package org.bouncycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import o.A;
import o.AbstractC2988if0;
import o.AbstractC3658nf0;
import o.C0625Dm0;
import o.C0649Dy0;
import o.C1020Ky0;
import o.C1027Lc;
import o.C1071Ly0;
import o.C1078Mc;
import o.C1344Rc;
import o.C1378Rt;
import o.C1625Wc;
import o.C1678Xc0;
import o.C1730Yc0;
import o.C2063bh;
import o.C2321dd0;
import o.C2453ed0;
import o.C2586fd0;
import o.C3064jD0;
import o.C3120jf0;
import o.C3193kB0;
import o.C3244kb;
import o.C3253kf0;
import o.C3326lB0;
import o.C3352lO0;
import o.C3519mf0;
import o.C3730oB;
import o.C3816os;
import o.C3880pJ0;
import o.C3996qB;
import o.C4128rB;
import o.C4261sB;
import o.C4327si;
import o.C4394tB;
import o.C4592uh0;
import o.C4721vf0;
import o.C5276zr;
import o.F60;
import o.G;
import o.InterfaceC1458Tc0;
import o.InterfaceC2035bT;
import o.InterfaceC2713ga0;
import o.InterfaceC3901pU;
import o.InterfaceC4854wf0;
import o.KU;
import o.M90;
import o.N61;
import o.P90;
import o.S3;
import o.X61;
import o.ZU;
import o.r;
import org.bouncycastle.jcajce.provider.keystore.util.AdaptingKeyStoreSpi;
import org.bouncycastle.jcajce.provider.keystore.util.ParameterUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map<String, G> oidMap;
    private static final Map<G, String> publicAlgMap;
    private Date creationDate;
    private final InterfaceC2035bT helper;
    private S3 hmacAlgorithm;
    private KU hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private S3 signatureAlgorithm;
    private C1027Lc.a validator;
    private PublicKey verificationKey;
    private final Map<String, C1678Xc0> entries = new HashMap();
    private final Map<String, PrivateKey> privateKeyCache = new HashMap();
    private G storeEncryptionAlgorithm = M90.V;

    /* loaded from: classes2.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new C1378Rt());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes2.dex */
    public static class DefCompat extends AdaptingKeyStoreSpi {
        public DefCompat() {
            super(new C1378Rt(), new BcFKSKeyStoreSpi(new C1378Rt()));
        }
    }

    /* loaded from: classes2.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new C1378Rt());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes2.dex */
    public static class DefSharedCompat extends AdaptingKeyStoreSpi {
        public DefSharedCompat() {
            super(new C1378Rt(), new BcFKSKeyStoreSpi(new C1378Rt()));
        }
    }

    /* loaded from: classes2.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        public ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes2.dex */
    public static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements InterfaceC4854wf0, N61 {
        private final Map<String, byte[]> cache;
        private final byte[] seedKey;

        public SharedKeyStoreSpi(InterfaceC2035bT interfaceC2035bT) {
            super(interfaceC2035bT);
            try {
                byte[] bArr = new byte[32];
                this.seedKey = bArr;
                interfaceC2035bT.a("DEFAULT").nextBytes(bArr);
                this.cache = new HashMap();
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException("can't create random - " + e.toString());
            }
        }

        private byte[] calculateMac(String str, char[] cArr) {
            return C0649Dy0.i(cArr != null ? C3244kb.i(C3352lO0.i(cArr), C3352lO0.h(str)) : C3244kb.i(this.seedKey, C3352lO0.h(str)), this.seedKey, 16384, 8, 1, 32);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) {
            try {
                byte[] calculateMac = calculateMac(str, cArr);
                if (!this.cache.containsKey(str) || C3244kb.l(this.cache.get(str), calculateMac)) {
                    Key engineGetKey = super.engineGetKey(str, cArr);
                    if (engineGetKey != null && !this.cache.containsKey(str)) {
                        this.cache.put(str, calculateMac);
                    }
                    return engineGetKey;
                }
                throw new UnrecoverableKeyException("unable to recover key (" + str + ")");
            } catch (InvalidKeyException e) {
                throw new UnrecoverableKeyException("unable to recover key (" + str + "): " + e.getMessage());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes2.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new C1344Rc());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes2.dex */
    public static class StdCompat extends AdaptingKeyStoreSpi {
        public StdCompat() {
            super(new C1378Rt(), new BcFKSKeyStoreSpi(new C1344Rc()));
        }
    }

    /* loaded from: classes2.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new C1344Rc());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes2.dex */
    public static class StdSharedCompat extends AdaptingKeyStoreSpi {
        public StdSharedCompat() {
            super(new C1344Rc(), new BcFKSKeyStoreSpi(new C1344Rc()));
        }
    }

    static {
        HashMap hashMap = new HashMap();
        oidMap = hashMap;
        HashMap hashMap2 = new HashMap();
        publicAlgMap = hashMap2;
        G g = InterfaceC1458Tc0.h;
        hashMap.put("DESEDE", g);
        hashMap.put("TRIPLEDES", g);
        hashMap.put("TDEA", g);
        hashMap.put("HMACSHA1", InterfaceC4854wf0.W);
        hashMap.put("HMACSHA224", InterfaceC4854wf0.a0);
        hashMap.put("HMACSHA256", InterfaceC4854wf0.b0);
        hashMap.put("HMACSHA384", InterfaceC4854wf0.c0);
        hashMap.put("HMACSHA512", InterfaceC4854wf0.d0);
        hashMap.put("SEED", InterfaceC3901pU.a);
        hashMap.put("CAMELLIA.128", InterfaceC2713ga0.a);
        hashMap.put("CAMELLIA.192", InterfaceC2713ga0.b);
        hashMap.put("CAMELLIA.256", InterfaceC2713ga0.c);
        hashMap.put("ARIA.128", P90.h);
        hashMap.put("ARIA.192", P90.m);
        hashMap.put("ARIA.256", P90.r);
        hashMap2.put(InterfaceC4854wf0.m, "RSA");
        hashMap2.put(X61.X2, "EC");
        hashMap2.put(InterfaceC1458Tc0.l, "DH");
        hashMap2.put(InterfaceC4854wf0.D, "DH");
        hashMap2.put(X61.H3, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    public BcFKSKeyStoreSpi(InterfaceC2035bT interfaceC2035bT) {
        this.helper = interfaceC2035bT;
    }

    private byte[] calculateMac(byte[] bArr, S3 s3, KU ku, char[] cArr) {
        String J = s3.u().J();
        Mac c = this.helper.c(J);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            c.init(new SecretKeySpec(generateKey(ku, "INTEGRITY_CHECK", cArr, -1), J));
            return c.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IOException("Cannot set up MAC calculation: " + e.getMessage());
        }
    }

    private Cipher createCipher(String str, byte[] bArr) {
        Cipher b = this.helper.b(str);
        b.init(1, new SecretKeySpec(bArr, "AES"));
        return b;
    }

    private C3996qB createPrivateKeySequence(C4128rB c4128rB, Certificate[] certificateArr) {
        C4327si[] c4327siArr = new C4327si[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            c4327siArr[i] = C4327si.u(certificateArr[i].getEncoded());
        }
        return new C3996qB(c4128rB, c4327siArr);
    }

    private Certificate decodeCertificate(Object obj) {
        InterfaceC2035bT interfaceC2035bT = this.helper;
        if (interfaceC2035bT != null) {
            try {
                return interfaceC2035bT.d("X.509").generateCertificate(new ByteArrayInputStream(C4327si.u(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(C4327si.u(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] decryptData(String str, S3 s3, char[] cArr, byte[] bArr) {
        Cipher b;
        AlgorithmParameters algorithmParameters;
        if (!s3.u().A(InterfaceC4854wf0.M)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        C3120jf0 w = C3120jf0.w(s3.x());
        C4394tB u = w.u();
        try {
            if (u.u().A(M90.V)) {
                b = this.helper.b("AES/CCM/NoPadding");
                algorithmParameters = this.helper.e("CCM");
                algorithmParameters.init(C2063bh.u(u.x()).getEncoded());
            } else {
                if (!u.u().A(M90.W)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                b = this.helper.b("AESKWP");
                algorithmParameters = null;
            }
            KU x = w.x();
            if (cArr == null) {
                cArr = new char[0];
            }
            b.init(2, new SecretKeySpec(generateKey(x, str, cArr, 32), "AES"), algorithmParameters);
            return b.doFinal(bArr);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new IOException(e2.toString());
        }
    }

    private Date extractCreationDate(C1678Xc0 c1678Xc0, Date date) {
        try {
            return c1678Xc0.u().I();
        } catch (ParseException unused) {
            return date;
        }
    }

    private byte[] generateKey(KU ku, String str, char[] cArr, int i) {
        byte[] a = AbstractC2988if0.a(cArr);
        byte[] a2 = AbstractC2988if0.a(str.toCharArray());
        if (F60.O.A(ku.u())) {
            C3326lB0 x = C3326lB0.x(ku.x());
            if (x.y() != null) {
                i = x.y().intValue();
            } else if (i == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return C0649Dy0.i(C3244kb.i(a, a2), x.A(), x.w().intValue(), x.u().intValue(), x.u().intValue(), i);
        }
        if (!ku.u().A(InterfaceC4854wf0.L)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        C3519mf0 u = C3519mf0.u(ku.x());
        if (u.x() != null) {
            i = u.x().intValue();
        } else if (i == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (u.y().u().A(InterfaceC4854wf0.d0)) {
            C4721vf0 c4721vf0 = new C4721vf0(new C1071Ly0());
            c4721vf0.c(C3244kb.i(a, a2), u.z(), u.w().intValue());
            return ((ZU) c4721vf0.f(i * 8)).a();
        }
        if (u.y().u().A(M90.r)) {
            C4721vf0 c4721vf02 = new C4721vf0(new C1020Ky0(512));
            c4721vf02.c(C3244kb.i(a, a2), u.z(), u.w().intValue());
            return ((ZU) c4721vf02.f(i * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + u.y().u());
    }

    private KU generatePkbdAlgorithmIdentifier(G g, int i) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        G g2 = InterfaceC4854wf0.L;
        if (g2.A(g)) {
            return new KU(g2, new C3519mf0(bArr, 51200, i, new S3(InterfaceC4854wf0.d0, C3816os.Y)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + g);
    }

    private KU generatePkbdAlgorithmIdentifier(KU ku, int i) {
        G g = F60.O;
        boolean A = g.A(ku.u());
        r x = ku.x();
        if (A) {
            C3326lB0 x2 = C3326lB0.x(x);
            byte[] bArr = new byte[x2.A().length];
            getDefaultSecureRandom().nextBytes(bArr);
            return new KU(g, new C3326lB0(bArr, x2.w(), x2.u(), x2.z(), BigInteger.valueOf(i)));
        }
        C3519mf0 u = C3519mf0.u(x);
        byte[] bArr2 = new byte[u.z().length];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new KU(InterfaceC4854wf0.L, new C3519mf0(bArr2, u.w().intValue(), i, u.y()));
    }

    private KU generatePkbdAlgorithmIdentifier(AbstractC3658nf0 abstractC3658nf0, int i) {
        G g = F60.O;
        if (g.A(abstractC3658nf0.a())) {
            C3193kB0 c3193kB0 = (C3193kB0) abstractC3658nf0;
            byte[] bArr = new byte[c3193kB0.e()];
            getDefaultSecureRandom().nextBytes(bArr);
            return new KU(g, new C3326lB0(bArr, c3193kB0.c(), c3193kB0.b(), c3193kB0.d(), i));
        }
        C3253kf0 c3253kf0 = (C3253kf0) abstractC3658nf0;
        byte[] bArr2 = new byte[c3253kf0.d()];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new KU(InterfaceC4854wf0.L, new C3519mf0(bArr2, c3253kf0.b(), i, c3253kf0.c()));
    }

    private S3 generateSignatureAlgId(Key key, C1027Lc.d dVar) {
        if (key == null) {
            return null;
        }
        if (key instanceof DSAKey) {
            if (dVar == C1027Lc.d.SHA512withDSA) {
                return new S3(M90.d0);
            }
            if (dVar == C1027Lc.d.SHA3_512withDSA) {
                return new S3(M90.h0);
            }
        }
        if (key instanceof RSAKey) {
            if (dVar == C1027Lc.d.SHA512withRSA) {
                return new S3(InterfaceC4854wf0.y, C3816os.Y);
            }
            if (dVar == C1027Lc.d.SHA3_512withRSA) {
                return new S3(M90.p0, C3816os.Y);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private SecureRandom getDefaultSecureRandom() {
        return C5276zr.d();
    }

    private C3730oB getEncryptedObjectStoreData(S3 s3, char[] cArr) {
        C1678Xc0[] c1678Xc0Arr = (C1678Xc0[]) this.entries.values().toArray(new C1678Xc0[this.entries.size()]);
        KU generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(this.hmacPkbdAlgorithm, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr, 32);
        C2453ed0 c2453ed0 = new C2453ed0(s3, this.creationDate, this.lastModifiedDate, new C1730Yc0(c1678Xc0Arr), null);
        try {
            G g = this.storeEncryptionAlgorithm;
            G g2 = M90.V;
            if (!g.A(g2)) {
                return new C3730oB(new S3(InterfaceC4854wf0.M, new C3120jf0(generatePkbdAlgorithmIdentifier, new C4394tB(M90.W))), createCipher("AESKWP", generateKey).doFinal(c2453ed0.getEncoded()));
            }
            Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
            return new C3730oB(new S3(InterfaceC4854wf0.M, new C3120jf0(generatePkbdAlgorithmIdentifier, new C4394tB(g2, C2063bh.u(createCipher.getParameters().getEncoded())))), createCipher.doFinal(c2453ed0.getEncoded()));
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (NoSuchProviderException e2) {
            throw new IOException(e2.toString());
        } catch (BadPaddingException e3) {
            throw new IOException(e3.toString());
        } catch (IllegalBlockSizeException e4) {
            throw new IOException(e4.toString());
        } catch (NoSuchPaddingException e5) {
            throw new NoSuchAlgorithmException(e5.toString());
        }
    }

    private static String getPublicKeyAlg(G g) {
        String str = publicAlgMap.get(g);
        return str != null ? str : g.J();
    }

    private boolean isSimilarHmacPbkd(AbstractC3658nf0 abstractC3658nf0, KU ku) {
        if (!abstractC3658nf0.a().A(ku.u())) {
            return false;
        }
        if (F60.O.A(ku.u())) {
            if (!(abstractC3658nf0 instanceof C3193kB0)) {
                return false;
            }
            C3193kB0 c3193kB0 = (C3193kB0) abstractC3658nf0;
            C3326lB0 x = C3326lB0.x(ku.x());
            return c3193kB0.e() == x.A().length && c3193kB0.b() == x.u().intValue() && c3193kB0.c() == x.w().intValue() && c3193kB0.d() == x.z().intValue();
        }
        if (!(abstractC3658nf0 instanceof C3253kf0)) {
            return false;
        }
        C3253kf0 c3253kf0 = (C3253kf0) abstractC3658nf0;
        C3519mf0 u = C3519mf0.u(ku.x());
        return c3253kf0.d() == u.z().length && c3253kf0.b() == u.w().intValue();
    }

    private void verifyMac(byte[] bArr, C4592uh0 c4592uh0, char[] cArr) {
        if (!C3244kb.l(calculateMac(bArr, c4592uh0.x(), c4592uh0.y(), cArr), c4592uh0.w())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private void verifySig(r rVar, C3880pJ0 c3880pJ0, PublicKey publicKey) {
        Signature g = this.helper.g(c3880pJ0.y().u().J());
        g.initVerify(publicKey);
        g.update(rVar.e().t("DER"));
        if (!g.verify(c3880pJ0.x().I())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.entries.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
        if (this.entries.get(str) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        C1678Xc0 c1678Xc0 = this.entries.get(str);
        if (c1678Xc0 == null) {
            return null;
        }
        if (c1678Xc0.A().equals(PRIVATE_KEY) || c1678Xc0.A().equals(PROTECTED_PRIVATE_KEY)) {
            return decodeCertificate(C3996qB.x(c1678Xc0.w()).u()[0]);
        }
        if (c1678Xc0.A().equals(CERTIFICATE)) {
            return decodeCertificate(c1678Xc0.w());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                C1678Xc0 c1678Xc0 = this.entries.get(str);
                if (c1678Xc0.A().equals(CERTIFICATE)) {
                    if (C3244kb.a(c1678Xc0.w(), encoded)) {
                        return str;
                    }
                } else if (c1678Xc0.A().equals(PRIVATE_KEY) || c1678Xc0.A().equals(PROTECTED_PRIVATE_KEY)) {
                    try {
                        if (C3244kb.a(C3996qB.x(c1678Xc0.w()).u()[0].e().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        C1678Xc0 c1678Xc0 = this.entries.get(str);
        if (c1678Xc0 == null) {
            return null;
        }
        if (!c1678Xc0.A().equals(PRIVATE_KEY) && !c1678Xc0.A().equals(PROTECTED_PRIVATE_KEY)) {
            return null;
        }
        C4327si[] u = C3996qB.x(c1678Xc0.w()).u();
        int length = u.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i != length; i++) {
            x509CertificateArr[i] = decodeCertificate(u[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        C1678Xc0 c1678Xc0 = this.entries.get(str);
        if (c1678Xc0 == null) {
            return null;
        }
        try {
            return c1678Xc0.z().I();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        C1678Xc0 c1678Xc0 = this.entries.get(str);
        if (c1678Xc0 == null) {
            return null;
        }
        if (c1678Xc0.A().equals(PRIVATE_KEY) || c1678Xc0.A().equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey privateKey = this.privateKeyCache.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            C4128rB x = C4128rB.x(C3996qB.x(c1678Xc0.w()).w());
            try {
                C0625Dm0 w = C0625Dm0.w(decryptData("PRIVATE_KEY_ENCRYPTION", x.w(), cArr, x.u()));
                PrivateKey generatePrivate = this.helper.h(getPublicKeyAlg(w.x().u())).generatePrivate(new PKCS8EncodedKeySpec(w.getEncoded()));
                this.privateKeyCache.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e.getMessage());
            }
        }
        if (!c1678Xc0.A().equals(SECRET_KEY) && !c1678Xc0.A().equals(PROTECTED_SECRET_KEY)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        C4261sB w2 = C4261sB.w(c1678Xc0.w());
        try {
            C3064jD0 u = C3064jD0.u(decryptData("SECRET_KEY_ENCRYPTION", w2.x(), cArr, w2.u()));
            return this.helper.f(u.w().J()).generateSecret(new SecretKeySpec(u.x(), u.w().J()));
        } catch (Exception e2) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        C1678Xc0 c1678Xc0 = this.entries.get(str);
        if (c1678Xc0 != null) {
            return c1678Xc0.A().equals(CERTIFICATE);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        C1678Xc0 c1678Xc0 = this.entries.get(str);
        if (c1678Xc0 == null) {
            return false;
        }
        BigInteger A = c1678Xc0.A();
        return A.equals(PRIVATE_KEY) || A.equals(SECRET_KEY) || A.equals(PROTECTED_PRIVATE_KEY) || A.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        S3 y;
        C2453ed0 w;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.verificationKey = null;
            this.hmacAlgorithm = new S3(InterfaceC4854wf0.d0, C3816os.Y);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(InterfaceC4854wf0.L, 64);
            return;
        }
        try {
            C2321dd0 u = C2321dd0.u(new A(inputStream).E());
            C2586fd0 w2 = u.w();
            if (w2.x() == 0) {
                C4592uh0 u2 = C4592uh0.u(w2.w());
                this.hmacAlgorithm = u2.x();
                this.hmacPkbdAlgorithm = u2.y();
                y = this.hmacAlgorithm;
                try {
                    verifyMac(u.x().e().getEncoded(), u2, cArr);
                } catch (NoSuchProviderException e) {
                    throw new IOException(e.getMessage());
                }
            } else {
                if (w2.x() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                C3880pJ0 w3 = C3880pJ0.w(w2.w());
                y = w3.y();
                try {
                    w3.u();
                    verifySig(u.x(), w3, this.verificationKey);
                } catch (GeneralSecurityException e2) {
                    throw new IOException("error verifying signature: " + e2.getMessage(), e2);
                }
            }
            r x = u.x();
            if (x instanceof C3730oB) {
                C3730oB c3730oB = (C3730oB) x;
                w = C2453ed0.w(decryptData("STORE_ENCRYPTION", c3730oB.w(), cArr, c3730oB.u().H()));
            } else {
                w = C2453ed0.w(x);
            }
            try {
                this.creationDate = w.u().I();
                this.lastModifiedDate = w.y().I();
                if (!w.x().equals(y)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<r> it = w.z().iterator();
                while (it.hasNext()) {
                    C1678Xc0 y2 = C1678Xc0.y(it.next());
                    this.entries.put(y2.x(), y2);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e3) {
            throw new IOException(e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
        if (loadStoreParameter == null) {
            engineLoad(null, null);
            return;
        }
        if (!(loadStoreParameter instanceof C1027Lc)) {
            if (loadStoreParameter instanceof C1625Wc) {
                engineLoad(((C1625Wc) loadStoreParameter).a(), ParameterUtil.extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        C1027Lc c1027Lc = (C1027Lc) loadStoreParameter;
        char[] extractPassword = ParameterUtil.extractPassword(c1027Lc);
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(c1027Lc.g(), 64);
        this.storeEncryptionAlgorithm = c1027Lc.e() == C1027Lc.b.AES256_CCM ? M90.V : M90.W;
        this.hmacAlgorithm = c1027Lc.f() == C1027Lc.c.HmacSHA512 ? new S3(InterfaceC4854wf0.d0, C3816os.Y) : new S3(M90.r, C3816os.Y);
        this.verificationKey = (PublicKey) c1027Lc.i();
        c1027Lc.c();
        this.signatureAlgorithm = generateSignatureAlgId(this.verificationKey, c1027Lc.h());
        G g = this.storeEncryptionAlgorithm;
        InputStream a = c1027Lc.a();
        engineLoad(a, extractPassword);
        if (a != null) {
            if (!isSimilarHmacPbkd(c1027Lc.g(), this.hmacPkbdAlgorithm) || !g.A(this.storeEncryptionAlgorithm)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        Date date;
        C1678Xc0 c1678Xc0 = this.entries.get(str);
        Date date2 = new Date();
        if (c1678Xc0 == null) {
            date = date2;
        } else {
            if (!c1678Xc0.A().equals(CERTIFICATE)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = extractCreationDate(c1678Xc0, date2);
        }
        try {
            this.entries.put(str, new C1678Xc0(CERTIFICATE, str, date, date2, certificate.getEncoded(), null));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
        C3064jD0 c3064jD0;
        C4261sB c4261sB;
        C4128rB c4128rB;
        Date date = new Date();
        C1678Xc0 c1678Xc0 = this.entries.get(str);
        Date extractCreationDate = c1678Xc0 != null ? extractCreationDate(c1678Xc0, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                KU generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(InterfaceC4854wf0.L, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                G g = this.storeEncryptionAlgorithm;
                G g2 = M90.V;
                if (g.A(g2)) {
                    Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
                    c4128rB = new C4128rB(new S3(InterfaceC4854wf0.M, new C3120jf0(generatePkbdAlgorithmIdentifier, new C4394tB(g2, C2063bh.u(createCipher.getParameters().getEncoded())))), createCipher.doFinal(encoded));
                } else {
                    c4128rB = new C4128rB(new S3(InterfaceC4854wf0.M, new C3120jf0(generatePkbdAlgorithmIdentifier, new C4394tB(M90.W))), createCipher("AESKWP", generateKey).doFinal(encoded));
                }
                this.entries.put(str, new C1678Xc0(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(c4128rB, certificateArr).getEncoded(), null));
            } catch (Exception e) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                KU generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(InterfaceC4854wf0.L, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String j = C3352lO0.j(key.getAlgorithm());
                if (j.indexOf("AES") > -1) {
                    c3064jD0 = new C3064jD0(M90.w, encoded2);
                } else {
                    Map<String, G> map = oidMap;
                    G g3 = map.get(j);
                    if (g3 != null) {
                        c3064jD0 = new C3064jD0(g3, encoded2);
                    } else {
                        G g4 = map.get(j + "." + (encoded2.length * 8));
                        if (g4 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + j + ") for storage.");
                        }
                        c3064jD0 = new C3064jD0(g4, encoded2);
                    }
                }
                G g5 = this.storeEncryptionAlgorithm;
                G g6 = M90.V;
                if (g5.A(g6)) {
                    Cipher createCipher2 = createCipher("AES/CCM/NoPadding", generateKey2);
                    c4261sB = new C4261sB(new S3(InterfaceC4854wf0.M, new C3120jf0(generatePkbdAlgorithmIdentifier2, new C4394tB(g6, C2063bh.u(createCipher2.getParameters().getEncoded())))), createCipher2.doFinal(c3064jD0.getEncoded()));
                } else {
                    c4261sB = new C4261sB(new S3(InterfaceC4854wf0.M, new C3120jf0(generatePkbdAlgorithmIdentifier2, new C4394tB(M90.W))), createCipher("AESKWP", generateKey2).doFinal(c3064jD0.getEncoded()));
                }
                this.entries.put(str, new C1678Xc0(SECRET_KEY, str, extractCreationDate, date, c4261sB.getEncoded(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        Date date = new Date();
        C1678Xc0 c1678Xc0 = this.entries.get(str);
        Date extractCreationDate = c1678Xc0 != null ? extractCreationDate(c1678Xc0, date) : date;
        if (certificateArr != null) {
            try {
                C4128rB x = C4128rB.x(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new C1678Xc0(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(x, certificateArr).getEncoded(), null));
                } catch (Exception e) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.entries.put(str, new C1678Xc0(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr, null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e3.toString(), e3);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
        KU ku;
        BigInteger x;
        if (this.creationDate == null) {
            throw new IOException("KeyStore not initialized");
        }
        C3730oB encryptedObjectStoreData = getEncryptedObjectStoreData(this.hmacAlgorithm, cArr);
        if (F60.O.A(this.hmacPkbdAlgorithm.u())) {
            C3326lB0 x2 = C3326lB0.x(this.hmacPkbdAlgorithm.x());
            ku = this.hmacPkbdAlgorithm;
            x = x2.y();
        } else {
            C3519mf0 u = C3519mf0.u(this.hmacPkbdAlgorithm.x());
            ku = this.hmacPkbdAlgorithm;
            x = u.x();
        }
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(ku, x.intValue());
        try {
            outputStream.write(new C2321dd0(encryptedObjectStoreData, new C2586fd0(new C4592uh0(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(encryptedObjectStoreData.getEncoded(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e) {
            throw new IOException("cannot calculate mac: " + e.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
        C3880pJ0 c3880pJ0;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof C1078Mc) {
            C1078Mc c1078Mc = (C1078Mc) loadStoreParameter;
            char[] extractPassword = ParameterUtil.extractPassword(loadStoreParameter);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(c1078Mc.b(), 64);
            engineStore(c1078Mc.a(), extractPassword);
            return;
        }
        if (!(loadStoreParameter instanceof C1027Lc)) {
            if (loadStoreParameter instanceof C1625Wc) {
                engineStore(((C1625Wc) loadStoreParameter).b(), ParameterUtil.extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        C1027Lc c1027Lc = (C1027Lc) loadStoreParameter;
        if (c1027Lc.i() == null) {
            char[] extractPassword2 = ParameterUtil.extractPassword(c1027Lc);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(c1027Lc.g(), 64);
            this.storeEncryptionAlgorithm = c1027Lc.e() == C1027Lc.b.AES256_CCM ? M90.V : M90.W;
            this.hmacAlgorithm = c1027Lc.f() == C1027Lc.c.HmacSHA512 ? new S3(InterfaceC4854wf0.d0, C3816os.Y) : new S3(M90.r, C3816os.Y);
            engineStore(c1027Lc.b(), extractPassword2);
            return;
        }
        this.signatureAlgorithm = generateSignatureAlgId(c1027Lc.i(), c1027Lc.h());
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(c1027Lc.g(), 64);
        this.storeEncryptionAlgorithm = c1027Lc.e() == C1027Lc.b.AES256_CCM ? M90.V : M90.W;
        this.hmacAlgorithm = c1027Lc.f() == C1027Lc.c.HmacSHA512 ? new S3(InterfaceC4854wf0.d0, C3816os.Y) : new S3(M90.r, C3816os.Y);
        C3730oB encryptedObjectStoreData = getEncryptedObjectStoreData(this.signatureAlgorithm, ParameterUtil.extractPassword(c1027Lc));
        try {
            Signature g = this.helper.g(this.signatureAlgorithm.u().J());
            g.initSign((PrivateKey) c1027Lc.i());
            g.update(encryptedObjectStoreData.getEncoded());
            X509Certificate[] d = c1027Lc.d();
            if (d != null) {
                int length = d.length;
                C4327si[] c4327siArr = new C4327si[length];
                for (int i = 0; i != length; i++) {
                    c4327siArr[i] = C4327si.u(d[i].getEncoded());
                }
                c3880pJ0 = new C3880pJ0(this.signatureAlgorithm, c4327siArr, g.sign());
            } else {
                c3880pJ0 = new C3880pJ0(this.signatureAlgorithm, g.sign());
            }
            c1027Lc.b().write(new C2321dd0(encryptedObjectStoreData, new C2586fd0(c3880pJ0)).getEncoded());
            c1027Lc.b().flush();
        } catch (GeneralSecurityException e) {
            throw new IOException("error creating signature: " + e.getMessage(), e);
        }
    }
}
