package org.bouncycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.bouncycastle.asn1.ax;
import org.bouncycastle.asn1.b.c;
import org.bouncycastle.asn1.b.e;
import org.bouncycastle.asn1.b.f;
import org.bouncycastle.asn1.b.k;
import org.bouncycastle.asn1.b.l;
import org.bouncycastle.asn1.o;
import org.bouncycastle.asn1.p.d;
import org.bouncycastle.asn1.p.g;
import org.bouncycastle.asn1.p.h;
import org.bouncycastle.asn1.p.i;
import org.bouncycastle.asn1.x509.a;
import org.bouncycastle.crypto.b.m;
import org.bouncycastle.crypto.h.ai;
import org.bouncycastle.crypto.n;
import org.bouncycastle.crypto.util.j;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import org.bouncycastle.jcajce.util.b;
import org.bouncycastle.util.Strings;

/* loaded from: classes13.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final Map<String, o> kJn = new HashMap();
    private static final Map<o, String> kJo = new HashMap();
    private static final BigInteger kJq;
    private static final BigInteger kJr;
    private static final BigInteger kJs;
    private static final BigInteger kJt;
    private static final BigInteger kJu;
    private final Map<String, e> entries;
    private final b helper;
    private BCFKSLoadStoreParameter.a kHO;
    private o kJA;
    private PublicKey kJp;
    private final Map<String, PrivateKey> kJv;
    private a kJw;
    private org.bouncycastle.asn1.p.e kJx;
    private Date kJy;
    private Date kJz;
    private a kjF;

    /* loaded from: classes13.dex */
    private static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    static {
        kJn.put("DESEDE", org.bouncycastle.asn1.o.b.kpJ);
        kJn.put("TRIPLEDES", org.bouncycastle.asn1.o.b.kpJ);
        kJn.put("TDEA", org.bouncycastle.asn1.o.b.kpJ);
        kJn.put("HMACSHA1", h.kqH);
        kJn.put("HMACSHA224", h.kqI);
        kJn.put("HMACSHA256", h.kqJ);
        kJn.put("HMACSHA384", h.kqK);
        kJn.put("HMACSHA512", h.kqL);
        kJn.put("SEED", org.bouncycastle.asn1.j.a.kmE);
        kJn.put("CAMELLIA.128", org.bouncycastle.asn1.n.a.kpv);
        kJn.put("CAMELLIA.192", org.bouncycastle.asn1.n.a.kpw);
        kJn.put("CAMELLIA.256", org.bouncycastle.asn1.n.a.kpx);
        kJn.put("ARIA.128", org.bouncycastle.asn1.m.a.koO);
        kJn.put("ARIA.192", org.bouncycastle.asn1.m.a.koT);
        kJn.put("ARIA.256", org.bouncycastle.asn1.m.a.koY);
        kJo.put(h.kqb, "RSA");
        kJo.put(org.bouncycastle.asn1.v.o.kBQ, "EC");
        kJo.put(org.bouncycastle.asn1.o.b.kpN, "DH");
        kJo.put(h.kqr, "DH");
        kJo.put(org.bouncycastle.asn1.v.o.kCz, "DSA");
        kJq = BigInteger.valueOf(0L);
        kJr = BigInteger.valueOf(1L);
        kJs = BigInteger.valueOf(2L);
        kJt = BigInteger.valueOf(3L);
        kJu = BigInteger.valueOf(4L);
    }

    private Date a(e eVar, Date date) {
        try {
            return eVar.dGW().getDate();
        } catch (ParseException unused) {
            return date;
        }
    }

    private org.bouncycastle.asn1.b.b a(a aVar, char[] cArr) throws IOException, NoSuchAlgorithmException {
        e[] eVarArr = (e[]) this.entries.values().toArray(new e[this.entries.size()]);
        org.bouncycastle.asn1.p.e a2 = a(this.kJx, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] a3 = a(a2, "STORE_ENCRYPTION", cArr, 32);
        org.bouncycastle.asn1.b.h hVar = new org.bouncycastle.asn1.b.h(aVar, this.kJy, this.kJz, new f(eVarArr), null);
        try {
            if (!this.kJA.e(org.bouncycastle.asn1.l.b.kon)) {
                return new org.bouncycastle.asn1.b.b(new a(h.kqz, new org.bouncycastle.asn1.p.f(a2, new d(org.bouncycastle.asn1.l.b.koo))), o("AESKWP", a3).doFinal(hVar.getEncoded()));
            }
            Cipher o = o("AES/CCM/NoPadding", a3);
            return new org.bouncycastle.asn1.b.b(new a(h.kqz, new org.bouncycastle.asn1.p.f(a2, new d(org.bouncycastle.asn1.l.b.kon, org.bouncycastle.asn1.c.a.ep(o.getParameters().getEncoded())))), o.doFinal(hVar.getEncoded()));
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (NoSuchProviderException e2) {
            throw new IOException(e2.toString());
        } catch (BadPaddingException e3) {
            throw new IOException(e3.toString());
        } catch (IllegalBlockSizeException e4) {
            throw new IOException(e4.toString());
        } catch (NoSuchPaddingException e5) {
            throw new NoSuchAlgorithmException(e5.toString());
        }
    }

    private c a(org.bouncycastle.asn1.p.c cVar, Certificate[] certificateArr) throws CertificateEncodingException {
        org.bouncycastle.asn1.x509.f[] fVarArr = new org.bouncycastle.asn1.x509.f[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            fVarArr[i] = org.bouncycastle.asn1.x509.f.eR(certificateArr[i].getEncoded());
        }
        return new c(cVar, fVarArr);
    }

    private org.bouncycastle.asn1.p.e a(o oVar, int i) {
        byte[] bArr = new byte[64];
        dKX().nextBytes(bArr);
        if (h.kqA.e(oVar)) {
            return new org.bouncycastle.asn1.p.e(h.kqA, new g(bArr, 51200, i, new a(h.kqL, ax.khA)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + oVar);
    }

    private org.bouncycastle.asn1.p.e a(org.bouncycastle.asn1.p.e eVar, int i) {
        if (org.bouncycastle.asn1.k.a.knt.e(eVar.dHt())) {
            org.bouncycastle.asn1.k.d er = org.bouncycastle.asn1.k.d.er(eVar.dHu());
            byte[] bArr = new byte[er.getSalt().length];
            dKX().nextBytes(bArr);
            return new org.bouncycastle.asn1.p.e(org.bouncycastle.asn1.k.a.knt, new org.bouncycastle.asn1.k.d(bArr, er.dHo(), er.dHp(), er.dHq(), BigInteger.valueOf(i)));
        }
        g ez = g.ez(eVar.dHu());
        byte[] bArr2 = new byte[ez.getSalt().length];
        dKX().nextBytes(bArr2);
        return new org.bouncycastle.asn1.p.e(h.kqA, new g(bArr2, ez.dHx().intValue(), i, ez.dHy()));
    }

    private org.bouncycastle.asn1.p.e a(org.bouncycastle.crypto.util.f fVar, int i) {
        if (!org.bouncycastle.asn1.k.a.knt.e(fVar.dHt())) {
            org.bouncycastle.crypto.util.e eVar = (org.bouncycastle.crypto.util.e) fVar;
            byte[] bArr = new byte[eVar.getSaltLength()];
            dKX().nextBytes(bArr);
            return new org.bouncycastle.asn1.p.e(h.kqA, new g(bArr, eVar.getIterationCount(), i, eVar.dKp()));
        }
        j jVar = (j) fVar;
        byte[] bArr2 = new byte[jVar.getSaltLength()];
        dKX().nextBytes(bArr2);
        return new org.bouncycastle.asn1.p.e(org.bouncycastle.asn1.k.a.knt, new org.bouncycastle.asn1.k.d(bArr2, jVar.dKw(), jVar.getBlockSize(), jVar.dKx(), i));
    }

    private a a(Key key, BCFKSLoadStoreParameter.SignatureAlgorithm signatureAlgorithm) throws IOException {
        if (key == null) {
            return null;
        }
        if (key instanceof org.bouncycastle.jce.interfaces.a) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA) {
                return new a(org.bouncycastle.asn1.v.o.kBV);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withECDSA) {
                return new a(org.bouncycastle.asn1.l.b.koC);
            }
        }
        if (key instanceof DSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA) {
                return new a(org.bouncycastle.asn1.l.b.kou);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withDSA) {
                return new a(org.bouncycastle.asn1.l.b.koy);
            }
        }
        if (key instanceof RSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA) {
                return new a(h.kqm, ax.khA);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withRSA) {
                return new a(org.bouncycastle.asn1.l.b.koG, ax.khA);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private void a(org.bouncycastle.asn1.f fVar, l lVar, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature xl = this.helper.xl(lVar.dHj().dHt().getId());
        xl.initVerify(publicKey);
        xl.update(fVar.dGd().getEncoded("DER"));
        if (!xl.verify(lVar.dHi().dFY())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    private void a(byte[] bArr, org.bouncycastle.asn1.b.j jVar, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (!org.bouncycastle.util.a.E(a(bArr, jVar.dHe(), jVar.dHf(), cArr), jVar.dHg())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private boolean a(org.bouncycastle.crypto.util.f fVar, org.bouncycastle.asn1.p.e eVar) {
        if (!fVar.dHt().e(eVar.dHt())) {
            return false;
        }
        if (org.bouncycastle.asn1.k.a.knt.e(eVar.dHt())) {
            if (!(fVar instanceof j)) {
                return false;
            }
            j jVar = (j) fVar;
            org.bouncycastle.asn1.k.d er = org.bouncycastle.asn1.k.d.er(eVar.dHu());
            return jVar.getSaltLength() == er.getSalt().length && jVar.getBlockSize() == er.dHp().intValue() && jVar.dKw() == er.dHo().intValue() && jVar.dKx() == er.dHq().intValue();
        }
        if (!(fVar instanceof org.bouncycastle.crypto.util.e)) {
            return false;
        }
        org.bouncycastle.crypto.util.e eVar2 = (org.bouncycastle.crypto.util.e) fVar;
        g ez = g.ez(eVar.dHu());
        return eVar2.getSaltLength() == ez.getSalt().length && eVar2.getIterationCount() == ez.dHx().intValue();
    }

    private byte[] a(String str, a aVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher xg;
        AlgorithmParameters algorithmParameters;
        if (!aVar.dHt().e(h.kqz)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        org.bouncycastle.asn1.p.f ey = org.bouncycastle.asn1.p.f.ey(aVar.dHu());
        d dHw = ey.dHw();
        try {
            if (dHw.dHt().e(org.bouncycastle.asn1.l.b.kon)) {
                xg = this.helper.xg("AES/CCM/NoPadding");
                algorithmParameters = this.helper.xi("CCM");
                algorithmParameters.init(org.bouncycastle.asn1.c.a.ep(dHw.dHu()).getEncoded());
            } else {
                if (!dHw.dHt().e(org.bouncycastle.asn1.l.b.koo)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                xg = this.helper.xg("AESKWP");
                algorithmParameters = null;
            }
            org.bouncycastle.asn1.p.e dHv = ey.dHv();
            if (cArr == null) {
                cArr = new char[0];
            }
            xg.init(2, new SecretKeySpec(a(dHv, str, cArr, 32), "AES"), algorithmParameters);
            return xg.doFinal(bArr);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new IOException(e2.toString());
        }
    }

    private byte[] a(org.bouncycastle.asn1.p.e eVar, String str, char[] cArr, int i) throws IOException {
        byte[] g = n.g(cArr);
        byte[] g2 = n.g(str.toCharArray());
        if (org.bouncycastle.asn1.k.a.knt.e(eVar.dHt())) {
            org.bouncycastle.asn1.k.d er = org.bouncycastle.asn1.k.d.er(eVar.dHu());
            if (er.dHr() != null) {
                i = er.dHr().intValue();
            } else if (i == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return org.bouncycastle.crypto.d.g.a(org.bouncycastle.util.a.F(g, g2), er.getSalt(), er.dHo().intValue(), er.dHp().intValue(), er.dHp().intValue(), i);
        }
        if (!eVar.dHt().e(h.kqA)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        g ez = g.ez(eVar.dHu());
        if (ez.dHr() != null) {
            i = ez.dHr().intValue();
        } else if (i == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (ez.dHy().dHt().e(h.kqL)) {
            org.bouncycastle.crypto.d.f fVar = new org.bouncycastle.crypto.d.f(new m());
            fVar.f(org.bouncycastle.util.a.F(g, g2), ez.getSalt(), ez.dHx().intValue());
            return ((ai) fVar.Pz(i * 8)).getKey();
        }
        if (ez.dHy().dHt().e(org.bouncycastle.asn1.l.b.knP)) {
            org.bouncycastle.crypto.d.f fVar2 = new org.bouncycastle.crypto.d.f(new org.bouncycastle.crypto.b.l(512));
            fVar2.f(org.bouncycastle.util.a.F(g, g2), ez.getSalt(), ez.dHx().intValue());
            return ((ai) fVar2.Pz(i * 8)).getKey();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + ez.dHy().dHt());
    }

    private byte[] a(byte[] bArr, a aVar, org.bouncycastle.asn1.p.e eVar, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String id = aVar.dHt().getId();
        Mac xh = this.helper.xh(id);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            xh.init(new SecretKeySpec(a(eVar, "INTEGRITY_CHECK", cArr, -1), id));
            return xh.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IOException("Cannot set up MAC calculation: " + e.getMessage());
        }
    }

    private char[] a(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException {
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            return null;
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
            throw new IllegalArgumentException("no support for protection parameter of type " + protectionParameter.getClass().getName());
        }
        CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (UnsupportedCallbackException e) {
            throw new IllegalArgumentException("PasswordCallback not recognised: " + e.getMessage(), e);
        }
    }

    private SecureRandom dKX() {
        return org.bouncycastle.crypto.g.getSecureRandom();
    }

    private Certificate fp(Object obj) {
        b bVar = this.helper;
        if (bVar != null) {
            try {
                return bVar.xm("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.f.eR(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.f.eR(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private static String l(o oVar) {
        String str = kJo.get(oVar);
        return str != null ? str : oVar.getId();
    }

    private Cipher o(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher xg = this.helper.xg(str);
        xg.init(1, new SecretKeySpec(bArr, "AES"));
        return xg;
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.entries.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.entries.get(str) == null) {
            return;
        }
        this.kJv.remove(str);
        this.entries.remove(str);
        this.kJz = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.dGY().equals(kJr) || eVar.dGY().equals(kJt)) {
            return fp(c.ef(eVar.getData()).dGS()[0]);
        }
        if (eVar.dGY().equals(kJq)) {
            return fp(eVar.getData());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                e eVar = this.entries.get(str);
                if (eVar.dGY().equals(kJq)) {
                    if (org.bouncycastle.util.a.D(eVar.getData(), encoded)) {
                        return str;
                    }
                } else if (eVar.dGY().equals(kJr) || eVar.dGY().equals(kJt)) {
                    try {
                        if (org.bouncycastle.util.a.D(c.ef(eVar.getData()).dGS()[0].dGd().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                        continue;
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        if (!eVar.dGY().equals(kJr) && !eVar.dGY().equals(kJt)) {
            return null;
        }
        org.bouncycastle.asn1.x509.f[] dGS = c.ef(eVar.getData()).dGS();
        X509Certificate[] x509CertificateArr = new X509Certificate[dGS.length];
        for (int i = 0; i != x509CertificateArr.length; i++) {
            x509CertificateArr[i] = fp(dGS[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        try {
            return eVar.dGX().getDate();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.dGY().equals(kJr) || eVar.dGY().equals(kJt)) {
            PrivateKey privateKey = this.kJv.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            org.bouncycastle.asn1.p.c ev = org.bouncycastle.asn1.p.c.ev(c.ef(eVar.getData()).dGT());
            try {
                i eA = i.eA(a("PRIVATE_KEY_ENCRYPTION", ev.dGR(), cArr, ev.getEncryptedData()));
                PrivateKey generatePrivate = this.helper.xj(l(eA.dHA().dHt())).generatePrivate(new PKCS8EncodedKeySpec(eA.getEncoded()));
                this.kJv.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e.getMessage());
            }
        }
        if (!eVar.dGY().equals(kJs) && !eVar.dGY().equals(kJu)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        org.bouncycastle.asn1.b.d eg = org.bouncycastle.asn1.b.d.eg(eVar.getData());
        try {
            k en = k.en(a("SECRET_KEY_ENCRYPTION", eg.dGU(), cArr, eg.dGV()));
            return this.helper.xk(en.dHh().getId()).generateSecret(new SecretKeySpec(en.fu(), en.dHh().getId()));
        } catch (Exception e2) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        e eVar = this.entries.get(str);
        if (eVar != null) {
            return eVar.dGY().equals(kJq);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return false;
        }
        BigInteger dGY = eVar.dGY();
        return dGY.equals(kJr) || dGY.equals(kJs) || dGY.equals(kJt) || dGY.equals(kJu);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        a dHj;
        org.bouncycastle.asn1.f dHa;
        PublicKey publicKey;
        org.bouncycastle.asn1.b.h ek;
        this.entries.clear();
        this.kJv.clear();
        this.kJy = null;
        this.kJz = null;
        this.kJw = null;
        if (inputStream == null) {
            Date date = new Date();
            this.kJy = date;
            this.kJz = date;
            this.kJp = null;
            this.kHO = null;
            this.kJw = new a(h.kqL, ax.khA);
            this.kJx = a(h.kqA, 64);
            return;
        }
        try {
            org.bouncycastle.asn1.b.g ej = org.bouncycastle.asn1.b.g.ej(new org.bouncycastle.asn1.k(inputStream).dGp());
            org.bouncycastle.asn1.b.i dGZ = ej.dGZ();
            if (dGZ.getType() == 0) {
                org.bouncycastle.asn1.b.j em = org.bouncycastle.asn1.b.j.em(dGZ.dHd());
                this.kJw = em.dHe();
                this.kJx = em.dHf();
                dHj = this.kJw;
                try {
                    a(ej.dHa().dGd().getEncoded(), em, cArr);
                } catch (NoSuchProviderException e) {
                    throw new IOException(e.getMessage());
                }
            } else {
                if (dGZ.getType() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                l eo = l.eo(dGZ.dHd());
                dHj = eo.dHj();
                try {
                    org.bouncycastle.asn1.x509.f[] dHk = eo.dHk();
                    if (this.kHO == null) {
                        dHa = ej.dHa();
                        publicKey = this.kJp;
                    } else {
                        if (dHk == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory xm = this.helper.xm("X.509");
                        X509Certificate[] x509CertificateArr = new X509Certificate[dHk.length];
                        for (int i = 0; i != x509CertificateArr.length; i++) {
                            x509CertificateArr[i] = (X509Certificate) xm.generateCertificate(new ByteArrayInputStream(dHk[i].getEncoded()));
                        }
                        if (!this.kHO.b(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        dHa = ej.dHa();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    a(dHa, eo, publicKey);
                } catch (GeneralSecurityException e2) {
                    throw new IOException("error verifying signature: " + e2.getMessage(), e2);
                }
            }
            org.bouncycastle.asn1.f dHa2 = ej.dHa();
            if (dHa2 instanceof org.bouncycastle.asn1.b.b) {
                org.bouncycastle.asn1.b.b bVar = (org.bouncycastle.asn1.b.b) dHa2;
                ek = org.bouncycastle.asn1.b.h.ek(a("STORE_ENCRYPTION", bVar.dGR(), cArr, bVar.dGQ().dFY()));
            } else {
                ek = org.bouncycastle.asn1.b.h.ek(dHa2);
            }
            try {
                this.kJy = ek.dGW().getDate();
                this.kJz = ek.dGX().getDate();
                if (!ek.dHb().equals(dHj)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<org.bouncycastle.asn1.f> it = ek.dHc().iterator();
                while (it.hasNext()) {
                    e eh = e.eh(it.next());
                    this.entries.put(eh.getIdentifier(), eh);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e3) {
            throw new IOException(e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof org.bouncycastle.jcajce.b) {
                engineLoad(((org.bouncycastle.jcajce.b) loadStoreParameter).getInputStream(), a(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        char[] a2 = a(bCFKSLoadStoreParameter);
        this.kJx = a(bCFKSLoadStoreParameter.dKz(), 64);
        this.kJA = bCFKSLoadStoreParameter.dKA() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? org.bouncycastle.asn1.l.b.kon : org.bouncycastle.asn1.l.b.koo;
        this.kJw = bCFKSLoadStoreParameter.dKB() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(h.kqL, ax.khA) : new a(org.bouncycastle.asn1.l.b.knP, ax.khA);
        this.kJp = (PublicKey) bCFKSLoadStoreParameter.dKD();
        this.kHO = bCFKSLoadStoreParameter.dKF();
        this.kjF = a(this.kJp, bCFKSLoadStoreParameter.dKC());
        a aVar = this.kJw;
        o oVar = this.kJA;
        InputStream inputStream = bCFKSLoadStoreParameter.getInputStream();
        engineLoad(inputStream, a2);
        if (inputStream != null) {
            if (!a(bCFKSLoadStoreParameter.dKz(), this.kJx) || !oVar.e(this.kJA)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        e eVar = this.entries.get(str);
        Date date2 = new Date();
        if (eVar == null) {
            date = date2;
        } else {
            if (!eVar.dGY().equals(kJq)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = a(eVar, date2);
        }
        try {
            this.entries.put(str, new e(kJq, str, date, date2, certificate.getEncoded(), null));
            this.kJz = date2;
        } catch (CertificateEncodingException e) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        k kVar;
        org.bouncycastle.asn1.b.d dVar;
        org.bouncycastle.asn1.p.c cVar;
        Date date = new Date();
        e eVar = this.entries.get(str);
        Date a2 = eVar != null ? a(eVar, date) : date;
        this.kJv.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                org.bouncycastle.asn1.p.e a3 = a(h.kqA, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a4 = a(a3, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                if (this.kJA.e(org.bouncycastle.asn1.l.b.kon)) {
                    Cipher o = o("AES/CCM/NoPadding", a4);
                    cVar = new org.bouncycastle.asn1.p.c(new a(h.kqz, new org.bouncycastle.asn1.p.f(a3, new d(org.bouncycastle.asn1.l.b.kon, org.bouncycastle.asn1.c.a.ep(o.getParameters().getEncoded())))), o.doFinal(encoded));
                } else {
                    cVar = new org.bouncycastle.asn1.p.c(new a(h.kqz, new org.bouncycastle.asn1.p.f(a3, new d(org.bouncycastle.asn1.l.b.koo))), o("AESKWP", a4).doFinal(encoded));
                }
                this.entries.put(str, new e(kJr, str, a2, date, a(cVar, certificateArr).getEncoded(), null));
            } catch (Exception e) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                org.bouncycastle.asn1.p.e a5 = a(h.kqA, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a6 = a(a5, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String upperCase = Strings.toUpperCase(key.getAlgorithm());
                if (upperCase.indexOf("AES") > -1) {
                    kVar = new k(org.bouncycastle.asn1.l.b.knQ, encoded2);
                } else {
                    o oVar = kJn.get(upperCase);
                    if (oVar != null) {
                        kVar = new k(oVar, encoded2);
                    } else {
                        o oVar2 = kJn.get(upperCase + "." + (encoded2.length * 8));
                        if (oVar2 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + upperCase + ") for storage.");
                        }
                        kVar = new k(oVar2, encoded2);
                    }
                }
                if (this.kJA.e(org.bouncycastle.asn1.l.b.kon)) {
                    Cipher o2 = o("AES/CCM/NoPadding", a6);
                    dVar = new org.bouncycastle.asn1.b.d(new a(h.kqz, new org.bouncycastle.asn1.p.f(a5, new d(org.bouncycastle.asn1.l.b.kon, org.bouncycastle.asn1.c.a.ep(o2.getParameters().getEncoded())))), o2.doFinal(kVar.getEncoded()));
                } else {
                    dVar = new org.bouncycastle.asn1.b.d(new a(h.kqz, new org.bouncycastle.asn1.p.f(a5, new d(org.bouncycastle.asn1.l.b.koo))), o("AESKWP", a6).doFinal(kVar.getEncoded()));
                }
                this.entries.put(str, new e(kJs, str, a2, date, dVar.getEncoded(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        }
        this.kJz = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        e eVar = this.entries.get(str);
        Date a2 = eVar != null ? a(eVar, date) : date;
        if (certificateArr != null) {
            try {
                org.bouncycastle.asn1.p.c ev = org.bouncycastle.asn1.p.c.ev(bArr);
                try {
                    this.kJv.remove(str);
                    this.entries.put(str, new e(kJt, str, a2, date, a(ev, certificateArr).getEncoded(), null));
                } catch (Exception e) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.entries.put(str, new e(kJu, str, a2, date, bArr, null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e3.toString(), e3);
            }
        }
        this.kJz = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        org.bouncycastle.asn1.p.e eVar;
        BigInteger dHr;
        if (this.kJy == null) {
            throw new IOException("KeyStore not initialized");
        }
        org.bouncycastle.asn1.b.b a2 = a(this.kJw, cArr);
        if (org.bouncycastle.asn1.k.a.knt.e(this.kJx.dHt())) {
            org.bouncycastle.asn1.k.d er = org.bouncycastle.asn1.k.d.er(this.kJx.dHu());
            eVar = this.kJx;
            dHr = er.dHr();
        } else {
            g ez = g.ez(this.kJx.dHu());
            eVar = this.kJx;
            dHr = ez.dHr();
        }
        this.kJx = a(eVar, dHr.intValue());
        try {
            outputStream.write(new org.bouncycastle.asn1.b.g(a2, new org.bouncycastle.asn1.b.i(new org.bouncycastle.asn1.b.j(this.kJw, this.kJx, a(a2.getEncoded(), this.kJw, this.kJx, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e) {
            throw new IOException("cannot calculate mac: " + e.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        l lVar;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof org.bouncycastle.jcajce.a) {
            org.bouncycastle.jcajce.a aVar = (org.bouncycastle.jcajce.a) loadStoreParameter;
            char[] a2 = a(loadStoreParameter);
            this.kJx = a(aVar.dKz(), 64);
            engineStore(aVar.getOutputStream(), a2);
            return;
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof org.bouncycastle.jcajce.b) {
                engineStore(((org.bouncycastle.jcajce.b) loadStoreParameter).getOutputStream(), a(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        if (bCFKSLoadStoreParameter.dKD() == null) {
            char[] a3 = a(bCFKSLoadStoreParameter);
            this.kJx = a(bCFKSLoadStoreParameter.dKz(), 64);
            this.kJA = bCFKSLoadStoreParameter.dKA() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? org.bouncycastle.asn1.l.b.kon : org.bouncycastle.asn1.l.b.koo;
            this.kJw = bCFKSLoadStoreParameter.dKB() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(h.kqL, ax.khA) : new a(org.bouncycastle.asn1.l.b.knP, ax.khA);
            engineStore(bCFKSLoadStoreParameter.getOutputStream(), a3);
            return;
        }
        this.kjF = a(bCFKSLoadStoreParameter.dKD(), bCFKSLoadStoreParameter.dKC());
        this.kJx = a(bCFKSLoadStoreParameter.dKz(), 64);
        this.kJA = bCFKSLoadStoreParameter.dKA() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? org.bouncycastle.asn1.l.b.kon : org.bouncycastle.asn1.l.b.koo;
        this.kJw = bCFKSLoadStoreParameter.dKB() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(h.kqL, ax.khA) : new a(org.bouncycastle.asn1.l.b.knP, ax.khA);
        org.bouncycastle.asn1.b.b a4 = a(this.kjF, a(bCFKSLoadStoreParameter));
        try {
            Signature xl = this.helper.xl(this.kjF.dHt().getId());
            xl.initSign((PrivateKey) bCFKSLoadStoreParameter.dKD());
            xl.update(a4.getEncoded());
            X509Certificate[] dKE = bCFKSLoadStoreParameter.dKE();
            if (dKE != null) {
                org.bouncycastle.asn1.x509.f[] fVarArr = new org.bouncycastle.asn1.x509.f[dKE.length];
                for (int i = 0; i != fVarArr.length; i++) {
                    fVarArr[i] = org.bouncycastle.asn1.x509.f.eR(dKE[i].getEncoded());
                }
                lVar = new l(this.kjF, fVarArr, xl.sign());
            } else {
                lVar = new l(this.kjF, xl.sign());
            }
            bCFKSLoadStoreParameter.getOutputStream().write(new org.bouncycastle.asn1.b.g(a4, new org.bouncycastle.asn1.b.i(lVar)).getEncoded());
            bCFKSLoadStoreParameter.getOutputStream().flush();
        } catch (GeneralSecurityException e) {
            throw new IOException("error creating signature: " + e.getMessage(), e);
        }
    }
}
