package org.bouncycastle.jcajce.provider.keystore.bcfks;

import defpackage.b1;
import defpackage.b49;
import defpackage.cn6;
import defpackage.cq8;
import defpackage.cw9;
import defpackage.dq8;
import defpackage.dr4;
import defpackage.dv0;
import defpackage.e40;
import defpackage.e42;
import defpackage.en7;
import defpackage.f40;
import defpackage.fl2;
import defpackage.fp0;
import defpackage.g40;
import defpackage.gy8;
import defpackage.he;
import defpackage.hs2;
import defpackage.hx;
import defpackage.hy6;
import defpackage.if9;
import defpackage.is2;
import defpackage.iy6;
import defpackage.iy8;
import defpackage.j40;
import defpackage.jjb;
import defpackage.jp1;
import defpackage.js2;
import defpackage.ks2;
import defpackage.lw4;
import defpackage.ly6;
import defpackage.m66;
import defpackage.mz6;
import defpackage.ns2;
import defpackage.o66;
import defpackage.oy6;
import defpackage.oz6;
import defpackage.p66;
import defpackage.py6;
import defpackage.qn6;
import defpackage.qu4;
import defpackage.r0;
import defpackage.rn6;
import defpackage.rr1;
import defpackage.rv4;
import defpackage.sib;
import defpackage.sp8;
import defpackage.u77;
import defpackage.wn6;
import defpackage.x0;
import defpackage.xn6;
import defpackage.yn6;
import defpackage.yx5;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import mozilla.components.lib.dataprotect.KeystoreKt;
import org.adblockplus.libadblockplus.security.JavaSignatureVerifier;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.bouncycastle.jcajce.provider.keystore.util.AdaptingKeyStoreSpi;
import org.bouncycastle.jcajce.provider.keystore.util.ParameterUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes11.dex */
public class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map<String, b1> oidMap;
    private static final Map<b1, String> publicAlgMap;
    private Date creationDate;
    private final dr4 helper;
    private he hmacAlgorithm;
    private rv4 hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private he signatureAlgorithm;
    private e40.a validator;
    private PublicKey verificationKey;
    private final Map<String, qn6> entries = new HashMap();
    private final Map<String, PrivateKey> privateKeyCache = new HashMap();
    private b1 storeEncryptionAlgorithm = m66.T;

    /* loaded from: classes11.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new e42());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes11.dex */
    public static class DefCompat extends AdaptingKeyStoreSpi {
        public DefCompat() {
            super(new e42(), new BcFKSKeyStoreSpi(new e42()));
        }
    }

    /* loaded from: classes12.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new e42());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes11.dex */
    public static class DefSharedCompat extends AdaptingKeyStoreSpi {
        public DefSharedCompat() {
            super(new e42(), new BcFKSKeyStoreSpi(new e42()));
        }
    }

    /* loaded from: classes11.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        public ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes11.dex */
    public static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements oz6, sib {
        private final Map<String, byte[]> cache;
        private final byte[] seedKey;

        public SharedKeyStoreSpi(dr4 dr4Var) {
            super(dr4Var);
            try {
                byte[] bArr = new byte[32];
                this.seedKey = bArr;
                dr4Var.g("DEFAULT").nextBytes(bArr);
                this.cache = new HashMap();
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException("can't create random - " + e.toString());
            }
        }

        private byte[] calculateMac(String str, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException {
            return sp8.i(cArr != null ? hx.p(cw9.j(cArr), cw9.i(str)) : hx.p(this.seedKey, cw9.i(str)), this.seedKey, 16384, 8, 1, 32);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) throws KeyStoreException {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            try {
                byte[] calculateMac = calculateMac(str, cArr);
                if (!this.cache.containsKey(str) || hx.u(this.cache.get(str), calculateMac)) {
                    Key engineGetKey = super.engineGetKey(str, cArr);
                    if (engineGetKey != null && !this.cache.containsKey(str)) {
                        this.cache.put(str, calculateMac);
                    }
                    return engineGetKey;
                }
                throw new UnrecoverableKeyException("unable to recover key (" + str + DefaultExpressionEngine.DEFAULT_INDEX_END);
            } catch (InvalidKeyException e) {
                throw new UnrecoverableKeyException("unable to recover key (" + str + "): " + e.getMessage());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes11.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new g40());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes11.dex */
    public static class StdCompat extends AdaptingKeyStoreSpi {
        public StdCompat() {
            super(new e42(), new BcFKSKeyStoreSpi(new g40()));
        }
    }

    /* loaded from: classes12.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new g40());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes11.dex */
    public static class StdSharedCompat extends AdaptingKeyStoreSpi {
        public StdSharedCompat() {
            super(new g40(), new BcFKSKeyStoreSpi(new g40()));
        }
    }

    static {
        HashMap hashMap = new HashMap();
        oidMap = hashMap;
        HashMap hashMap2 = new HashMap();
        publicAlgMap = hashMap2;
        b1 b1Var = cn6.h;
        hashMap.put("DESEDE", b1Var);
        hashMap.put("TRIPLEDES", b1Var);
        hashMap.put("TDEA", b1Var);
        hashMap.put("HMACSHA1", oz6.X0);
        hashMap.put("HMACSHA224", oz6.Y0);
        hashMap.put("HMACSHA256", oz6.Z0);
        hashMap.put("HMACSHA384", oz6.a1);
        hashMap.put("HMACSHA512", oz6.b1);
        hashMap.put("SEED", qu4.a);
        hashMap.put("CAMELLIA.128", p66.a);
        hashMap.put("CAMELLIA.192", p66.b);
        hashMap.put("CAMELLIA.256", p66.c);
        hashMap.put("ARIA.128", o66.h);
        hashMap.put("ARIA.192", o66.m);
        hashMap.put("ARIA.256", o66.r);
        hashMap2.put(oz6.o0, JavaSignatureVerifier.KEY_ALGORITHM);
        hashMap2.put(jjb.U3, "EC");
        hashMap2.put(cn6.f560l, "DH");
        hashMap2.put(oz6.F0, "DH");
        hashMap2.put(jjb.E4, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    public BcFKSKeyStoreSpi(dr4 dr4Var) {
        this.helper = dr4Var;
    }

    private byte[] calculateMac(byte[] bArr, he heVar, rv4 rv4Var, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String H = heVar.j().H();
        Mac h = this.helper.h(H);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            h.init(new SecretKeySpec(generateKey(rv4Var, "INTEGRITY_CHECK", cArr, -1), H));
            return h.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IOException("Cannot set up MAC calculation: " + e.getMessage());
        }
    }

    private Cipher createCipher(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher a = this.helper.a(str);
        a.init(1, new SecretKeySpec(bArr, KeystoreKt.CIPHER_ALG));
        return a;
    }

    private is2 createPrivateKeySequence(js2 js2Var, Certificate[] certificateArr) throws CertificateEncodingException {
        dv0[] dv0VarArr = new dv0[certificateArr.length];
        for (int i2 = 0; i2 != certificateArr.length; i2++) {
            dv0VarArr[i2] = dv0.m(certificateArr[i2].getEncoded());
        }
        return new is2(js2Var, dv0VarArr);
    }

    private Certificate decodeCertificate(Object obj) {
        dr4 dr4Var = this.helper;
        if (dr4Var != null) {
            try {
                return dr4Var.d("X.509").generateCertificate(new ByteArrayInputStream(dv0.m(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(dv0.m(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] decryptData(String str, he heVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher a;
        AlgorithmParameters algorithmParameters;
        if (!heVar.j().p(oz6.N0)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        iy6 k = iy6.k(heVar.n());
        ns2 j = k.j();
        try {
            if (j.j().p(m66.T)) {
                a = this.helper.a("AES/CCM/NoPadding");
                algorithmParameters = this.helper.b("CCM");
                algorithmParameters.init(fp0.k(j.m()).getEncoded());
            } else {
                if (!j.j().p(m66.U)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                a = this.helper.a("AESKWP");
                algorithmParameters = null;
            }
            rv4 m = k.m();
            if (cArr == null) {
                cArr = new char[0];
            }
            a.init(2, new SecretKeySpec(generateKey(m, str, cArr, 32), KeystoreKt.CIPHER_ALG), algorithmParameters);
            return a.doFinal(bArr);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new IOException(e2.toString());
        }
    }

    private Date extractCreationDate(qn6 qn6Var, Date date) {
        try {
            return qn6Var.j().G();
        } catch (ParseException unused) {
            return date;
        }
    }

    private byte[] generateKey(rv4 rv4Var, String str, char[] cArr, int i2) throws IOException {
        byte[] PKCS12PasswordToBytes = hy6.PKCS12PasswordToBytes(cArr);
        byte[] PKCS12PasswordToBytes2 = hy6.PKCS12PasswordToBytes(str.toCharArray());
        if (yx5.M.p(rv4Var.j())) {
            iy8 m = iy8.m(rv4Var.m());
            if (m.n() != null) {
                i2 = m.n().intValue();
            } else if (i2 == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return sp8.i(hx.p(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), m.q(), m.k().intValue(), m.j().intValue(), m.j().intValue(), i2);
        }
        if (!rv4Var.j().p(oz6.O0)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        oy6 j = oy6.j(rv4Var.m());
        if (j.m() != null) {
            i2 = j.m().intValue();
        } else if (i2 == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (j.n().j().p(oz6.b1)) {
            mz6 mz6Var = new mz6(new dq8());
            mz6Var.init(hx.p(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), j.p(), j.k().intValue());
            return ((lw4) mz6Var.generateDerivedParameters(i2 * 8)).a();
        }
        if (j.n().j().p(m66.r)) {
            mz6 mz6Var2 = new mz6(new cq8(512));
            mz6Var2.init(hx.p(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), j.p(), j.k().intValue());
            return ((lw4) mz6Var2.generateDerivedParameters(i2 * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + j.n().j());
    }

    private rv4 generatePkbdAlgorithmIdentifier(b1 b1Var, int i2) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        b1 b1Var2 = oz6.O0;
        if (b1Var2.p(b1Var)) {
            return new rv4(b1Var2, new oy6(bArr, 51200, i2, new he(oz6.b1, rr1.b)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + b1Var);
    }

    private rv4 generatePkbdAlgorithmIdentifier(py6 py6Var, int i2) {
        b1 b1Var = yx5.M;
        if (b1Var.p(py6Var.a())) {
            gy8 gy8Var = (gy8) py6Var;
            byte[] bArr = new byte[gy8Var.e()];
            getDefaultSecureRandom().nextBytes(bArr);
            return new rv4(b1Var, new iy8(bArr, gy8Var.c(), gy8Var.b(), gy8Var.d(), i2));
        }
        ly6 ly6Var = (ly6) py6Var;
        byte[] bArr2 = new byte[ly6Var.d()];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new rv4(oz6.O0, new oy6(bArr2, ly6Var.b(), i2, ly6Var.c()));
    }

    private rv4 generatePkbdAlgorithmIdentifier(rv4 rv4Var, int i2) {
        b1 b1Var = yx5.M;
        boolean p = b1Var.p(rv4Var.j());
        r0 m = rv4Var.m();
        if (p) {
            iy8 m2 = iy8.m(m);
            byte[] bArr = new byte[m2.q().length];
            getDefaultSecureRandom().nextBytes(bArr);
            return new rv4(b1Var, new iy8(bArr, m2.k(), m2.j(), m2.p(), BigInteger.valueOf(i2)));
        }
        oy6 j = oy6.j(m);
        byte[] bArr2 = new byte[j.p().length];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new rv4(oz6.O0, new oy6(bArr2, j.k().intValue(), i2, j.n()));
    }

    private he generateSignatureAlgId(Key key, e40.d dVar) throws IOException {
        if (key == null) {
            return null;
        }
        if (key instanceof fl2) {
            if (dVar == e40.d.SHA512withECDSA) {
                return new he(jjb.Z3);
            }
            if (dVar == e40.d.SHA3_512withECDSA) {
                return new he(m66.i0);
            }
        }
        if (key instanceof DSAKey) {
            if (dVar == e40.d.SHA512withDSA) {
                return new he(m66.a0);
            }
            if (dVar == e40.d.SHA3_512withDSA) {
                return new he(m66.e0);
            }
        }
        if (key instanceof RSAKey) {
            if (dVar == e40.d.SHA512withRSA) {
                return new he(oz6.A0, rr1.b);
            }
            if (dVar == e40.d.SHA3_512withRSA) {
                return new he(m66.m0, rr1.b);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private SecureRandom getDefaultSecureRandom() {
        return jp1.b();
    }

    private hs2 getEncryptedObjectStoreData(he heVar, char[] cArr) throws IOException, NoSuchAlgorithmException {
        qn6[] qn6VarArr = (qn6[]) this.entries.values().toArray(new qn6[this.entries.size()]);
        rv4 generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(this.hmacPkbdAlgorithm, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr, 32);
        xn6 xn6Var = new xn6(heVar, this.creationDate, this.lastModifiedDate, new rn6(qn6VarArr), null);
        try {
            b1 b1Var = this.storeEncryptionAlgorithm;
            b1 b1Var2 = m66.T;
            if (!b1Var.p(b1Var2)) {
                return new hs2(new he(oz6.N0, new iy6(generatePkbdAlgorithmIdentifier, new ns2(m66.U))), createCipher("AESKWP", generateKey).doFinal(xn6Var.getEncoded()));
            }
            Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
            return new hs2(new he(oz6.N0, new iy6(generatePkbdAlgorithmIdentifier, new ns2(b1Var2, fp0.k(createCipher.getParameters().getEncoded())))), createCipher.doFinal(xn6Var.getEncoded()));
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (NoSuchProviderException e2) {
            throw new IOException(e2.toString());
        } catch (BadPaddingException e3) {
            throw new IOException(e3.toString());
        } catch (IllegalBlockSizeException e4) {
            throw new IOException(e4.toString());
        } catch (NoSuchPaddingException e5) {
            throw new NoSuchAlgorithmException(e5.toString());
        }
    }

    private static String getPublicKeyAlg(b1 b1Var) {
        String str = publicAlgMap.get(b1Var);
        return str != null ? str : b1Var.H();
    }

    private boolean isSimilarHmacPbkd(py6 py6Var, rv4 rv4Var) {
        if (!py6Var.a().p(rv4Var.j())) {
            return false;
        }
        if (yx5.M.p(rv4Var.j())) {
            if (!(py6Var instanceof gy8)) {
                return false;
            }
            gy8 gy8Var = (gy8) py6Var;
            iy8 m = iy8.m(rv4Var.m());
            return gy8Var.e() == m.q().length && gy8Var.b() == m.j().intValue() && gy8Var.c() == m.k().intValue() && gy8Var.d() == m.p().intValue();
        }
        if (!(py6Var instanceof ly6)) {
            return false;
        }
        ly6 ly6Var = (ly6) py6Var;
        oy6 j = oy6.j(rv4Var.m());
        return ly6Var.d() == j.p().length && ly6Var.b() == j.k().intValue();
    }

    private void verifyMac(byte[] bArr, u77 u77Var, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (!hx.u(calculateMac(bArr, u77Var.m(), u77Var.n(), cArr), u77Var.k())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private void verifySig(r0 r0Var, if9 if9Var, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature createSignature = this.helper.createSignature(if9Var.n().j().H());
        createSignature.initVerify(publicKey);
        createSignature.update(r0Var.g().h("DER"));
        if (!createSignature.verify(if9Var.m().F())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        Objects.requireNonNull(str, "alias value is null");
        return this.entries.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.entries.get(str) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        qn6 qn6Var = this.entries.get(str);
        if (qn6Var == null) {
            return null;
        }
        if (qn6Var.q().equals(PRIVATE_KEY) || qn6Var.q().equals(PROTECTED_PRIVATE_KEY)) {
            return decodeCertificate(is2.m(qn6Var.k()).j()[0]);
        }
        if (qn6Var.q().equals(CERTIFICATE)) {
            return decodeCertificate(qn6Var.k());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                qn6 qn6Var = this.entries.get(str);
                if (qn6Var.q().equals(CERTIFICATE)) {
                    if (hx.c(qn6Var.k(), encoded)) {
                        return str;
                    }
                } else if (qn6Var.q().equals(PRIVATE_KEY) || qn6Var.q().equals(PROTECTED_PRIVATE_KEY)) {
                    try {
                        if (hx.c(is2.m(qn6Var.k()).j()[0].g().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        qn6 qn6Var = this.entries.get(str);
        if (qn6Var == null) {
            return null;
        }
        if (!qn6Var.q().equals(PRIVATE_KEY) && !qn6Var.q().equals(PROTECTED_PRIVATE_KEY)) {
            return null;
        }
        dv0[] j = is2.m(qn6Var.k()).j();
        int length = j.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i2 = 0; i2 != length; i2++) {
            x509CertificateArr[i2] = decodeCertificate(j[i2]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        qn6 qn6Var = this.entries.get(str);
        if (qn6Var == null) {
            return null;
        }
        try {
            return qn6Var.p().G();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        qn6 qn6Var = this.entries.get(str);
        if (qn6Var == null) {
            return null;
        }
        if (qn6Var.q().equals(PRIVATE_KEY) || qn6Var.q().equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey privateKey = this.privateKeyCache.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            js2 m = js2.m(is2.m(qn6Var.k()).k());
            try {
                en7 k = en7.k(decryptData("PRIVATE_KEY_ENCRYPTION", m.k(), cArr, m.j()));
                PrivateKey generatePrivate = this.helper.f(getPublicKeyAlg(k.n().j())).generatePrivate(new PKCS8EncodedKeySpec(k.getEncoded()));
                this.privateKeyCache.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e.getMessage());
            }
        }
        if (!qn6Var.q().equals(SECRET_KEY) && !qn6Var.q().equals(PROTECTED_SECRET_KEY)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        ks2 k2 = ks2.k(qn6Var.k());
        try {
            b49 j = b49.j(decryptData("SECRET_KEY_ENCRYPTION", k2.m(), cArr, k2.j()));
            return this.helper.e(j.k().H()).generateSecret(new SecretKeySpec(j.m(), j.k().H()));
        } catch (Exception e2) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        qn6 qn6Var = this.entries.get(str);
        if (qn6Var != null) {
            return qn6Var.q().equals(CERTIFICATE);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        qn6 qn6Var = this.entries.get(str);
        if (qn6Var == null) {
            return false;
        }
        BigInteger q = qn6Var.q();
        return q.equals(PRIVATE_KEY) || q.equals(SECRET_KEY) || q.equals(PROTECTED_PRIVATE_KEY) || q.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        he n;
        r0 m;
        PublicKey publicKey;
        xn6 k;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.verificationKey = null;
            this.validator = null;
            this.hmacAlgorithm = new he(oz6.b1, rr1.b);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(oz6.O0, 64);
            return;
        }
        try {
            wn6 j = wn6.j(new x0(inputStream).v());
            yn6 k2 = j.k();
            if (k2.m() == 0) {
                u77 j2 = u77.j(k2.k());
                this.hmacAlgorithm = j2.m();
                this.hmacPkbdAlgorithm = j2.n();
                n = this.hmacAlgorithm;
                try {
                    verifyMac(j.m().g().getEncoded(), j2, cArr);
                } catch (NoSuchProviderException e) {
                    throw new IOException(e.getMessage());
                }
            } else {
                if (k2.m() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                if9 k3 = if9.k(k2.k());
                n = k3.n();
                try {
                    dv0[] j3 = k3.j();
                    if (this.validator == null) {
                        m = j.m();
                        publicKey = this.verificationKey;
                    } else {
                        if (j3 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory d = this.helper.d("X.509");
                        int length = j3.length;
                        X509Certificate[] x509CertificateArr = new X509Certificate[length];
                        for (int i2 = 0; i2 != length; i2++) {
                            x509CertificateArr[i2] = (X509Certificate) d.generateCertificate(new ByteArrayInputStream(j3[i2].getEncoded()));
                        }
                        if (!this.validator.a(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        m = j.m();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    verifySig(m, k3, publicKey);
                } catch (GeneralSecurityException e2) {
                    throw new IOException("error verifying signature: " + e2.getMessage(), e2);
                }
            }
            r0 m2 = j.m();
            if (m2 instanceof hs2) {
                hs2 hs2Var = (hs2) m2;
                k = xn6.k(decryptData("STORE_ENCRYPTION", hs2Var.k(), cArr, hs2Var.j().F()));
            } else {
                k = xn6.k(m2);
            }
            try {
                this.creationDate = k.j().G();
                this.lastModifiedDate = k.n().G();
                if (!k.m().equals(n)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<r0> it = k.p().iterator();
                while (it.hasNext()) {
                    qn6 n2 = qn6.n(it.next());
                    this.entries.put(n2.m(), n2);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e3) {
            throw new IOException(e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            engineLoad(null, null);
            return;
        }
        if (!(loadStoreParameter instanceof e40)) {
            if (loadStoreParameter instanceof j40) {
                engineLoad(((j40) loadStoreParameter).a(), ParameterUtil.extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        e40 e40Var = (e40) loadStoreParameter;
        char[] extractPassword = ParameterUtil.extractPassword(e40Var);
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(e40Var.g(), 64);
        this.storeEncryptionAlgorithm = e40Var.e() == e40.b.AES256_CCM ? m66.T : m66.U;
        this.hmacAlgorithm = e40Var.f() == e40.c.HmacSHA512 ? new he(oz6.b1, rr1.b) : new he(m66.r, rr1.b);
        this.verificationKey = (PublicKey) e40Var.i();
        this.validator = e40Var.c();
        this.signatureAlgorithm = generateSignatureAlgId(this.verificationKey, e40Var.h());
        b1 b1Var = this.storeEncryptionAlgorithm;
        InputStream a = e40Var.a();
        engineLoad(a, extractPassword);
        if (a != null) {
            if (!isSimilarHmacPbkd(e40Var.g(), this.hmacPkbdAlgorithm) || !b1Var.p(this.storeEncryptionAlgorithm)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        qn6 qn6Var = this.entries.get(str);
        Date date2 = new Date();
        if (qn6Var == null) {
            date = date2;
        } else {
            if (!qn6Var.q().equals(CERTIFICATE)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = extractCreationDate(qn6Var, date2);
        }
        try {
            this.entries.put(str, new qn6(CERTIFICATE, str, date, date2, certificate.getEncoded(), null));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        b49 b49Var;
        ks2 ks2Var;
        js2 js2Var;
        Date date = new Date();
        qn6 qn6Var = this.entries.get(str);
        Date extractCreationDate = qn6Var != null ? extractCreationDate(qn6Var, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                rv4 generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(oz6.O0, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                b1 b1Var = this.storeEncryptionAlgorithm;
                b1 b1Var2 = m66.T;
                if (b1Var.p(b1Var2)) {
                    Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
                    js2Var = new js2(new he(oz6.N0, new iy6(generatePkbdAlgorithmIdentifier, new ns2(b1Var2, fp0.k(createCipher.getParameters().getEncoded())))), createCipher.doFinal(encoded));
                } else {
                    js2Var = new js2(new he(oz6.N0, new iy6(generatePkbdAlgorithmIdentifier, new ns2(m66.U))), createCipher("AESKWP", generateKey).doFinal(encoded));
                }
                this.entries.put(str, new qn6(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(js2Var, certificateArr).getEncoded(), null));
            } catch (Exception e) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                rv4 generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(oz6.O0, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String k = cw9.k(key.getAlgorithm());
                if (k.indexOf(KeystoreKt.CIPHER_ALG) > -1) {
                    b49Var = new b49(m66.w, encoded2);
                } else {
                    Map<String, b1> map = oidMap;
                    b1 b1Var3 = map.get(k);
                    if (b1Var3 != null) {
                        b49Var = new b49(b1Var3, encoded2);
                    } else {
                        b1 b1Var4 = map.get(k + "." + (encoded2.length * 8));
                        if (b1Var4 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + k + ") for storage.");
                        }
                        b49Var = new b49(b1Var4, encoded2);
                    }
                }
                b1 b1Var5 = this.storeEncryptionAlgorithm;
                b1 b1Var6 = m66.T;
                if (b1Var5.p(b1Var6)) {
                    Cipher createCipher2 = createCipher("AES/CCM/NoPadding", generateKey2);
                    ks2Var = new ks2(new he(oz6.N0, new iy6(generatePkbdAlgorithmIdentifier2, new ns2(b1Var6, fp0.k(createCipher2.getParameters().getEncoded())))), createCipher2.doFinal(b49Var.getEncoded()));
                } else {
                    ks2Var = new ks2(new he(oz6.N0, new iy6(generatePkbdAlgorithmIdentifier2, new ns2(m66.U))), createCipher("AESKWP", generateKey2).doFinal(b49Var.getEncoded()));
                }
                this.entries.put(str, new qn6(SECRET_KEY, str, extractCreationDate, date, ks2Var.getEncoded(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        qn6 qn6Var = this.entries.get(str);
        Date extractCreationDate = qn6Var != null ? extractCreationDate(qn6Var, date) : date;
        if (certificateArr != null) {
            try {
                js2 m = js2.m(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new qn6(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(m, certificateArr).getEncoded(), null));
                } catch (Exception e) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.entries.put(str, new qn6(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr, null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e3.toString(), e3);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        rv4 rv4Var;
        BigInteger m;
        if (this.creationDate == null) {
            throw new IOException("KeyStore not initialized");
        }
        hs2 encryptedObjectStoreData = getEncryptedObjectStoreData(this.hmacAlgorithm, cArr);
        if (yx5.M.p(this.hmacPkbdAlgorithm.j())) {
            iy8 m2 = iy8.m(this.hmacPkbdAlgorithm.m());
            rv4Var = this.hmacPkbdAlgorithm;
            m = m2.n();
        } else {
            oy6 j = oy6.j(this.hmacPkbdAlgorithm.m());
            rv4Var = this.hmacPkbdAlgorithm;
            m = j.m();
        }
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(rv4Var, m.intValue());
        try {
            outputStream.write(new wn6(encryptedObjectStoreData, new yn6(new u77(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(encryptedObjectStoreData.getEncoded(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e) {
            throw new IOException("cannot calculate mac: " + e.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if9 if9Var;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof f40) {
            f40 f40Var = (f40) loadStoreParameter;
            char[] extractPassword = ParameterUtil.extractPassword(loadStoreParameter);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(f40Var.b(), 64);
            engineStore(f40Var.a(), extractPassword);
            return;
        }
        if (!(loadStoreParameter instanceof e40)) {
            if (loadStoreParameter instanceof j40) {
                engineStore(((j40) loadStoreParameter).b(), ParameterUtil.extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        e40 e40Var = (e40) loadStoreParameter;
        if (e40Var.i() == null) {
            char[] extractPassword2 = ParameterUtil.extractPassword(e40Var);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(e40Var.g(), 64);
            this.storeEncryptionAlgorithm = e40Var.e() == e40.b.AES256_CCM ? m66.T : m66.U;
            this.hmacAlgorithm = e40Var.f() == e40.c.HmacSHA512 ? new he(oz6.b1, rr1.b) : new he(m66.r, rr1.b);
            engineStore(e40Var.b(), extractPassword2);
            return;
        }
        this.signatureAlgorithm = generateSignatureAlgId(e40Var.i(), e40Var.h());
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(e40Var.g(), 64);
        this.storeEncryptionAlgorithm = e40Var.e() == e40.b.AES256_CCM ? m66.T : m66.U;
        this.hmacAlgorithm = e40Var.f() == e40.c.HmacSHA512 ? new he(oz6.b1, rr1.b) : new he(m66.r, rr1.b);
        hs2 encryptedObjectStoreData = getEncryptedObjectStoreData(this.signatureAlgorithm, ParameterUtil.extractPassword(e40Var));
        try {
            Signature createSignature = this.helper.createSignature(this.signatureAlgorithm.j().H());
            createSignature.initSign((PrivateKey) e40Var.i());
            createSignature.update(encryptedObjectStoreData.getEncoded());
            X509Certificate[] d = e40Var.d();
            if (d != null) {
                int length = d.length;
                dv0[] dv0VarArr = new dv0[length];
                for (int i2 = 0; i2 != length; i2++) {
                    dv0VarArr[i2] = dv0.m(d[i2].getEncoded());
                }
                if9Var = new if9(this.signatureAlgorithm, dv0VarArr, createSignature.sign());
            } else {
                if9Var = new if9(this.signatureAlgorithm, createSignature.sign());
            }
            e40Var.b().write(new wn6(encryptedObjectStoreData, new yn6(if9Var)).getEncoded());
            e40Var.b().flush();
        } catch (GeneralSecurityException e) {
            throw new IOException("error creating signature: " + e.getMessage(), e);
        }
    }
}
