivate = this.f8061c.h(o(h2.i().g())).generatePrivate(new PKCS8EncodedKeySpec(h2.e()));
                this.f8063f.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e2) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e2.getMessage());
            }
        }
        if (!eVar.l().equals(Na) && !eVar.l().equals(Pa)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        k.b.a.g2.d h3 = k.b.a.g2.d.h(eVar.h());
        try {
            k.b.a.g2.k g2 = k.b.a.g2.k.g(e("SECRET_KEY_ENCRYPTION", h3.i(), cArr, h3.g()));
            return this.f8061c.f(g2.h().r()).generateSecret(new SecretKeySpec(g2.i(), g2.h().r()));
        } catch (Exception e3) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        e eVar = this.f8062d.get(str);
        if (eVar != null) {
            return eVar.l().equals(K2);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        e eVar = this.f8062d.get(str);
        if (eVar == null) {
            return false;
        }
        BigInteger l = eVar.l();
        return l.equals(Ma) || l.equals(Na) || l.equals(Oa) || l.equals(Pa);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        a j2;
        k.b.a.e i2;
        PublicKey publicKey;
        k.b.a.g2.h h2;
        this.f8062d.clear();
        this.f8063f.clear();
        this.K0 = null;
        this.k1 = null;
        this.f8064g = null;
        if (inputStream == null) {
            Date date = new Date();
            this.K0 = date;
            this.k1 = date;
            this.a = null;
            this.f8060b = null;
            this.f8064g = new a(n.T8, z0.a);
            this.p = i(n.G8, 64);
            return;
        }
        try {
            k.b.a.g2.g g2 = k.b.a.g2.g.g(new k.b.a.k(inputStream).x());
            k.b.a.g2.i h3 = g2.h();
            if (h3.i() == 0) {
                j g3 = j.g(h3.h());
                this.f8064g = g3.i();
                this.p = g3.j();
                j2 = this.f8064g;
                try {
                    q(g2.i().b().e(), g3, cArr);
                } catch (NoSuchProviderException e2) {
                    throw new IOException(e2.getMessage());
                }
            } else {
                if (h3.i() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                k.b.a.g2.l h4 = k.b.a.g2.l.h(h3.h());
                j2 = h4.j();
                try {
                    g[] g4 = h4.g();
                    if (this.f8060b == null) {
                        i2 = g2.i();
                        publicKey = this.a;
                    } else {
                        if (g4 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory d2 = this.f8061c.d("X.509");
                        int length = g4.length;
                        X509Certificate[] x509CertificateArr = new X509Certificate[length];
                        for (int i3 = 0; i3 != length; i3++) {
                            x509CertificateArr[i3] = (X509Certificate) d2.generateCertificate(new ByteArrayInputStream(g4[i3].e()));
                        }
                        if (!this.f8060b.a(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        i2 = g2.i();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    r(i2, h4, publicKey);
                } catch (GeneralSecurityException e3) {
                    throw new IOException("error verifying signature: " + e3.getMessage(), e3);
                }
            }
            k.b.a.e i4 = g2.i();
            if (i4 instanceof k.b.a.g2.b) {
                k.b.a.g2.b bVar = (k.b.a.g2.b) i4;
                h2 = k.b.a.g2.h.h(e("STORE_ENCRYPTION", bVar.h(), cArr, bVar.g().p()));
            } else {
                h2 = k.b.a.g2.h.h(i4);
            }
            try {
                this.K0 = h2.g().p();
                this.k1 = h2.j().p();
                if (!h2.i().equals(j2)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<k.b.a.e> it = h2.k().iterator();
                while (it.hasNext()) {
                    e j3 = e.j(it.next());
                    this.f8062d.put(j3.i(), j3);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e4) {
            throw new IOException(e4.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineLoad(((BCLoadStoreParameter) loadStoreParameter).a(), g(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        char[] g2 = g(bCFKSLoadStoreParameter);
        this.p = k(bCFKSLoadStoreParameter.g(), 64);
        this.C1 = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? b.P : b.Q;
        this.f8064g = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(n.T8, z0.a) : new a(b.r, z0.a);
        this.a = (PublicKey) bCFKSLoadStoreParameter.i();
        this.f8060b = bCFKSLoadStoreParameter.c();
        this.k0 = l(this.a, bCFKSLoadStoreParameter.h());
        o oVar = this.C1;
        InputStream a = bCFKSLoadStoreParameter.a();
        engineLoad(a, g2);
        if (a != null) {
            if (!p(bCFKSLoadStoreParameter.g(), this.p) || !oVar.equals(this.C1)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        e eVar = this.f8062d.get(str);
        Date date2 = new Date();
        if (eVar == null) {
            date = date2;
        } else {
            if (!eVar.l().equals(K2)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = f(eVar, date2);
        }
        try {
            this.f8062d.put(str, new e(K2, str, date, date2, certificate.getEncoded(), null));
            this.k1 = date2;
        } catch (CertificateEncodingException e2) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e2.getMessage(), e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        k.b.a.g2.k kVar;
        k.b.a.g2.d dVar;
        f fVar;
        Date date = new Date();
        e eVar = this.f8062d.get(str);
        Date f2 = eVar != null ? f(eVar, date) : date;
        this.f8063f.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                h i2 = i(n.G8, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] h2 = h(i2, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                o oVar = this.C1;
                o oVar2 = b.P;
                if (oVar.equals(oVar2)) {
                    Cipher b2 = b("AES/CCM/NoPadding", h2);
                    fVar = new f(new a(n.F8, new k(i2, new k.b.a.x2.g(oVar2, k.b.a.i2.a.h(b2.getParameters().getEncoded())))), b2.doFinal(encoded));
                } else {
                    fVar = new f(new a(n.F8, new k(i2, new k.b.a.x2.g(b.Q))), b("AESKWP", h2).doFinal(encoded));
                }
                this.f8062d.put(str, new e(Ma, str, f2, date, c(fVar, certificateArr).e(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                h i3 = i(n.G8, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] h3 = h(i3, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String k2 = i.k(key.getAlgorithm());
                if (k2.indexOf("AES") > -1) {
                    kVar = new k.b.a.g2.k(b.s, encoded2);
                } else {
                    Map<String, o> map = K1;
                    o oVar3 = map.get(k2);
                    if (oVar3 != null) {
                        kVar = new k.b.a.g2.k(oVar3, encoded2);
                    } else {
                        o oVar4 = map.get(k2 + "." + (encoded2.length * 8));
                        if (oVar4 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + k2 + ") for storage.");
                        }
                        kVar = new k.b.a.g2.k(oVar4, encoded2);
                    }
                }
                o oVar5 = this.C1;
                o oVar6 = b.P;
                if (oVar5.equals(oVar6)) {
                    Cipher b3 = b("AES/CCM/NoPadding", h3);
                    dVar = new k.b.a.g2.d(new a(n.F8, new k(i3, new k.b.a.x2.g(oVar6, k.b.a.i2.a.h(b3.getParameters().getEncoded())))), b3.doFinal(kVar.e()));
                } else {
                    dVar = new k.b.a.g2.d(new a(n.F8, new k(i3, new k.b.a.x2.g(b.Q))), b("AESKWP", h3).doFinal(kVar.e()));
                }
                this.f8062d.put(str, new e(Na, str, f2, date, dVar.e(), null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e3.toString(), e3);
            }
        }
        this.k1 = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        e eVar = this.f8062d.get(str);
        Date f2 = eVar != null ? f(eVar, date) : date;
        if (certificateArr != null) {
            try {
                f i2 = f.i(bArr);
                try {
                    this.f8063f.remove(str);
                    this.f8062d.put(str, new e(Oa, str, f2, date, c(i2, certificateArr).e(), null));
                } catch (Exception e2) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e2.toString(), e2);
                }
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e3);
            }
        } else {
            try {
                this.f8062d.put(str, new e(Pa, str, f2, date, bArr, null));
            } catch (Exception e4) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e4.toString(), e4);
            }
        }
        this.k1 = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.f8062d.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        h hVar;
        BigInteger i2;
        if (this.K0 == null) {
            throw new IOException("KeyStore not initialized");
        }
        k.b.a.g2.b n = n(this.f8064g, cArr);
        if (k.b.a.s2.c.y.equals(this.p.g())) {
            k.b.a.s2.f i3 = k.b.a.s2.f.i(this.p.i());
            hVar = this.p;
            i2 = i3.j();
        } else {
            l g2 = l.g(this.p.i());
            hVar = this.p;
            i2 = g2.i();
        }
        this.p = j(hVar, i2.intValue());
        try {
            outputStream.write(new k.b.a.g2.g(n, new k.b.a.g2.i(new j(this.f8064g, this.p, a(n.e(), this.f8064g, this.p, cArr)))).e());
            outputStream.flush();
        } catch (NoSuchProviderException e2) {
            throw new IOException("cannot calculate mac: " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        k.b.a.g2.l lVar;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof BCFKSStoreParameter) {
            BCFKSStoreParameter bCFKSStoreParameter = (BCFKSStoreParameter) loadStoreParameter;
            char[] g2 = g(loadStoreParameter);
            this.p = k(bCFKSStoreParameter.b(), 64);
            engineStore(bCFKSStoreParameter.a(), g2);
            return;
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineStore(((BCLoadStoreParameter) loadStoreParameter).b(), g(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        if (bCFKSLoadStoreParameter.i() == null) {
            char[] g3 = g(bCFKSLoadStoreParameter);
            this.p = k(bCFKSLoadStoreParameter.g(), 64);
            this.C1 = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? b.P : b.Q;
            this.f8064g = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(n.T8, z0.a) : new a(b.r, z0.a);
            engineStore(bCFKSLoadStoreParameter.b(), g3);
            return;
        }
        this.k0 = l(bCFKSLoadStoreParameter.i(), bCFKSLoadStoreParameter.h());
        this.p = k(bCFKSLoadStoreParameter.g(), 64);
        this.C1 = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? b.P : b.Q;
        this.f8064g = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(n.T8, z0.a) : new a(b.r, z0.a);
        k.b.a.g2.b n = n(this.k0, g(bCFKSLoadStoreParameter));
        try {
            Signature g4 = this.f8061c.g(this.k0.g().r());
            g4.initSign((PrivateKey) bCFKSLoadStoreParameter.i());
            g4.update(n.e());
            X509Certificate[] d2 = bCFKSLoadStoreParameter.d();
            if (d2 != null) {
                int length = d2.length;
                g[] gVarArr = new g[length];
                for (int i2 = 0; i2 != length; i2++) {
                    gVarArr[i2] = g.h(d2[i2].getEncoded());
                }
                lVar = new k.b.a.g2.l(this.k0, gVarArr, g4.sign());
            } else {
                lVar = new k.b.a.g2.l(this.k0, g4.sign());
            }
            bCFKSLoadStoreParameter.b().write(new k.b.a.g2.g(n, new k.b.a.g2.i(lVar)).e());
            bCFKSLoadStoreParameter.b().flush();
        } catch (GeneralSecurityException e2) {
            throw new IOException("error creating signature: " + e2.getMessage(), e2);
        }
    }
}
