package org.bouncycastle.jcajce.provider.keystore.bcfks;

import androidx.core.app.NotificationCompat;
import defpackage.a26;
import defpackage.ae5;
import defpackage.ah5;
import defpackage.bh5;
import defpackage.bi5;
import defpackage.ch5;
import defpackage.dh5;
import defpackage.dj5;
import defpackage.dz5;
import defpackage.eh5;
import defpackage.eh6;
import defpackage.ei5;
import defpackage.ej5;
import defpackage.fh5;
import defpackage.fi5;
import defpackage.fj5;
import defpackage.fu5;
import defpackage.g46;
import defpackage.gh5;
import defpackage.gi5;
import defpackage.gq5;
import defpackage.hl5;
import defpackage.hq5;
import defpackage.ij5;
import defpackage.in5;
import defpackage.iu5;
import defpackage.jj5;
import defpackage.ko5;
import defpackage.l16;
import defpackage.lf5;
import defpackage.lj5;
import defpackage.m16;
import defpackage.nj5;
import defpackage.pg6;
import defpackage.qd5;
import defpackage.r16;
import defpackage.t16;
import defpackage.tm5;
import defpackage.u36;
import defpackage.un5;
import defpackage.v36;
import defpackage.vh5;
import defpackage.vk5;
import defpackage.w36;
import defpackage.wd5;
import defpackage.wg5;
import defpackage.xg5;
import defpackage.xi5;
import defpackage.y16;
import defpackage.yg5;
import defpackage.yh5;
import defpackage.z16;
import defpackage.zg5;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jcajce.provider.keystore.util.AdaptingKeyStoreSpi;
import org.bouncycastle.jcajce.provider.keystore.util.ParameterUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map<String, ae5> oidMap;
    private static final Map<ae5, String> publicAlgMap;
    private Date creationDate;
    private final w36 helper;
    private vk5 hmacAlgorithm;
    private fj5 hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private vk5 signatureAlgorithm;
    private y16.a validator;
    private PublicKey verificationKey;
    private final Map<String, zg5> entries = new HashMap();
    private final Map<String, PrivateKey> privateKeyCache = new HashMap();
    private ae5 storeEncryptionAlgorithm = ei5.T;

    /* loaded from: classes3.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new v36());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class DefCompat extends AdaptingKeyStoreSpi {
        public DefCompat() {
            super(new v36(), new BcFKSKeyStoreSpi(new v36()));
        }
    }

    /* loaded from: classes3.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new v36());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class DefSharedCompat extends AdaptingKeyStoreSpi {
        public DefSharedCompat() {
            super(new v36(), new BcFKSKeyStoreSpi(new v36()));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes3.dex */
    private static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements lj5, tm5 {
        private final Map<String, byte[]> cache;
        private final byte[] seedKey;

        public SharedKeyStoreSpi(w36 w36Var) {
            super(w36Var);
            try {
                byte[] bArr = new byte[32];
                this.seedKey = bArr;
                w36Var.a("DEFAULT").nextBytes(bArr);
                this.cache = new HashMap();
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException("can't create random - " + e.toString());
            }
        }

        private byte[] calculateMac(String str, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException {
            return iu5.i(cArr != null ? pg6.p(eh6.j(cArr), eh6.i(str)) : pg6.p(this.seedKey, eh6.i(str)), this.seedKey, 16384, 8, 1, 32);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) throws KeyStoreException {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            try {
                byte[] calculateMac = calculateMac(str, cArr);
                if (!this.cache.containsKey(str) || pg6.u(this.cache.get(str), calculateMac)) {
                    Key engineGetKey = super.engineGetKey(str, cArr);
                    if (engineGetKey != null && !this.cache.containsKey(str)) {
                        this.cache.put(str, calculateMac);
                    }
                    return engineGetKey;
                }
                throw new UnrecoverableKeyException("unable to recover key (" + str + ")");
            } catch (InvalidKeyException e) {
                throw new UnrecoverableKeyException("unable to recover key (" + str + "): " + e.getMessage());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes3.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new u36());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class StdCompat extends AdaptingKeyStoreSpi {
        public StdCompat() {
            super(new v36(), new BcFKSKeyStoreSpi(new u36()));
        }
    }

    /* loaded from: classes3.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new u36());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class StdSharedCompat extends AdaptingKeyStoreSpi {
        public StdSharedCompat() {
            super(new u36(), new BcFKSKeyStoreSpi(new u36()));
        }
    }

    static {
        HashMap hashMap = new HashMap();
        oidMap = hashMap;
        HashMap hashMap2 = new HashMap();
        publicAlgMap = hashMap2;
        ae5 ae5Var = xi5.h;
        hashMap.put("DESEDE", ae5Var);
        hashMap.put("TRIPLEDES", ae5Var);
        hashMap.put("TDEA", ae5Var);
        hashMap.put("HMACSHA1", lj5.u0);
        hashMap.put("HMACSHA224", lj5.v0);
        hashMap.put("HMACSHA256", lj5.w0);
        hashMap.put("HMACSHA384", lj5.x0);
        hashMap.put("HMACSHA512", lj5.y0);
        hashMap.put("SEED", vh5.a);
        hashMap.put("CAMELLIA.128", gi5.a);
        hashMap.put("CAMELLIA.192", gi5.b);
        hashMap.put("CAMELLIA.256", gi5.c);
        hashMap.put("ARIA.128", fi5.h);
        hashMap.put("ARIA.192", fi5.m);
        hashMap.put("ARIA.256", fi5.r);
        hashMap2.put(lj5.L, "RSA");
        hashMap2.put(in5.p3, "EC");
        hashMap2.put(xi5.l, "DH");
        hashMap2.put(lj5.c0, "DH");
        hashMap2.put(in5.Z3, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(w36 w36Var) {
        this.helper = w36Var;
    }

    private byte[] calculateMac(byte[] bArr, vk5 vk5Var, fj5 fj5Var, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String P = vk5Var.r().P();
        Mac d = this.helper.d(P);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            d.init(new SecretKeySpec(generateKey(fj5Var, "INTEGRITY_CHECK", cArr, -1), P));
            return d.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IOException("Cannot set up MAC calculation: " + e.getMessage());
        }
    }

    private Cipher createCipher(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher c = this.helper.c(str);
        c.init(1, new SecretKeySpec(bArr, "AES"));
        return c;
    }

    private xg5 createPrivateKeySequence(dj5 dj5Var, Certificate[] certificateArr) throws CertificateEncodingException {
        hl5[] hl5VarArr = new hl5[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            hl5VarArr[i] = hl5.t(certificateArr[i].getEncoded());
        }
        return new xg5(dj5Var, hl5VarArr);
    }

    private Certificate decodeCertificate(Object obj) {
        w36 w36Var = this.helper;
        if (w36Var != null) {
            try {
                return w36Var.e("X.509").generateCertificate(new ByteArrayInputStream(hl5.t(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(hl5.t(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] decryptData(String str, vk5 vk5Var, char[] cArr, byte[] bArr) throws IOException {
        Cipher c;
        AlgorithmParameters algorithmParameters;
        if (!vk5Var.r().D(lj5.k0)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        ij5 t = ij5.t(vk5Var.C());
        ej5 r = t.r();
        try {
            if (r.r().D(ei5.T)) {
                c = this.helper.c("AES/CCM/NoPadding");
                algorithmParameters = this.helper.f("CCM");
                algorithmParameters.init(t16.t(r.z()).getEncoded());
            } else {
                if (!r.r().D(ei5.U)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                c = this.helper.c("AESKWP");
                algorithmParameters = null;
            }
            fj5 z = t.z();
            if (cArr == null) {
                cArr = new char[0];
            }
            c.init(2, new SecretKeySpec(generateKey(z, str, cArr, 32), "AES"), algorithmParameters);
            return c.doFinal(bArr);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new IOException(e2.toString());
        }
    }

    private Date extractCreationDate(zg5 zg5Var, Date date) {
        try {
            return zg5Var.r().O();
        } catch (ParseException unused) {
            return date;
        }
    }

    private byte[] generateKey(fj5 fj5Var, String str, char[] cArr, int i) throws IOException {
        byte[] PKCS12PasswordToBytes = ko5.PKCS12PasswordToBytes(cArr);
        byte[] PKCS12PasswordToBytes2 = ko5.PKCS12PasswordToBytes(str.toCharArray());
        if (yh5.M.D(fj5Var.r())) {
            bi5 z = bi5.z(fj5Var.z());
            if (z.C() != null) {
                i = z.C().intValue();
            } else if (i == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return iu5.i(pg6.p(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), z.F(), z.t().intValue(), z.r().intValue(), z.r().intValue(), i);
        }
        if (!fj5Var.r().D(lj5.l0)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        jj5 r = jj5.r(fj5Var.z());
        if (r.z() != null) {
            i = r.z().intValue();
        } else if (i == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (r.C().r().D(lj5.y0)) {
            fu5 fu5Var = new fu5(new hq5());
            fu5Var.init(pg6.p(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), r.D(), r.t().intValue());
            return ((dz5) fu5Var.generateDerivedParameters(i * 8)).a();
        }
        if (r.C().r().D(ei5.r)) {
            fu5 fu5Var2 = new fu5(new gq5(NotificationCompat.FLAG_GROUP_SUMMARY));
            fu5Var2.init(pg6.p(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), r.D(), r.t().intValue());
            return ((dz5) fu5Var2.generateDerivedParameters(i * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + r.C().r());
    }

    private fj5 generatePkbdAlgorithmIdentifier(ae5 ae5Var, int i) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        ae5 ae5Var2 = lj5.l0;
        if (ae5Var2.D(ae5Var)) {
            return new fj5(ae5Var2, new jj5(bArr, 51200, i, new vk5(lj5.y0, lf5.a)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + ae5Var);
    }

    private fj5 generatePkbdAlgorithmIdentifier(fj5 fj5Var, int i) {
        ae5 ae5Var = yh5.M;
        boolean D = ae5Var.D(fj5Var.r());
        qd5 z = fj5Var.z();
        if (D) {
            bi5 z2 = bi5.z(z);
            byte[] bArr = new byte[z2.F().length];
            getDefaultSecureRandom().nextBytes(bArr);
            return new fj5(ae5Var, new bi5(bArr, z2.t(), z2.r(), z2.D(), BigInteger.valueOf(i)));
        }
        jj5 r = jj5.r(z);
        byte[] bArr2 = new byte[r.D().length];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new fj5(lj5.l0, new jj5(bArr2, r.t().intValue(), i, r.C()));
    }

    private fj5 generatePkbdAlgorithmIdentifier(m16 m16Var, int i) {
        ae5 ae5Var = yh5.M;
        if (ae5Var.D(m16Var.a())) {
            r16 r16Var = (r16) m16Var;
            byte[] bArr = new byte[r16Var.e()];
            getDefaultSecureRandom().nextBytes(bArr);
            return new fj5(ae5Var, new bi5(bArr, r16Var.c(), r16Var.b(), r16Var.d(), i));
        }
        l16 l16Var = (l16) m16Var;
        byte[] bArr2 = new byte[l16Var.d()];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new fj5(lj5.l0, new jj5(bArr2, l16Var.b(), i, l16Var.c()));
    }

    private vk5 generateSignatureAlgId(Key key, y16.d dVar) throws IOException {
        if (key == null) {
            return null;
        }
        if (key instanceof g46) {
            if (dVar == y16.d.SHA512withECDSA) {
                return new vk5(in5.u3);
            }
            if (dVar == y16.d.SHA3_512withECDSA) {
                return new vk5(ei5.i0);
            }
        }
        if (key instanceof DSAKey) {
            if (dVar == y16.d.SHA512withDSA) {
                return new vk5(ei5.a0);
            }
            if (dVar == y16.d.SHA3_512withDSA) {
                return new vk5(ei5.e0);
            }
        }
        if (key instanceof RSAKey) {
            if (dVar == y16.d.SHA512withRSA) {
                return new vk5(lj5.X, lf5.a);
            }
            if (dVar == y16.d.SHA3_512withRSA) {
                return new vk5(ei5.m0, lf5.a);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private SecureRandom getDefaultSecureRandom() {
        return un5.b();
    }

    private wg5 getEncryptedObjectStoreData(vk5 vk5Var, char[] cArr) throws IOException, NoSuchAlgorithmException {
        zg5[] zg5VarArr = (zg5[]) this.entries.values().toArray(new zg5[this.entries.size()]);
        fj5 generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(this.hmacPkbdAlgorithm, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr, 32);
        ch5 ch5Var = new ch5(vk5Var, this.creationDate, this.lastModifiedDate, new ah5(zg5VarArr), null);
        try {
            ae5 ae5Var = this.storeEncryptionAlgorithm;
            ae5 ae5Var2 = ei5.T;
            if (!ae5Var.D(ae5Var2)) {
                return new wg5(new vk5(lj5.k0, new ij5(generatePkbdAlgorithmIdentifier, new ej5(ei5.U))), createCipher("AESKWP", generateKey).doFinal(ch5Var.getEncoded()));
            }
            Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
            return new wg5(new vk5(lj5.k0, new ij5(generatePkbdAlgorithmIdentifier, new ej5(ae5Var2, t16.t(createCipher.getParameters().getEncoded())))), createCipher.doFinal(ch5Var.getEncoded()));
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (NoSuchProviderException e2) {
            throw new IOException(e2.toString());
        } catch (BadPaddingException e3) {
            throw new IOException(e3.toString());
        } catch (IllegalBlockSizeException e4) {
            throw new IOException(e4.toString());
        } catch (NoSuchPaddingException e5) {
            throw new NoSuchAlgorithmException(e5.toString());
        }
    }

    private static String getPublicKeyAlg(ae5 ae5Var) {
        String str = publicAlgMap.get(ae5Var);
        return str != null ? str : ae5Var.P();
    }

    private boolean isSimilarHmacPbkd(m16 m16Var, fj5 fj5Var) {
        if (!m16Var.a().D(fj5Var.r())) {
            return false;
        }
        if (yh5.M.D(fj5Var.r())) {
            if (!(m16Var instanceof r16)) {
                return false;
            }
            r16 r16Var = (r16) m16Var;
            bi5 z = bi5.z(fj5Var.z());
            return r16Var.e() == z.F().length && r16Var.b() == z.r().intValue() && r16Var.c() == z.t().intValue() && r16Var.d() == z.D().intValue();
        }
        if (!(m16Var instanceof l16)) {
            return false;
        }
        l16 l16Var = (l16) m16Var;
        jj5 r = jj5.r(fj5Var.z());
        return l16Var.d() == r.D().length && l16Var.b() == r.t().intValue();
    }

    private void verifyMac(byte[] bArr, eh5 eh5Var, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (!pg6.u(calculateMac(bArr, eh5Var.z(), eh5Var.C(), cArr), eh5Var.t())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private void verifySig(qd5 qd5Var, gh5 gh5Var, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature createSignature = this.helper.createSignature(gh5Var.C().r().P());
        createSignature.initVerify(publicKey);
        createSignature.update(qd5Var.f().n("DER"));
        if (!createSignature.verify(gh5Var.z().N())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        Objects.requireNonNull(str, "alias value is null");
        return this.entries.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.entries.get(str) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        zg5 zg5Var = this.entries.get(str);
        if (zg5Var == null) {
            return null;
        }
        if (zg5Var.F().equals(PRIVATE_KEY) || zg5Var.F().equals(PROTECTED_PRIVATE_KEY)) {
            return decodeCertificate(xg5.z(zg5Var.t()).r()[0]);
        }
        if (zg5Var.F().equals(CERTIFICATE)) {
            return decodeCertificate(zg5Var.t());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                zg5 zg5Var = this.entries.get(str);
                if (zg5Var.F().equals(CERTIFICATE)) {
                    if (pg6.c(zg5Var.t(), encoded)) {
                        return str;
                    }
                } else if (zg5Var.F().equals(PRIVATE_KEY) || zg5Var.F().equals(PROTECTED_PRIVATE_KEY)) {
                    try {
                        if (pg6.c(xg5.z(zg5Var.t()).r()[0].f().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        zg5 zg5Var = this.entries.get(str);
        if (zg5Var == null) {
            return null;
        }
        if (!zg5Var.F().equals(PRIVATE_KEY) && !zg5Var.F().equals(PROTECTED_PRIVATE_KEY)) {
            return null;
        }
        hl5[] r = xg5.z(zg5Var.t()).r();
        int length = r.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i != length; i++) {
            x509CertificateArr[i] = decodeCertificate(r[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        zg5 zg5Var = this.entries.get(str);
        if (zg5Var == null) {
            return null;
        }
        try {
            return zg5Var.D().O();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        zg5 zg5Var = this.entries.get(str);
        if (zg5Var == null) {
            return null;
        }
        if (zg5Var.F().equals(PRIVATE_KEY) || zg5Var.F().equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey privateKey = this.privateKeyCache.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            dj5 z = dj5.z(xg5.z(zg5Var.t()).t());
            try {
                nj5 t = nj5.t(decryptData("PRIVATE_KEY_ENCRYPTION", z.t(), cArr, z.r()));
                PrivateKey generatePrivate = this.helper.h(getPublicKeyAlg(t.C().r())).generatePrivate(new PKCS8EncodedKeySpec(t.getEncoded()));
                this.privateKeyCache.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e.getMessage());
            }
        }
        if (!zg5Var.F().equals(SECRET_KEY) && !zg5Var.F().equals(PROTECTED_SECRET_KEY)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        yg5 t2 = yg5.t(zg5Var.t());
        try {
            fh5 r = fh5.r(decryptData("SECRET_KEY_ENCRYPTION", t2.z(), cArr, t2.r()));
            return this.helper.g(r.t().P()).generateSecret(new SecretKeySpec(r.z(), r.t().P()));
        } catch (Exception e2) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        zg5 zg5Var = this.entries.get(str);
        if (zg5Var != null) {
            return zg5Var.F().equals(CERTIFICATE);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        zg5 zg5Var = this.entries.get(str);
        if (zg5Var == null) {
            return false;
        }
        BigInteger F = zg5Var.F();
        return F.equals(PRIVATE_KEY) || F.equals(SECRET_KEY) || F.equals(PROTECTED_PRIVATE_KEY) || F.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        vk5 C;
        qd5 z;
        PublicKey publicKey;
        ch5 t;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.verificationKey = null;
            this.validator = null;
            this.hmacAlgorithm = new vk5(lj5.y0, lf5.a);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(lj5.l0, 64);
            return;
        }
        try {
            bh5 r = bh5.r(new wd5(inputStream).l());
            dh5 t2 = r.t();
            if (t2.z() == 0) {
                eh5 r2 = eh5.r(t2.t());
                this.hmacAlgorithm = r2.z();
                this.hmacPkbdAlgorithm = r2.C();
                C = this.hmacAlgorithm;
                try {
                    verifyMac(r.z().f().getEncoded(), r2, cArr);
                } catch (NoSuchProviderException e) {
                    throw new IOException(e.getMessage());
                }
            } else {
                if (t2.z() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                gh5 t3 = gh5.t(t2.t());
                C = t3.C();
                try {
                    hl5[] r3 = t3.r();
                    if (this.validator == null) {
                        z = r.z();
                        publicKey = this.verificationKey;
                    } else {
                        if (r3 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory e2 = this.helper.e("X.509");
                        int length = r3.length;
                        X509Certificate[] x509CertificateArr = new X509Certificate[length];
                        for (int i = 0; i != length; i++) {
                            x509CertificateArr[i] = (X509Certificate) e2.generateCertificate(new ByteArrayInputStream(r3[i].getEncoded()));
                        }
                        if (!this.validator.a(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        z = r.z();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    verifySig(z, t3, publicKey);
                } catch (GeneralSecurityException e3) {
                    throw new IOException("error verifying signature: " + e3.getMessage(), e3);
                }
            }
            qd5 z2 = r.z();
            if (z2 instanceof wg5) {
                wg5 wg5Var = (wg5) z2;
                t = ch5.t(decryptData("STORE_ENCRYPTION", wg5Var.t(), cArr, wg5Var.r().N()));
            } else {
                t = ch5.t(z2);
            }
            try {
                this.creationDate = t.r().O();
                this.lastModifiedDate = t.C().O();
                if (!t.z().equals(C)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<qd5> it = t.D().iterator();
                while (it.hasNext()) {
                    zg5 C2 = zg5.C(it.next());
                    this.entries.put(C2.z(), C2);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e4) {
            throw new IOException(e4.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            engineLoad(null, null);
            return;
        }
        if (!(loadStoreParameter instanceof y16)) {
            if (loadStoreParameter instanceof a26) {
                engineLoad(((a26) loadStoreParameter).a(), ParameterUtil.extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        y16 y16Var = (y16) loadStoreParameter;
        char[] extractPassword = ParameterUtil.extractPassword(y16Var);
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(y16Var.g(), 64);
        this.storeEncryptionAlgorithm = y16Var.e() == y16.b.AES256_CCM ? ei5.T : ei5.U;
        this.hmacAlgorithm = y16Var.f() == y16.c.HmacSHA512 ? new vk5(lj5.y0, lf5.a) : new vk5(ei5.r, lf5.a);
        this.verificationKey = (PublicKey) y16Var.i();
        this.validator = y16Var.c();
        this.signatureAlgorithm = generateSignatureAlgId(this.verificationKey, y16Var.h());
        ae5 ae5Var = this.storeEncryptionAlgorithm;
        InputStream a = y16Var.a();
        engineLoad(a, extractPassword);
        if (a != null) {
            if (!isSimilarHmacPbkd(y16Var.g(), this.hmacPkbdAlgorithm) || !ae5Var.D(this.storeEncryptionAlgorithm)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        zg5 zg5Var = this.entries.get(str);
        Date date2 = new Date();
        if (zg5Var == null) {
            date = date2;
        } else {
            if (!zg5Var.F().equals(CERTIFICATE)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = extractCreationDate(zg5Var, date2);
        }
        try {
            this.entries.put(str, new zg5(CERTIFICATE, str, date, date2, certificate.getEncoded(), null));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        fh5 fh5Var;
        yg5 yg5Var;
        dj5 dj5Var;
        Date date = new Date();
        zg5 zg5Var = this.entries.get(str);
        Date extractCreationDate = zg5Var != null ? extractCreationDate(zg5Var, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                fj5 generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(lj5.l0, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                ae5 ae5Var = this.storeEncryptionAlgorithm;
                ae5 ae5Var2 = ei5.T;
                if (ae5Var.D(ae5Var2)) {
                    Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
                    dj5Var = new dj5(new vk5(lj5.k0, new ij5(generatePkbdAlgorithmIdentifier, new ej5(ae5Var2, t16.t(createCipher.getParameters().getEncoded())))), createCipher.doFinal(encoded));
                } else {
                    dj5Var = new dj5(new vk5(lj5.k0, new ij5(generatePkbdAlgorithmIdentifier, new ej5(ei5.U))), createCipher("AESKWP", generateKey).doFinal(encoded));
                }
                this.entries.put(str, new zg5(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(dj5Var, certificateArr).getEncoded(), null));
            } catch (Exception e) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                fj5 generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(lj5.l0, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String k = eh6.k(key.getAlgorithm());
                if (k.indexOf("AES") > -1) {
                    fh5Var = new fh5(ei5.w, encoded2);
                } else {
                    Map<String, ae5> map = oidMap;
                    ae5 ae5Var3 = map.get(k);
                    if (ae5Var3 != null) {
                        fh5Var = new fh5(ae5Var3, encoded2);
                    } else {
                        ae5 ae5Var4 = map.get(k + "." + (encoded2.length * 8));
                        if (ae5Var4 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + k + ") for storage.");
                        }
                        fh5Var = new fh5(ae5Var4, encoded2);
                    }
                }
                ae5 ae5Var5 = this.storeEncryptionAlgorithm;
                ae5 ae5Var6 = ei5.T;
                if (ae5Var5.D(ae5Var6)) {
                    Cipher createCipher2 = createCipher("AES/CCM/NoPadding", generateKey2);
                    yg5Var = new yg5(new vk5(lj5.k0, new ij5(generatePkbdAlgorithmIdentifier2, new ej5(ae5Var6, t16.t(createCipher2.getParameters().getEncoded())))), createCipher2.doFinal(fh5Var.getEncoded()));
                } else {
                    yg5Var = new yg5(new vk5(lj5.k0, new ij5(generatePkbdAlgorithmIdentifier2, new ej5(ei5.U))), createCipher("AESKWP", generateKey2).doFinal(fh5Var.getEncoded()));
                }
                this.entries.put(str, new zg5(SECRET_KEY, str, extractCreationDate, date, yg5Var.getEncoded(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        zg5 zg5Var = this.entries.get(str);
        Date extractCreationDate = zg5Var != null ? extractCreationDate(zg5Var, date) : date;
        if (certificateArr != null) {
            try {
                dj5 z = dj5.z(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new zg5(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(z, certificateArr).getEncoded(), null));
                } catch (Exception e) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.entries.put(str, new zg5(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr, null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e3.toString(), e3);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        fj5 fj5Var;
        BigInteger z;
        if (this.creationDate == null) {
            throw new IOException("KeyStore not initialized");
        }
        wg5 encryptedObjectStoreData = getEncryptedObjectStoreData(this.hmacAlgorithm, cArr);
        if (yh5.M.D(this.hmacPkbdAlgorithm.r())) {
            bi5 z2 = bi5.z(this.hmacPkbdAlgorithm.z());
            fj5Var = this.hmacPkbdAlgorithm;
            z = z2.C();
        } else {
            jj5 r = jj5.r(this.hmacPkbdAlgorithm.z());
            fj5Var = this.hmacPkbdAlgorithm;
            z = r.z();
        }
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(fj5Var, z.intValue());
        try {
            outputStream.write(new bh5(encryptedObjectStoreData, new dh5(new eh5(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(encryptedObjectStoreData.getEncoded(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e) {
            throw new IOException("cannot calculate mac: " + e.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        gh5 gh5Var;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof z16) {
            z16 z16Var = (z16) loadStoreParameter;
            char[] extractPassword = ParameterUtil.extractPassword(loadStoreParameter);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(z16Var.b(), 64);
            engineStore(z16Var.a(), extractPassword);
            return;
        }
        if (!(loadStoreParameter instanceof y16)) {
            if (loadStoreParameter instanceof a26) {
                engineStore(((a26) loadStoreParameter).b(), ParameterUtil.extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        y16 y16Var = (y16) loadStoreParameter;
        if (y16Var.i() == null) {
            char[] extractPassword2 = ParameterUtil.extractPassword(y16Var);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(y16Var.g(), 64);
            this.storeEncryptionAlgorithm = y16Var.e() == y16.b.AES256_CCM ? ei5.T : ei5.U;
            this.hmacAlgorithm = y16Var.f() == y16.c.HmacSHA512 ? new vk5(lj5.y0, lf5.a) : new vk5(ei5.r, lf5.a);
            engineStore(y16Var.b(), extractPassword2);
            return;
        }
        this.signatureAlgorithm = generateSignatureAlgId(y16Var.i(), y16Var.h());
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(y16Var.g(), 64);
        this.storeEncryptionAlgorithm = y16Var.e() == y16.b.AES256_CCM ? ei5.T : ei5.U;
        this.hmacAlgorithm = y16Var.f() == y16.c.HmacSHA512 ? new vk5(lj5.y0, lf5.a) : new vk5(ei5.r, lf5.a);
        wg5 encryptedObjectStoreData = getEncryptedObjectStoreData(this.signatureAlgorithm, ParameterUtil.extractPassword(y16Var));
        try {
            Signature createSignature = this.helper.createSignature(this.signatureAlgorithm.r().P());
            createSignature.initSign((PrivateKey) y16Var.i());
            createSignature.update(encryptedObjectStoreData.getEncoded());
            X509Certificate[] d = y16Var.d();
            if (d != null) {
                int length = d.length;
                hl5[] hl5VarArr = new hl5[length];
                for (int i = 0; i != length; i++) {
                    hl5VarArr[i] = hl5.t(d[i].getEncoded());
                }
                gh5Var = new gh5(this.signatureAlgorithm, hl5VarArr, createSignature.sign());
            } else {
                gh5Var = new gh5(this.signatureAlgorithm, createSignature.sign());
            }
            y16Var.b().write(new bh5(encryptedObjectStoreData, new dh5(gh5Var)).getEncoded());
            y16Var.b().flush();
        } catch (GeneralSecurityException e) {
            throw new IOException("error creating signature: " + e.getMessage(), e);
        }
    }
}
