package xch.bouncycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import xch.bouncycastle.asn1.ASN1Encodable;
import xch.bouncycastle.asn1.ASN1Encoding;
import xch.bouncycastle.asn1.ASN1InputStream;
import xch.bouncycastle.asn1.ASN1ObjectIdentifier;
import xch.bouncycastle.asn1.DERNull;
import xch.bouncycastle.asn1.bc.EncryptedObjectStoreData;
import xch.bouncycastle.asn1.bc.EncryptedPrivateKeyData;
import xch.bouncycastle.asn1.bc.EncryptedSecretKeyData;
import xch.bouncycastle.asn1.bc.ObjectData;
import xch.bouncycastle.asn1.bc.ObjectDataSequence;
import xch.bouncycastle.asn1.bc.ObjectStore;
import xch.bouncycastle.asn1.bc.ObjectStoreData;
import xch.bouncycastle.asn1.bc.ObjectStoreIntegrityCheck;
import xch.bouncycastle.asn1.bc.PbkdMacIntegrityCheck;
import xch.bouncycastle.asn1.bc.SecretKeyData;
import xch.bouncycastle.asn1.bc.SignatureCheck;
import xch.bouncycastle.asn1.cms.CCMParameters;
import xch.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
import xch.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import xch.bouncycastle.asn1.misc.ScryptParams;
import xch.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import xch.bouncycastle.asn1.nsri.NSRIObjectIdentifiers;
import xch.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
import xch.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import xch.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import xch.bouncycastle.asn1.pkcs.EncryptionScheme;
import xch.bouncycastle.asn1.pkcs.KeyDerivationFunc;
import xch.bouncycastle.asn1.pkcs.PBES2Parameters;
import xch.bouncycastle.asn1.pkcs.PBKDF2Params;
import xch.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import xch.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import xch.bouncycastle.asn1.x509.AlgorithmIdentifier;
import xch.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import xch.bouncycastle.crypto.CryptoServicesRegistrar;
import xch.bouncycastle.crypto.PBEParametersGenerator;
import xch.bouncycastle.crypto.digests.SHA3Digest;
import xch.bouncycastle.crypto.digests.SHA512Digest;
import xch.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import xch.bouncycastle.crypto.generators.SCrypt;
import xch.bouncycastle.crypto.params.KeyParameter;
import xch.bouncycastle.crypto.util.PBKDF2Config;
import xch.bouncycastle.crypto.util.PBKDFConfig;
import xch.bouncycastle.crypto.util.ScryptConfig;
import xch.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import xch.bouncycastle.jcajce.BCFKSStoreParameter;
import xch.bouncycastle.jcajce.BCLoadStoreParameter;
import xch.bouncycastle.jcajce.util.JcaJceHelper;
import xch.bouncycastle.jce.interfaces.ECKey;
import xch.bouncycastle.util.Arrays;
import xch.bouncycastle.util.Strings;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class d extends KeyStoreSpi {
    private static final Map G5 = new HashMap();
    private static final Map H5 = new HashMap();
    private static final BigInteger I5;
    private static final BigInteger J5;
    private static final BigInteger K5;
    private static final BigInteger L5;
    private static final BigInteger M5;
    private AlgorithmIdentifier A5;
    private KeyDerivationFunc B5;
    private AlgorithmIdentifier C5;
    private Date D5;
    private Date E5;
    private PublicKey v5;
    private BCFKSLoadStoreParameter.CertChainValidator w5;
    private final JcaJceHelper x5;
    private final Map y5 = new HashMap();
    private final Map z5 = new HashMap();
    private ASN1ObjectIdentifier F5 = NISTObjectIdentifiers.T;

    static {
        G5.put("DESEDE", OIWObjectIdentifiers.h);
        G5.put("TRIPLEDES", OIWObjectIdentifiers.h);
        G5.put("TDEA", OIWObjectIdentifiers.h);
        G5.put("HMACSHA1", PKCSObjectIdentifiers.S0);
        G5.put("HMACSHA224", PKCSObjectIdentifiers.T0);
        G5.put("HMACSHA256", PKCSObjectIdentifiers.U0);
        G5.put("HMACSHA384", PKCSObjectIdentifiers.V0);
        G5.put("HMACSHA512", PKCSObjectIdentifiers.W0);
        G5.put("SEED", KISAObjectIdentifiers.f674a);
        G5.put("CAMELLIA.128", NTTObjectIdentifiers.f699a);
        G5.put("CAMELLIA.192", NTTObjectIdentifiers.f700b);
        G5.put("CAMELLIA.256", NTTObjectIdentifiers.f701c);
        G5.put("ARIA.128", NSRIObjectIdentifiers.h);
        G5.put("ARIA.192", NSRIObjectIdentifiers.m);
        G5.put("ARIA.256", NSRIObjectIdentifiers.r);
        H5.put(PKCSObjectIdentifiers.j0, a.c.a.b.a.f25a);
        H5.put(X9ObjectIdentifiers.P3, "EC");
        H5.put(OIWObjectIdentifiers.l, "DH");
        H5.put(PKCSObjectIdentifiers.A0, "DH");
        H5.put(X9ObjectIdentifiers.z4, a.c.a.b.a.f26b);
        I5 = BigInteger.valueOf(0L);
        J5 = BigInteger.valueOf(1L);
        K5 = BigInteger.valueOf(2L);
        L5 = BigInteger.valueOf(3L);
        M5 = BigInteger.valueOf(4L);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public d(JcaJceHelper jcaJceHelper) {
        this.x5 = jcaJceHelper;
    }

    private static String a(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        String str = (String) H5.get(aSN1ObjectIdentifier);
        return str != null ? str : aSN1ObjectIdentifier.l();
    }

    private SecureRandom a() {
        return CryptoServicesRegistrar.a();
    }

    private Certificate a(Object obj) {
        JcaJceHelper jcaJceHelper = this.x5;
        if (jcaJceHelper != null) {
            try {
                return jcaJceHelper.b("X.509").generateCertificate(new ByteArrayInputStream(xch.bouncycastle.asn1.x509.Certificate.a(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(xch.bouncycastle.asn1.x509.Certificate.a(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private Date a(ObjectData objectData, Date date) {
        try {
            return objectData.i().l();
        } catch (ParseException unused) {
            return date;
        }
    }

    private Cipher a(String str, byte[] bArr) {
        Cipher h = this.x5.h(str);
        h.init(1, new SecretKeySpec(bArr, "AES"));
        return h;
    }

    private EncryptedObjectStoreData a(AlgorithmIdentifier algorithmIdentifier, char[] cArr) {
        ObjectData[] objectDataArr = (ObjectData[]) this.y5.values().toArray(new ObjectData[this.y5.size()]);
        KeyDerivationFunc a2 = a(this.B5, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] a3 = a(a2, "STORE_ENCRYPTION", cArr, 32);
        ObjectStoreData objectStoreData = new ObjectStoreData(algorithmIdentifier, this.D5, this.E5, new ObjectDataSequence(objectDataArr), null);
        try {
            if (!this.F5.b(NISTObjectIdentifiers.T)) {
                return new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.I0, new PBES2Parameters(a2, new EncryptionScheme(NISTObjectIdentifiers.U))), a("AESKWP", a3).doFinal(objectStoreData.getEncoded()));
            }
            Cipher a4 = a("AES/CCM/NoPadding", a3);
            return new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.I0, new PBES2Parameters(a2, new EncryptionScheme(NISTObjectIdentifiers.T, CCMParameters.a(a4.getParameters().getEncoded())))), a4.doFinal(objectStoreData.getEncoded()));
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (NoSuchProviderException e2) {
            throw new IOException(e2.toString());
        } catch (BadPaddingException e3) {
            throw new IOException(e3.toString());
        } catch (IllegalBlockSizeException e4) {
            throw new IOException(e4.toString());
        } catch (NoSuchPaddingException e5) {
            throw new NoSuchAlgorithmException(e5.toString());
        }
    }

    private EncryptedPrivateKeyData a(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, Certificate[] certificateArr) {
        xch.bouncycastle.asn1.x509.Certificate[] certificateArr2 = new xch.bouncycastle.asn1.x509.Certificate[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            certificateArr2[i] = xch.bouncycastle.asn1.x509.Certificate.a(certificateArr[i].getEncoded());
        }
        return new EncryptedPrivateKeyData(encryptedPrivateKeyInfo, certificateArr2);
    }

    private KeyDerivationFunc a(ASN1ObjectIdentifier aSN1ObjectIdentifier, int i) {
        byte[] bArr = new byte[64];
        a().nextBytes(bArr);
        if (PKCSObjectIdentifiers.J0.b(aSN1ObjectIdentifier)) {
            return new KeyDerivationFunc(PKCSObjectIdentifiers.J0, new PBKDF2Params(bArr, 51200, i, new AlgorithmIdentifier(PKCSObjectIdentifiers.W0, DERNull.v5)));
        }
        throw new IllegalStateException(a.a.a.a.a.a("unknown derivation algorithm: ", aSN1ObjectIdentifier));
    }

    private KeyDerivationFunc a(KeyDerivationFunc keyDerivationFunc, int i) {
        boolean b2 = MiscObjectIdentifiers.L.b(keyDerivationFunc.h());
        ASN1Encodable i2 = keyDerivationFunc.i();
        if (b2) {
            ScryptParams a2 = ScryptParams.a(i2);
            byte[] bArr = new byte[a2.l().length];
            a().nextBytes(bArr);
            return new KeyDerivationFunc(MiscObjectIdentifiers.L, new ScryptParams(bArr, a2.i(), a2.h(), a2.k(), BigInteger.valueOf(i)));
        }
        PBKDF2Params a3 = PBKDF2Params.a(i2);
        byte[] bArr2 = new byte[a3.k().length];
        a().nextBytes(bArr2);
        return new KeyDerivationFunc(PKCSObjectIdentifiers.J0, new PBKDF2Params(bArr2, a3.h().intValue(), i, a3.j()));
    }

    private KeyDerivationFunc a(PBKDFConfig pBKDFConfig, int i) {
        if (!MiscObjectIdentifiers.L.b(pBKDFConfig.a())) {
            PBKDF2Config pBKDF2Config = (PBKDF2Config) pBKDFConfig;
            byte[] bArr = new byte[pBKDF2Config.d()];
            a().nextBytes(bArr);
            return new KeyDerivationFunc(PKCSObjectIdentifiers.J0, new PBKDF2Params(bArr, pBKDF2Config.b(), i, pBKDF2Config.c()));
        }
        ScryptConfig scryptConfig = (ScryptConfig) pBKDFConfig;
        byte[] bArr2 = new byte[scryptConfig.e()];
        a().nextBytes(bArr2);
        return new KeyDerivationFunc(MiscObjectIdentifiers.L, new ScryptParams(bArr2, scryptConfig.c(), scryptConfig.b(), scryptConfig.d(), i));
    }

    private AlgorithmIdentifier a(Key key, BCFKSLoadStoreParameter.SignatureAlgorithm signatureAlgorithm) {
        if (key == null) {
            return null;
        }
        if (key instanceof ECKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA) {
                return new AlgorithmIdentifier(X9ObjectIdentifiers.U3);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withECDSA) {
                return new AlgorithmIdentifier(NISTObjectIdentifiers.i0);
            }
        }
        if (key instanceof DSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA) {
                return new AlgorithmIdentifier(NISTObjectIdentifiers.a0);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withDSA) {
                return new AlgorithmIdentifier(NISTObjectIdentifiers.e0);
            }
        }
        if (key instanceof RSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA) {
                return new AlgorithmIdentifier(PKCSObjectIdentifiers.v0, DERNull.v5);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withRSA) {
                return new AlgorithmIdentifier(NISTObjectIdentifiers.m0, DERNull.v5);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private void a(ASN1Encodable aSN1Encodable, SignatureCheck signatureCheck, PublicKey publicKey) {
        Signature n = this.x5.n(signatureCheck.j().h().l());
        n.initVerify(publicKey);
        n.update(aSN1Encodable.d().b(ASN1Encoding.f485a));
        if (!n.verify(signatureCheck.i().m())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    private void a(byte[] bArr, PbkdMacIntegrityCheck pbkdMacIntegrityCheck, char[] cArr) {
        if (!Arrays.e(a(bArr, pbkdMacIntegrityCheck.i(), pbkdMacIntegrityCheck.j(), cArr), pbkdMacIntegrityCheck.h())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private boolean a(PBKDFConfig pBKDFConfig, KeyDerivationFunc keyDerivationFunc) {
        if (!pBKDFConfig.a().b(keyDerivationFunc.h())) {
            return false;
        }
        if (MiscObjectIdentifiers.L.b(keyDerivationFunc.h())) {
            if (!(pBKDFConfig instanceof ScryptConfig)) {
                return false;
            }
            ScryptConfig scryptConfig = (ScryptConfig) pBKDFConfig;
            ScryptParams a2 = ScryptParams.a(keyDerivationFunc.i());
            return scryptConfig.e() == a2.l().length && scryptConfig.b() == a2.h().intValue() && scryptConfig.c() == a2.i().intValue() && scryptConfig.d() == a2.k().intValue();
        }
        if (!(pBKDFConfig instanceof PBKDF2Config)) {
            return false;
        }
        PBKDF2Config pBKDF2Config = (PBKDF2Config) pBKDFConfig;
        PBKDF2Params a3 = PBKDF2Params.a(keyDerivationFunc.i());
        return pBKDF2Config.d() == a3.k().length && pBKDF2Config.b() == a3.h().intValue();
    }

    private byte[] a(String str, AlgorithmIdentifier algorithmIdentifier, char[] cArr, byte[] bArr) {
        Cipher h;
        AlgorithmParameters algorithmParameters;
        if (!algorithmIdentifier.h().b(PKCSObjectIdentifiers.I0)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        PBES2Parameters a2 = PBES2Parameters.a(algorithmIdentifier.i());
        EncryptionScheme h2 = a2.h();
        try {
            if (h2.h().b(NISTObjectIdentifiers.T)) {
                h = this.x5.h("AES/CCM/NoPadding");
                algorithmParameters = this.x5.i("CCM");
                algorithmParameters.init(CCMParameters.a(h2.i()).getEncoded());
            } else {
                if (!h2.h().b(NISTObjectIdentifiers.U)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                h = this.x5.h("AESKWP");
                algorithmParameters = null;
            }
            KeyDerivationFunc i = a2.i();
            if (cArr == null) {
                cArr = new char[0];
            }
            h.init(2, new SecretKeySpec(a(i, str, cArr, 32), "AES"), algorithmParameters);
            return h.doFinal(bArr);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new IOException(e2.toString());
        }
    }

    private byte[] a(KeyDerivationFunc keyDerivationFunc, String str, char[] cArr, int i) {
        byte[] a2 = PBEParametersGenerator.a(cArr);
        byte[] a3 = PBEParametersGenerator.a(str.toCharArray());
        if (MiscObjectIdentifiers.L.b(keyDerivationFunc.h())) {
            ScryptParams a4 = ScryptParams.a(keyDerivationFunc.i());
            if (a4.j() != null) {
                i = a4.j().intValue();
            } else if (i == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return SCrypt.b(Arrays.d(a2, a3), a4.l(), a4.i().intValue(), a4.h().intValue(), a4.h().intValue(), i);
        }
        if (!keyDerivationFunc.h().b(PKCSObjectIdentifiers.J0)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        PBKDF2Params a5 = PBKDF2Params.a(keyDerivationFunc.i());
        if (a5.i() != null) {
            i = a5.i().intValue();
        } else if (i == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (a5.j().h().b(PKCSObjectIdentifiers.W0)) {
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA512Digest());
            pKCS5S2ParametersGenerator.a(Arrays.d(a2, a3), a5.k(), a5.h().intValue());
            return ((KeyParameter) pKCS5S2ParametersGenerator.b(i * 8)).a();
        }
        if (a5.j().h().b(NISTObjectIdentifiers.r)) {
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator2 = new PKCS5S2ParametersGenerator(new SHA3Digest(512));
            pKCS5S2ParametersGenerator2.a(Arrays.d(a2, a3), a5.k(), a5.h().intValue());
            return ((KeyParameter) pKCS5S2ParametersGenerator2.b(i * 8)).a();
        }
        StringBuilder a6 = a.a.a.a.a.a("BCFKS KeyStore: unrecognized MAC PBKD PRF: ");
        a6.append(a5.j().h());
        throw new IOException(a6.toString());
    }

    private byte[] a(byte[] bArr, AlgorithmIdentifier algorithmIdentifier, KeyDerivationFunc keyDerivationFunc, char[] cArr) {
        String l = algorithmIdentifier.h().l();
        Mac e = this.x5.e(l);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            e.init(new SecretKeySpec(a(keyDerivationFunc, "INTEGRITY_CHECK", cArr, -1), l));
            return e.doFinal(bArr);
        } catch (InvalidKeyException e2) {
            StringBuilder a2 = a.a.a.a.a.a("Cannot set up MAC calculation: ");
            a2.append(e2.getMessage());
            throw new IOException(a2.toString());
        }
    }

    private char[] a(KeyStore.LoadStoreParameter loadStoreParameter) {
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            return null;
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
            StringBuilder a2 = a.a.a.a.a.a("no support for protection parameter of type ");
            a2.append(protectionParameter.getClass().getName());
            throw new IllegalArgumentException(a2.toString());
        }
        CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (UnsupportedCallbackException e) {
            StringBuilder a3 = a.a.a.a.a.a("PasswordCallback not recognised: ");
            a3.append(e.getMessage());
            throw new IllegalArgumentException(a3.toString(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration engineAliases() {
        return new a(this, new HashSet(this.y5.keySet()).iterator());
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.y5.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
        if (((ObjectData) this.y5.get(str)) == null) {
            return;
        }
        this.z5.remove(str);
        this.y5.remove(str);
        this.E5 = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        ObjectData objectData = (ObjectData) this.y5.get(str);
        if (objectData == null) {
            return null;
        }
        if (objectData.m().equals(J5) || objectData.m().equals(L5)) {
            return a(EncryptedPrivateKeyData.a(objectData.j()).h()[0]);
        }
        if (objectData.m().equals(I5)) {
            return a(objectData.j());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.y5.keySet()) {
                ObjectData objectData = (ObjectData) this.y5.get(str);
                if (objectData.m().equals(I5)) {
                    if (Arrays.a(objectData.j(), encoded)) {
                        return str;
                    }
                } else if (objectData.m().equals(J5) || objectData.m().equals(L5)) {
                    try {
                        if (Arrays.a(EncryptedPrivateKeyData.a(objectData.j()).h()[0].d().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        ObjectData objectData = (ObjectData) this.y5.get(str);
        if (objectData == null) {
            return null;
        }
        if (!objectData.m().equals(J5) && !objectData.m().equals(L5)) {
            return null;
        }
        xch.bouncycastle.asn1.x509.Certificate[] h = EncryptedPrivateKeyData.a(objectData.j()).h();
        int length = h.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i != length; i++) {
            x509CertificateArr[i] = a(h[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        ObjectData objectData = (ObjectData) this.y5.get(str);
        if (objectData == null) {
            return null;
        }
        try {
            return objectData.l().l();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        ObjectData objectData = (ObjectData) this.y5.get(str);
        if (objectData == null) {
            return null;
        }
        if (!objectData.m().equals(J5) && !objectData.m().equals(L5)) {
            if (!objectData.m().equals(K5) && !objectData.m().equals(M5)) {
                throw new UnrecoverableKeyException(a.a.a.a.a.a("BCFKS KeyStore unable to recover secret key (", str, "): type not recognized"));
            }
            EncryptedSecretKeyData a2 = EncryptedSecretKeyData.a(objectData.j());
            try {
                SecretKeyData a3 = SecretKeyData.a(a("SECRET_KEY_ENCRYPTION", a2.i(), cArr, a2.h()));
                return this.x5.m(a3.h().l()).generateSecret(new SecretKeySpec(a3.i(), a3.h().l()));
            } catch (Exception e) {
                StringBuilder sb = new StringBuilder();
                sb.append("BCFKS KeyStore unable to recover secret key (");
                sb.append(str);
                sb.append("): ");
                throw new UnrecoverableKeyException(a.a.a.a.a.a(e, sb));
            }
        }
        PrivateKey privateKey = (PrivateKey) this.z5.get(str);
        if (privateKey != null) {
            return privateKey;
        }
        EncryptedPrivateKeyInfo a4 = EncryptedPrivateKeyInfo.a(EncryptedPrivateKeyData.a(objectData.j()).i());
        try {
            PrivateKeyInfo a5 = PrivateKeyInfo.a(a("PRIVATE_KEY_ENCRYPTION", a4.i(), cArr, a4.h()));
            PrivateKey generatePrivate = this.x5.a(a(a5.j().h())).generatePrivate(new PKCS8EncodedKeySpec(a5.getEncoded()));
            this.z5.put(str, generatePrivate);
            return generatePrivate;
        } catch (Exception e2) {
            StringBuilder sb2 = new StringBuilder();
            sb2.append("BCFKS KeyStore unable to recover private key (");
            sb2.append(str);
            sb2.append("): ");
            throw new UnrecoverableKeyException(a.a.a.a.a.a(e2, sb2));
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        ObjectData objectData = (ObjectData) this.y5.get(str);
        if (objectData != null) {
            return objectData.m().equals(I5);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        ObjectData objectData = (ObjectData) this.y5.get(str);
        if (objectData == null) {
            return false;
        }
        BigInteger m = objectData.m();
        return m.equals(J5) || m.equals(K5) || m.equals(L5) || m.equals(M5);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        AlgorithmIdentifier j;
        ASN1Encodable i;
        PublicKey publicKey;
        ObjectStoreData a2;
        this.y5.clear();
        this.z5.clear();
        this.D5 = null;
        this.E5 = null;
        this.A5 = null;
        if (inputStream == null) {
            Date date = new Date();
            this.D5 = date;
            this.E5 = date;
            this.v5 = null;
            this.w5 = null;
            this.A5 = new AlgorithmIdentifier(PKCSObjectIdentifiers.W0, DERNull.v5);
            this.B5 = a(PKCSObjectIdentifiers.J0, 64);
            return;
        }
        try {
            ObjectStore a3 = ObjectStore.a(new ASN1InputStream(inputStream).readObject());
            ObjectStoreIntegrityCheck h = a3.h();
            if (h.i() == 0) {
                PbkdMacIntegrityCheck a4 = PbkdMacIntegrityCheck.a(h.h());
                this.A5 = a4.i();
                this.B5 = a4.j();
                j = this.A5;
                try {
                    a(a3.i().d().getEncoded(), a4, cArr);
                } catch (NoSuchProviderException e) {
                    throw new IOException(e.getMessage());
                }
            } else {
                if (h.i() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                SignatureCheck a5 = SignatureCheck.a(h.h());
                j = a5.j();
                try {
                    xch.bouncycastle.asn1.x509.Certificate[] h2 = a5.h();
                    if (this.w5 == null) {
                        i = a3.i();
                        publicKey = this.v5;
                    } else {
                        if (h2 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory b2 = this.x5.b("X.509");
                        int length = h2.length;
                        X509Certificate[] x509CertificateArr = new X509Certificate[length];
                        for (int i2 = 0; i2 != length; i2++) {
                            x509CertificateArr[i2] = (X509Certificate) b2.generateCertificate(new ByteArrayInputStream(h2[i2].getEncoded()));
                        }
                        if (!this.w5.a(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        i = a3.i();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    a(i, a5, publicKey);
                } catch (GeneralSecurityException e2) {
                    throw new IOException(a.a.a.a.a.a(e2, a.a.a.a.a.a("error verifying signature: ")), e2);
                }
            }
            ASN1Encodable i3 = a3.i();
            if (i3 instanceof EncryptedObjectStoreData) {
                EncryptedObjectStoreData encryptedObjectStoreData = (EncryptedObjectStoreData) i3;
                a2 = ObjectStoreData.a(a("STORE_ENCRYPTION", encryptedObjectStoreData.i(), cArr, encryptedObjectStoreData.h().l()));
            } else {
                a2 = ObjectStoreData.a(i3);
            }
            try {
                this.D5 = a2.i().l();
                this.E5 = a2.k().l();
                if (!a2.j().equals(j)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator it = a2.l().iterator();
                while (it.hasNext()) {
                    ObjectData a6 = ObjectData.a(it.next());
                    this.y5.put(a6.k(), a6);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e3) {
            throw new IOException(e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineLoad(((BCLoadStoreParameter) loadStoreParameter).a(), a(loadStoreParameter));
                return;
            } else {
                StringBuilder a2 = a.a.a.a.a.a("no support for 'parameter' of type ");
                a2.append(loadStoreParameter.getClass().getName());
                throw new IllegalArgumentException(a2.toString());
            }
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        char[] a3 = a((KeyStore.LoadStoreParameter) bCFKSLoadStoreParameter);
        this.B5 = a(bCFKSLoadStoreParameter.g(), 64);
        this.F5 = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? NISTObjectIdentifiers.T : NISTObjectIdentifiers.U;
        this.A5 = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new AlgorithmIdentifier(PKCSObjectIdentifiers.W0, DERNull.v5) : new AlgorithmIdentifier(NISTObjectIdentifiers.r, DERNull.v5);
        this.v5 = (PublicKey) bCFKSLoadStoreParameter.i();
        this.w5 = bCFKSLoadStoreParameter.c();
        this.C5 = a(this.v5, bCFKSLoadStoreParameter.h());
        ASN1ObjectIdentifier aSN1ObjectIdentifier = this.F5;
        InputStream a4 = bCFKSLoadStoreParameter.a();
        engineLoad(a4, a3);
        if (a4 != null) {
            if (!a(bCFKSLoadStoreParameter.g(), this.B5) || !aSN1ObjectIdentifier.b(this.F5)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        Date date;
        ObjectData objectData = (ObjectData) this.y5.get(str);
        Date date2 = new Date();
        if (objectData == null) {
            date = date2;
        } else {
            if (!objectData.m().equals(I5)) {
                throw new KeyStoreException(a.a.a.a.a.a("BCFKS KeyStore already has a key entry with alias ", str));
            }
            date = a(objectData, date2);
        }
        try {
            this.y5.put(str, new ObjectData(I5, str, date, date2, certificate.getEncoded(), null));
            this.E5 = date2;
        } catch (CertificateEncodingException e) {
            StringBuilder a2 = a.a.a.a.a.a("BCFKS KeyStore unable to handle certificate: ");
            a2.append(e.getMessage());
            throw new b(a2.toString(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
        SecretKeyData secretKeyData;
        EncryptedSecretKeyData encryptedSecretKeyData;
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo;
        Date date = new Date();
        ObjectData objectData = (ObjectData) this.y5.get(str);
        Date a2 = objectData != null ? a(objectData, date) : date;
        this.z5.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                KeyDerivationFunc a3 = a(PKCSObjectIdentifiers.J0, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a4 = a(a3, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                if (this.F5.b(NISTObjectIdentifiers.T)) {
                    Cipher a5 = a("AES/CCM/NoPadding", a4);
                    encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.I0, new PBES2Parameters(a3, new EncryptionScheme(NISTObjectIdentifiers.T, CCMParameters.a(a5.getParameters().getEncoded())))), a5.doFinal(encoded));
                } else {
                    encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.I0, new PBES2Parameters(a3, new EncryptionScheme(NISTObjectIdentifiers.U))), a("AESKWP", a4).doFinal(encoded));
                }
                this.y5.put(str, new ObjectData(J5, str, a2, date, a(encryptedPrivateKeyInfo, certificateArr).getEncoded(), null));
            } catch (Exception e) {
                throw new b(a.a.a.a.a.b(e, a.a.a.a.a.a("BCFKS KeyStore exception storing private key: ")), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                KeyDerivationFunc a6 = a(PKCSObjectIdentifiers.J0, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a7 = a(a6, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String d2 = Strings.d(key.getAlgorithm());
                if (d2.indexOf("AES") > -1) {
                    secretKeyData = new SecretKeyData(NISTObjectIdentifiers.w, encoded2);
                } else {
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) G5.get(d2);
                    if (aSN1ObjectIdentifier != null) {
                        secretKeyData = new SecretKeyData(aSN1ObjectIdentifier, encoded2);
                    } else {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = (ASN1ObjectIdentifier) G5.get(d2 + "." + (encoded2.length * 8));
                        if (aSN1ObjectIdentifier2 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + d2 + ") for storage.");
                        }
                        secretKeyData = new SecretKeyData(aSN1ObjectIdentifier2, encoded2);
                    }
                }
                if (this.F5.b(NISTObjectIdentifiers.T)) {
                    Cipher a8 = a("AES/CCM/NoPadding", a7);
                    encryptedSecretKeyData = new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.I0, new PBES2Parameters(a6, new EncryptionScheme(NISTObjectIdentifiers.T, CCMParameters.a(a8.getParameters().getEncoded())))), a8.doFinal(secretKeyData.getEncoded()));
                } else {
                    encryptedSecretKeyData = new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.I0, new PBES2Parameters(a6, new EncryptionScheme(NISTObjectIdentifiers.U))), a("AESKWP", a7).doFinal(secretKeyData.getEncoded()));
                }
                this.y5.put(str, new ObjectData(K5, str, a2, date, encryptedSecretKeyData.getEncoded(), null));
            } catch (Exception e2) {
                throw new b(a.a.a.a.a.b(e2, a.a.a.a.a.a("BCFKS KeyStore exception storing private key: ")), e2);
            }
        }
        this.E5 = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        Date date = new Date();
        ObjectData objectData = (ObjectData) this.y5.get(str);
        Date a2 = objectData != null ? a(objectData, date) : date;
        if (certificateArr != null) {
            try {
                EncryptedPrivateKeyInfo a3 = EncryptedPrivateKeyInfo.a(bArr);
                try {
                    this.z5.remove(str);
                    this.y5.put(str, new ObjectData(L5, str, a2, date, a(a3, certificateArr).getEncoded(), null));
                } catch (Exception e) {
                    throw new b(a.a.a.a.a.b(e, a.a.a.a.a.a("BCFKS KeyStore exception storing protected private key: ")), e);
                }
            } catch (Exception e2) {
                throw new b("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.y5.put(str, new ObjectData(M5, str, a2, date, bArr, null));
            } catch (Exception e3) {
                throw new b(a.a.a.a.a.b(e3, a.a.a.a.a.a("BCFKS KeyStore exception storing protected private key: ")), e3);
            }
        }
        this.E5 = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.y5.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
        KeyDerivationFunc keyDerivationFunc;
        BigInteger i;
        if (this.D5 == null) {
            throw new IOException("KeyStore not initialized");
        }
        EncryptedObjectStoreData a2 = a(this.A5, cArr);
        if (MiscObjectIdentifiers.L.b(this.B5.h())) {
            ScryptParams a3 = ScryptParams.a(this.B5.i());
            keyDerivationFunc = this.B5;
            i = a3.j();
        } else {
            PBKDF2Params a4 = PBKDF2Params.a(this.B5.i());
            keyDerivationFunc = this.B5;
            i = a4.i();
        }
        this.B5 = a(keyDerivationFunc, i.intValue());
        try {
            outputStream.write(new ObjectStore(a2, new ObjectStoreIntegrityCheck(new PbkdMacIntegrityCheck(this.A5, this.B5, a(a2.getEncoded(), this.A5, this.B5, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e) {
            StringBuilder a5 = a.a.a.a.a.a("cannot calculate mac: ");
            a5.append(e.getMessage());
            throw new IOException(a5.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
        SignatureCheck signatureCheck;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof BCFKSStoreParameter) {
            BCFKSStoreParameter bCFKSStoreParameter = (BCFKSStoreParameter) loadStoreParameter;
            char[] a2 = a(loadStoreParameter);
            this.B5 = a(bCFKSStoreParameter.b(), 64);
            engineStore(bCFKSStoreParameter.a(), a2);
            return;
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineStore(((BCLoadStoreParameter) loadStoreParameter).b(), a(loadStoreParameter));
                return;
            } else {
                StringBuilder a3 = a.a.a.a.a.a("no support for 'parameter' of type ");
                a3.append(loadStoreParameter.getClass().getName());
                throw new IllegalArgumentException(a3.toString());
            }
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        if (bCFKSLoadStoreParameter.i() == null) {
            char[] a4 = a((KeyStore.LoadStoreParameter) bCFKSLoadStoreParameter);
            this.B5 = a(bCFKSLoadStoreParameter.g(), 64);
            this.F5 = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? NISTObjectIdentifiers.T : NISTObjectIdentifiers.U;
            this.A5 = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new AlgorithmIdentifier(PKCSObjectIdentifiers.W0, DERNull.v5) : new AlgorithmIdentifier(NISTObjectIdentifiers.r, DERNull.v5);
            engineStore(bCFKSLoadStoreParameter.b(), a4);
            return;
        }
        this.C5 = a(bCFKSLoadStoreParameter.i(), bCFKSLoadStoreParameter.h());
        this.B5 = a(bCFKSLoadStoreParameter.g(), 64);
        this.F5 = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? NISTObjectIdentifiers.T : NISTObjectIdentifiers.U;
        this.A5 = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new AlgorithmIdentifier(PKCSObjectIdentifiers.W0, DERNull.v5) : new AlgorithmIdentifier(NISTObjectIdentifiers.r, DERNull.v5);
        EncryptedObjectStoreData a5 = a(this.C5, a((KeyStore.LoadStoreParameter) bCFKSLoadStoreParameter));
        try {
            Signature n = this.x5.n(this.C5.h().l());
            n.initSign((PrivateKey) bCFKSLoadStoreParameter.i());
            n.update(a5.getEncoded());
            X509Certificate[] d2 = bCFKSLoadStoreParameter.d();
            if (d2 != null) {
                int length = d2.length;
                xch.bouncycastle.asn1.x509.Certificate[] certificateArr = new xch.bouncycastle.asn1.x509.Certificate[length];
                for (int i = 0; i != length; i++) {
                    certificateArr[i] = xch.bouncycastle.asn1.x509.Certificate.a(d2[i].getEncoded());
                }
                signatureCheck = new SignatureCheck(this.C5, certificateArr, n.sign());
            } else {
                signatureCheck = new SignatureCheck(this.C5, n.sign());
            }
            bCFKSLoadStoreParameter.b().write(new ObjectStore(a5, new ObjectStoreIntegrityCheck(signatureCheck)).getEncoded());
            bCFKSLoadStoreParameter.b().flush();
        } catch (GeneralSecurityException e) {
            throw new IOException(a.a.a.a.a.a(e, a.a.a.a.a.a("error creating signature: ")), e);
        }
    }
}
