package org.bouncycastle.jcajce.provider.keystore.bcfks;

import com.veriff.sdk.internal.ax1;
import com.veriff.sdk.internal.ay0;
import com.veriff.sdk.internal.b0;
import com.veriff.sdk.internal.b7;
import com.veriff.sdk.internal.bi1;
import com.veriff.sdk.internal.bs0;
import com.veriff.sdk.internal.by0;
import com.veriff.sdk.internal.c51;
import com.veriff.sdk.internal.c7;
import com.veriff.sdk.internal.cf;
import com.veriff.sdk.internal.ed;
import com.veriff.sdk.internal.en;
import com.veriff.sdk.internal.f21;
import com.veriff.sdk.internal.gu;
import com.veriff.sdk.internal.h0;
import com.veriff.sdk.internal.h01;
import com.veriff.sdk.internal.h7;
import com.veriff.sdk.internal.hu;
import com.veriff.sdk.internal.i5;
import com.veriff.sdk.internal.iu;
import com.veriff.sdk.internal.j01;
import com.veriff.sdk.internal.ju;
import com.veriff.sdk.internal.jz0;
import com.veriff.sdk.internal.li;
import com.veriff.sdk.internal.lu;
import com.veriff.sdk.internal.m7;
import com.veriff.sdk.internal.md1;
import com.veriff.sdk.internal.ml1;
import com.veriff.sdk.internal.mz0;
import com.veriff.sdk.internal.o90;
import com.veriff.sdk.internal.oa1;
import com.veriff.sdk.internal.od1;
import com.veriff.sdk.internal.p80;
import com.veriff.sdk.internal.pt0;
import com.veriff.sdk.internal.pz0;
import com.veriff.sdk.internal.qz0;
import com.veriff.sdk.internal.r90;
import com.veriff.sdk.internal.rx1;
import com.veriff.sdk.internal.s;
import com.veriff.sdk.internal.sj1;
import com.veriff.sdk.internal.tr;
import com.veriff.sdk.internal.u90;
import com.veriff.sdk.internal.ux0;
import com.veriff.sdk.internal.v3;
import com.veriff.sdk.internal.wx0;
import com.veriff.sdk.internal.xa1;
import com.veriff.sdk.internal.xs0;
import com.veriff.sdk.internal.xx0;
import com.veriff.sdk.internal.ya1;
import com.veriff.sdk.internal.ys0;
import com.veriff.sdk.internal.zi;
import com.veriff.sdk.internal.zx0;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.a;
import org.bouncycastle.jcajce.provider.keystore.util.AdaptingKeyStoreSpi;
import org.bouncycastle.jcajce.provider.keystore.util.ParameterUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map<String, h0> oidMap;
    private static final Map<h0, String> publicAlgMap;
    private Date creationDate;
    private final p80 helper;
    private v3 hmacAlgorithm;
    private r90 hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private v3 signatureAlgorithm;
    private b7.a validator;
    private PublicKey verificationKey;
    private final Map<String, wx0> entries = new HashMap();
    private final Map<String, PrivateKey> privateKeyCache = new HashMap();
    private h0 storeEncryptionAlgorithm = xs0.V;

    /* loaded from: classes4.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new en());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes4.dex */
    public static class DefCompat extends AdaptingKeyStoreSpi {
        public DefCompat() {
            super(new en(), new BcFKSKeyStoreSpi(new en()));
        }
    }

    /* loaded from: classes4.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new en());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes4.dex */
    public static class DefSharedCompat extends AdaptingKeyStoreSpi {
        public DefSharedCompat() {
            super(new en(), new BcFKSKeyStoreSpi(new en()));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes4.dex */
    private static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements j01, ax1 {
        private final Map<String, byte[]> cache;
        private final byte[] seedKey;

        public SharedKeyStoreSpi(p80 p80Var) {
            super(p80Var);
            try {
                byte[] bArr = new byte[32];
                this.seedKey = bArr;
                p80Var.a("DEFAULT").nextBytes(bArr);
                this.cache = new HashMap();
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException("can't create random - " + e.toString());
            }
        }

        private byte[] calculateMac(String str, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException {
            return oa1.b(cArr != null ? i5.c(ml1.a(cArr), ml1.c(str)) : i5.c(this.seedKey, ml1.c(str)), this.seedKey, 16384, 8, 1, 32);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) throws KeyStoreException {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            try {
                byte[] calculateMac = calculateMac(str, cArr);
                if (!this.cache.containsKey(str) || i5.d(this.cache.get(str), calculateMac)) {
                    Key engineGetKey = super.engineGetKey(str, cArr);
                    if (engineGetKey != null && !this.cache.containsKey(str)) {
                        this.cache.put(str, calculateMac);
                    }
                    return engineGetKey;
                }
                throw new UnrecoverableKeyException("unable to recover key (" + str + ")");
            } catch (InvalidKeyException e) {
                throw new UnrecoverableKeyException("unable to recover key (" + str + "): " + e.getMessage());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes4.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new h7());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes4.dex */
    public static class StdCompat extends AdaptingKeyStoreSpi {
        public StdCompat() {
            super(new en(), new BcFKSKeyStoreSpi(new h7()));
        }
    }

    /* loaded from: classes4.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new h7());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes4.dex */
    public static class StdSharedCompat extends AdaptingKeyStoreSpi {
        public StdSharedCompat() {
            super(new h7(), new BcFKSKeyStoreSpi(new h7()));
        }
    }

    static {
        HashMap hashMap = new HashMap();
        oidMap = hashMap;
        HashMap hashMap2 = new HashMap();
        publicAlgMap = hashMap2;
        h0 h0Var = ux0.h;
        hashMap.put("DESEDE", h0Var);
        hashMap.put("TRIPLEDES", h0Var);
        hashMap.put("TDEA", h0Var);
        hashMap.put("HMACSHA1", j01.Q);
        hashMap.put("HMACSHA224", j01.R);
        hashMap.put("HMACSHA256", j01.S);
        hashMap.put("HMACSHA384", j01.T);
        hashMap.put("HMACSHA512", j01.U);
        hashMap.put("SEED", o90.a);
        hashMap.put("CAMELLIA.128", pt0.a);
        hashMap.put("CAMELLIA.192", pt0.b);
        hashMap.put("CAMELLIA.256", pt0.c);
        hashMap.put("ARIA.128", ys0.h);
        hashMap.put("ARIA.192", ys0.m);
        hashMap.put("ARIA.256", ys0.r);
        hashMap2.put(j01.b, "RSA");
        hashMap2.put(rx1.N2, "EC");
        hashMap2.put(ux0.l, "DH");
        hashMap2.put(j01.v, "DH");
        hashMap2.put(rx1.x3, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(p80 p80Var) {
        this.helper = p80Var;
    }

    private byte[] calculateMac(byte[] bArr, v3 v3Var, r90 r90Var, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String k = v3Var.g().k();
        Mac b = this.helper.b(k);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            b.init(new SecretKeySpec(generateKey(r90Var, "INTEGRITY_CHECK", cArr, -1), k));
            return b.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IOException("Cannot set up MAC calculation: " + e.getMessage());
        }
    }

    private Cipher createCipher(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher e = this.helper.e(str);
        e.init(1, new SecretKeySpec(bArr, "AES"));
        return e;
    }

    private hu createPrivateKeySequence(iu iuVar, Certificate[] certificateArr) throws CertificateEncodingException {
        cf[] cfVarArr = new cf[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            cfVarArr[i] = cf.a(certificateArr[i].getEncoded());
        }
        return new hu(iuVar, cfVarArr);
    }

    private Certificate decodeCertificate(Object obj) {
        p80 p80Var = this.helper;
        if (p80Var != null) {
            try {
                return p80Var.d("X.509").generateCertificate(new ByteArrayInputStream(cf.a(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(cf.a(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] decryptData(String str, v3 v3Var, char[] cArr, byte[] bArr) throws IOException {
        Cipher e;
        AlgorithmParameters algorithmParameters;
        if (!v3Var.g().b(j01.G)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        jz0 a = jz0.a(v3Var.h());
        lu g = a.g();
        try {
            if (g.g().b(xs0.V)) {
                e = this.helper.e("AES/CCM/NoPadding");
                algorithmParameters = this.helper.f("CCM");
                algorithmParameters.init(ed.a(g.h()).getEncoded());
            } else {
                if (!g.g().b(xs0.W)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                e = this.helper.e("AESKWP");
                algorithmParameters = null;
            }
            r90 h = a.h();
            if (cArr == null) {
                cArr = new char[0];
            }
            e.init(2, new SecretKeySpec(generateKey(h, str, cArr, 32), "AES"), algorithmParameters);
            return e.doFinal(bArr);
        } catch (IOException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new IOException(e3.toString());
        }
    }

    private Date extractCreationDate(wx0 wx0Var, Date date) {
        try {
            return wx0Var.g().k();
        } catch (ParseException unused) {
            return date;
        }
    }

    private byte[] generateKey(r90 r90Var, String str, char[] cArr, int i) throws IOException {
        byte[] PKCS12PasswordToBytes = a.PKCS12PasswordToBytes(cArr);
        byte[] PKCS12PasswordToBytes2 = a.PKCS12PasswordToBytes(str.toCharArray());
        if (bs0.O.b(r90Var.g())) {
            od1 a = od1.a(r90Var.h());
            if (a.i() != null) {
                i = a.i().intValue();
            } else if (i == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return oa1.b(i5.c(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), a.k(), a.h().intValue(), a.g().intValue(), a.g().intValue(), i);
        }
        if (!r90Var.g().b(j01.F)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        pz0 a2 = pz0.a(r90Var.h());
        if (a2.h() != null) {
            i = a2.h().intValue();
        } else if (i == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (a2.i().g().b(j01.U)) {
            h01 h01Var = new h01(new ya1());
            h01Var.init(i5.c(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), a2.j(), a2.g().intValue());
            return ((u90) h01Var.generateDerivedParameters(i * 8)).a();
        }
        if (a2.i().g().b(xs0.r)) {
            h01 h01Var2 = new h01(new xa1(512));
            h01Var2.init(i5.c(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), a2.j(), a2.g().intValue());
            return ((u90) h01Var2.generateDerivedParameters(i * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + a2.i().g());
    }

    private r90 generatePkbdAlgorithmIdentifier(h0 h0Var, int i) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        h0 h0Var2 = j01.F;
        if (h0Var2.b(h0Var)) {
            return new r90(h0Var2, new pz0(bArr, 51200, i, new v3(j01.U, zi.d)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + h0Var);
    }

    private r90 generatePkbdAlgorithmIdentifier(qz0 qz0Var, int i) {
        h0 h0Var = bs0.O;
        if (h0Var.b(qz0Var.a())) {
            md1 md1Var = (md1) qz0Var;
            byte[] bArr = new byte[md1Var.e()];
            getDefaultSecureRandom().nextBytes(bArr);
            return new r90(h0Var, new od1(bArr, md1Var.c(), md1Var.b(), md1Var.d(), i));
        }
        mz0 mz0Var = (mz0) qz0Var;
        byte[] bArr2 = new byte[mz0Var.d()];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new r90(j01.F, new pz0(bArr2, mz0Var.b(), i, mz0Var.c()));
    }

    private r90 generatePkbdAlgorithmIdentifier(r90 r90Var, int i) {
        h0 h0Var = bs0.O;
        boolean b = h0Var.b(r90Var.g());
        s h = r90Var.h();
        if (b) {
            od1 a = od1.a(h);
            byte[] bArr = new byte[a.k().length];
            getDefaultSecureRandom().nextBytes(bArr);
            return new r90(h0Var, new od1(bArr, a.h(), a.g(), a.j(), BigInteger.valueOf(i)));
        }
        pz0 a2 = pz0.a(h);
        byte[] bArr2 = new byte[a2.j().length];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new r90(j01.F, new pz0(bArr2, a2.g().intValue(), i, a2.i()));
    }

    private v3 generateSignatureAlgId(Key key, b7.d dVar) throws IOException {
        if (key == null) {
            return null;
        }
        if (key instanceof tr) {
            if (dVar == b7.d.SHA512withECDSA) {
                return new v3(rx1.S2);
            }
            if (dVar == b7.d.SHA3_512withECDSA) {
                return new v3(xs0.l0);
            }
        }
        if (key instanceof DSAKey) {
            if (dVar == b7.d.SHA512withDSA) {
                return new v3(xs0.d0);
            }
            if (dVar == b7.d.SHA3_512withDSA) {
                return new v3(xs0.h0);
            }
        }
        if (key instanceof RSAKey) {
            if (dVar == b7.d.SHA512withRSA) {
                return new v3(j01.p, zi.d);
            }
            if (dVar == b7.d.SHA3_512withRSA) {
                return new v3(xs0.p0, zi.d);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private SecureRandom getDefaultSecureRandom() {
        return li.b();
    }

    private gu getEncryptedObjectStoreData(v3 v3Var, char[] cArr) throws IOException, NoSuchAlgorithmException {
        wx0[] wx0VarArr = (wx0[]) this.entries.values().toArray(new wx0[this.entries.size()]);
        r90 generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(this.hmacPkbdAlgorithm, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr, 32);
        ay0 ay0Var = new ay0(v3Var, this.creationDate, this.lastModifiedDate, new xx0(wx0VarArr), null);
        try {
            h0 h0Var = this.storeEncryptionAlgorithm;
            h0 h0Var2 = xs0.V;
            if (!h0Var.b(h0Var2)) {
                return new gu(new v3(j01.G, new jz0(generatePkbdAlgorithmIdentifier, new lu(xs0.W))), createCipher("AESKWP", generateKey).doFinal(ay0Var.getEncoded()));
            }
            Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
            return new gu(new v3(j01.G, new jz0(generatePkbdAlgorithmIdentifier, new lu(h0Var2, ed.a(createCipher.getParameters().getEncoded())))), createCipher.doFinal(ay0Var.getEncoded()));
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (NoSuchProviderException e2) {
            throw new IOException(e2.toString());
        } catch (BadPaddingException e3) {
            throw new IOException(e3.toString());
        } catch (IllegalBlockSizeException e4) {
            throw new IOException(e4.toString());
        } catch (NoSuchPaddingException e5) {
            throw new NoSuchAlgorithmException(e5.toString());
        }
    }

    private static String getPublicKeyAlg(h0 h0Var) {
        String str = publicAlgMap.get(h0Var);
        return str != null ? str : h0Var.k();
    }

    private boolean isSimilarHmacPbkd(qz0 qz0Var, r90 r90Var) {
        if (!qz0Var.a().b(r90Var.g())) {
            return false;
        }
        if (bs0.O.b(r90Var.g())) {
            if (!(qz0Var instanceof md1)) {
                return false;
            }
            md1 md1Var = (md1) qz0Var;
            od1 a = od1.a(r90Var.h());
            return md1Var.e() == a.k().length && md1Var.b() == a.g().intValue() && md1Var.c() == a.h().intValue() && md1Var.d() == a.j().intValue();
        }
        if (!(qz0Var instanceof mz0)) {
            return false;
        }
        mz0 mz0Var = (mz0) qz0Var;
        pz0 a2 = pz0.a(r90Var.h());
        return mz0Var.d() == a2.j().length && mz0Var.b() == a2.g().intValue();
    }

    private void verifyMac(byte[] bArr, f21 f21Var, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (!i5.d(calculateMac(bArr, f21Var.h(), f21Var.i(), cArr), f21Var.g())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private void verifySig(s sVar, sj1 sj1Var, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature createSignature = this.helper.createSignature(sj1Var.i().g().k());
        createSignature.initVerify(publicKey);
        createSignature.update(sVar.b().a("DER"));
        if (!createSignature.verify(sj1Var.h().k())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.entries.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.entries.get(str) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        wx0 wx0Var = this.entries.get(str);
        if (wx0Var == null) {
            return null;
        }
        if (wx0Var.k().equals(PRIVATE_KEY) || wx0Var.k().equals(PROTECTED_PRIVATE_KEY)) {
            return decodeCertificate(hu.a(wx0Var.h()).g()[0]);
        }
        if (wx0Var.k().equals(CERTIFICATE)) {
            return decodeCertificate(wx0Var.h());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                wx0 wx0Var = this.entries.get(str);
                if (wx0Var.k().equals(CERTIFICATE)) {
                    if (i5.a(wx0Var.h(), encoded)) {
                        return str;
                    }
                } else if (wx0Var.k().equals(PRIVATE_KEY) || wx0Var.k().equals(PROTECTED_PRIVATE_KEY)) {
                    try {
                        if (i5.a(hu.a(wx0Var.h()).g()[0].b().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                        continue;
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        wx0 wx0Var = this.entries.get(str);
        if (wx0Var == null) {
            return null;
        }
        if (!wx0Var.k().equals(PRIVATE_KEY) && !wx0Var.k().equals(PROTECTED_PRIVATE_KEY)) {
            return null;
        }
        cf[] g = hu.a(wx0Var.h()).g();
        int length = g.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i != length; i++) {
            x509CertificateArr[i] = decodeCertificate(g[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        wx0 wx0Var = this.entries.get(str);
        if (wx0Var == null) {
            return null;
        }
        try {
            return wx0Var.j().k();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        wx0 wx0Var = this.entries.get(str);
        if (wx0Var == null) {
            return null;
        }
        if (wx0Var.k().equals(PRIVATE_KEY) || wx0Var.k().equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey privateKey = this.privateKeyCache.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            iu a = iu.a(hu.a(wx0Var.h()).h());
            try {
                c51 a2 = c51.a(decryptData("PRIVATE_KEY_ENCRYPTION", a.h(), cArr, a.g()));
                PrivateKey generatePrivate = this.helper.h(getPublicKeyAlg(a2.i().g())).generatePrivate(new PKCS8EncodedKeySpec(a2.getEncoded()));
                this.privateKeyCache.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e.getMessage());
            }
        }
        if (!wx0Var.k().equals(SECRET_KEY) && !wx0Var.k().equals(PROTECTED_SECRET_KEY)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        ju a3 = ju.a(wx0Var.h());
        try {
            bi1 a4 = bi1.a(decryptData("SECRET_KEY_ENCRYPTION", a3.h(), cArr, a3.g()));
            return this.helper.g(a4.g().k()).generateSecret(new SecretKeySpec(a4.h(), a4.g().k()));
        } catch (Exception e2) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        wx0 wx0Var = this.entries.get(str);
        if (wx0Var != null) {
            return wx0Var.k().equals(CERTIFICATE);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        wx0 wx0Var = this.entries.get(str);
        if (wx0Var == null) {
            return false;
        }
        BigInteger k = wx0Var.k();
        return k.equals(PRIVATE_KEY) || k.equals(SECRET_KEY) || k.equals(PROTECTED_PRIVATE_KEY) || k.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        v3 i;
        s h;
        PublicKey publicKey;
        ay0 a;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.verificationKey = null;
            this.validator = null;
            this.hmacAlgorithm = new v3(j01.U, zi.d);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(j01.F, 64);
            return;
        }
        try {
            zx0 a2 = zx0.a(new b0(inputStream).c());
            by0 g = a2.g();
            if (g.h() == 0) {
                f21 a3 = f21.a(g.g());
                this.hmacAlgorithm = a3.h();
                this.hmacPkbdAlgorithm = a3.i();
                i = this.hmacAlgorithm;
                try {
                    verifyMac(a2.h().b().getEncoded(), a3, cArr);
                } catch (NoSuchProviderException e) {
                    throw new IOException(e.getMessage());
                }
            } else {
                if (g.h() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                sj1 a4 = sj1.a(g.g());
                i = a4.i();
                try {
                    cf[] g2 = a4.g();
                    if (this.validator == null) {
                        h = a2.h();
                        publicKey = this.verificationKey;
                    } else {
                        if (g2 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory d = this.helper.d("X.509");
                        int length = g2.length;
                        X509Certificate[] x509CertificateArr = new X509Certificate[length];
                        for (int i2 = 0; i2 != length; i2++) {
                            x509CertificateArr[i2] = (X509Certificate) d.generateCertificate(new ByteArrayInputStream(g2[i2].getEncoded()));
                        }
                        if (!this.validator.a(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        h = a2.h();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    verifySig(h, a4, publicKey);
                } catch (GeneralSecurityException e2) {
                    throw new IOException("error verifying signature: " + e2.getMessage(), e2);
                }
            }
            s h2 = a2.h();
            if (h2 instanceof gu) {
                gu guVar = (gu) h2;
                a = ay0.a(decryptData("STORE_ENCRYPTION", guVar.h(), cArr, guVar.g().j()));
            } else {
                a = ay0.a(h2);
            }
            try {
                this.creationDate = a.g().k();
                this.lastModifiedDate = a.i().k();
                if (!a.h().equals(i)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<s> it = a.j().iterator();
                while (it.hasNext()) {
                    wx0 a5 = wx0.a(it.next());
                    this.entries.put(a5.i(), a5);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e3) {
            throw new IOException(e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            engineLoad(null, null);
            return;
        }
        if (!(loadStoreParameter instanceof b7)) {
            if (loadStoreParameter instanceof m7) {
                engineLoad(((m7) loadStoreParameter).a(), ParameterUtil.extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        b7 b7Var = (b7) loadStoreParameter;
        char[] extractPassword = ParameterUtil.extractPassword(b7Var);
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(b7Var.g(), 64);
        this.storeEncryptionAlgorithm = b7Var.e() == b7.b.AES256_CCM ? xs0.V : xs0.W;
        this.hmacAlgorithm = b7Var.f() == b7.c.HmacSHA512 ? new v3(j01.U, zi.d) : new v3(xs0.r, zi.d);
        this.verificationKey = (PublicKey) b7Var.i();
        this.validator = b7Var.c();
        this.signatureAlgorithm = generateSignatureAlgId(this.verificationKey, b7Var.h());
        h0 h0Var = this.storeEncryptionAlgorithm;
        InputStream a = b7Var.a();
        engineLoad(a, extractPassword);
        if (a != null) {
            if (!isSimilarHmacPbkd(b7Var.g(), this.hmacPkbdAlgorithm) || !h0Var.b(this.storeEncryptionAlgorithm)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        wx0 wx0Var = this.entries.get(str);
        Date date2 = new Date();
        if (wx0Var == null) {
            date = date2;
        } else {
            if (!wx0Var.k().equals(CERTIFICATE)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = extractCreationDate(wx0Var, date2);
        }
        try {
            this.entries.put(str, new wx0(CERTIFICATE, str, date, date2, certificate.getEncoded(), null));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        bi1 bi1Var;
        ju juVar;
        iu iuVar;
        Date date = new Date();
        wx0 wx0Var = this.entries.get(str);
        Date extractCreationDate = wx0Var != null ? extractCreationDate(wx0Var, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                r90 generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(j01.F, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                h0 h0Var = this.storeEncryptionAlgorithm;
                h0 h0Var2 = xs0.V;
                if (h0Var.b(h0Var2)) {
                    Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
                    iuVar = new iu(new v3(j01.G, new jz0(generatePkbdAlgorithmIdentifier, new lu(h0Var2, ed.a(createCipher.getParameters().getEncoded())))), createCipher.doFinal(encoded));
                } else {
                    iuVar = new iu(new v3(j01.G, new jz0(generatePkbdAlgorithmIdentifier, new lu(xs0.W))), createCipher("AESKWP", generateKey).doFinal(encoded));
                }
                this.entries.put(str, new wx0(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(iuVar, certificateArr).getEncoded(), null));
            } catch (Exception e) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                r90 generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(j01.F, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String d = ml1.d(key.getAlgorithm());
                if (d.indexOf("AES") > -1) {
                    bi1Var = new bi1(xs0.w, encoded2);
                } else {
                    Map<String, h0> map = oidMap;
                    h0 h0Var3 = map.get(d);
                    if (h0Var3 != null) {
                        bi1Var = new bi1(h0Var3, encoded2);
                    } else {
                        h0 h0Var4 = map.get(d + "." + (encoded2.length * 8));
                        if (h0Var4 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + d + ") for storage.");
                        }
                        bi1Var = new bi1(h0Var4, encoded2);
                    }
                }
                h0 h0Var5 = this.storeEncryptionAlgorithm;
                h0 h0Var6 = xs0.V;
                if (h0Var5.b(h0Var6)) {
                    Cipher createCipher2 = createCipher("AES/CCM/NoPadding", generateKey2);
                    juVar = new ju(new v3(j01.G, new jz0(generatePkbdAlgorithmIdentifier2, new lu(h0Var6, ed.a(createCipher2.getParameters().getEncoded())))), createCipher2.doFinal(bi1Var.getEncoded()));
                } else {
                    juVar = new ju(new v3(j01.G, new jz0(generatePkbdAlgorithmIdentifier2, new lu(xs0.W))), createCipher("AESKWP", generateKey2).doFinal(bi1Var.getEncoded()));
                }
                this.entries.put(str, new wx0(SECRET_KEY, str, extractCreationDate, date, juVar.getEncoded(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        wx0 wx0Var = this.entries.get(str);
        Date extractCreationDate = wx0Var != null ? extractCreationDate(wx0Var, date) : date;
        if (certificateArr != null) {
            try {
                iu a = iu.a(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new wx0(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(a, certificateArr).getEncoded(), null));
                } catch (Exception e) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.entries.put(str, new wx0(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr, null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e3.toString(), e3);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        r90 r90Var;
        BigInteger h;
        if (this.creationDate == null) {
            throw new IOException("KeyStore not initialized");
        }
        gu encryptedObjectStoreData = getEncryptedObjectStoreData(this.hmacAlgorithm, cArr);
        if (bs0.O.b(this.hmacPkbdAlgorithm.g())) {
            od1 a = od1.a(this.hmacPkbdAlgorithm.h());
            r90Var = this.hmacPkbdAlgorithm;
            h = a.i();
        } else {
            pz0 a2 = pz0.a(this.hmacPkbdAlgorithm.h());
            r90Var = this.hmacPkbdAlgorithm;
            h = a2.h();
        }
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(r90Var, h.intValue());
        try {
            outputStream.write(new zx0(encryptedObjectStoreData, new by0(new f21(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(encryptedObjectStoreData.getEncoded(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e) {
            throw new IOException("cannot calculate mac: " + e.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        sj1 sj1Var;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof c7) {
            c7 c7Var = (c7) loadStoreParameter;
            char[] extractPassword = ParameterUtil.extractPassword(loadStoreParameter);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(c7Var.b(), 64);
            engineStore(c7Var.a(), extractPassword);
            return;
        }
        if (!(loadStoreParameter instanceof b7)) {
            if (loadStoreParameter instanceof m7) {
                engineStore(((m7) loadStoreParameter).b(), ParameterUtil.extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        b7 b7Var = (b7) loadStoreParameter;
        if (b7Var.i() == null) {
            char[] extractPassword2 = ParameterUtil.extractPassword(b7Var);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(b7Var.g(), 64);
            this.storeEncryptionAlgorithm = b7Var.e() == b7.b.AES256_CCM ? xs0.V : xs0.W;
            this.hmacAlgorithm = b7Var.f() == b7.c.HmacSHA512 ? new v3(j01.U, zi.d) : new v3(xs0.r, zi.d);
            engineStore(b7Var.b(), extractPassword2);
            return;
        }
        this.signatureAlgorithm = generateSignatureAlgId(b7Var.i(), b7Var.h());
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(b7Var.g(), 64);
        this.storeEncryptionAlgorithm = b7Var.e() == b7.b.AES256_CCM ? xs0.V : xs0.W;
        this.hmacAlgorithm = b7Var.f() == b7.c.HmacSHA512 ? new v3(j01.U, zi.d) : new v3(xs0.r, zi.d);
        gu encryptedObjectStoreData = getEncryptedObjectStoreData(this.signatureAlgorithm, ParameterUtil.extractPassword(b7Var));
        try {
            Signature createSignature = this.helper.createSignature(this.signatureAlgorithm.g().k());
            createSignature.initSign((PrivateKey) b7Var.i());
            createSignature.update(encryptedObjectStoreData.getEncoded());
            X509Certificate[] d = b7Var.d();
            if (d != null) {
                int length = d.length;
                cf[] cfVarArr = new cf[length];
                for (int i = 0; i != length; i++) {
                    cfVarArr[i] = cf.a(d[i].getEncoded());
                }
                sj1Var = new sj1(this.signatureAlgorithm, cfVarArr, createSignature.sign());
            } else {
                sj1Var = new sj1(this.signatureAlgorithm, createSignature.sign());
            }
            b7Var.b().write(new zx0(encryptedObjectStoreData, new by0(sj1Var)).getEncoded());
            b7Var.b().flush();
        } catch (GeneralSecurityException e) {
            throw new IOException("error creating signature: " + e.getMessage(), e);
        }
    }
}
