package com.yubico.yubikit.piv.jca;

import com.microsoft.identity.internal.Flight;
import com.yubico.yubikit.core.application.BadResponseException;
import com.yubico.yubikit.core.smartcard.ApduException;
import com.yubico.yubikit.piv.KeyType;
import com.yubico.yubikit.piv.PinPolicy;
import com.yubico.yubikit.piv.Slot;
import com.yubico.yubikit.piv.TouchPolicy;
import com.yubico.yubikit.piv.a;
import ex.c;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.Callable;
import org.slf4j.event.Level;

/* loaded from: classes6.dex */
public final class r extends KeyStoreSpi {
    public static final /* synthetic */ int b = 0;

    /* renamed from: a, reason: collision with root package name */
    public final hx.a<hx.a<hx.d<com.yubico.yubikit.piv.a, Exception>>> f21869a;

    public r(hx.a<hx.a<hx.d<com.yubico.yubikit.piv.a, Exception>>> aVar) {
        this.f21869a = aVar;
    }

    public final void a(final Slot slot, final PrivateKey privateKey, final PinPolicy pinPolicy, final TouchPolicy touchPolicy, final X509Certificate x509Certificate) throws Exception {
        final ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(1);
        this.f21869a.invoke(new hx.a() { // from class: com.yubico.yubikit.piv.jca.j
            @Override // hx.a
            public final void invoke(Object obj) {
                final PrivateKey privateKey2 = privateKey;
                final Slot slot2 = slot;
                final PinPolicy pinPolicy2 = pinPolicy;
                final TouchPolicy touchPolicy2 = touchPolicy;
                final X509Certificate x509Certificate2 = x509Certificate;
                final hx.d dVar = (hx.d) obj;
                arrayBlockingQueue.add(hx.d.c(new Callable() { // from class: com.yubico.yubikit.piv.jca.o
                    /* JADX WARN: Multi-variable type inference failed */
                    /* JADX WARN: Type inference failed for: r2v29, types: [java.util.List] */
                    @Override // java.util.concurrent.Callable
                    public final Object call() {
                        ArrayList arrayList;
                        com.yubico.yubikit.piv.a aVar = (com.yubico.yubikit.piv.a) hx.d.this.b();
                        PrivateKey privateKey3 = privateKey2;
                        Slot slot3 = slot2;
                        if (privateKey3 != null) {
                            aVar.getClass();
                            KeyType fromKey = KeyType.fromKey(privateKey3);
                            PinPolicy pinPolicy3 = pinPolicy2;
                            TouchPolicy touchPolicy3 = touchPolicy2;
                            aVar.e(fromKey, pinPolicy3, touchPolicy3, false);
                            KeyType.b bVar = fromKey.params;
                            LinkedHashMap linkedHashMap = new LinkedHashMap();
                            int i11 = a.b.f21823a[bVar.f21812a.ordinal()];
                            int i12 = bVar.b;
                            if (i11 == 1) {
                                if (privateKey3 instanceof RSAPrivateCrtKey) {
                                    RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey3;
                                    arrayList = Arrays.asList(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient());
                                } else {
                                    if (!"PKCS#8".equals(privateKey3.getFormat())) {
                                        throw new UnsupportedEncodingException("Unsupported private key encoding");
                                    }
                                    try {
                                        ByteBuffer wrap = ByteBuffer.wrap((byte[]) hx.f.a((byte[]) hx.f.a(hx.f.c(48, privateKey3.getEncoded())).get(4)).get(48));
                                        ArrayList arrayList2 = new ArrayList();
                                        while (wrap.hasRemaining()) {
                                            arrayList2.add(hx.e.a(wrap));
                                        }
                                        ArrayList arrayList3 = new ArrayList();
                                        Iterator it = arrayList2.iterator();
                                        while (it.hasNext()) {
                                            hx.e eVar = (hx.e) it.next();
                                            int i13 = eVar.b;
                                            int i14 = eVar.f24096d;
                                            arrayList3.add(new BigInteger(Arrays.copyOfRange(eVar.f24095c, i14, i13 + i14)));
                                        }
                                        int intValue = ((BigInteger) arrayList3.remove(0)).intValue();
                                        arrayList = arrayList3;
                                        if (intValue != 0) {
                                            throw new UnsupportedEncodingException("Expected value 0");
                                        }
                                    } catch (BadResponseException e11) {
                                        throw new UnsupportedEncodingException(e11.getMessage());
                                    }
                                }
                                if (((BigInteger) arrayList.get(1)).intValue() != 65537) {
                                    throw new UnsupportedEncodingException("Unsupported RSA public exponent");
                                }
                                int i15 = (i12 / 8) / 2;
                                linkedHashMap.put(1, com.yubico.yubikit.piv.a.d(i15, (BigInteger) arrayList.get(3)));
                                linkedHashMap.put(2, com.yubico.yubikit.piv.a.d(i15, (BigInteger) arrayList.get(4)));
                                linkedHashMap.put(3, com.yubico.yubikit.piv.a.d(i15, (BigInteger) arrayList.get(5)));
                                linkedHashMap.put(4, com.yubico.yubikit.piv.a.d(i15, (BigInteger) arrayList.get(6)));
                                linkedHashMap.put(5, com.yubico.yubikit.piv.a.d(i15, (BigInteger) arrayList.get(7)));
                            } else if (i11 == 2) {
                                linkedHashMap.put(6, com.yubico.yubikit.piv.a.d(i12 / 8, ((ECPrivateKey) privateKey3).getS()));
                            }
                            if (pinPolicy3 != PinPolicy.DEFAULT) {
                                linkedHashMap.put(170, new byte[]{(byte) pinPolicy3.value});
                            }
                            if (touchPolicy3 != TouchPolicy.DEFAULT) {
                                linkedHashMap.put(171, new byte[]{(byte) touchPolicy3.value});
                            }
                            a10.c cVar = com.yubico.yubikit.piv.a.f21820q;
                            fx.a.c(cVar, "Importing key with pin_policy={}, touch_policy={}", pinPolicy3, touchPolicy3);
                            aVar.f21821a.d(new com.yubico.yubikit.core.smartcard.a(-2, fromKey.value, slot3.value, hx.f.b(linkedHashMap)));
                            fx.a.e(Level.INFO, cVar, "Private key imported in slot {} of type {}", slot3, fromKey);
                        }
                        X509Certificate x509Certificate3 = x509Certificate2;
                        if (x509Certificate3 != null) {
                            aVar.getClass();
                            byte[] bArr = {0};
                            fx.a.c(com.yubico.yubikit.piv.a.f21820q, "Storing {}certificate in slot {}", "", slot3);
                            try {
                                byte[] encoded = x509Certificate3.getEncoded();
                                LinkedHashMap linkedHashMap2 = new LinkedHashMap();
                                linkedHashMap2.put(112, encoded);
                                linkedHashMap2.put(113, bArr);
                                linkedHashMap2.put(254, null);
                                aVar.p(slot3.objectId, hx.f.b(linkedHashMap2));
                            } catch (CertificateEncodingException e12) {
                                throw new IllegalArgumentException("Failed to get encoded version of certificate", e12);
                            }
                        }
                        return Boolean.TRUE;
                    }
                }));
            }
        });
        ((hx.d) arrayBlockingQueue.take()).b();
    }

    @Override // java.security.KeyStoreSpi
    public final Enumeration<String> engineAliases() {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineContainsAlias(String str) {
        try {
            Slot.fromStringAlias(str);
            return true;
        } catch (IllegalArgumentException unused) {
            return false;
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineDeleteEntry(String str) throws KeyStoreException {
        final Slot fromStringAlias = Slot.fromStringAlias(str);
        final ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(1);
        this.f21869a.invoke(new hx.a() { // from class: com.yubico.yubikit.piv.jca.k
            @Override // hx.a
            public final void invoke(Object obj) {
                final hx.d dVar = (hx.d) obj;
                final Slot slot = fromStringAlias;
                arrayBlockingQueue.add(hx.d.c(new Callable() { // from class: com.yubico.yubikit.piv.jca.q
                    @Override // java.util.concurrent.Callable
                    public final Object call() {
                        com.yubico.yubikit.piv.a aVar = (com.yubico.yubikit.piv.a) hx.d.this.b();
                        aVar.getClass();
                        a10.c cVar = com.yubico.yubikit.piv.a.f21820q;
                        Slot slot2 = slot;
                        fx.a.b(cVar, "Deleting certificate in slot {}", slot2);
                        aVar.p(slot2.objectId, null);
                        return Boolean.TRUE;
                    }
                }));
            }
        });
        try {
            ((hx.d) arrayBlockingQueue.take()).b();
        } catch (Exception e11) {
            throw new KeyStoreException(e11);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final Certificate engineGetCertificate(String str) {
        final Slot fromStringAlias = Slot.fromStringAlias(str);
        final ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(1);
        this.f21869a.invoke(new hx.a() { // from class: com.yubico.yubikit.piv.jca.l
            @Override // hx.a
            public final void invoke(Object obj) {
                arrayBlockingQueue.add(hx.d.c(new com.googlecode.jsonrpc4j.a(1, (hx.d) obj, fromStringAlias)));
            }
        });
        try {
            return (Certificate) ((hx.d) arrayBlockingQueue.take()).b();
        } catch (BadResponseException unused) {
            return null;
        } catch (ApduException e11) {
            if (e11.getSw() == 27266) {
                return null;
            }
            throw new RuntimeException(e11);
        } catch (Exception e12) {
            throw new RuntimeException(e12);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final String engineGetCertificateAlias(Certificate certificate) {
        for (Slot slot : Slot.values()) {
            String stringAlias = slot.getStringAlias();
            if (certificate.equals(engineGetCertificate(stringAlias))) {
                return stringAlias;
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public final Certificate[] engineGetCertificateChain(String str) {
        return new Certificate[]{engineGetCertificate(str)};
    }

    @Override // java.security.KeyStoreSpi
    public final Date engineGetCreationDate(String str) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public final KeyStore.Entry engineGetEntry(String str, final KeyStore.ProtectionParameter protectionParameter) throws UnrecoverableEntryException {
        final Slot fromStringAlias = Slot.fromStringAlias(str);
        try {
            final ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(1);
            this.f21869a.invoke(new hx.a() { // from class: com.yubico.yubikit.piv.jca.i
                @Override // hx.a
                public final void invoke(Object obj) {
                    final hx.d dVar = (hx.d) obj;
                    final Slot slot = fromStringAlias;
                    final KeyStore.ProtectionParameter protectionParameter2 = protectionParameter;
                    arrayBlockingQueue.add(hx.d.c(new Callable() { // from class: com.yubico.yubikit.piv.jca.p
                        @Override // java.util.concurrent.Callable
                        public final Object call() {
                            PivPrivateKey from;
                            com.yubico.yubikit.piv.a aVar = (com.yubico.yubikit.piv.a) hx.d.this.b();
                            Slot slot2 = slot;
                            X509Certificate f10 = aVar.f(slot2);
                            KeyStore.ProtectionParameter protectionParameter3 = protectionParameter2;
                            char[] password = protectionParameter3 instanceof KeyStore.PasswordProtection ? ((KeyStore.PasswordProtection) protectionParameter3).getPassword() : null;
                            if (com.yubico.yubikit.piv.a.f21816g.b(aVar.b)) {
                                ix.b h11 = aVar.h(slot2);
                                KeyType keyType = h11.f24774a;
                                LinkedHashMap a11 = hx.f.a(h11.f24776d);
                                try {
                                    KeyType.Algorithm algorithm = keyType.params.f21812a;
                                    KeyType.Algorithm algorithm2 = KeyType.Algorithm.RSA;
                                    from = PivPrivateKey.from(algorithm == algorithm2 ? KeyFactory.getInstance(algorithm2.name()).generatePublic(new RSAPublicKeySpec(new BigInteger(1, (byte[]) a11.get(129)), new BigInteger(1, (byte[]) a11.get(Integer.valueOf(Flight.ENABLE_IN_MEMORY_CACHE))))) : com.yubico.yubikit.piv.a.n(keyType, (byte[]) a11.get(Integer.valueOf(Flight.USE_VSM_FOR_POP_FLOW))), slot2, h11.b, h11.f24775c, password);
                                } catch (NoSuchAlgorithmException | InvalidKeySpecException e11) {
                                    throw new RuntimeException(e11);
                                }
                            } else {
                                from = PivPrivateKey.from(f10.getPublicKey(), slot2, null, null, password);
                            }
                            return new KeyStore.PrivateKeyEntry(from, new Certificate[]{f10});
                        }
                    }));
                }
            });
            return (KeyStore.Entry) ((hx.d) arrayBlockingQueue.take()).b();
        } catch (BadResponseException unused) {
            throw new UnrecoverableEntryException("Make sure the matching certificate is stored");
        } catch (ApduException e11) {
            if (e11.getSw() == 27266) {
                return null;
            }
            throw new RuntimeException(e11);
        } catch (Exception e12) {
            throw new RuntimeException(e12);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final Key engineGetKey(String str, final char[] cArr) throws UnrecoverableKeyException {
        final Slot fromStringAlias = Slot.fromStringAlias(str);
        try {
            final ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(1);
            this.f21869a.invoke(new hx.a() { // from class: com.yubico.yubikit.piv.jca.m
                @Override // hx.a
                public final void invoke(Object obj) {
                    final hx.d dVar = (hx.d) obj;
                    final Slot slot = fromStringAlias;
                    final char[] cArr2 = cArr;
                    arrayBlockingQueue.add(hx.d.c(new Callable() { // from class: com.yubico.yubikit.piv.jca.n
                        @Override // java.util.concurrent.Callable
                        public final Object call() {
                            PublicKey n11;
                            com.yubico.yubikit.piv.a aVar = (com.yubico.yubikit.piv.a) hx.d.this.b();
                            c.a aVar2 = com.yubico.yubikit.piv.a.f21816g;
                            aVar.getClass();
                            boolean b11 = aVar2.b(aVar.b);
                            Slot slot2 = slot;
                            char[] cArr3 = cArr2;
                            if (!b11) {
                                return PivPrivateKey.from(aVar.f(slot2).getPublicKey(), slot2, null, null, cArr3);
                            }
                            ix.b h11 = aVar.h(slot2);
                            KeyType keyType = h11.f24774a;
                            LinkedHashMap a11 = hx.f.a(h11.f24776d);
                            try {
                                KeyType.Algorithm algorithm = keyType.params.f21812a;
                                KeyType.Algorithm algorithm2 = KeyType.Algorithm.RSA;
                                if (algorithm == algorithm2) {
                                    n11 = KeyFactory.getInstance(algorithm2.name()).generatePublic(new RSAPublicKeySpec(new BigInteger(1, (byte[]) a11.get(129)), new BigInteger(1, (byte[]) a11.get(Integer.valueOf(Flight.ENABLE_IN_MEMORY_CACHE)))));
                                } else {
                                    n11 = com.yubico.yubikit.piv.a.n(keyType, (byte[]) a11.get(Integer.valueOf(Flight.USE_VSM_FOR_POP_FLOW)));
                                }
                                return PivPrivateKey.from(n11, slot2, h11.b, h11.f24775c, cArr3);
                            } catch (NoSuchAlgorithmException | InvalidKeySpecException e11) {
                                throw new RuntimeException(e11);
                            }
                        }
                    }));
                }
            });
            return (Key) ((hx.d) arrayBlockingQueue.take()).b();
        } catch (BadResponseException unused) {
            throw new UnrecoverableKeyException("No way to infer KeyType, make sure the matching certificate is stored");
        } catch (ApduException e11) {
            if (e11.getSw() == 27266) {
                return null;
            }
            throw new RuntimeException(e11);
        } catch (Exception e12) {
            throw new RuntimeException(e12);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineIsCertificateEntry(String str) {
        return engineGetCertificate(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineIsKeyEntry(String str) {
        return engineContainsAlias(str);
    }

    @Override // java.security.KeyStoreSpi
    public final void engineLoad(InputStream inputStream, char[] cArr) {
        throw new InvalidParameterException("KeyStore must be loaded with a null LoadStoreParameter");
    }

    @Override // java.security.KeyStoreSpi
    public final void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
        if (loadStoreParameter != null) {
            throw new InvalidParameterException("KeyStore must be loaded with null");
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Slot fromStringAlias = Slot.fromStringAlias(str);
        if (!(certificate instanceof X509Certificate)) {
            throw new KeyStoreException("Certificate must be X509Certificate");
        }
        try {
            a(fromStringAlias, null, PinPolicy.DEFAULT, TouchPolicy.DEFAULT, (X509Certificate) certificate);
        } catch (Exception e11) {
            throw new KeyStoreException(e11);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        Object certificate;
        PrivateKey privateKey;
        TouchPolicy touchPolicy;
        PinPolicy pinPolicy;
        Slot fromStringAlias = Slot.fromStringAlias(str);
        if (entry instanceof KeyStore.TrustedCertificateEntry) {
            if (protectionParameter != null) {
                throw new KeyStoreException("Certificate cannot use protParam");
            }
            certificate = ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate();
            privateKey = null;
        } else {
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new KeyStoreException("Unsupported KeyStore entry.");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            certificate = privateKeyEntry.getCertificate();
            privateKey = privateKeyEntry.getPrivateKey();
        }
        if (certificate != null && !(certificate instanceof X509Certificate)) {
            throw new KeyStoreException("Certificate must be X509Certificate");
        }
        PinPolicy pinPolicy2 = PinPolicy.DEFAULT;
        TouchPolicy touchPolicy2 = TouchPolicy.DEFAULT;
        if (privateKey == null || protectionParameter == null) {
            touchPolicy = touchPolicy2;
            pinPolicy = pinPolicy2;
        } else {
            if (!(protectionParameter instanceof h)) {
                throw new KeyStoreException("protParam must be an instance of PivKeyStoreKeyParameters");
            }
            pinPolicy = null;
            touchPolicy = null;
        }
        try {
            a(fromStringAlias, privateKey, pinPolicy, touchPolicy, (X509Certificate) certificate);
        } catch (Exception e11) {
            throw new KeyStoreException(e11);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        Slot fromStringAlias = Slot.fromStringAlias(str);
        if (cArr != null) {
            throw new KeyStoreException("Password can not be set");
        }
        if (certificateArr.length != 1) {
            throw new KeyStoreException("Certificate chain must be a single certificate, or empty");
        }
        Certificate certificate = certificateArr[0];
        if (!(certificate instanceof X509Certificate)) {
            throw new KeyStoreException("Certificate must be X509Certificate");
        }
        try {
            a(fromStringAlias, (PrivateKey) key, PinPolicy.DEFAULT, TouchPolicy.DEFAULT, (X509Certificate) certificate);
        } catch (Exception e11) {
            throw new KeyStoreException(e11);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("Use setKeyEntry with a PrivateKey instance instead of byte[]");
    }

    @Override // java.security.KeyStoreSpi
    public final int engineSize() {
        return Slot.values().length;
    }

    @Override // java.security.KeyStoreSpi
    public final void engineStore(OutputStream outputStream, char[] cArr) {
        throw new UnsupportedOperationException();
    }
}
