package org.bouncycastle.jcajce.provider.keystore.bcfks;

import bd.b0;
import bd.y;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.shaded.ow2asm.Opcodes;
import gc.b;
import id.b1;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import kc.f;
import kc.h;
import kc.k;
import kc.l;
import kc.n;
import kc.p;
import nd.d;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import org.bouncycastle.jcajce.BCFKSStoreParameter;
import org.bouncycastle.jcajce.BCLoadStoreParameter;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import rb.o;
import rb.z0;
import sc.a;
import sc.a0;
import sc.g;
import tb.c;
import tb.e;
import tb.j;
import tc.m;
import ve.i;
import xc.w;
import xc.x;

/* loaded from: classes4.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger C1;
    private static final BigInteger K0;
    private static final BigInteger K1;

    /* renamed from: k0, reason: collision with root package name */
    private static final BigInteger f11220k0;

    /* renamed from: k1, reason: collision with root package name */
    private static final BigInteger f11221k1;

    /* renamed from: x, reason: collision with root package name */
    private static final Map<String, o> f11222x;

    /* renamed from: y, reason: collision with root package name */
    private static final Map<o, String> f11223y;

    /* renamed from: b, reason: collision with root package name */
    private PublicKey f11224b;

    /* renamed from: c, reason: collision with root package name */
    private BCFKSLoadStoreParameter.CertChainValidator f11225c;

    /* renamed from: d, reason: collision with root package name */
    private final JcaJceHelper f11226d;

    /* renamed from: g, reason: collision with root package name */
    private a f11229g;

    /* renamed from: k, reason: collision with root package name */
    private h f11230k;

    /* renamed from: n, reason: collision with root package name */
    private a f11231n;

    /* renamed from: p, reason: collision with root package name */
    private Date f11232p;

    /* renamed from: q, reason: collision with root package name */
    private Date f11233q;

    /* renamed from: e, reason: collision with root package name */
    private final Map<String, e> f11227e = new HashMap();

    /* renamed from: f, reason: collision with root package name */
    private final Map<String, PrivateKey> f11228f = new HashMap();

    /* renamed from: r, reason: collision with root package name */
    private o f11234r = b.P;

    /* loaded from: classes4.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new DefaultJcaJceHelper());
        }
    }

    /* loaded from: classes4.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new DefaultJcaJceHelper());
        }
    }

    /* loaded from: classes4.dex */
    private static class ExtKeyStoreException extends KeyStoreException {

        /* renamed from: b, reason: collision with root package name */
        private final Throwable f11236b;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.f11236b = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.f11236b;
        }
    }

    /* loaded from: classes4.dex */
    private static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements n, a0 {
        private final Map<String, byte[]> C2;
        private final byte[] K2;

        public SharedKeyStoreSpi(JcaJceHelper jcaJceHelper) {
            super(jcaJceHelper);
            try {
                byte[] bArr = new byte[32];
                this.K2 = bArr;
                jcaJceHelper.a("DEFAULT").nextBytes(bArr);
                this.C2 = new HashMap();
            } catch (GeneralSecurityException e10) {
                throw new IllegalArgumentException("can't create random - " + e10.toString());
            }
        }

        private byte[] s(String str, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException {
            return b0.i(cArr != null ? ve.a.n(i.j(cArr), i.i(str)) : ve.a.n(this.K2, i.i(str)), this.K2, Opcodes.ACC_ENUM, 8, 1, 32);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) throws KeyStoreException {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            try {
                byte[] s10 = s(str, cArr);
                if (!this.C2.containsKey(str) || ve.a.q(this.C2.get(str), s10)) {
                    Key engineGetKey = super.engineGetKey(str, cArr);
                    if (engineGetKey != null && !this.C2.containsKey(str)) {
                        this.C2.put(str, s10);
                    }
                    return engineGetKey;
                }
                throw new UnrecoverableKeyException("unable to recover key (" + str + ")");
            } catch (InvalidKeyException e10) {
                throw new UnrecoverableKeyException("unable to recover key (" + str + "): " + e10.getMessage());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes4.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BCJcaJceHelper());
        }
    }

    /* loaded from: classes4.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new BCJcaJceHelper());
        }
    }

    static {
        HashMap hashMap = new HashMap();
        f11222x = hashMap;
        HashMap hashMap2 = new HashMap();
        f11223y = hashMap2;
        o oVar = jc.b.f9002e;
        hashMap.put("DESEDE", oVar);
        hashMap.put("TRIPLEDES", oVar);
        hashMap.put("TDEA", oVar);
        hashMap.put("HMACSHA1", n.f9341t8);
        hashMap.put("HMACSHA224", n.f9342u8);
        hashMap.put("HMACSHA256", n.f9343v8);
        hashMap.put("HMACSHA384", n.f9344w8);
        hashMap.put("HMACSHA512", n.f9345x8);
        hashMap.put("SEED", ec.a.f6562a);
        hashMap.put("CAMELLIA.128", ic.a.f8318a);
        hashMap.put("CAMELLIA.192", ic.a.f8319b);
        hashMap.put("CAMELLIA.256", ic.a.f8320c);
        hashMap.put("ARIA.128", hc.a.f8049e);
        hashMap.put("ARIA.192", hc.a.f8053i);
        hashMap.put("ARIA.256", hc.a.f8057m);
        hashMap2.put(n.L7, "RSA");
        hashMap2.put(m.I9, "EC");
        hashMap2.put(jc.b.f9006i, "DH");
        hashMap2.put(n.f9315b8, "DH");
        hashMap2.put(m.f13358oa, "DSA");
        f11220k0 = BigInteger.valueOf(0L);
        K0 = BigInteger.valueOf(1L);
        f11221k1 = BigInteger.valueOf(2L);
        C1 = BigInteger.valueOf(3L);
        K1 = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(JcaJceHelper jcaJceHelper) {
        this.f11226d = jcaJceHelper;
    }

    private byte[] a(byte[] bArr, a aVar, h hVar, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String s10 = aVar.g().s();
        Mac c10 = this.f11226d.c(s10);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            c10.init(new SecretKeySpec(h(hVar, "INTEGRITY_CHECK", cArr, -1), s10));
            return c10.doFinal(bArr);
        } catch (InvalidKeyException e10) {
            throw new IOException("Cannot set up MAC calculation: " + e10.getMessage());
        }
    }

    private Cipher b(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher b10 = this.f11226d.b(str);
        b10.init(1, new SecretKeySpec(bArr, "AES"));
        return b10;
    }

    private c c(f fVar, Certificate[] certificateArr) throws CertificateEncodingException {
        g[] gVarArr = new g[certificateArr.length];
        for (int i10 = 0; i10 != certificateArr.length; i10++) {
            gVarArr[i10] = g.h(certificateArr[i10].getEncoded());
        }
        return new c(fVar, gVarArr);
    }

    private Certificate d(Object obj) {
        JcaJceHelper jcaJceHelper = this.f11226d;
        if (jcaJceHelper != null) {
            try {
                return jcaJceHelper.d("X.509").generateCertificate(new ByteArrayInputStream(g.h(obj).e()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(g.h(obj).e()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] e(String str, a aVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher b10;
        AlgorithmParameters algorithmParameters;
        if (!aVar.g().equals(n.f9331j8)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        k h10 = k.h(aVar.j());
        kc.g g10 = h10.g();
        try {
            if (g10.g().equals(b.P)) {
                b10 = this.f11226d.b("AES/CCM/NoPadding");
                algorithmParameters = this.f11226d.e("CCM");
                algorithmParameters.init(vb.a.h(g10.i()).e());
            } else {
                if (!g10.g().equals(b.Q)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                b10 = this.f11226d.b("AESKWP");
                algorithmParameters = null;
            }
            h i10 = h10.i();
            if (cArr == null) {
                cArr = new char[0];
            }
            b10.init(2, new SecretKeySpec(h(i10, str, cArr, 32), "AES"), algorithmParameters);
            return b10.doFinal(bArr);
        } catch (IOException e10) {
            throw e10;
        } catch (Exception e11) {
            throw new IOException(e11.toString());
        }
    }

    private Date f(e eVar, Date date) {
        try {
            return eVar.g().q();
        } catch (ParseException unused) {
            return date;
        }
    }

    private char[] g(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException {
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            return null;
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
            throw new IllegalArgumentException("no support for protection parameter of type " + protectionParameter.getClass().getName());
        }
        CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (UnsupportedCallbackException e10) {
            throw new IllegalArgumentException("PasswordCallback not recognised: " + e10.getMessage(), e10);
        }
    }

    private byte[] h(h hVar, String str, char[] cArr, int i10) throws IOException {
        byte[] a10 = uc.b0.a(cArr);
        byte[] a11 = uc.b0.a(str.toCharArray());
        if (fc.c.f7323y.equals(hVar.g())) {
            fc.f i11 = fc.f.i(hVar.i());
            if (i11.j() != null) {
                i10 = i11.j().intValue();
            } else if (i10 == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return b0.i(ve.a.n(a10, a11), i11.l(), i11.h().intValue(), i11.g().intValue(), i11.g().intValue(), i10);
        }
        if (!hVar.g().equals(n.f9332k8)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        l g10 = l.g(hVar.i());
        if (g10.i() != null) {
            i10 = g10.i().intValue();
        } else if (i10 == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (g10.j().g().equals(n.f9345x8)) {
            y yVar = new y(new x());
            yVar.g(ve.a.n(a10, a11), g10.k(), g10.h().intValue());
            return ((b1) yVar.e(i10 * 8)).a();
        }
        if (g10.j().g().equals(b.f7607r)) {
            y yVar2 = new y(new w(512));
            yVar2.g(ve.a.n(a10, a11), g10.k(), g10.h().intValue());
            return ((b1) yVar2.e(i10 * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + g10.j().g());
    }

    private h i(h hVar, int i10) {
        o oVar = fc.c.f7323y;
        boolean equals = oVar.equals(hVar.g());
        rb.e i11 = hVar.i();
        if (equals) {
            fc.f i12 = fc.f.i(i11);
            byte[] bArr = new byte[i12.l().length];
            m().nextBytes(bArr);
            return new h(oVar, new fc.f(bArr, i12.h(), i12.g(), i12.k(), BigInteger.valueOf(i10)));
        }
        l g10 = l.g(i11);
        byte[] bArr2 = new byte[g10.k().length];
        m().nextBytes(bArr2);
        return new h(n.f9332k8, new l(bArr2, g10.h().intValue(), i10, g10.j()));
    }

    private h j(nd.e eVar, int i10) {
        o oVar = fc.c.f7323y;
        if (oVar.equals(eVar.a())) {
            nd.i iVar = (nd.i) eVar;
            byte[] bArr = new byte[iVar.e()];
            m().nextBytes(bArr);
            return new h(oVar, new fc.f(bArr, iVar.c(), iVar.b(), iVar.d(), i10));
        }
        d dVar = (d) eVar;
        byte[] bArr2 = new byte[dVar.d()];
        m().nextBytes(bArr2);
        return new h(n.f9332k8, new l(bArr2, dVar.b(), i10, dVar.c()));
    }

    private h k(o oVar, int i10) {
        byte[] bArr = new byte[64];
        m().nextBytes(bArr);
        o oVar2 = n.f9332k8;
        if (oVar2.equals(oVar)) {
            return new h(oVar2, new l(bArr, RemoteJWKSet.DEFAULT_HTTP_SIZE_LIMIT, i10, new a(n.f9345x8, z0.f12423b)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + oVar);
    }

    private a l(Key key, BCFKSLoadStoreParameter.SignatureAlgorithm signatureAlgorithm) throws IOException {
        if (key == null) {
            return null;
        }
        if (key instanceof pd.a) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA) {
                return new a(m.N9);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withECDSA) {
                return new a(b.f7589d0);
            }
        }
        if (key instanceof DSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA) {
                return new a(b.V);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withDSA) {
                return new a(b.Z);
            }
        }
        if (key instanceof RSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA) {
                return new a(n.W7, z0.f12423b);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withRSA) {
                return new a(b.f7597h0, z0.f12423b);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private SecureRandom m() {
        return uc.l.b();
    }

    private tb.b n(a aVar, char[] cArr) throws IOException, NoSuchAlgorithmException {
        e[] eVarArr = (e[]) this.f11227e.values().toArray(new e[this.f11227e.size()]);
        h i10 = i(this.f11230k, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] h10 = h(i10, "STORE_ENCRYPTION", cArr, 32);
        tb.h hVar = new tb.h(aVar, this.f11232p, this.f11233q, new tb.f(eVarArr), null);
        try {
            o oVar = this.f11234r;
            o oVar2 = b.P;
            if (!oVar.equals(oVar2)) {
                return new tb.b(new a(n.f9331j8, new k(i10, new kc.g(b.Q))), b("AESKWP", h10).doFinal(hVar.e()));
            }
            Cipher b10 = b("AES/CCM/NoPadding", h10);
            return new tb.b(new a(n.f9331j8, new k(i10, new kc.g(oVar2, vb.a.h(b10.getParameters().getEncoded())))), b10.doFinal(hVar.e()));
        } catch (InvalidKeyException e10) {
            throw new IOException(e10.toString());
        } catch (NoSuchProviderException e11) {
            throw new IOException(e11.toString());
        } catch (BadPaddingException e12) {
            throw new IOException(e12.toString());
        } catch (IllegalBlockSizeException e13) {
            throw new IOException(e13.toString());
        } catch (NoSuchPaddingException e14) {
            throw new NoSuchAlgorithmException(e14.toString());
        }
    }

    private static String o(o oVar) {
        String str = f11223y.get(oVar);
        return str != null ? str : oVar.s();
    }

    private boolean p(nd.e eVar, h hVar) {
        if (!eVar.a().equals(hVar.g())) {
            return false;
        }
        if (fc.c.f7323y.equals(hVar.g())) {
            if (!(eVar instanceof nd.i)) {
                return false;
            }
            nd.i iVar = (nd.i) eVar;
            fc.f i10 = fc.f.i(hVar.i());
            return iVar.e() == i10.l().length && iVar.b() == i10.g().intValue() && iVar.c() == i10.h().intValue() && iVar.d() == i10.k().intValue();
        }
        if (!(eVar instanceof d)) {
            return false;
        }
        d dVar = (d) eVar;
        l g10 = l.g(hVar.i());
        return dVar.d() == g10.k().length && dVar.b() == g10.h().intValue();
    }

    private void q(byte[] bArr, j jVar, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (!ve.a.q(a(bArr, jVar.i(), jVar.j(), cArr), jVar.h())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private void r(rb.e eVar, tb.l lVar, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature g10 = this.f11226d.g(lVar.j().g().s());
        g10.initVerify(publicKey);
        g10.update(eVar.b().f("DER"));
        if (!g10.verify(lVar.i().s())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.f11227e.keySet()).iterator();
        return new Enumeration(this) { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        Objects.requireNonNull(str, "alias value is null");
        return this.f11227e.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.f11227e.get(str) == null) {
            return;
        }
        this.f11228f.remove(str);
        this.f11227e.remove(str);
        this.f11233q = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        e eVar = this.f11227e.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.l().equals(K0) || eVar.l().equals(C1)) {
            return d(c.i(eVar.h()).g()[0]);
        }
        if (eVar.l().equals(f11220k0)) {
            return d(eVar.h());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.f11227e.keySet()) {
                e eVar = this.f11227e.get(str);
                if (eVar.l().equals(f11220k0)) {
                    if (ve.a.b(eVar.h(), encoded)) {
                        return str;
                    }
                } else if (eVar.l().equals(K0) || eVar.l().equals(C1)) {
                    try {
                        if (ve.a.b(c.i(eVar.h()).g()[0].b().e(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                        continue;
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        e eVar = this.f11227e.get(str);
        if (eVar == null) {
            return null;
        }
        if (!eVar.l().equals(K0) && !eVar.l().equals(C1)) {
            return null;
        }
        g[] g10 = c.i(eVar.h()).g();
        int length = g10.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i10 = 0; i10 != length; i10++) {
            x509CertificateArr[i10] = d(g10[i10]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        e eVar = this.f11227e.get(str);
        if (eVar == null) {
            return null;
        }
        try {
            return eVar.k().q();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        e eVar = this.f11227e.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.l().equals(K0) || eVar.l().equals(C1)) {
            PrivateKey privateKey = this.f11228f.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            f i10 = f.i(c.i(eVar.h()).h());
            try {
                p h10 = p.h(e("PRIVATE_KEY_ENCRYPTION", i10.h(), cArr, i10.g()));
                PrivateKey generatePrivate = this.f11226d.h(o(h10.i().g())).generatePrivate(new PKCS8EncodedKeySpec(h10.e()));
                this.f11228f.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e10) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e10.getMessage());
            }
        }
        if (!eVar.l().equals(f11221k1) && !eVar.l().equals(K1)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        tb.d h11 = tb.d.h(eVar.h());
        try {
            tb.k g10 = tb.k.g(e("SECRET_KEY_ENCRYPTION", h11.i(), cArr, h11.g()));
            return this.f11226d.f(g10.h().s()).generateSecret(new SecretKeySpec(g10.i(), g10.h().s()));
        } catch (Exception e11) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e11.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        e eVar = this.f11227e.get(str);
        if (eVar != null) {
            return eVar.l().equals(f11220k0);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        e eVar = this.f11227e.get(str);
        if (eVar == null) {
            return false;
        }
        BigInteger l10 = eVar.l();
        return l10.equals(K0) || l10.equals(f11221k1) || l10.equals(C1) || l10.equals(K1);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        a j10;
        rb.e i10;
        PublicKey publicKey;
        tb.h h10;
        this.f11227e.clear();
        this.f11228f.clear();
        this.f11232p = null;
        this.f11233q = null;
        this.f11229g = null;
        if (inputStream == null) {
            Date date = new Date();
            this.f11232p = date;
            this.f11233q = date;
            this.f11224b = null;
            this.f11225c = null;
            this.f11229g = new a(n.f9345x8, z0.f12423b);
            this.f11230k = k(n.f9332k8, 64);
            return;
        }
        try {
            tb.g g10 = tb.g.g(new rb.k(inputStream).D());
            tb.i h11 = g10.h();
            if (h11.i() == 0) {
                j g11 = j.g(h11.h());
                this.f11229g = g11.i();
                this.f11230k = g11.j();
                j10 = this.f11229g;
                try {
                    q(g10.i().b().e(), g11, cArr);
                } catch (NoSuchProviderException e10) {
                    throw new IOException(e10.getMessage());
                }
            } else {
                if (h11.i() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                tb.l h12 = tb.l.h(h11.h());
                j10 = h12.j();
                try {
                    g[] g12 = h12.g();
                    if (this.f11225c == null) {
                        i10 = g10.i();
                        publicKey = this.f11224b;
                    } else {
                        if (g12 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory d10 = this.f11226d.d("X.509");
                        int length = g12.length;
                        X509Certificate[] x509CertificateArr = new X509Certificate[length];
                        for (int i11 = 0; i11 != length; i11++) {
                            x509CertificateArr[i11] = (X509Certificate) d10.generateCertificate(new ByteArrayInputStream(g12[i11].e()));
                        }
                        if (!this.f11225c.a(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        i10 = g10.i();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    r(i10, h12, publicKey);
                } catch (GeneralSecurityException e11) {
                    throw new IOException("error verifying signature: " + e11.getMessage(), e11);
                }
            }
            rb.e i12 = g10.i();
            if (i12 instanceof tb.b) {
                tb.b bVar = (tb.b) i12;
                h10 = tb.h.h(e("STORE_ENCRYPTION", bVar.h(), cArr, bVar.g().q()));
            } else {
                h10 = tb.h.h(i12);
            }
            try {
                this.f11232p = h10.g().q();
                this.f11233q = h10.j().q();
                if (!h10.i().equals(j10)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<rb.e> it = h10.k().iterator();
                while (it.hasNext()) {
                    e j11 = e.j(it.next());
                    this.f11227e.put(j11.i(), j11);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e12) {
            throw new IOException(e12.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineLoad(((BCLoadStoreParameter) loadStoreParameter).a(), g(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        char[] g10 = g(bCFKSLoadStoreParameter);
        this.f11230k = j(bCFKSLoadStoreParameter.g(), 64);
        this.f11234r = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? b.P : b.Q;
        this.f11229g = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(n.f9345x8, z0.f12423b) : new a(b.f7607r, z0.f12423b);
        this.f11224b = (PublicKey) bCFKSLoadStoreParameter.i();
        this.f11225c = bCFKSLoadStoreParameter.c();
        this.f11231n = l(this.f11224b, bCFKSLoadStoreParameter.h());
        o oVar = this.f11234r;
        InputStream a10 = bCFKSLoadStoreParameter.a();
        engineLoad(a10, g10);
        if (a10 != null) {
            if (!p(bCFKSLoadStoreParameter.g(), this.f11230k) || !oVar.equals(this.f11234r)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        e eVar = this.f11227e.get(str);
        Date date2 = new Date();
        if (eVar == null) {
            date = date2;
        } else {
            if (!eVar.l().equals(f11220k0)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = f(eVar, date2);
        }
        try {
            this.f11227e.put(str, new e(f11220k0, str, date, date2, certificate.getEncoded(), null));
            this.f11233q = date2;
        } catch (CertificateEncodingException e10) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e10.getMessage(), e10);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        tb.k kVar;
        tb.d dVar;
        f fVar;
        Date date = new Date();
        e eVar = this.f11227e.get(str);
        Date f10 = eVar != null ? f(eVar, date) : date;
        this.f11228f.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                h k10 = k(n.f9332k8, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] h10 = h(k10, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                o oVar = this.f11234r;
                o oVar2 = b.P;
                if (oVar.equals(oVar2)) {
                    Cipher b10 = b("AES/CCM/NoPadding", h10);
                    fVar = new f(new a(n.f9331j8, new k(k10, new kc.g(oVar2, vb.a.h(b10.getParameters().getEncoded())))), b10.doFinal(encoded));
                } else {
                    fVar = new f(new a(n.f9331j8, new k(k10, new kc.g(b.Q))), b("AESKWP", h10).doFinal(encoded));
                }
                this.f11227e.put(str, new e(K0, str, f10, date, c(fVar, certificateArr).e(), null));
            } catch (Exception e10) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e10.toString(), e10);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                h k11 = k(n.f9332k8, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] h11 = h(k11, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String k12 = i.k(key.getAlgorithm());
                if (k12.indexOf("AES") > -1) {
                    kVar = new tb.k(b.f7608s, encoded2);
                } else {
                    Map<String, o> map = f11222x;
                    o oVar3 = map.get(k12);
                    if (oVar3 != null) {
                        kVar = new tb.k(oVar3, encoded2);
                    } else {
                        o oVar4 = map.get(k12 + "." + (encoded2.length * 8));
                        if (oVar4 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + k12 + ") for storage.");
                        }
                        kVar = new tb.k(oVar4, encoded2);
                    }
                }
                o oVar5 = this.f11234r;
                o oVar6 = b.P;
                if (oVar5.equals(oVar6)) {
                    Cipher b11 = b("AES/CCM/NoPadding", h11);
                    dVar = new tb.d(new a(n.f9331j8, new k(k11, new kc.g(oVar6, vb.a.h(b11.getParameters().getEncoded())))), b11.doFinal(kVar.e()));
                } else {
                    dVar = new tb.d(new a(n.f9331j8, new k(k11, new kc.g(b.Q))), b("AESKWP", h11).doFinal(kVar.e()));
                }
                this.f11227e.put(str, new e(f11221k1, str, f10, date, dVar.e(), null));
            } catch (Exception e11) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e11.toString(), e11);
            }
        }
        this.f11233q = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        e eVar = this.f11227e.get(str);
        Date f10 = eVar != null ? f(eVar, date) : date;
        if (certificateArr != null) {
            try {
                f i10 = f.i(bArr);
                try {
                    this.f11228f.remove(str);
                    this.f11227e.put(str, new e(C1, str, f10, date, c(i10, certificateArr).e(), null));
                } catch (Exception e10) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e10.toString(), e10);
                }
            } catch (Exception e11) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e11);
            }
        } else {
            try {
                this.f11227e.put(str, new e(K1, str, f10, date, bArr, null));
            } catch (Exception e12) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e12.toString(), e12);
            }
        }
        this.f11233q = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.f11227e.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        h hVar;
        BigInteger i10;
        if (this.f11232p == null) {
            throw new IOException("KeyStore not initialized");
        }
        tb.b n10 = n(this.f11229g, cArr);
        if (fc.c.f7323y.equals(this.f11230k.g())) {
            fc.f i11 = fc.f.i(this.f11230k.i());
            hVar = this.f11230k;
            i10 = i11.j();
        } else {
            l g10 = l.g(this.f11230k.i());
            hVar = this.f11230k;
            i10 = g10.i();
        }
        this.f11230k = i(hVar, i10.intValue());
        try {
            outputStream.write(new tb.g(n10, new tb.i(new j(this.f11229g, this.f11230k, a(n10.e(), this.f11229g, this.f11230k, cArr)))).e());
            outputStream.flush();
        } catch (NoSuchProviderException e10) {
            throw new IOException("cannot calculate mac: " + e10.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        tb.l lVar;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof BCFKSStoreParameter) {
            BCFKSStoreParameter bCFKSStoreParameter = (BCFKSStoreParameter) loadStoreParameter;
            char[] g10 = g(loadStoreParameter);
            this.f11230k = j(bCFKSStoreParameter.b(), 64);
            engineStore(bCFKSStoreParameter.a(), g10);
            return;
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineStore(((BCLoadStoreParameter) loadStoreParameter).b(), g(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        if (bCFKSLoadStoreParameter.i() == null) {
            char[] g11 = g(bCFKSLoadStoreParameter);
            this.f11230k = j(bCFKSLoadStoreParameter.g(), 64);
            this.f11234r = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? b.P : b.Q;
            this.f11229g = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(n.f9345x8, z0.f12423b) : new a(b.f7607r, z0.f12423b);
            engineStore(bCFKSLoadStoreParameter.b(), g11);
            return;
        }
        this.f11231n = l(bCFKSLoadStoreParameter.i(), bCFKSLoadStoreParameter.h());
        this.f11230k = j(bCFKSLoadStoreParameter.g(), 64);
        this.f11234r = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? b.P : b.Q;
        this.f11229g = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(n.f9345x8, z0.f12423b) : new a(b.f7607r, z0.f12423b);
        tb.b n10 = n(this.f11231n, g(bCFKSLoadStoreParameter));
        try {
            Signature g12 = this.f11226d.g(this.f11231n.g().s());
            g12.initSign((PrivateKey) bCFKSLoadStoreParameter.i());
            g12.update(n10.e());
            X509Certificate[] d10 = bCFKSLoadStoreParameter.d();
            if (d10 != null) {
                int length = d10.length;
                g[] gVarArr = new g[length];
                for (int i10 = 0; i10 != length; i10++) {
                    gVarArr[i10] = g.h(d10[i10].getEncoded());
                }
                lVar = new tb.l(this.f11231n, gVarArr, g12.sign());
            } else {
                lVar = new tb.l(this.f11231n, g12.sign());
            }
            bCFKSLoadStoreParameter.b().write(new tb.g(n10, new tb.i(lVar)).e());
            bCFKSLoadStoreParameter.b().flush();
        } catch (GeneralSecurityException e10) {
            throw new IOException("error creating signature: " + e10.getMessage(), e10);
        }
    }
}
