package org.spongycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.asn1.e;
import org.spongycastle.asn1.i;
import org.spongycastle.asn1.m;
import org.spongycastle.asn1.w0;
import org.spongycastle.crypto.PBEParametersGenerator;
import org.spongycastle.crypto.digests.SHA512Digest;
import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.util.a;
import tt.dm0;
import tt.ek0;
import tt.nk0;
import tt.oi0;
import tt.ok0;
import tt.om0;
import tt.pi0;
import tt.pk0;
import tt.po0;
import tt.qi0;
import tt.ri0;
import tt.si0;
import tt.sk0;
import tt.ti0;
import tt.tk0;
import tt.ui0;
import tt.vi0;
import tt.vk0;
import tt.wi0;
import tt.wj0;
import tt.xi0;
import tt.xk0;
import tt.zi0;

/* loaded from: classes2.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map<String, m> oidMap;
    private static final Map<m, String> publicAlgMap;
    private Date creationDate;
    private dm0 hmacAlgorithm;
    private pk0 hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private final BouncyCastleProvider provider;
    private final Map<String, ri0> entries = new HashMap();
    private final Map<String, PrivateKey> privateKeyCache = new HashMap();

    /* loaded from: classes2.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(null);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes2.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BouncyCastleProvider());
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }
    }

    static {
        HashMap hashMap = new HashMap();
        oidMap = hashMap;
        HashMap hashMap2 = new HashMap();
        publicAlgMap = hashMap2;
        m mVar = ek0.e;
        hashMap.put("DESEDE", mVar);
        hashMap.put("TRIPLEDES", mVar);
        hashMap.put("TDEA", mVar);
        hashMap.put("HMACSHA1", vk0.f1);
        hashMap.put("HMACSHA224", vk0.h1);
        hashMap.put("HMACSHA256", vk0.i1);
        hashMap.put("HMACSHA384", vk0.j1);
        hashMap.put("HMACSHA512", vk0.k1);
        hashMap2.put(vk0.x0, "RSA");
        hashMap2.put(po0.s2, "EC");
        hashMap2.put(ek0.i, "DH");
        hashMap2.put(vk0.N0, "DH");
        hashMap2.put(po0.a3, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(BouncyCastleProvider bouncyCastleProvider) {
        this.provider = bouncyCastleProvider;
    }

    private byte[] calculateMac(byte[] bArr, dm0 dm0Var, pk0 pk0Var, char[] cArr) {
        String o = dm0Var.d().o();
        BouncyCastleProvider bouncyCastleProvider = this.provider;
        Mac mac = bouncyCastleProvider != null ? Mac.getInstance(o, bouncyCastleProvider) : Mac.getInstance(o);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            mac.init(new SecretKeySpec(generateKey(pk0Var, "INTEGRITY_CHECK", cArr), o));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IOException("Cannot set up MAC calculation: " + e.getMessage());
        }
    }

    private pi0 createPrivateKeySequence(nk0 nk0Var, Certificate[] certificateArr) {
        om0[] om0VarArr = new om0[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            om0VarArr[i] = om0.e(certificateArr[i].getEncoded());
        }
        return new pi0(nk0Var, om0VarArr);
    }

    private Certificate decodeCertificate(Object obj) {
        BouncyCastleProvider bouncyCastleProvider = this.provider;
        if (bouncyCastleProvider != null) {
            try {
                return CertificateFactory.getInstance("X.509", bouncyCastleProvider).generateCertificate(new ByteArrayInputStream(om0.e(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(om0.e(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] decryptData(String str, dm0 dm0Var, char[] cArr, byte[] bArr) {
        Cipher cipher;
        AlgorithmParameters algorithmParameters;
        if (!dm0Var.d().equals(vk0.V0)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        sk0 e = sk0.e(dm0Var.g());
        ok0 d = e.d();
        if (!d.d().equals(wj0.P)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        try {
            zi0 e2 = zi0.e(d.f());
            BouncyCastleProvider bouncyCastleProvider = this.provider;
            if (bouncyCastleProvider == null) {
                cipher = Cipher.getInstance("AES/CCM/NoPadding");
                algorithmParameters = AlgorithmParameters.getInstance("CCM");
            } else {
                cipher = Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
                algorithmParameters = AlgorithmParameters.getInstance("CCM", this.provider);
            }
            algorithmParameters.init(e2.getEncoded());
            pk0 f = e.f();
            if (cArr == null) {
                cArr = new char[0];
            }
            cipher.init(2, new SecretKeySpec(generateKey(f, str, cArr), "AES"), algorithmParameters);
            return cipher.doFinal(bArr);
        } catch (Exception e3) {
            throw new IOException(e3.toString());
        }
    }

    private Date extractCreationDate(ri0 ri0Var, Date date) {
        try {
            return ri0Var.d().m();
        } catch (ParseException unused) {
            return date;
        }
    }

    private byte[] generateKey(pk0 pk0Var, String str, char[] cArr) {
        byte[] PKCS12PasswordToBytes = PBEParametersGenerator.PKCS12PasswordToBytes(cArr);
        byte[] PKCS12PasswordToBytes2 = PBEParametersGenerator.PKCS12PasswordToBytes(str.toCharArray());
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA512Digest());
        if (!pk0Var.d().equals(vk0.W0)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        tk0 d = tk0.d(pk0Var.f());
        if (!d.g().d().equals(vk0.k1)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF.");
        }
        pKCS5S2ParametersGenerator.init(a.o(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), d.h(), d.e().intValue());
        return ((KeyParameter) pKCS5S2ParametersGenerator.generateDerivedParameters(d.f().intValue() * 8)).getKey();
    }

    private pk0 generatePkbdAlgorithmIdentifier(int i) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        return new pk0(vk0.W0, new tk0(bArr, 1024, i, new dm0(vk0.k1, w0.f2892a)));
    }

    private SecureRandom getDefaultSecureRandom() {
        return new SecureRandom();
    }

    private static String getPublicKeyAlg(m mVar) {
        String str = publicAlgMap.get(mVar);
        return str != null ? str : mVar.o();
    }

    private void verifyMac(byte[] bArr, wi0 wi0Var, char[] cArr) {
        if (!a.s(calculateMac(bArr, wi0Var.f(), wi0Var.g(), cArr), wi0Var.e())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        Objects.requireNonNull(str, "alias value is null");
        return this.entries.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
        if (this.entries.get(str) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        ri0 ri0Var = this.entries.get(str);
        if (ri0Var == null) {
            return null;
        }
        if (ri0Var.i().equals(PRIVATE_KEY) || ri0Var.i().equals(PROTECTED_PRIVATE_KEY)) {
            return decodeCertificate(pi0.f(ri0Var.e()).d()[0]);
        }
        if (ri0Var.i().equals(CERTIFICATE)) {
            return decodeCertificate(ri0Var.e());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                ri0 ri0Var = this.entries.get(str);
                if (ri0Var.i().equals(CERTIFICATE)) {
                    if (a.c(ri0Var.e(), encoded)) {
                        return str;
                    }
                } else if (ri0Var.i().equals(PRIVATE_KEY) || ri0Var.i().equals(PROTECTED_PRIVATE_KEY)) {
                    try {
                        if (a.c(pi0.f(ri0Var.e()).d()[0].toASN1Primitive().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        ri0 ri0Var = this.entries.get(str);
        if (ri0Var == null) {
            return null;
        }
        if (!ri0Var.i().equals(PRIVATE_KEY) && !ri0Var.i().equals(PROTECTED_PRIVATE_KEY)) {
            return null;
        }
        om0[] d = pi0.f(ri0Var.e()).d();
        int length = d.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i != length; i++) {
            x509CertificateArr[i] = decodeCertificate(d[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        ri0 ri0Var = this.entries.get(str);
        if (ri0Var == null) {
            return null;
        }
        try {
            return ri0Var.h().m();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        ri0 ri0Var = this.entries.get(str);
        if (ri0Var == null) {
            return null;
        }
        if (ri0Var.i().equals(PRIVATE_KEY) || ri0Var.i().equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey privateKey = this.privateKeyCache.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            nk0 f = nk0.f(pi0.f(ri0Var.e()).e());
            try {
                xk0 e = xk0.e(decryptData("PRIVATE_KEY_ENCRYPTION", f.e(), cArr, f.d()));
                PrivateKey generatePrivate = (this.provider != null ? KeyFactory.getInstance(e.f().d().o(), this.provider) : KeyFactory.getInstance(getPublicKeyAlg(e.f().d()))).generatePrivate(new PKCS8EncodedKeySpec(e.getEncoded()));
                this.privateKeyCache.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e2) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e2.getMessage());
            }
        }
        if (!ri0Var.i().equals(SECRET_KEY) && !ri0Var.i().equals(PROTECTED_SECRET_KEY)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        qi0 e3 = qi0.e(ri0Var.e());
        try {
            xi0 d = xi0.d(decryptData("SECRET_KEY_ENCRYPTION", e3.f(), cArr, e3.d()));
            return (this.provider != null ? SecretKeyFactory.getInstance(d.e().o(), this.provider) : SecretKeyFactory.getInstance(d.e().o())).generateSecret(new SecretKeySpec(d.f(), d.e().o()));
        } catch (Exception e4) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e4.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        ri0 ri0Var = this.entries.get(str);
        if (ri0Var != null) {
            return ri0Var.i().equals(CERTIFICATE);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        ri0 ri0Var = this.entries.get(str);
        if (ri0Var == null) {
            return false;
        }
        BigInteger i = ri0Var.i();
        return i.equals(PRIVATE_KEY) || i.equals(SECRET_KEY) || i.equals(PROTECTED_PRIVATE_KEY) || i.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        ui0 e;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.hmacAlgorithm = new dm0(vk0.k1, w0.f2892a);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(64);
            return;
        }
        ti0 d = ti0.d(new i(inputStream).I());
        vi0 e2 = d.e();
        if (e2.f() != 0) {
            throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
        }
        wi0 d2 = wi0.d(e2.e());
        this.hmacAlgorithm = d2.f();
        this.hmacPkbdAlgorithm = d2.g();
        verifyMac(d.f().toASN1Primitive().getEncoded(), d2, cArr);
        e f = d.f();
        if (f instanceof oi0) {
            oi0 oi0Var = (oi0) f;
            e = ui0.e(decryptData("STORE_ENCRYPTION", oi0Var.e(), cArr, oi0Var.d().m()));
        } else {
            e = ui0.e(f);
        }
        try {
            this.creationDate = e.d().m();
            this.lastModifiedDate = e.g().m();
            if (!e.f().equals(this.hmacAlgorithm)) {
                throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
            }
            Iterator<e> it = e.h().iterator();
            while (it.hasNext()) {
                ri0 g = ri0.g(it.next());
                this.entries.put(g.f(), g);
            }
        } catch (ParseException unused) {
            throw new IOException("BCFKS KeyStore unable to parse store data information.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        Date date;
        ri0 ri0Var = this.entries.get(str);
        Date date2 = new Date();
        if (ri0Var == null) {
            date = date2;
        } else {
            if (!ri0Var.i().equals(CERTIFICATE)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = extractCreationDate(ri0Var, date2);
        }
        try {
            this.entries.put(str, new ri0(CERTIFICATE, str, date, date2, certificate.getEncoded(), null));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
        byte[] doFinal;
        Date date = new Date();
        ri0 ri0Var = this.entries.get(str);
        Date extractCreationDate = ri0Var != null ? extractCreationDate(ri0Var, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                pk0 generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr);
                BouncyCastleProvider bouncyCastleProvider = this.provider;
                Cipher cipher = bouncyCastleProvider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
                cipher.init(1, new SecretKeySpec(generateKey, "AES"));
                this.entries.put(str, new ri0(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(new nk0(new dm0(vk0.V0, new sk0(generatePkbdAlgorithmIdentifier, new ok0(wj0.P, zi0.e(cipher.getParameters().getEncoded())))), cipher.doFinal(encoded)), certificateArr).getEncoded(), null));
            } catch (Exception e) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                pk0 generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr);
                BouncyCastleProvider bouncyCastleProvider2 = this.provider;
                Cipher cipher2 = bouncyCastleProvider2 == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider2);
                cipher2.init(1, new SecretKeySpec(generateKey2, "AES"));
                String l = org.spongycastle.util.m.l(key.getAlgorithm());
                if (l.indexOf("AES") > -1) {
                    doFinal = cipher2.doFinal(new xi0(wj0.s, encoded2).getEncoded());
                } else {
                    m mVar = oidMap.get(l);
                    if (mVar == null) {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + l + ") for storage.");
                    }
                    doFinal = cipher2.doFinal(new xi0(mVar, encoded2).getEncoded());
                }
                this.entries.put(str, new ri0(SECRET_KEY, str, extractCreationDate, date, new qi0(new dm0(vk0.V0, new sk0(generatePkbdAlgorithmIdentifier2, new ok0(wj0.P, zi0.e(cipher2.getParameters().getEncoded())))), doFinal).getEncoded(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        Date date = new Date();
        ri0 ri0Var = this.entries.get(str);
        Date extractCreationDate = ri0Var != null ? extractCreationDate(ri0Var, date) : date;
        if (certificateArr != null) {
            try {
                nk0 f = nk0.f(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new ri0(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(f, certificateArr).getEncoded(), null));
                } catch (Exception e) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.entries.put(str, new ri0(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr, null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e3.toString(), e3);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
        ri0[] ri0VarArr = (ri0[]) this.entries.values().toArray(new ri0[this.entries.size()]);
        pk0 generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(32);
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0]);
        ui0 ui0Var = new ui0(this.hmacAlgorithm, this.creationDate, this.lastModifiedDate, new si0(ri0VarArr), null);
        try {
            BouncyCastleProvider bouncyCastleProvider = this.provider;
            Cipher cipher = bouncyCastleProvider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
            cipher.init(1, new SecretKeySpec(generateKey, "AES"));
            oi0 oi0Var = new oi0(new dm0(vk0.V0, new sk0(generatePkbdAlgorithmIdentifier, new ok0(wj0.P, zi0.e(cipher.getParameters().getEncoded())))), cipher.doFinal(ui0Var.getEncoded()));
            tk0 d = tk0.d(this.hmacPkbdAlgorithm.f());
            byte[] bArr = new byte[d.h().length];
            getDefaultSecureRandom().nextBytes(bArr);
            this.hmacPkbdAlgorithm = new pk0(this.hmacPkbdAlgorithm.d(), new tk0(bArr, d.e().intValue(), d.f().intValue(), d.g()));
            outputStream.write(new ti0(oi0Var, new vi0(new wi0(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(oi0Var.getEncoded(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).getEncoded());
            outputStream.flush();
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (BadPaddingException e2) {
            throw new IOException(e2.toString());
        } catch (IllegalBlockSizeException e3) {
            throw new IOException(e3.toString());
        } catch (NoSuchPaddingException e4) {
            throw new NoSuchAlgorithmException(e4.toString());
        }
    }
}
