package org.bouncycastle.jcajce.provider.keystore.bcfks;

import com.baidu.android.common.security.RSAUtil;
import com.baidu.sapi2.utils.f;
import es.fp0;
import es.gp0;
import es.hp0;
import es.hu0;
import es.jr0;
import es.kn0;
import es.kp0;
import es.ku0;
import es.ln0;
import es.lp0;
import es.mn0;
import es.mo0;
import es.nn0;
import es.np0;
import es.on0;
import es.pn0;
import es.po0;
import es.pp0;
import es.qn0;
import es.rn0;
import es.sn0;
import es.so0;
import es.tn0;
import es.un0;
import es.vo0;
import es.wn0;
import es.wo0;
import es.wy0;
import es.xo0;
import es.xs0;
import es.ys0;
import es.zo0;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.bouncycastle.asn1.k;
import org.bouncycastle.asn1.o;
import org.bouncycastle.asn1.x509.a;
import org.bouncycastle.asn1.x509.l;
import org.bouncycastle.asn1.x509.w0;
import org.bouncycastle.crypto.j;
import org.bouncycastle.crypto.util.d;
import org.bouncycastle.crypto.util.e;
import org.bouncycastle.crypto.util.i;
import org.bouncycastle.crypto.w;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import org.bouncycastle.jcajce.util.b;
import org.bouncycastle.jcajce.util.c;
import org.bouncycastle.util.Strings;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map<String, o> oidMap = new HashMap();
    private static final Map<o, String> publicAlgMap = new HashMap();
    private Date creationDate;
    private final c helper;
    private a hmacAlgorithm;
    private hp0 hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private a signatureAlgorithm;
    private BCFKSLoadStoreParameter.a validator;
    private PublicKey verificationKey;
    private final Map<String, nn0> entries = new HashMap();
    private final Map<String, PrivateKey> privateKeyCache = new HashMap();
    private o storeEncryptionAlgorithm = vo0.P;

    /* loaded from: classes3.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new b());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new b());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes3.dex */
    private static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements np0, w0 {
        private final Map<String, byte[]> cache;
        private final byte[] seedKey;

        public SharedKeyStoreSpi(c cVar) {
            super(cVar);
            try {
                this.seedKey = new byte[32];
                cVar.a("DEFAULT").nextBytes(this.seedKey);
                this.cache = new HashMap();
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException("can't create random - " + e.toString());
            }
        }

        private byte[] calculateMac(String str, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException {
            return ku0.b(cArr != null ? org.bouncycastle.util.a.c(Strings.b(cArr), Strings.c(str)) : org.bouncycastle.util.a.c(this.seedKey, Strings.c(str)), this.seedKey, 16384, 8, 1, 32);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) throws KeyStoreException {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            try {
                byte[] calculateMac = calculateMac(str, cArr);
                if (!this.cache.containsKey(str) || org.bouncycastle.util.a.d(this.cache.get(str), calculateMac)) {
                    Key engineGetKey = super.engineGetKey(str, cArr);
                    if (engineGetKey != null && !this.cache.containsKey(str)) {
                        this.cache.put(str, calculateMac);
                    }
                    return engineGetKey;
                }
                throw new UnrecoverableKeyException("unable to recover key (" + str + ")");
            } catch (InvalidKeyException e) {
                throw new UnrecoverableKeyException("unable to recover key (" + str + "): " + e.getMessage());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes3.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new org.bouncycastle.jcajce.util.a());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new org.bouncycastle.jcajce.util.a());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    static {
        oidMap.put("DESEDE", zo0.e);
        oidMap.put("TRIPLEDES", zo0.e);
        oidMap.put("TDEA", zo0.e);
        oidMap.put("HMACSHA1", np0.j0);
        oidMap.put("HMACSHA224", np0.k0);
        oidMap.put("HMACSHA256", np0.l0);
        oidMap.put("HMACSHA384", np0.m0);
        oidMap.put("HMACSHA512", np0.n0);
        oidMap.put("SEED", mo0.f6249a);
        oidMap.put("CAMELLIA.128", xo0.f7173a);
        oidMap.put("CAMELLIA.192", xo0.b);
        oidMap.put("CAMELLIA.256", xo0.c);
        oidMap.put("ARIA.128", wo0.e);
        oidMap.put("ARIA.192", wo0.i);
        oidMap.put("ARIA.256", wo0.m);
        publicAlgMap.put(np0.B, RSAUtil.ALGORITHM_RSA);
        publicAlgMap.put(jr0.q1, "EC");
        publicAlgMap.put(zo0.i, "DH");
        publicAlgMap.put(np0.R, "DH");
        publicAlgMap.put(jr0.W1, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(c cVar) {
        this.helper = cVar;
    }

    private byte[] calculateMac(byte[] bArr, a aVar, hp0 hp0Var, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String j = aVar.f().j();
        Mac c = this.helper.c(j);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            c.init(new SecretKeySpec(generateKey(hp0Var, "INTEGRITY_CHECK", cArr, -1), j));
            return c.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IOException("Cannot set up MAC calculation: " + e.getMessage());
        }
    }

    private Cipher createCipher(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher b = this.helper.b(str);
        b.init(1, new SecretKeySpec(bArr, f.q));
        return b;
    }

    private ln0 createPrivateKeySequence(fp0 fp0Var, Certificate[] certificateArr) throws CertificateEncodingException {
        l[] lVarArr = new l[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            lVarArr[i] = l.a(certificateArr[i].getEncoded());
        }
        return new ln0(fp0Var, lVarArr);
    }

    private Certificate decodeCertificate(Object obj) {
        c cVar = this.helper;
        if (cVar != null) {
            try {
                return cVar.d("X.509").generateCertificate(new ByteArrayInputStream(l.a(obj).e()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(l.a(obj).e()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] decryptData(String str, a aVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher b;
        AlgorithmParameters algorithmParameters;
        if (!aVar.f().b(np0.Z)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        kp0 a2 = kp0.a(aVar.g());
        gp0 f = a2.f();
        try {
            if (f.f().b(vo0.P)) {
                b = this.helper.b("AES/CCM/NoPadding");
                algorithmParameters = this.helper.e("CCM");
                algorithmParameters.init(wn0.a(f.g()).e());
            } else {
                if (!f.f().b(vo0.Q)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                b = this.helper.b("AESKWP");
                algorithmParameters = null;
            }
            hp0 g = a2.g();
            if (cArr == null) {
                cArr = new char[0];
            }
            b.init(2, new SecretKeySpec(generateKey(g, str, cArr, 32), f.q), algorithmParameters);
            return b.doFinal(bArr);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new IOException(e2.toString());
        }
    }

    private Date extractCreationDate(nn0 nn0Var, Date date) {
        try {
            return nn0Var.f().j();
        } catch (ParseException unused) {
            return date;
        }
    }

    private char[] extractPassword(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException {
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            return null;
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
            throw new IllegalArgumentException("no support for protection parameter of type " + protectionParameter.getClass().getName());
        }
        CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (UnsupportedCallbackException e) {
            throw new IllegalArgumentException("PasswordCallback not recognised: " + e.getMessage(), e);
        }
    }

    private byte[] generateKey(hp0 hp0Var, String str, char[] cArr, int i) throws IOException {
        byte[] PKCS12PasswordToBytes = w.PKCS12PasswordToBytes(cArr);
        byte[] PKCS12PasswordToBytes2 = w.PKCS12PasswordToBytes(str.toCharArray());
        if (po0.y.b(hp0Var.f())) {
            so0 a2 = so0.a(hp0Var.g());
            if (a2.h() != null) {
                i = a2.h().intValue();
            } else if (i == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return ku0.b(org.bouncycastle.util.a.c(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), a2.j(), a2.g().intValue(), a2.f().intValue(), a2.f().intValue(), i);
        }
        if (!hp0Var.f().b(np0.a0)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        lp0 a3 = lp0.a(hp0Var.g());
        if (a3.g() != null) {
            i = a3.g().intValue();
        } else if (i == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (a3.h().f().b(np0.n0)) {
            hu0 hu0Var = new hu0(new ys0());
            hu0Var.init(org.bouncycastle.util.a.c(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), a3.i(), a3.f().intValue());
            return ((wy0) hu0Var.generateDerivedParameters(i * 8)).a();
        }
        if (a3.h().f().b(vo0.r)) {
            hu0 hu0Var2 = new hu0(new xs0(512));
            hu0Var2.init(org.bouncycastle.util.a.c(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), a3.i(), a3.f().intValue());
            return ((wy0) hu0Var2.generateDerivedParameters(i * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + a3.h().f());
    }

    private hp0 generatePkbdAlgorithmIdentifier(hp0 hp0Var, int i) {
        boolean b = po0.y.b(hp0Var.f());
        org.bouncycastle.asn1.f g = hp0Var.g();
        if (b) {
            so0 a2 = so0.a(g);
            byte[] bArr = new byte[a2.j().length];
            getDefaultSecureRandom().nextBytes(bArr);
            return new hp0(po0.y, new so0(bArr, a2.g(), a2.f(), a2.i(), BigInteger.valueOf(i)));
        }
        lp0 a3 = lp0.a(g);
        byte[] bArr2 = new byte[a3.i().length];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new hp0(np0.a0, new lp0(bArr2, a3.f().intValue(), i, a3.h()));
    }

    private hp0 generatePkbdAlgorithmIdentifier(o oVar, int i) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        if (np0.a0.b(oVar)) {
            return new hp0(np0.a0, new lp0(bArr, 51200, i, new a(np0.n0, org.bouncycastle.asn1.w0.f7579a)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + oVar);
    }

    private hp0 generatePkbdAlgorithmIdentifier(e eVar, int i) {
        if (!po0.y.b(eVar.a())) {
            d dVar = (d) eVar;
            byte[] bArr = new byte[dVar.d()];
            getDefaultSecureRandom().nextBytes(bArr);
            return new hp0(np0.a0, new lp0(bArr, dVar.b(), i, dVar.c()));
        }
        i iVar = (i) eVar;
        byte[] bArr2 = new byte[iVar.e()];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new hp0(po0.y, new so0(bArr2, iVar.c(), iVar.b(), iVar.d(), i));
    }

    private a generateSignatureAlgId(Key key, BCFKSLoadStoreParameter.SignatureAlgorithm signatureAlgorithm) throws IOException {
        if (key == null) {
            return null;
        }
        if (key instanceof org.bouncycastle.jce.interfaces.a) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA) {
                return new a(jr0.v1);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withECDSA) {
                return new a(vo0.d0);
            }
        }
        if (key instanceof DSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA) {
                return new a(vo0.V);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withDSA) {
                return new a(vo0.Z);
            }
        }
        if (key instanceof RSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA) {
                return new a(np0.M, org.bouncycastle.asn1.w0.f7579a);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withRSA) {
                return new a(vo0.h0, org.bouncycastle.asn1.w0.f7579a);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private SecureRandom getDefaultSecureRandom() {
        return j.a();
    }

    private kn0 getEncryptedObjectStoreData(a aVar, char[] cArr) throws IOException, NoSuchAlgorithmException {
        nn0[] nn0VarArr = (nn0[]) this.entries.values().toArray(new nn0[this.entries.size()]);
        hp0 generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(this.hmacPkbdAlgorithm, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr, 32);
        qn0 qn0Var = new qn0(aVar, this.creationDate, this.lastModifiedDate, new on0(nn0VarArr), null);
        try {
            if (!this.storeEncryptionAlgorithm.b(vo0.P)) {
                return new kn0(new a(np0.Z, new kp0(generatePkbdAlgorithmIdentifier, new gp0(vo0.Q))), createCipher("AESKWP", generateKey).doFinal(qn0Var.e()));
            }
            Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
            return new kn0(new a(np0.Z, new kp0(generatePkbdAlgorithmIdentifier, new gp0(vo0.P, wn0.a(createCipher.getParameters().getEncoded())))), createCipher.doFinal(qn0Var.e()));
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (NoSuchProviderException e2) {
            throw new IOException(e2.toString());
        } catch (BadPaddingException e3) {
            throw new IOException(e3.toString());
        } catch (IllegalBlockSizeException e4) {
            throw new IOException(e4.toString());
        } catch (NoSuchPaddingException e5) {
            throw new NoSuchAlgorithmException(e5.toString());
        }
    }

    private static String getPublicKeyAlg(o oVar) {
        String str = publicAlgMap.get(oVar);
        return str != null ? str : oVar.j();
    }

    private boolean isSimilarHmacPbkd(e eVar, hp0 hp0Var) {
        if (!eVar.a().b(hp0Var.f())) {
            return false;
        }
        if (po0.y.b(hp0Var.f())) {
            if (!(eVar instanceof i)) {
                return false;
            }
            i iVar = (i) eVar;
            so0 a2 = so0.a(hp0Var.g());
            return iVar.e() == a2.j().length && iVar.b() == a2.f().intValue() && iVar.c() == a2.g().intValue() && iVar.d() == a2.i().intValue();
        }
        if (!(eVar instanceof d)) {
            return false;
        }
        d dVar = (d) eVar;
        lp0 a3 = lp0.a(hp0Var.g());
        return dVar.d() == a3.i().length && dVar.b() == a3.f().intValue();
    }

    private void verifyMac(byte[] bArr, sn0 sn0Var, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (!org.bouncycastle.util.a.d(calculateMac(bArr, sn0Var.g(), sn0Var.h(), cArr), sn0Var.f())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private void verifySig(org.bouncycastle.asn1.f fVar, un0 un0Var, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature g = this.helper.g(un0Var.h().f().j());
        g.initVerify(publicKey);
        g.update(fVar.b().a("DER"));
        if (!g.verify(un0Var.g().k())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.entries.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.entries.get(str) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        nn0 nn0Var = this.entries.get(str);
        if (nn0Var == null) {
            return null;
        }
        if (nn0Var.j().equals(PRIVATE_KEY) || nn0Var.j().equals(PROTECTED_PRIVATE_KEY)) {
            return decodeCertificate(ln0.a(nn0Var.g()).f()[0]);
        }
        if (nn0Var.j().equals(CERTIFICATE)) {
            return decodeCertificate(nn0Var.g());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                nn0 nn0Var = this.entries.get(str);
                if (nn0Var.j().equals(CERTIFICATE)) {
                    if (org.bouncycastle.util.a.a(nn0Var.g(), encoded)) {
                        return str;
                    }
                } else if (nn0Var.j().equals(PRIVATE_KEY) || nn0Var.j().equals(PROTECTED_PRIVATE_KEY)) {
                    try {
                        if (org.bouncycastle.util.a.a(ln0.a(nn0Var.g()).f()[0].b().e(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        nn0 nn0Var = this.entries.get(str);
        if (nn0Var == null) {
            return null;
        }
        if (!nn0Var.j().equals(PRIVATE_KEY) && !nn0Var.j().equals(PROTECTED_PRIVATE_KEY)) {
            return null;
        }
        l[] f = ln0.a(nn0Var.g()).f();
        int length = f.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i != length; i++) {
            x509CertificateArr[i] = decodeCertificate(f[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        nn0 nn0Var = this.entries.get(str);
        if (nn0Var == null) {
            return null;
        }
        try {
            return nn0Var.i().j();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        nn0 nn0Var = this.entries.get(str);
        if (nn0Var == null) {
            return null;
        }
        if (nn0Var.j().equals(PRIVATE_KEY) || nn0Var.j().equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey privateKey = this.privateKeyCache.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            fp0 a2 = fp0.a(ln0.a(nn0Var.g()).g());
            try {
                pp0 a3 = pp0.a(decryptData("PRIVATE_KEY_ENCRYPTION", a2.g(), cArr, a2.f()));
                PrivateKey generatePrivate = this.helper.h(getPublicKeyAlg(a3.f().f())).generatePrivate(new PKCS8EncodedKeySpec(a3.e()));
                this.privateKeyCache.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e.getMessage());
            }
        }
        if (!nn0Var.j().equals(SECRET_KEY) && !nn0Var.j().equals(PROTECTED_SECRET_KEY)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        mn0 a4 = mn0.a(nn0Var.g());
        try {
            tn0 a5 = tn0.a(decryptData("SECRET_KEY_ENCRYPTION", a4.g(), cArr, a4.f()));
            return this.helper.f(a5.f().j()).generateSecret(new SecretKeySpec(a5.g(), a5.f().j()));
        } catch (Exception e2) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        nn0 nn0Var = this.entries.get(str);
        if (nn0Var != null) {
            return nn0Var.j().equals(CERTIFICATE);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        nn0 nn0Var = this.entries.get(str);
        if (nn0Var == null) {
            return false;
        }
        BigInteger j = nn0Var.j();
        return j.equals(PRIVATE_KEY) || j.equals(SECRET_KEY) || j.equals(PROTECTED_PRIVATE_KEY) || j.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        a h;
        org.bouncycastle.asn1.f g;
        PublicKey publicKey;
        qn0 a2;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.verificationKey = null;
            this.validator = null;
            this.hmacAlgorithm = new a(np0.n0, org.bouncycastle.asn1.w0.f7579a);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(np0.a0, 64);
            return;
        }
        try {
            pn0 a3 = pn0.a(new k(inputStream).readObject());
            rn0 f = a3.f();
            if (f.g() == 0) {
                sn0 a4 = sn0.a(f.f());
                this.hmacAlgorithm = a4.g();
                this.hmacPkbdAlgorithm = a4.h();
                h = this.hmacAlgorithm;
                try {
                    verifyMac(a3.g().b().e(), a4, cArr);
                } catch (NoSuchProviderException e) {
                    throw new IOException(e.getMessage());
                }
            } else {
                if (f.g() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                un0 a5 = un0.a(f.f());
                h = a5.h();
                try {
                    l[] f2 = a5.f();
                    if (this.validator == null) {
                        g = a3.g();
                        publicKey = this.verificationKey;
                    } else {
                        if (f2 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory d = this.helper.d("X.509");
                        int length = f2.length;
                        X509Certificate[] x509CertificateArr = new X509Certificate[length];
                        for (int i = 0; i != length; i++) {
                            x509CertificateArr[i] = (X509Certificate) d.generateCertificate(new ByteArrayInputStream(f2[i].e()));
                        }
                        if (!this.validator.a(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        g = a3.g();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    verifySig(g, a5, publicKey);
                } catch (GeneralSecurityException e2) {
                    throw new IOException("error verifying signature: " + e2.getMessage(), e2);
                }
            }
            org.bouncycastle.asn1.f g2 = a3.g();
            if (g2 instanceof kn0) {
                kn0 kn0Var = (kn0) g2;
                a2 = qn0.a(decryptData("STORE_ENCRYPTION", kn0Var.g(), cArr, kn0Var.f().j()));
            } else {
                a2 = qn0.a(g2);
            }
            try {
                this.creationDate = a2.f().j();
                this.lastModifiedDate = a2.h().j();
                if (!a2.g().equals(h)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<org.bouncycastle.asn1.f> it = a2.i().iterator();
                while (it.hasNext()) {
                    nn0 a6 = nn0.a(it.next());
                    this.entries.put(a6.h(), a6);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e3) {
            throw new IOException(e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof org.bouncycastle.jcajce.b) {
                engineLoad(((org.bouncycastle.jcajce.b) loadStoreParameter).a(), extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        char[] extractPassword = extractPassword(bCFKSLoadStoreParameter);
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bCFKSLoadStoreParameter.g(), 64);
        this.storeEncryptionAlgorithm = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? vo0.P : vo0.Q;
        this.hmacAlgorithm = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(np0.n0, org.bouncycastle.asn1.w0.f7579a) : new a(vo0.r, org.bouncycastle.asn1.w0.f7579a);
        this.verificationKey = (PublicKey) bCFKSLoadStoreParameter.i();
        this.validator = bCFKSLoadStoreParameter.c();
        this.signatureAlgorithm = generateSignatureAlgId(this.verificationKey, bCFKSLoadStoreParameter.h());
        o oVar = this.storeEncryptionAlgorithm;
        InputStream a2 = bCFKSLoadStoreParameter.a();
        engineLoad(a2, extractPassword);
        if (a2 != null) {
            if (!isSimilarHmacPbkd(bCFKSLoadStoreParameter.g(), this.hmacPkbdAlgorithm) || !oVar.b(this.storeEncryptionAlgorithm)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        nn0 nn0Var = this.entries.get(str);
        Date date2 = new Date();
        if (nn0Var == null) {
            date = date2;
        } else {
            if (!nn0Var.j().equals(CERTIFICATE)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = extractCreationDate(nn0Var, date2);
        }
        try {
            this.entries.put(str, new nn0(CERTIFICATE, str, date, date2, certificate.getEncoded(), null));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        tn0 tn0Var;
        mn0 mn0Var;
        fp0 fp0Var;
        Date date = new Date();
        nn0 nn0Var = this.entries.get(str);
        Date extractCreationDate = nn0Var != null ? extractCreationDate(nn0Var, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                hp0 generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(np0.a0, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                if (this.storeEncryptionAlgorithm.b(vo0.P)) {
                    Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
                    fp0Var = new fp0(new a(np0.Z, new kp0(generatePkbdAlgorithmIdentifier, new gp0(vo0.P, wn0.a(createCipher.getParameters().getEncoded())))), createCipher.doFinal(encoded));
                } else {
                    fp0Var = new fp0(new a(np0.Z, new kp0(generatePkbdAlgorithmIdentifier, new gp0(vo0.Q))), createCipher("AESKWP", generateKey).doFinal(encoded));
                }
                this.entries.put(str, new nn0(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(fp0Var, certificateArr).e(), null));
            } catch (Exception e) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                hp0 generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(np0.a0, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String d = Strings.d(key.getAlgorithm());
                if (d.indexOf(f.q) > -1) {
                    tn0Var = new tn0(vo0.s, encoded2);
                } else {
                    o oVar = oidMap.get(d);
                    if (oVar != null) {
                        tn0Var = new tn0(oVar, encoded2);
                    } else {
                        o oVar2 = oidMap.get(d + "." + (encoded2.length * 8));
                        if (oVar2 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + d + ") for storage.");
                        }
                        tn0Var = new tn0(oVar2, encoded2);
                    }
                }
                if (this.storeEncryptionAlgorithm.b(vo0.P)) {
                    Cipher createCipher2 = createCipher("AES/CCM/NoPadding", generateKey2);
                    mn0Var = new mn0(new a(np0.Z, new kp0(generatePkbdAlgorithmIdentifier2, new gp0(vo0.P, wn0.a(createCipher2.getParameters().getEncoded())))), createCipher2.doFinal(tn0Var.e()));
                } else {
                    mn0Var = new mn0(new a(np0.Z, new kp0(generatePkbdAlgorithmIdentifier2, new gp0(vo0.Q))), createCipher("AESKWP", generateKey2).doFinal(tn0Var.e()));
                }
                this.entries.put(str, new nn0(SECRET_KEY, str, extractCreationDate, date, mn0Var.e(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        nn0 nn0Var = this.entries.get(str);
        Date extractCreationDate = nn0Var != null ? extractCreationDate(nn0Var, date) : date;
        if (certificateArr != null) {
            try {
                fp0 a2 = fp0.a(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new nn0(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(a2, certificateArr).e(), null));
                } catch (Exception e) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.entries.put(str, new nn0(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr, null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e3.toString(), e3);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        hp0 hp0Var;
        BigInteger g;
        if (this.creationDate == null) {
            throw new IOException("KeyStore not initialized");
        }
        kn0 encryptedObjectStoreData = getEncryptedObjectStoreData(this.hmacAlgorithm, cArr);
        if (po0.y.b(this.hmacPkbdAlgorithm.f())) {
            so0 a2 = so0.a(this.hmacPkbdAlgorithm.g());
            hp0Var = this.hmacPkbdAlgorithm;
            g = a2.h();
        } else {
            lp0 a3 = lp0.a(this.hmacPkbdAlgorithm.g());
            hp0Var = this.hmacPkbdAlgorithm;
            g = a3.g();
        }
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(hp0Var, g.intValue());
        try {
            outputStream.write(new pn0(encryptedObjectStoreData, new rn0(new sn0(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(encryptedObjectStoreData.e(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).e());
            outputStream.flush();
        } catch (NoSuchProviderException e) {
            throw new IOException("cannot calculate mac: " + e.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        un0 un0Var;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof org.bouncycastle.jcajce.a) {
            org.bouncycastle.jcajce.a aVar = (org.bouncycastle.jcajce.a) loadStoreParameter;
            char[] extractPassword = extractPassword(loadStoreParameter);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(aVar.b(), 64);
            engineStore(aVar.a(), extractPassword);
            return;
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof org.bouncycastle.jcajce.b) {
                engineStore(((org.bouncycastle.jcajce.b) loadStoreParameter).b(), extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        if (bCFKSLoadStoreParameter.i() == null) {
            char[] extractPassword2 = extractPassword(bCFKSLoadStoreParameter);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bCFKSLoadStoreParameter.g(), 64);
            this.storeEncryptionAlgorithm = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? vo0.P : vo0.Q;
            this.hmacAlgorithm = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(np0.n0, org.bouncycastle.asn1.w0.f7579a) : new a(vo0.r, org.bouncycastle.asn1.w0.f7579a);
            engineStore(bCFKSLoadStoreParameter.b(), extractPassword2);
            return;
        }
        this.signatureAlgorithm = generateSignatureAlgId(bCFKSLoadStoreParameter.i(), bCFKSLoadStoreParameter.h());
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bCFKSLoadStoreParameter.g(), 64);
        this.storeEncryptionAlgorithm = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? vo0.P : vo0.Q;
        this.hmacAlgorithm = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(np0.n0, org.bouncycastle.asn1.w0.f7579a) : new a(vo0.r, org.bouncycastle.asn1.w0.f7579a);
        kn0 encryptedObjectStoreData = getEncryptedObjectStoreData(this.signatureAlgorithm, extractPassword(bCFKSLoadStoreParameter));
        try {
            Signature g = this.helper.g(this.signatureAlgorithm.f().j());
            g.initSign((PrivateKey) bCFKSLoadStoreParameter.i());
            g.update(encryptedObjectStoreData.e());
            X509Certificate[] d = bCFKSLoadStoreParameter.d();
            if (d != null) {
                int length = d.length;
                l[] lVarArr = new l[length];
                for (int i = 0; i != length; i++) {
                    lVarArr[i] = l.a(d[i].getEncoded());
                }
                un0Var = new un0(this.signatureAlgorithm, lVarArr, g.sign());
            } else {
                un0Var = new un0(this.signatureAlgorithm, g.sign());
            }
            bCFKSLoadStoreParameter.b().write(new pn0(encryptedObjectStoreData, new rn0(un0Var)).e());
            bCFKSLoadStoreParameter.b().flush();
        } catch (GeneralSecurityException e) {
            throw new IOException("error creating signature: " + e.getMessage(), e);
        }
    }
}
