package org.bouncycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import n.b.a.a1;
import n.b.a.a3.h;
import n.b.a.a3.k;
import n.b.a.a3.n;
import n.b.a.f;
import n.b.a.h3.a;
import n.b.a.h3.b0;
import n.b.a.h3.g;
import n.b.a.i2.e;
import n.b.a.i2.i;
import n.b.a.i3.m;
import n.b.a.p;
import n.b.a.v2.c;
import n.b.a.w2.b;
import n.b.b.d0;
import n.b.b.d1.d;
import n.b.b.d1.j;
import n.b.b.l;
import n.b.b.q0.a0;
import n.b.b.u0.y;
import n.b.b.z0.b1;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import org.bouncycastle.jcajce.BCFKSStoreParameter;
import org.bouncycastle.jcajce.BCLoadStoreParameter;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;

/* loaded from: classes2.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final Map<String, p> r2 = new HashMap();
    private static final Map<p, String> s2 = new HashMap();
    private static final BigInteger t2;
    private static final BigInteger u2;
    private static final BigInteger v2;
    private static final BigInteger w2;
    private static final BigInteger x2;
    private PublicKey g2;
    private BCFKSLoadStoreParameter.CertChainValidator h2;
    private final JcaJceHelper i2;
    private a l2;
    private h m2;
    private a n2;
    private Date o2;
    private Date p2;
    private final Map<String, e> j2 = new HashMap();
    private final Map<String, PrivateKey> k2 = new HashMap();
    private p q2 = b.P;

    /* loaded from: classes2.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new DefaultJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new DefaultJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    private static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable g2;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.g2 = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.g2;
        }
    }

    /* loaded from: classes2.dex */
    private static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements n, b0 {
        private final Map<String, byte[]> y2;
        private final byte[] z2;

        public SharedKeyStoreSpi(JcaJceHelper jcaJceHelper) {
            super(jcaJceHelper);
            try {
                this.z2 = new byte[32];
                jcaJceHelper.b("DEFAULT").nextBytes(this.z2);
                this.y2 = new HashMap();
            } catch (GeneralSecurityException e2) {
                throw new IllegalArgumentException("can't create random - " + e2.toString());
            }
        }

        private byte[] a(String str, char[] cArr) {
            return n.b.b.u0.b0.b(cArr != null ? n.b.f.a.c(n.b.f.n.a(cArr), n.b.f.n.c(str)) : n.b.f.a.c(this.z2, n.b.f.n.c(str)), this.z2, 16384, 8, 1, 32);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) {
            try {
                byte[] a = a(str, cArr);
                if (!this.y2.containsKey(str) || n.b.f.a.d(this.y2.get(str), a)) {
                    Key engineGetKey = super.engineGetKey(str, cArr);
                    if (engineGetKey != null && !this.y2.containsKey(str)) {
                        this.y2.put(str, a);
                    }
                    return engineGetKey;
                }
                throw new UnrecoverableKeyException("unable to recover key (" + str + ")");
            } catch (InvalidKeyException e2) {
                throw new UnrecoverableKeyException("unable to recover key (" + str + "): " + e2.getMessage());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes2.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BCJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new BCJcaJceHelper());
        }
    }

    static {
        r2.put("DESEDE", n.b.a.z2.b.f11415e);
        r2.put("TRIPLEDES", n.b.a.z2.b.f11415e);
        r2.put("TDEA", n.b.a.z2.b.f11415e);
        r2.put("HMACSHA1", n.h0);
        r2.put("HMACSHA224", n.i0);
        r2.put("HMACSHA256", n.j0);
        r2.put("HMACSHA384", n.k0);
        r2.put("HMACSHA512", n.l0);
        r2.put("SEED", n.b.a.u2.a.a);
        r2.put("CAMELLIA.128", n.b.a.y2.a.a);
        r2.put("CAMELLIA.192", n.b.a.y2.a.b);
        r2.put("CAMELLIA.256", n.b.a.y2.a.f11408c);
        r2.put("ARIA.128", n.b.a.x2.a.f11396e);
        r2.put("ARIA.192", n.b.a.x2.a.f11400i);
        r2.put("ARIA.256", n.b.a.x2.a.f11404m);
        s2.put(n.z, "RSA");
        s2.put(m.p1, "EC");
        s2.put(n.b.a.z2.b.f11419i, "DH");
        s2.put(n.P, "DH");
        s2.put(m.V1, "DSA");
        t2 = BigInteger.valueOf(0L);
        u2 = BigInteger.valueOf(1L);
        v2 = BigInteger.valueOf(2L);
        w2 = BigInteger.valueOf(3L);
        x2 = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(JcaJceHelper jcaJceHelper) {
        this.i2 = jcaJceHelper;
    }

    private static String a(p pVar) {
        String str = s2.get(pVar);
        return str != null ? str : pVar.i();
    }

    private SecureRandom a() {
        return l.a();
    }

    private Certificate a(Object obj) {
        JcaJceHelper jcaJceHelper = this.i2;
        if (jcaJceHelper != null) {
            try {
                return jcaJceHelper.e("X.509").generateCertificate(new ByteArrayInputStream(g.a(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(g.a(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private Date a(e eVar, Date date) {
        try {
            return eVar.e().i();
        } catch (ParseException unused) {
            return date;
        }
    }

    private Cipher a(String str, byte[] bArr) {
        Cipher c2 = this.i2.c(str);
        c2.init(1, new SecretKeySpec(bArr, "AES"));
        return c2;
    }

    private h a(h hVar, int i2) {
        boolean b = c.y.b(hVar.e());
        f f2 = hVar.f();
        if (b) {
            n.b.a.v2.f a = n.b.a.v2.f.a(f2);
            byte[] bArr = new byte[a.i().length];
            a().nextBytes(bArr);
            return new h(c.y, new n.b.a.v2.f(bArr, a.f(), a.e(), a.h(), BigInteger.valueOf(i2)));
        }
        n.b.a.a3.l a2 = n.b.a.a3.l.a(f2);
        byte[] bArr2 = new byte[a2.h().length];
        a().nextBytes(bArr2);
        return new h(n.Y, new n.b.a.a3.l(bArr2, a2.e().intValue(), i2, a2.g()));
    }

    private h a(p pVar, int i2) {
        byte[] bArr = new byte[64];
        a().nextBytes(bArr);
        if (n.Y.b(pVar)) {
            return new h(n.Y, new n.b.a.a3.l(bArr, 51200, i2, new a(n.l0, a1.g2)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + pVar);
    }

    private h a(n.b.b.d1.e eVar, int i2) {
        if (!c.y.b(eVar.a())) {
            d dVar = (d) eVar;
            byte[] bArr = new byte[dVar.d()];
            a().nextBytes(bArr);
            return new h(n.Y, new n.b.a.a3.l(bArr, dVar.b(), i2, dVar.c()));
        }
        j jVar = (j) eVar;
        byte[] bArr2 = new byte[jVar.e()];
        a().nextBytes(bArr2);
        return new h(c.y, new n.b.a.v2.f(bArr2, jVar.c(), jVar.b(), jVar.d(), i2));
    }

    private a a(Key key, BCFKSLoadStoreParameter.SignatureAlgorithm signatureAlgorithm) {
        if (key == null) {
            return null;
        }
        if (key instanceof n.b.c.c.b) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA) {
                return new a(m.u1);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withECDSA) {
                return new a(b.d0);
            }
        }
        if (key instanceof DSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA) {
                return new a(b.V);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withDSA) {
                return new a(b.Z);
            }
        }
        if (key instanceof RSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA) {
                return new a(n.K, a1.g2);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withRSA) {
                return new a(b.h0, a1.g2);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private n.b.a.i2.b a(a aVar, char[] cArr) {
        e[] eVarArr = (e[]) this.j2.values().toArray(new e[this.j2.size()]);
        h a = a(this.m2, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] a2 = a(a, "STORE_ENCRYPTION", cArr, 32);
        n.b.a.i2.h hVar = new n.b.a.i2.h(aVar, this.o2, this.p2, new n.b.a.i2.f(eVarArr), null);
        try {
            if (!this.q2.b(b.P)) {
                return new n.b.a.i2.b(new a(n.X, new k(a, new n.b.a.a3.g(b.Q))), a("AESKWP", a2).doFinal(hVar.getEncoded()));
            }
            Cipher a3 = a("AES/CCM/NoPadding", a2);
            return new n.b.a.i2.b(new a(n.X, new k(a, new n.b.a.a3.g(b.P, n.b.a.k2.a.a(a3.getParameters().getEncoded())))), a3.doFinal(hVar.getEncoded()));
        } catch (InvalidKeyException e2) {
            throw new IOException(e2.toString());
        } catch (NoSuchProviderException e3) {
            throw new IOException(e3.toString());
        } catch (BadPaddingException e4) {
            throw new IOException(e4.toString());
        } catch (IllegalBlockSizeException e5) {
            throw new IOException(e5.toString());
        } catch (NoSuchPaddingException e6) {
            throw new NoSuchAlgorithmException(e6.toString());
        }
    }

    private n.b.a.i2.c a(n.b.a.a3.f fVar, Certificate[] certificateArr) {
        g[] gVarArr = new g[certificateArr.length];
        for (int i2 = 0; i2 != certificateArr.length; i2++) {
            gVarArr[i2] = g.a(certificateArr[i2].getEncoded());
        }
        return new n.b.a.i2.c(fVar, gVarArr);
    }

    private void a(f fVar, n.b.a.i2.l lVar, PublicKey publicKey) {
        Signature a = this.i2.a(lVar.g().e().i());
        a.initVerify(publicKey);
        a.update(fVar.a().a("DER"));
        if (!a.verify(lVar.f().j())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    private void a(byte[] bArr, n.b.a.i2.j jVar, char[] cArr) {
        if (!n.b.f.a.d(a(bArr, jVar.f(), jVar.g(), cArr), jVar.e())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private boolean a(n.b.b.d1.e eVar, h hVar) {
        if (!eVar.a().b(hVar.e())) {
            return false;
        }
        if (c.y.b(hVar.e())) {
            if (!(eVar instanceof j)) {
                return false;
            }
            j jVar = (j) eVar;
            n.b.a.v2.f a = n.b.a.v2.f.a(hVar.f());
            return jVar.e() == a.i().length && jVar.b() == a.e().intValue() && jVar.c() == a.f().intValue() && jVar.d() == a.h().intValue();
        }
        if (!(eVar instanceof d)) {
            return false;
        }
        d dVar = (d) eVar;
        n.b.a.a3.l a2 = n.b.a.a3.l.a(hVar.f());
        return dVar.d() == a2.h().length && dVar.b() == a2.e().intValue();
    }

    private byte[] a(String str, a aVar, char[] cArr, byte[] bArr) {
        Cipher c2;
        AlgorithmParameters algorithmParameters;
        if (!aVar.e().b(n.X)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        k a = k.a(aVar.f());
        n.b.a.a3.g e2 = a.e();
        try {
            if (e2.e().b(b.P)) {
                c2 = this.i2.c("AES/CCM/NoPadding");
                algorithmParameters = this.i2.f("CCM");
                algorithmParameters.init(n.b.a.k2.a.a(e2.f()).getEncoded());
            } else {
                if (!e2.e().b(b.Q)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                c2 = this.i2.c("AESKWP");
                algorithmParameters = null;
            }
            h f2 = a.f();
            if (cArr == null) {
                cArr = new char[0];
            }
            c2.init(2, new SecretKeySpec(a(f2, str, cArr, 32), "AES"), algorithmParameters);
            return c2.doFinal(bArr);
        } catch (IOException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new IOException(e4.toString());
        }
    }

    private byte[] a(h hVar, String str, char[] cArr, int i2) {
        byte[] a = d0.a(cArr);
        byte[] a2 = d0.a(str.toCharArray());
        if (c.y.b(hVar.e())) {
            n.b.a.v2.f a3 = n.b.a.v2.f.a(hVar.f());
            if (a3.g() != null) {
                i2 = a3.g().intValue();
            } else if (i2 == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return n.b.b.u0.b0.b(n.b.f.a.c(a, a2), a3.i(), a3.f().intValue(), a3.e().intValue(), a3.e().intValue(), i2);
        }
        if (!hVar.e().b(n.Y)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        n.b.a.a3.l a4 = n.b.a.a3.l.a(hVar.f());
        if (a4.f() != null) {
            i2 = a4.f().intValue();
        } else if (i2 == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (a4.g().e().b(n.l0)) {
            y yVar = new y(new n.b.b.q0.b0());
            yVar.a(n.b.f.a.c(a, a2), a4.h(), a4.e().intValue());
            return ((b1) yVar.b(i2 * 8)).a();
        }
        if (a4.g().e().b(b.r)) {
            y yVar2 = new y(new a0(512));
            yVar2.a(n.b.f.a.c(a, a2), a4.h(), a4.e().intValue());
            return ((b1) yVar2.b(i2 * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + a4.g().e());
    }

    private byte[] a(byte[] bArr, a aVar, h hVar, char[] cArr) {
        String i2 = aVar.e().i();
        Mac d2 = this.i2.d(i2);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            d2.init(new SecretKeySpec(a(hVar, "INTEGRITY_CHECK", cArr, -1), i2));
            return d2.doFinal(bArr);
        } catch (InvalidKeyException e2) {
            throw new IOException("Cannot set up MAC calculation: " + e2.getMessage());
        }
    }

    private char[] a(KeyStore.LoadStoreParameter loadStoreParameter) {
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            return null;
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
            throw new IllegalArgumentException("no support for protection parameter of type " + protectionParameter.getClass().getName());
        }
        CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (UnsupportedCallbackException e2) {
            throw new IllegalArgumentException("PasswordCallback not recognised: " + e2.getMessage(), e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.j2.keySet()).iterator();
        return new Enumeration(this) { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.j2.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
        if (this.j2.get(str) == null) {
            return;
        }
        this.k2.remove(str);
        this.j2.remove(str);
        this.p2 = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        e eVar = this.j2.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.i().equals(u2) || eVar.i().equals(w2)) {
            return a(n.b.a.i2.c.a(eVar.f()).e()[0]);
        }
        if (eVar.i().equals(t2)) {
            return a(eVar.f());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.j2.keySet()) {
                e eVar = this.j2.get(str);
                if (eVar.i().equals(t2)) {
                    if (n.b.f.a.a(eVar.f(), encoded)) {
                        return str;
                    }
                } else if (eVar.i().equals(u2) || eVar.i().equals(w2)) {
                    try {
                        if (n.b.f.a.a(n.b.a.i2.c.a(eVar.f()).e()[0].a().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        e eVar = this.j2.get(str);
        if (eVar == null) {
            return null;
        }
        if (!eVar.i().equals(u2) && !eVar.i().equals(w2)) {
            return null;
        }
        g[] e2 = n.b.a.i2.c.a(eVar.f()).e();
        X509Certificate[] x509CertificateArr = new X509Certificate[e2.length];
        for (int i2 = 0; i2 != x509CertificateArr.length; i2++) {
            x509CertificateArr[i2] = a(e2[i2]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        e eVar = this.j2.get(str);
        if (eVar == null) {
            return null;
        }
        try {
            return eVar.h().i();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        e eVar = this.j2.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.i().equals(u2) || eVar.i().equals(w2)) {
            PrivateKey privateKey = this.k2.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            n.b.a.a3.f a = n.b.a.a3.f.a(n.b.a.i2.c.a(eVar.f()).f());
            try {
                n.b.a.a3.p a2 = n.b.a.a3.p.a(a("PRIVATE_KEY_ENCRYPTION", a.f(), cArr, a.e()));
                PrivateKey generatePrivate = this.i2.h(a(a2.g().e())).generatePrivate(new PKCS8EncodedKeySpec(a2.getEncoded()));
                this.k2.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e2) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e2.getMessage());
            }
        }
        if (!eVar.i().equals(v2) && !eVar.i().equals(x2)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        n.b.a.i2.d a3 = n.b.a.i2.d.a(eVar.f());
        try {
            n.b.a.i2.k a4 = n.b.a.i2.k.a(a("SECRET_KEY_ENCRYPTION", a3.f(), cArr, a3.e()));
            return this.i2.g(a4.e().i()).generateSecret(new SecretKeySpec(a4.f(), a4.e().i()));
        } catch (Exception e3) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        e eVar = this.j2.get(str);
        if (eVar != null) {
            return eVar.i().equals(t2);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        e eVar = this.j2.get(str);
        if (eVar == null) {
            return false;
        }
        BigInteger i2 = eVar.i();
        return i2.equals(u2) || i2.equals(v2) || i2.equals(w2) || i2.equals(x2);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        a g2;
        f f2;
        PublicKey publicKey;
        n.b.a.i2.h a;
        this.j2.clear();
        this.k2.clear();
        this.o2 = null;
        this.p2 = null;
        this.l2 = null;
        if (inputStream == null) {
            Date date = new Date();
            this.o2 = date;
            this.p2 = date;
            this.g2 = null;
            this.h2 = null;
            this.l2 = new a(n.l0, a1.g2);
            this.m2 = a(n.Y, 64);
            return;
        }
        try {
            n.b.a.i2.g a2 = n.b.a.i2.g.a(new n.b.a.l(inputStream).d());
            i e2 = a2.e();
            if (e2.f() == 0) {
                n.b.a.i2.j a3 = n.b.a.i2.j.a(e2.e());
                this.l2 = a3.f();
                this.m2 = a3.g();
                g2 = this.l2;
                try {
                    a(a2.f().a().getEncoded(), a3, cArr);
                } catch (NoSuchProviderException e3) {
                    throw new IOException(e3.getMessage());
                }
            } else {
                if (e2.f() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                n.b.a.i2.l a4 = n.b.a.i2.l.a(e2.e());
                g2 = a4.g();
                try {
                    g[] e4 = a4.e();
                    if (this.h2 == null) {
                        f2 = a2.f();
                        publicKey = this.g2;
                    } else {
                        if (e4 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory e5 = this.i2.e("X.509");
                        X509Certificate[] x509CertificateArr = new X509Certificate[e4.length];
                        for (int i2 = 0; i2 != x509CertificateArr.length; i2++) {
                            x509CertificateArr[i2] = (X509Certificate) e5.generateCertificate(new ByteArrayInputStream(e4[i2].getEncoded()));
                        }
                        if (!this.h2.a(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        f2 = a2.f();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    a(f2, a4, publicKey);
                } catch (GeneralSecurityException e6) {
                    throw new IOException("error verifying signature: " + e6.getMessage(), e6);
                }
            }
            f f3 = a2.f();
            if (f3 instanceof n.b.a.i2.b) {
                n.b.a.i2.b bVar = (n.b.a.i2.b) f3;
                a = n.b.a.i2.h.a(a("STORE_ENCRYPTION", bVar.f(), cArr, bVar.e().i()));
            } else {
                a = n.b.a.i2.h.a(f3);
            }
            try {
                this.o2 = a.e().i();
                this.p2 = a.g().i();
                if (!a.f().equals(g2)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<f> it = a.h().iterator();
                while (it.hasNext()) {
                    e a5 = e.a(it.next());
                    this.j2.put(a5.g(), a5);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e7) {
            throw new IOException(e7.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineLoad(((BCLoadStoreParameter) loadStoreParameter).a(), a(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        char[] a = a((KeyStore.LoadStoreParameter) bCFKSLoadStoreParameter);
        this.m2 = a(bCFKSLoadStoreParameter.g(), 64);
        this.q2 = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? b.P : b.Q;
        this.l2 = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(n.l0, a1.g2) : new a(b.r, a1.g2);
        this.g2 = (PublicKey) bCFKSLoadStoreParameter.i();
        this.h2 = bCFKSLoadStoreParameter.c();
        this.n2 = a(this.g2, bCFKSLoadStoreParameter.h());
        p pVar = this.q2;
        InputStream a2 = bCFKSLoadStoreParameter.a();
        engineLoad(a2, a);
        if (a2 != null) {
            if (!a(bCFKSLoadStoreParameter.g(), this.m2) || !pVar.b(this.q2)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        Date date;
        e eVar = this.j2.get(str);
        Date date2 = new Date();
        if (eVar == null) {
            date = date2;
        } else {
            if (!eVar.i().equals(t2)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = a(eVar, date2);
        }
        try {
            this.j2.put(str, new e(t2, str, date, date2, certificate.getEncoded(), null));
            this.p2 = date2;
        } catch (CertificateEncodingException e2) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e2.getMessage(), e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
        n.b.a.i2.k kVar;
        n.b.a.i2.d dVar;
        n.b.a.a3.f fVar;
        Date date = new Date();
        e eVar = this.j2.get(str);
        Date a = eVar != null ? a(eVar, date) : date;
        this.k2.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                h a2 = a(n.Y, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a3 = a(a2, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                if (this.q2.b(b.P)) {
                    Cipher a4 = a("AES/CCM/NoPadding", a3);
                    fVar = new n.b.a.a3.f(new a(n.X, new k(a2, new n.b.a.a3.g(b.P, n.b.a.k2.a.a(a4.getParameters().getEncoded())))), a4.doFinal(encoded));
                } else {
                    fVar = new n.b.a.a3.f(new a(n.X, new k(a2, new n.b.a.a3.g(b.Q))), a("AESKWP", a3).doFinal(encoded));
                }
                this.j2.put(str, new e(u2, str, a, date, a(fVar, certificateArr).getEncoded(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                h a5 = a(n.Y, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a6 = a(a5, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String d2 = n.b.f.n.d(key.getAlgorithm());
                if (d2.indexOf("AES") > -1) {
                    kVar = new n.b.a.i2.k(b.s, encoded2);
                } else {
                    p pVar = r2.get(d2);
                    if (pVar != null) {
                        kVar = new n.b.a.i2.k(pVar, encoded2);
                    } else {
                        p pVar2 = r2.get(d2 + "." + (encoded2.length * 8));
                        if (pVar2 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + d2 + ") for storage.");
                        }
                        kVar = new n.b.a.i2.k(pVar2, encoded2);
                    }
                }
                if (this.q2.b(b.P)) {
                    Cipher a7 = a("AES/CCM/NoPadding", a6);
                    dVar = new n.b.a.i2.d(new a(n.X, new k(a5, new n.b.a.a3.g(b.P, n.b.a.k2.a.a(a7.getParameters().getEncoded())))), a7.doFinal(kVar.getEncoded()));
                } else {
                    dVar = new n.b.a.i2.d(new a(n.X, new k(a5, new n.b.a.a3.g(b.Q))), a("AESKWP", a6).doFinal(kVar.getEncoded()));
                }
                this.j2.put(str, new e(v2, str, a, date, dVar.getEncoded(), null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e3.toString(), e3);
            }
        }
        this.p2 = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        Date date = new Date();
        e eVar = this.j2.get(str);
        Date a = eVar != null ? a(eVar, date) : date;
        if (certificateArr != null) {
            try {
                n.b.a.a3.f a2 = n.b.a.a3.f.a(bArr);
                try {
                    this.k2.remove(str);
                    this.j2.put(str, new e(w2, str, a, date, a(a2, certificateArr).getEncoded(), null));
                } catch (Exception e2) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e2.toString(), e2);
                }
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e3);
            }
        } else {
            try {
                this.j2.put(str, new e(x2, str, a, date, bArr, null));
            } catch (Exception e4) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e4.toString(), e4);
            }
        }
        this.p2 = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.j2.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
        h hVar;
        BigInteger f2;
        if (this.o2 == null) {
            throw new IOException("KeyStore not initialized");
        }
        n.b.a.i2.b a = a(this.l2, cArr);
        if (c.y.b(this.m2.e())) {
            n.b.a.v2.f a2 = n.b.a.v2.f.a(this.m2.f());
            hVar = this.m2;
            f2 = a2.g();
        } else {
            n.b.a.a3.l a3 = n.b.a.a3.l.a(this.m2.f());
            hVar = this.m2;
            f2 = a3.f();
        }
        this.m2 = a(hVar, f2.intValue());
        try {
            outputStream.write(new n.b.a.i2.g(a, new i(new n.b.a.i2.j(this.l2, this.m2, a(a.getEncoded(), this.l2, this.m2, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e2) {
            throw new IOException("cannot calculate mac: " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
        n.b.a.i2.l lVar;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof BCFKSStoreParameter) {
            BCFKSStoreParameter bCFKSStoreParameter = (BCFKSStoreParameter) loadStoreParameter;
            char[] a = a(loadStoreParameter);
            this.m2 = a(bCFKSStoreParameter.b(), 64);
            engineStore(bCFKSStoreParameter.a(), a);
            return;
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineStore(((BCLoadStoreParameter) loadStoreParameter).b(), a(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        if (bCFKSLoadStoreParameter.i() == null) {
            char[] a2 = a((KeyStore.LoadStoreParameter) bCFKSLoadStoreParameter);
            this.m2 = a(bCFKSLoadStoreParameter.g(), 64);
            this.q2 = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? b.P : b.Q;
            this.l2 = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(n.l0, a1.g2) : new a(b.r, a1.g2);
            engineStore(bCFKSLoadStoreParameter.b(), a2);
            return;
        }
        this.n2 = a(bCFKSLoadStoreParameter.i(), bCFKSLoadStoreParameter.h());
        this.m2 = a(bCFKSLoadStoreParameter.g(), 64);
        this.q2 = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? b.P : b.Q;
        this.l2 = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(n.l0, a1.g2) : new a(b.r, a1.g2);
        n.b.a.i2.b a3 = a(this.n2, a((KeyStore.LoadStoreParameter) bCFKSLoadStoreParameter));
        try {
            Signature a4 = this.i2.a(this.n2.e().i());
            a4.initSign((PrivateKey) bCFKSLoadStoreParameter.i());
            a4.update(a3.getEncoded());
            X509Certificate[] d2 = bCFKSLoadStoreParameter.d();
            if (d2 != null) {
                g[] gVarArr = new g[d2.length];
                for (int i2 = 0; i2 != gVarArr.length; i2++) {
                    gVarArr[i2] = g.a(d2[i2].getEncoded());
                }
                lVar = new n.b.a.i2.l(this.n2, gVarArr, a4.sign());
            } else {
                lVar = new n.b.a.i2.l(this.n2, a4.sign());
            }
            bCFKSLoadStoreParameter.b().write(new n.b.a.i2.g(a3, new i(lVar)).getEncoded());
            bCFKSLoadStoreParameter.b().flush();
        } catch (GeneralSecurityException e2) {
            throw new IOException("error creating signature: " + e2.getMessage(), e2);
        }
    }
}
