package org.spongycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.asn1.as;
import org.spongycastle.asn1.cc;
import org.spongycastle.asn1.p851final.u;
import org.spongycastle.asn1.p854if.a;
import org.spongycastle.asn1.p854if.d;
import org.spongycastle.asn1.p854if.x;
import org.spongycastle.asn1.p854if.y;
import org.spongycastle.asn1.p858this.c;
import org.spongycastle.asn1.p858this.e;
import org.spongycastle.asn1.p858this.g;
import org.spongycastle.asn1.p858this.z;
import org.spongycastle.asn1.x509.b;
import org.spongycastle.asn1.x509.f;
import org.spongycastle.crypto.h;
import org.spongycastle.crypto.p864char.bb;

/* loaded from: classes8.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger a;
    private static final BigInteger b;
    private static final BigInteger d;
    private static final BigInteger e;
    private static final BigInteger g;
    private Date cc;
    private Date h;
    private e q;
    private f u;
    private final Map<String, a> x;
    private final Map<String, PrivateKey> y;
    private final org.spongycastle.jce.provider.f z;
    private static final Map<String, cc> f = new HashMap();
    private static final Map<cc, String> c = new HashMap();

    /* loaded from: classes8.dex */
    private static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    static {
        f.put("DESEDE", org.spongycastle.asn1.p856long.f.z);
        f.put("TRIPLEDES", org.spongycastle.asn1.p856long.f.z);
        f.put("TDEA", org.spongycastle.asn1.p856long.f.z);
        f.put("HMACSHA1", g.C);
        f.put("HMACSHA224", g.D);
        f.put("HMACSHA256", g.E);
        f.put("HMACSHA384", g.F);
        f.put("HMACSHA512", g.G);
        c.put(g.c, "RSA");
        c.put(u.u, "EC");
        c.put(org.spongycastle.asn1.p856long.f.q, "DH");
        c.put(g.ac, "DH");
        c.put(u.M, "DSA");
        d = BigInteger.valueOf(0L);
        e = BigInteger.valueOf(1L);
        a = BigInteger.valueOf(2L);
        b = BigInteger.valueOf(3L);
        g = BigInteger.valueOf(4L);
    }

    private static String f(cc ccVar) {
        String str = c.get(ccVar);
        return str != null ? str : ccVar.c();
    }

    private SecureRandom f() {
        return new SecureRandom();
    }

    private Certificate f(Object obj) {
        org.spongycastle.jce.provider.f fVar = this.z;
        if (fVar != null) {
            try {
                return CertificateFactory.getInstance("X.509", fVar).generateCertificate(new ByteArrayInputStream(b.f(obj).y()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(b.f(obj).y()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private Date f(a aVar, Date date) {
        try {
            return aVar.f().d();
        } catch (ParseException unused) {
            return date;
        }
    }

    private d f(c cVar, Certificate[] certificateArr) throws CertificateEncodingException {
        b[] bVarArr = new b[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            bVarArr[i] = b.f(certificateArr[i].getEncoded());
        }
        return new d(cVar, bVarArr);
    }

    private e f(int i) {
        byte[] bArr = new byte[64];
        f().nextBytes(bArr);
        return new e(g.o, new org.spongycastle.asn1.p858this.b(bArr, 1024, i, new f(g.G, as.f)));
    }

    private void f(byte[] bArr, y yVar, char[] cArr) throws NoSuchAlgorithmException, IOException {
        if (!org.spongycastle.util.f.c(f(bArr, yVar.f(), yVar.c(), cArr), yVar.d())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed.");
        }
    }

    private byte[] f(String str, f fVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher cipher;
        AlgorithmParameters algorithmParameters;
        if (!fVar.f().equals(g.n)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        org.spongycastle.asn1.p858this.a f2 = org.spongycastle.asn1.p858this.a.f(fVar.c());
        org.spongycastle.asn1.p858this.d c2 = f2.c();
        if (!c2.f().equals(org.spongycastle.asn1.p850else.c.H)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        try {
            org.spongycastle.asn1.p852for.f f3 = org.spongycastle.asn1.p852for.f.f(c2.c());
            if (this.z == null) {
                cipher = Cipher.getInstance("AES/CCM/NoPadding");
                algorithmParameters = AlgorithmParameters.getInstance("CCM");
            } else {
                cipher = Cipher.getInstance("AES/CCM/NoPadding", this.z);
                algorithmParameters = AlgorithmParameters.getInstance("CCM", this.z);
            }
            algorithmParameters.init(f3.y());
            e f4 = f2.f();
            if (cArr == null) {
                cArr = new char[0];
            }
            cipher.init(2, new SecretKeySpec(f(f4, str, cArr), "AES"), algorithmParameters);
            return cipher.doFinal(bArr);
        } catch (Exception e2) {
            throw new IOException(e2.toString());
        }
    }

    private byte[] f(e eVar, String str, char[] cArr) throws IOException {
        byte[] d2 = h.d(cArr);
        byte[] d3 = h.d(str.toCharArray());
        org.spongycastle.crypto.p870new.e eVar2 = new org.spongycastle.crypto.p870new.e(new org.spongycastle.crypto.p868if.h());
        if (!eVar.f().equals(g.o)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        org.spongycastle.asn1.p858this.b f2 = org.spongycastle.asn1.p858this.b.f(eVar.c());
        if (!f2.e().f().equals(g.G)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF.");
        }
        eVar2.f(org.spongycastle.util.f.d(d2, d3), f2.f(), f2.c().intValue());
        return ((bb) eVar2.f(f2.d().intValue() * 8)).f();
    }

    private byte[] f(byte[] bArr, f fVar, e eVar, char[] cArr) throws NoSuchAlgorithmException, IOException {
        String c2 = fVar.f().c();
        org.spongycastle.jce.provider.f fVar2 = this.z;
        Mac mac = fVar2 != null ? Mac.getInstance(c2, fVar2) : Mac.getInstance(c2);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            mac.init(new SecretKeySpec(f(eVar, "INTEGRITY_CHECK", cArr), c2));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e2) {
            throw new IOException("Cannot set up MAC calculation: " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.x.keySet()).iterator();
        return new Enumeration() { // from class: org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.x.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.x.get(str) == null) {
            return;
        }
        this.y.remove(str);
        this.x.remove(str);
        this.cc = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        a aVar = this.x.get(str);
        if (aVar == null) {
            return null;
        }
        if (aVar.a().equals(e) || aVar.a().equals(b)) {
            return f(d.f(aVar.c()).f()[0]);
        }
        if (aVar.a().equals(d)) {
            return f(aVar.c());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.x.keySet()) {
                a aVar = this.x.get(str);
                if (aVar.a().equals(d)) {
                    if (org.spongycastle.util.f.f(aVar.c(), encoded)) {
                        return str;
                    }
                } else if (aVar.a().equals(e) || aVar.a().equals(b)) {
                    try {
                        if (org.spongycastle.util.f.f(d.f(aVar.c()).f()[0].x().y(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        a aVar = this.x.get(str);
        if (aVar == null) {
            return null;
        }
        if (!aVar.a().equals(e) && !aVar.a().equals(b)) {
            return null;
        }
        b[] f2 = d.f(aVar.c()).f();
        int length = f2.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i != length; i++) {
            x509CertificateArr[i] = f(f2[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        a aVar = this.x.get(str);
        if (aVar == null) {
            return null;
        }
        try {
            return aVar.e().d();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        a aVar = this.x.get(str);
        if (aVar == null) {
            return null;
        }
        if (aVar.a().equals(e) || aVar.a().equals(b)) {
            PrivateKey privateKey = this.y.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            c f2 = c.f(d.f(aVar.c()).c());
            try {
                z f3 = z.f(f("PRIVATE_KEY_ENCRYPTION", f2.f(), cArr, f2.c()));
                PrivateKey generatePrivate = (this.z != null ? KeyFactory.getInstance(f3.f().f().c(), this.z) : KeyFactory.getInstance(f(f3.f().f()))).generatePrivate(new PKCS8EncodedKeySpec(f3.y()));
                this.y.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e2) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e2.getMessage());
            }
        }
        if (!aVar.a().equals(a) && !aVar.a().equals(g)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        org.spongycastle.asn1.p854if.e f4 = org.spongycastle.asn1.p854if.e.f(aVar.c());
        try {
            org.spongycastle.asn1.p854if.u f5 = org.spongycastle.asn1.p854if.u.f(f("SECRET_KEY_ENCRYPTION", f4.f(), cArr, f4.c()));
            return (this.z != null ? SecretKeyFactory.getInstance(f5.c().c(), this.z) : SecretKeyFactory.getInstance(f5.c().c())).generateSecret(new SecretKeySpec(f5.f(), f5.c().c()));
        } catch (Exception e3) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        a aVar = this.x.get(str);
        if (aVar != null) {
            return aVar.a().equals(d);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        a aVar = this.x.get(str);
        if (aVar == null) {
            return false;
        }
        BigInteger a2 = aVar.a();
        return a2.equals(e) || a2.equals(a) || a2.equals(b) || a2.equals(g);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        org.spongycastle.asn1.p854if.z f2;
        this.x.clear();
        this.y.clear();
        this.h = null;
        this.cc = null;
        this.u = null;
        if (inputStream == null) {
            Date date = new Date();
            this.h = date;
            this.cc = date;
            this.u = new f(g.G, as.f);
            this.q = f(64);
            return;
        }
        org.spongycastle.asn1.p854if.g f3 = org.spongycastle.asn1.p854if.g.f(new org.spongycastle.asn1.y(inputStream).e());
        x f4 = f3.f();
        if (f4.f() != 0) {
            throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
        }
        y f5 = y.f(f4.c());
        this.u = f5.f();
        this.q = f5.c();
        f(f3.c().x().y(), f5, cArr);
        org.spongycastle.asn1.b c2 = f3.c();
        if (c2 instanceof org.spongycastle.asn1.p854if.c) {
            org.spongycastle.asn1.p854if.c cVar = (org.spongycastle.asn1.p854if.c) c2;
            f2 = org.spongycastle.asn1.p854if.z.f(f("STORE_ENCRYPTION", cVar.c(), cArr, cVar.f().d()));
        } else {
            f2 = org.spongycastle.asn1.p854if.z.f(c2);
        }
        try {
            this.h = f2.f().d();
            this.cc = f2.d().d();
            if (!f2.c().equals(this.u)) {
                throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
            }
            Iterator<org.spongycastle.asn1.b> it = f2.e().iterator();
            while (it.hasNext()) {
                a f6 = a.f(it.next());
                this.x.put(f6.d(), f6);
            }
        } catch (ParseException unused) {
            throw new IOException("BCFKS KeyStore unable to parse store data information.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        a aVar = this.x.get(str);
        Date date2 = new Date();
        if (aVar == null) {
            date = date2;
        } else {
            if (!aVar.a().equals(d)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = f(aVar, date2);
        }
        try {
            this.x.put(str, new a(d, str, date, date2, certificate.getEncoded(), null));
            this.cc = date2;
        } catch (CertificateEncodingException e2) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e2.getMessage(), e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        byte[] doFinal;
        Date date = new Date();
        a aVar = this.x.get(str);
        Date f2 = aVar != null ? f(aVar, date) : date;
        this.y.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                e f3 = f(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] f4 = f(f3, "PRIVATE_KEY_ENCRYPTION", cArr);
                Cipher cipher = this.z == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.z);
                cipher.init(1, new SecretKeySpec(f4, "AES"));
                this.x.put(str, new a(e, str, f2, date, f(new c(new f(g.n, new org.spongycastle.asn1.p858this.a(f3, new org.spongycastle.asn1.p858this.d(org.spongycastle.asn1.p850else.c.H, org.spongycastle.asn1.p852for.f.f(cipher.getParameters().getEncoded())))), cipher.doFinal(encoded)), certificateArr).y(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                e f5 = f(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] f6 = f(f5, "SECRET_KEY_ENCRYPTION", cArr);
                Cipher cipher2 = this.z == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.z);
                cipher2.init(1, new SecretKeySpec(f6, "AES"));
                String c2 = org.spongycastle.util.x.c(key.getAlgorithm());
                if (c2.indexOf("AES") > -1) {
                    doFinal = cipher2.doFinal(new org.spongycastle.asn1.p854if.u(org.spongycastle.asn1.p850else.c.ac, encoded2).y());
                } else {
                    cc ccVar = f.get(c2);
                    if (ccVar == null) {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + c2 + ") for storage.");
                    }
                    doFinal = cipher2.doFinal(new org.spongycastle.asn1.p854if.u(ccVar, encoded2).y());
                }
                this.x.put(str, new a(a, str, f2, date, new org.spongycastle.asn1.p854if.e(new f(g.n, new org.spongycastle.asn1.p858this.a(f5, new org.spongycastle.asn1.p858this.d(org.spongycastle.asn1.p850else.c.H, org.spongycastle.asn1.p852for.f.f(cipher2.getParameters().getEncoded())))), doFinal).y(), null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e3.toString(), e3);
            }
        }
        this.cc = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        a aVar = this.x.get(str);
        Date f2 = aVar != null ? f(aVar, date) : date;
        if (certificateArr != null) {
            try {
                c f3 = c.f(bArr);
                try {
                    this.y.remove(str);
                    this.x.put(str, new a(b, str, f2, date, f(f3, certificateArr).y(), null));
                } catch (Exception e2) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e2.toString(), e2);
                }
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e3);
            }
        } else {
            try {
                this.x.put(str, new a(g, str, f2, date, bArr, null));
            } catch (Exception e4) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e4.toString(), e4);
            }
        }
        this.cc = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.x.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        a[] aVarArr = (a[]) this.x.values().toArray(new a[this.x.size()]);
        e f2 = f(32);
        byte[] f3 = f(f2, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0]);
        org.spongycastle.asn1.p854if.z zVar = new org.spongycastle.asn1.p854if.z(this.u, this.h, this.cc, new org.spongycastle.asn1.p854if.b(aVarArr), null);
        try {
            Cipher cipher = this.z == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.z);
            cipher.init(1, new SecretKeySpec(f3, "AES"));
            org.spongycastle.asn1.p854if.c cVar = new org.spongycastle.asn1.p854if.c(new f(g.n, new org.spongycastle.asn1.p858this.a(f2, new org.spongycastle.asn1.p858this.d(org.spongycastle.asn1.p850else.c.H, org.spongycastle.asn1.p852for.f.f(cipher.getParameters().getEncoded())))), cipher.doFinal(zVar.y()));
            org.spongycastle.asn1.p858this.b f4 = org.spongycastle.asn1.p858this.b.f(this.q.c());
            byte[] bArr = new byte[f4.f().length];
            f().nextBytes(bArr);
            this.q = new e(this.q.f(), new org.spongycastle.asn1.p858this.b(bArr, f4.c().intValue(), f4.d().intValue(), f4.e()));
            outputStream.write(new org.spongycastle.asn1.p854if.g(cVar, new x(new y(this.u, this.q, f(cVar.y(), this.u, this.q, cArr)))).y());
            outputStream.flush();
        } catch (InvalidKeyException e2) {
            throw new IOException(e2.toString());
        } catch (BadPaddingException e3) {
            throw new IOException(e3.toString());
        } catch (IllegalBlockSizeException e4) {
            throw new IOException(e4.toString());
        } catch (NoSuchPaddingException e5) {
            throw new NoSuchAlgorithmException(e5.toString());
        }
    }
}
