package org.bouncycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import l.a.b.a4.r;
import l.a.b.f;
import l.a.b.k1;
import l.a.b.l;
import l.a.b.p;
import l.a.b.q3.j;
import l.a.b.q3.k;
import l.a.b.q3.m;
import l.a.b.q3.q;
import l.a.b.q3.s;
import l.a.b.q3.u;
import l.a.b.t2.d;
import l.a.b.t2.e;
import l.a.b.t2.g;
import l.a.b.t2.i;
import l.a.b.w2.h;
import l.a.b.z3.o;
import l.a.c.k0.x;
import l.a.c.p0.g0;
import l.a.c.v0.w0;
import l.a.c.z;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Strings;

/* loaded from: classes3.dex */
public class BcFKSKeyStoreSpi extends KeyStoreSpi {

    /* renamed from: h, reason: collision with root package name */
    public static final Map<String, p> f29490h = new HashMap();

    /* renamed from: i, reason: collision with root package name */
    public static final Map<p, String> f29491i = new HashMap();

    /* renamed from: j, reason: collision with root package name */
    public static final BigInteger f29492j;

    /* renamed from: k, reason: collision with root package name */
    public static final BigInteger f29493k;

    /* renamed from: l, reason: collision with root package name */
    public static final BigInteger f29494l;

    /* renamed from: m, reason: collision with root package name */
    public static final BigInteger f29495m;

    /* renamed from: n, reason: collision with root package name */
    public static final BigInteger f29496n;

    /* renamed from: a, reason: collision with root package name */
    public final BouncyCastleProvider f29497a;

    /* renamed from: b, reason: collision with root package name */
    public final Map<String, e> f29498b = new HashMap();

    /* renamed from: c, reason: collision with root package name */
    public final Map<String, PrivateKey> f29499c = new HashMap();

    /* renamed from: d, reason: collision with root package name */
    public l.a.b.z3.b f29500d;

    /* renamed from: e, reason: collision with root package name */
    public m f29501e;

    /* renamed from: f, reason: collision with root package name */
    public Date f29502f;

    /* renamed from: g, reason: collision with root package name */
    public Date f29503g;

    /* loaded from: classes3.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        public final Throwable cause;

        public ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes3.dex */
    public class a implements Enumeration {

        /* renamed from: a, reason: collision with root package name */
        public final /* synthetic */ Iterator f29504a;

        public a(Iterator it) {
            this.f29504a = it;
        }

        @Override // java.util.Enumeration
        public boolean hasMoreElements() {
            return this.f29504a.hasNext();
        }

        @Override // java.util.Enumeration
        public Object nextElement() {
            return this.f29504a.next();
        }
    }

    /* loaded from: classes3.dex */
    public static class b extends BcFKSKeyStoreSpi {
        public b() {
            super(null);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }
    }

    /* loaded from: classes3.dex */
    public static class c extends BcFKSKeyStoreSpi {
        public c() {
            super(new BouncyCastleProvider());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }
    }

    static {
        f29490h.put("DESEDE", l.a.b.p3.b.f23552h);
        f29490h.put("TRIPLEDES", l.a.b.p3.b.f23552h);
        f29490h.put("TDEA", l.a.b.p3.b.f23552h);
        f29490h.put("HMACSHA1", s.k5);
        f29490h.put("HMACSHA224", s.l5);
        f29490h.put("HMACSHA256", s.m5);
        f29490h.put("HMACSHA384", s.n5);
        f29490h.put("HMACSHA512", s.o5);
        f29491i.put(s.B4, "RSA");
        f29491i.put(r.Z7, "EC");
        f29491i.put(l.a.b.p3.b.f23556l, "DH");
        f29491i.put(s.S4, "DH");
        f29491i.put(r.J8, "DSA");
        f29492j = BigInteger.valueOf(0L);
        f29493k = BigInteger.valueOf(1L);
        f29494l = BigInteger.valueOf(2L);
        f29495m = BigInteger.valueOf(3L);
        f29496n = BigInteger.valueOf(4L);
    }

    public BcFKSKeyStoreSpi(BouncyCastleProvider bouncyCastleProvider) {
        this.f29497a = bouncyCastleProvider;
    }

    public static String a(p pVar) {
        String str = f29491i.get(pVar);
        return str != null ? str : pVar.k();
    }

    private SecureRandom a() {
        return new SecureRandom();
    }

    private Certificate a(Object obj) {
        BouncyCastleProvider bouncyCastleProvider = this.f29497a;
        if (bouncyCastleProvider != null) {
            try {
                return CertificateFactory.getInstance("X.509", bouncyCastleProvider).generateCertificate(new ByteArrayInputStream(o.a(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(o.a(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private Date a(e eVar, Date date) {
        try {
            return eVar.h().k();
        } catch (ParseException unused) {
            return date;
        }
    }

    private m a(int i2) {
        byte[] bArr = new byte[64];
        a().nextBytes(bArr);
        return new m(s.b5, new q(bArr, 1024, i2, new l.a.b.z3.b(s.o5, k1.f23398a)));
    }

    private l.a.b.t2.c a(j jVar, Certificate[] certificateArr) throws CertificateEncodingException {
        o[] oVarArr = new o[certificateArr.length];
        for (int i2 = 0; i2 != certificateArr.length; i2++) {
            oVarArr[i2] = o.a(certificateArr[i2].getEncoded());
        }
        return new l.a.b.t2.c(jVar, oVarArr);
    }

    private void a(byte[] bArr, l.a.b.t2.j jVar, char[] cArr) throws NoSuchAlgorithmException, IOException {
        if (!l.a.j.a.e(a(bArr, jVar.h(), jVar.i(), cArr), jVar.g())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed.");
        }
    }

    private byte[] a(String str, l.a.b.z3.b bVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher cipher;
        AlgorithmParameters algorithmParameters;
        if (!bVar.g().equals(s.a5)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        l.a.b.q3.p a2 = l.a.b.q3.p.a(bVar.h());
        k g2 = a2.g();
        if (!g2.g().equals(l.a.b.m3.b.P)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        try {
            h a3 = h.a(g2.h());
            if (this.f29497a == null) {
                cipher = Cipher.getInstance("AES/CCM/NoPadding");
                algorithmParameters = AlgorithmParameters.getInstance("CCM");
            } else {
                cipher = Cipher.getInstance("AES/CCM/NoPadding", this.f29497a);
                algorithmParameters = AlgorithmParameters.getInstance("CCM", this.f29497a);
            }
            algorithmParameters.init(a3.getEncoded());
            m h2 = a2.h();
            if (cArr == null) {
                cArr = new char[0];
            }
            cipher.init(2, new SecretKeySpec(a(h2, str, cArr), "AES"), algorithmParameters);
            return cipher.doFinal(bArr);
        } catch (Exception e2) {
            throw new IOException(e2.toString());
        }
    }

    private byte[] a(m mVar, String str, char[] cArr) throws IOException {
        byte[] a2 = z.a(cArr);
        byte[] a3 = z.a(str.toCharArray());
        g0 g0Var = new g0(new x());
        if (!mVar.g().equals(s.b5)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        q a4 = q.a(mVar.h());
        if (!a4.i().g().equals(s.o5)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF.");
        }
        g0Var.a(l.a.j.a.d(a2, a3), a4.j(), a4.g().intValue());
        return ((w0) g0Var.b(a4.h().intValue() * 8)).a();
    }

    private byte[] a(byte[] bArr, l.a.b.z3.b bVar, m mVar, char[] cArr) throws NoSuchAlgorithmException, IOException {
        String k2 = bVar.g().k();
        BouncyCastleProvider bouncyCastleProvider = this.f29497a;
        Mac mac = bouncyCastleProvider != null ? Mac.getInstance(k2, bouncyCastleProvider) : Mac.getInstance(k2);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            mac.init(new SecretKeySpec(a(mVar, "INTEGRITY_CHECK", cArr), k2));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e2) {
            throw new IOException("Cannot set up MAC calculation: " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return new a(new HashSet(this.f29498b.keySet()).iterator());
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.f29498b.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.f29498b.get(str) == null) {
            return;
        }
        this.f29499c.remove(str);
        this.f29498b.remove(str);
        this.f29503g = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        e eVar = this.f29498b.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.getType().equals(f29493k) || eVar.getType().equals(f29495m)) {
            return a(l.a.b.t2.c.a(eVar.i()).g()[0]);
        }
        if (eVar.getType().equals(f29492j)) {
            return a(eVar.i());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.f29498b.keySet()) {
                e eVar = this.f29498b.get(str);
                if (eVar.getType().equals(f29492j)) {
                    if (l.a.j.a.a(eVar.i(), encoded)) {
                        return str;
                    }
                } else if (eVar.getType().equals(f29493k) || eVar.getType().equals(f29495m)) {
                    try {
                        if (l.a.j.a.a(l.a.b.t2.c.a(eVar.i()).g()[0].a().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                        continue;
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        e eVar = this.f29498b.get(str);
        if (eVar == null) {
            return null;
        }
        if (!eVar.getType().equals(f29493k) && !eVar.getType().equals(f29495m)) {
            return null;
        }
        o[] g2 = l.a.b.t2.c.a(eVar.i()).g();
        X509Certificate[] x509CertificateArr = new X509Certificate[g2.length];
        for (int i2 = 0; i2 != x509CertificateArr.length; i2++) {
            x509CertificateArr[i2] = a(g2[i2]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        e eVar = this.f29498b.get(str);
        if (eVar == null) {
            return null;
        }
        try {
            return eVar.j().k();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        e eVar = this.f29498b.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.getType().equals(f29493k) || eVar.getType().equals(f29495m)) {
            PrivateKey privateKey = this.f29499c.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            j a2 = j.a(l.a.b.t2.c.a(eVar.i()).h());
            try {
                u a3 = u.a(a("PRIVATE_KEY_ENCRYPTION", a2.h(), cArr, a2.g()));
                PrivateKey generatePrivate = (this.f29497a != null ? KeyFactory.getInstance(a3.j().g().k(), this.f29497a) : KeyFactory.getInstance(a(a3.j().g()))).generatePrivate(new PKCS8EncodedKeySpec(a3.getEncoded()));
                this.f29499c.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e2) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e2.getMessage());
            }
        }
        if (!eVar.getType().equals(f29494l) && !eVar.getType().equals(f29496n)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        d a4 = d.a(eVar.i());
        try {
            l.a.b.t2.k a5 = l.a.b.t2.k.a(a("SECRET_KEY_ENCRYPTION", a4.h(), cArr, a4.g()));
            return (this.f29497a != null ? SecretKeyFactory.getInstance(a5.g().k(), this.f29497a) : SecretKeyFactory.getInstance(a5.g().k())).generateSecret(new SecretKeySpec(a5.h(), a5.g().k()));
        } catch (Exception e3) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        e eVar = this.f29498b.get(str);
        if (eVar != null) {
            return eVar.getType().equals(f29492j);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        e eVar = this.f29498b.get(str);
        if (eVar == null) {
            return false;
        }
        BigInteger type = eVar.getType();
        return type.equals(f29493k) || type.equals(f29494l) || type.equals(f29495m) || type.equals(f29496n);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        l.a.b.t2.h a2;
        this.f29498b.clear();
        this.f29499c.clear();
        this.f29502f = null;
        this.f29503g = null;
        this.f29500d = null;
        if (inputStream == null) {
            Date date = new Date();
            this.f29502f = date;
            this.f29503g = date;
            this.f29500d = new l.a.b.z3.b(s.o5, k1.f23398a);
            this.f29501e = a(64);
            return;
        }
        g a3 = g.a(new l(inputStream).x());
        i g2 = a3.g();
        if (g2.getType() != 0) {
            throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
        }
        l.a.b.t2.j a4 = l.a.b.t2.j.a(g2.g());
        this.f29500d = a4.h();
        this.f29501e = a4.i();
        a(a3.h().a().getEncoded(), a4, cArr);
        f h2 = a3.h();
        if (h2 instanceof l.a.b.t2.b) {
            l.a.b.t2.b bVar = (l.a.b.t2.b) h2;
            a2 = l.a.b.t2.h.a(a("STORE_ENCRYPTION", bVar.h(), cArr, bVar.g().k()));
        } else {
            a2 = l.a.b.t2.h.a(h2);
        }
        try {
            this.f29502f = a2.h().k();
            this.f29503g = a2.j().k();
            if (!a2.i().equals(this.f29500d)) {
                throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
            }
            Iterator<f> it = a2.k().iterator();
            while (it.hasNext()) {
                e a5 = e.a(it.next());
                this.f29498b.put(a5.getIdentifier(), a5);
            }
        } catch (ParseException unused) {
            throw new IOException("BCFKS KeyStore unable to parse store data information.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        e eVar = this.f29498b.get(str);
        Date date2 = new Date();
        if (eVar == null) {
            date = date2;
        } else {
            if (!eVar.getType().equals(f29492j)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = a(eVar, date2);
        }
        try {
            this.f29498b.put(str, new e(f29492j, str, date, date2, certificate.getEncoded(), null));
            this.f29503g = date2;
        } catch (CertificateEncodingException e2) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e2.getMessage(), e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        byte[] doFinal;
        Date date = new Date();
        e eVar = this.f29498b.get(str);
        Date a2 = eVar != null ? a(eVar, date) : date;
        this.f29499c.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                m a3 = a(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a4 = a(a3, "PRIVATE_KEY_ENCRYPTION", cArr);
                Cipher cipher = this.f29497a == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.f29497a);
                cipher.init(1, new SecretKeySpec(a4, "AES"));
                this.f29498b.put(str, new e(f29493k, str, a2, date, a(new j(new l.a.b.z3.b(s.a5, new l.a.b.q3.p(a3, new k(l.a.b.m3.b.P, h.a(cipher.getParameters().getEncoded())))), cipher.doFinal(encoded)), certificateArr).getEncoded(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                m a5 = a(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a6 = a(a5, "SECRET_KEY_ENCRYPTION", cArr);
                Cipher cipher2 = this.f29497a == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.f29497a);
                cipher2.init(1, new SecretKeySpec(a6, "AES"));
                String d2 = Strings.d(key.getAlgorithm());
                if (d2.indexOf("AES") > -1) {
                    doFinal = cipher2.doFinal(new l.a.b.t2.k(l.a.b.m3.b.s, encoded2).getEncoded());
                } else {
                    p pVar = f29490h.get(d2);
                    if (pVar == null) {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + d2 + ") for storage.");
                    }
                    doFinal = cipher2.doFinal(new l.a.b.t2.k(pVar, encoded2).getEncoded());
                }
                this.f29498b.put(str, new e(f29494l, str, a2, date, new d(new l.a.b.z3.b(s.a5, new l.a.b.q3.p(a5, new k(l.a.b.m3.b.P, h.a(cipher2.getParameters().getEncoded())))), doFinal).getEncoded(), null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e3.toString(), e3);
            }
        }
        this.f29503g = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        e eVar = this.f29498b.get(str);
        Date a2 = eVar != null ? a(eVar, date) : date;
        if (certificateArr != null) {
            try {
                j a3 = j.a(bArr);
                try {
                    this.f29499c.remove(str);
                    this.f29498b.put(str, new e(f29495m, str, a2, date, a(a3, certificateArr).getEncoded(), null));
                } catch (Exception e2) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e2.toString(), e2);
                }
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e3);
            }
        } else {
            try {
                this.f29498b.put(str, new e(f29496n, str, a2, date, bArr, null));
            } catch (Exception e4) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e4.toString(), e4);
            }
        }
        this.f29503g = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.f29498b.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        e[] eVarArr = (e[]) this.f29498b.values().toArray(new e[this.f29498b.size()]);
        m a2 = a(32);
        byte[] a3 = a(a2, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0]);
        l.a.b.t2.h hVar = new l.a.b.t2.h(this.f29500d, this.f29502f, this.f29503g, new l.a.b.t2.f(eVarArr), null);
        try {
            Cipher cipher = this.f29497a == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.f29497a);
            cipher.init(1, new SecretKeySpec(a3, "AES"));
            l.a.b.t2.b bVar = new l.a.b.t2.b(new l.a.b.z3.b(s.a5, new l.a.b.q3.p(a2, new k(l.a.b.m3.b.P, h.a(cipher.getParameters().getEncoded())))), cipher.doFinal(hVar.getEncoded()));
            q a4 = q.a(this.f29501e.h());
            byte[] bArr = new byte[a4.j().length];
            a().nextBytes(bArr);
            this.f29501e = new m(this.f29501e.g(), new q(bArr, a4.g().intValue(), a4.h().intValue(), a4.i()));
            outputStream.write(new g(bVar, new i(new l.a.b.t2.j(this.f29500d, this.f29501e, a(bVar.getEncoded(), this.f29500d, this.f29501e, cArr)))).getEncoded());
            outputStream.flush();
        } catch (InvalidKeyException e2) {
            throw new IOException(e2.toString());
        } catch (BadPaddingException e3) {
            throw new IOException(e3.toString());
        } catch (IllegalBlockSizeException e4) {
            throw new IOException(e4.toString());
        } catch (NoSuchPaddingException e5) {
            throw new NoSuchAlgorithmException(e5.toString());
        }
    }
}
