package org.bouncycastle.jcajce.provider.keystore.bcfks;

import ap.d;
import ap.j;
import com.unity3d.ads.core.data.datasource.AndroidStaticDeviceInfoDataSource;
import fn.r1;
import fn.v;
import fo.b;
import fo.z0;
import fp.a;
import go.o;
import hn.e;
import hn.i;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import jo.z;
import jp.c;
import oo.a0;
import oo.x;
import org.bouncycastle.crypto.b0;
import org.bouncycastle.jcajce.provider.keystore.util.AdaptingKeyStoreSpi;
import org.bouncycastle.jcajce.provider.keystore.util.ParameterUtil;
import tq.q;
import vo.b1;
import xn.f;
import xn.g;
import xn.h;
import xn.k;
import xn.l;
import xn.n;
import xn.p;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map<String, v> oidMap;
    private static final Map<v, String> publicAlgMap;
    private Date creationDate;
    private final c helper;
    private b hmacAlgorithm;
    private h hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private b signatureAlgorithm;
    private a.InterfaceC0697a validator;
    private PublicKey verificationKey;
    private final Map<String, e> entries = new HashMap();
    private final Map<String, PrivateKey> privateKeyCache = new HashMap();
    private v storeEncryptionAlgorithm = sn.b.T;

    /* loaded from: classes3.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new jp.b());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class DefCompat extends AdaptingKeyStoreSpi {
        public DefCompat() {
            super(new jp.b(), new BcFKSKeyStoreSpi(new jp.b()));
        }
    }

    /* loaded from: classes3.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new jp.b());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class DefSharedCompat extends AdaptingKeyStoreSpi {
        public DefSharedCompat() {
            super(new jp.b(), new BcFKSKeyStoreSpi(new jp.b()));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        ExtKeyStoreException(String str, Throwable th2) {
            super(str);
            this.cause = th2;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes3.dex */
    private static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements n, z0 {
        private final Map<String, byte[]> cache;
        private final byte[] seedKey;

        public SharedKeyStoreSpi(c cVar) {
            super(cVar);
            try {
                byte[] bArr = new byte[32];
                this.seedKey = bArr;
                cVar.g("DEFAULT").nextBytes(bArr);
                this.cache = new HashMap();
            } catch (GeneralSecurityException e10) {
                throw new IllegalArgumentException("can't create random - " + e10.toString());
            }
        }

        private byte[] calculateMac(String str, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException {
            return a0.i(cArr != null ? tq.a.p(q.j(cArr), q.i(str)) : tq.a.p(this.seedKey, q.i(str)), this.seedKey, 16384, 8, 1, 32);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) throws KeyStoreException {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            try {
                byte[] calculateMac = calculateMac(str, cArr);
                if (!this.cache.containsKey(str) || tq.a.u(this.cache.get(str), calculateMac)) {
                    Key engineGetKey = super.engineGetKey(str, cArr);
                    if (engineGetKey != null && !this.cache.containsKey(str)) {
                        this.cache.put(str, calculateMac);
                    }
                    return engineGetKey;
                }
                throw new UnrecoverableKeyException("unable to recover key (" + str + ")");
            } catch (InvalidKeyException e10) {
                throw new UnrecoverableKeyException("unable to recover key (" + str + "): " + e10.getMessage());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes3.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new jp.a());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class StdCompat extends AdaptingKeyStoreSpi {
        public StdCompat() {
            super(new jp.b(), new BcFKSKeyStoreSpi(new jp.a()));
        }
    }

    /* loaded from: classes3.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new jp.a());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class StdSharedCompat extends AdaptingKeyStoreSpi {
        public StdSharedCompat() {
            super(new jp.a(), new BcFKSKeyStoreSpi(new jp.a()));
        }
    }

    static {
        HashMap hashMap = new HashMap();
        oidMap = hashMap;
        HashMap hashMap2 = new HashMap();
        publicAlgMap = hashMap2;
        v vVar = wn.b.f84609h;
        hashMap.put("DESEDE", vVar);
        hashMap.put("TRIPLEDES", vVar);
        hashMap.put("TDEA", vVar);
        hashMap.put("HMACSHA1", n.f85537h4);
        hashMap.put("HMACSHA224", n.f85540i4);
        hashMap.put("HMACSHA256", n.f85543j4);
        hashMap.put("HMACSHA384", n.f85546k4);
        hashMap.put("HMACSHA512", n.f85549l4);
        hashMap.put("SEED", qn.a.f72128a);
        hashMap.put("CAMELLIA.128", un.a.f81651a);
        hashMap.put("CAMELLIA.192", un.a.f81652b);
        hashMap.put("CAMELLIA.256", un.a.f81653c);
        hashMap.put("ARIA.128", tn.a.f74844h);
        hashMap.put("ARIA.192", tn.a.f74849m);
        hashMap.put("ARIA.256", tn.a.f74854r);
        hashMap2.put(n.f85584y3, "RSA");
        hashMap2.put(o.f58111k2, "EC");
        hashMap2.put(wn.b.f84613l, "DH");
        hashMap2.put(n.P3, "DH");
        hashMap2.put(o.U2, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(c cVar) {
        this.helper = cVar;
    }

    private byte[] calculateMac(byte[] bArr, b bVar, h hVar, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String E = bVar.k().E();
        Mac h10 = this.helper.h(E);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            h10.init(new SecretKeySpec(generateKey(hVar, "INTEGRITY_CHECK", cArr, -1), E));
            return h10.doFinal(bArr);
        } catch (InvalidKeyException e10) {
            throw new IOException("Cannot set up MAC calculation: " + e10.getMessage());
        }
    }

    private Cipher createCipher(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher a10 = this.helper.a(str);
        a10.init(1, new SecretKeySpec(bArr, "AES"));
        return a10;
    }

    private hn.c createPrivateKeySequence(f fVar, Certificate[] certificateArr) throws CertificateEncodingException {
        fo.n[] nVarArr = new fo.n[certificateArr.length];
        for (int i10 = 0; i10 != certificateArr.length; i10++) {
            nVarArr[i10] = fo.n.o(certificateArr[i10].getEncoded());
        }
        return new hn.c(fVar, nVarArr);
    }

    private Certificate decodeCertificate(Object obj) {
        c cVar = this.helper;
        if (cVar != null) {
            try {
                return cVar.d(AndroidStaticDeviceInfoDataSource.CERTIFICATE_TYPE_X509).generateCertificate(new ByteArrayInputStream(fo.n.o(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance(AndroidStaticDeviceInfoDataSource.CERTIFICATE_TYPE_X509).generateCertificate(new ByteArrayInputStream(fo.n.o(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] decryptData(String str, b bVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher a10;
        AlgorithmParameters algorithmParameters;
        if (!bVar.k().u(n.X3)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        k l10 = k.l(bVar.q());
        g k10 = l10.k();
        try {
            if (k10.k().u(sn.b.T)) {
                a10 = this.helper.a("AES/CCM/NoPadding");
                algorithmParameters = this.helper.b("CCM");
                algorithmParameters.init(cp.a.l(k10.o()).getEncoded());
            } else {
                if (!k10.k().u(sn.b.U)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                a10 = this.helper.a("AESKWP");
                algorithmParameters = null;
            }
            h o10 = l10.o();
            if (cArr == null) {
                cArr = new char[0];
            }
            a10.init(2, new SecretKeySpec(generateKey(o10, str, cArr, 32), "AES"), algorithmParameters);
            return a10.doFinal(bArr);
        } catch (IOException e10) {
            throw e10;
        } catch (Exception e11) {
            throw new IOException(e11.toString());
        }
    }

    private Date extractCreationDate(e eVar, Date date) {
        try {
            return eVar.k().D();
        } catch (ParseException unused) {
            return date;
        }
    }

    private byte[] generateKey(h hVar, String str, char[] cArr, int i10) throws IOException {
        byte[] PKCS12PasswordToBytes = b0.PKCS12PasswordToBytes(cArr);
        byte[] PKCS12PasswordToBytes2 = b0.PKCS12PasswordToBytes(str.toCharArray());
        if (rn.c.M.u(hVar.k())) {
            rn.f o10 = rn.f.o(hVar.o());
            if (o10.q() != null) {
                i10 = o10.q().intValue();
            } else if (i10 == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return a0.i(tq.a.p(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), o10.t(), o10.l().intValue(), o10.k().intValue(), o10.k().intValue(), i10);
        }
        if (!hVar.k().u(n.Y3)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        l k10 = l.k(hVar.o());
        if (k10.o() != null) {
            i10 = k10.o().intValue();
        } else if (i10 == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (k10.q().k().u(n.f85549l4)) {
            x xVar = new x(new jo.a0());
            xVar.init(tq.a.p(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), k10.s(), k10.l().intValue());
            return ((b1) xVar.generateDerivedParameters(i10 * 8)).a();
        }
        if (k10.q().k().u(sn.b.f74056r)) {
            x xVar2 = new x(new z(512));
            xVar2.init(tq.a.p(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), k10.s(), k10.l().intValue());
            return ((b1) xVar2.generateDerivedParameters(i10 * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + k10.q().k());
    }

    private h generatePkbdAlgorithmIdentifier(ap.e eVar, int i10) {
        v vVar = rn.c.M;
        if (vVar.u(eVar.a())) {
            j jVar = (j) eVar;
            byte[] bArr = new byte[jVar.e()];
            getDefaultSecureRandom().nextBytes(bArr);
            return new h(vVar, new rn.f(bArr, jVar.c(), jVar.b(), jVar.d(), i10));
        }
        d dVar = (d) eVar;
        byte[] bArr2 = new byte[dVar.d()];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new h(n.Y3, new l(bArr2, dVar.b(), i10, dVar.c()));
    }

    private h generatePkbdAlgorithmIdentifier(v vVar, int i10) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        v vVar2 = n.Y3;
        if (vVar2.u(vVar)) {
            return new h(vVar2, new l(bArr, 51200, i10, new b(n.f85549l4, r1.f56801c)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + vVar);
    }

    private h generatePkbdAlgorithmIdentifier(h hVar, int i10) {
        v vVar = rn.c.M;
        boolean u10 = vVar.u(hVar.k());
        fn.g o10 = hVar.o();
        if (u10) {
            rn.f o11 = rn.f.o(o10);
            byte[] bArr = new byte[o11.t().length];
            getDefaultSecureRandom().nextBytes(bArr);
            return new h(vVar, new rn.f(bArr, o11.l(), o11.k(), o11.s(), BigInteger.valueOf(i10)));
        }
        l k10 = l.k(o10);
        byte[] bArr2 = new byte[k10.s().length];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new h(n.Y3, new l(bArr2, k10.l().intValue(), i10, k10.q()));
    }

    private b generateSignatureAlgId(Key key, a.d dVar) throws IOException {
        if (key == null) {
            return null;
        }
        if (key instanceof mp.a) {
            if (dVar == a.d.SHA512withECDSA) {
                return new b(o.f58121p2);
            }
            if (dVar == a.d.SHA3_512withECDSA) {
                return new b(sn.b.f74043i0);
            }
        }
        if (key instanceof DSAKey) {
            if (dVar == a.d.SHA512withDSA) {
                return new b(sn.b.f74027a0);
            }
            if (dVar == a.d.SHA3_512withDSA) {
                return new b(sn.b.f74035e0);
            }
        }
        if (key instanceof RSAKey) {
            if (dVar == a.d.SHA512withRSA) {
                return new b(n.K3, r1.f56801c);
            }
            if (dVar == a.d.SHA3_512withRSA) {
                return new b(sn.b.f74051m0, r1.f56801c);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private SecureRandom getDefaultSecureRandom() {
        return org.bouncycastle.crypto.l.b();
    }

    private hn.b getEncryptedObjectStoreData(b bVar, char[] cArr) throws IOException, NoSuchAlgorithmException {
        e[] eVarArr = (e[]) this.entries.values().toArray(new e[this.entries.size()]);
        h generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(this.hmacPkbdAlgorithm, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr, 32);
        hn.h hVar = new hn.h(bVar, this.creationDate, this.lastModifiedDate, new hn.f(eVarArr), null);
        try {
            v vVar = this.storeEncryptionAlgorithm;
            v vVar2 = sn.b.T;
            if (!vVar.u(vVar2)) {
                return new hn.b(new b(n.X3, new k(generatePkbdAlgorithmIdentifier, new g(sn.b.U))), createCipher("AESKWP", generateKey).doFinal(hVar.getEncoded()));
            }
            Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
            return new hn.b(new b(n.X3, new k(generatePkbdAlgorithmIdentifier, new g(vVar2, cp.a.l(createCipher.getParameters().getEncoded())))), createCipher.doFinal(hVar.getEncoded()));
        } catch (InvalidKeyException e10) {
            throw new IOException(e10.toString());
        } catch (NoSuchProviderException e11) {
            throw new IOException(e11.toString());
        } catch (BadPaddingException e12) {
            throw new IOException(e12.toString());
        } catch (IllegalBlockSizeException e13) {
            throw new IOException(e13.toString());
        } catch (NoSuchPaddingException e14) {
            throw new NoSuchAlgorithmException(e14.toString());
        }
    }

    private static String getPublicKeyAlg(v vVar) {
        String str = publicAlgMap.get(vVar);
        return str != null ? str : vVar.E();
    }

    private boolean isSimilarHmacPbkd(ap.e eVar, h hVar) {
        if (!eVar.a().u(hVar.k())) {
            return false;
        }
        if (rn.c.M.u(hVar.k())) {
            if (!(eVar instanceof j)) {
                return false;
            }
            j jVar = (j) eVar;
            rn.f o10 = rn.f.o(hVar.o());
            return jVar.e() == o10.t().length && jVar.b() == o10.k().intValue() && jVar.c() == o10.l().intValue() && jVar.d() == o10.s().intValue();
        }
        if (!(eVar instanceof d)) {
            return false;
        }
        d dVar = (d) eVar;
        l k10 = l.k(hVar.o());
        return dVar.d() == k10.s().length && dVar.b() == k10.l().intValue();
    }

    private void verifyMac(byte[] bArr, hn.j jVar, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (!tq.a.u(calculateMac(bArr, jVar.o(), jVar.q(), cArr), jVar.l())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private void verifySig(fn.g gVar, hn.l lVar, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature createSignature = this.helper.createSignature(lVar.q().k().E());
        createSignature.initVerify(publicKey);
        createSignature.update(gVar.i().b("DER"));
        if (!createSignature.verify(lVar.o().D())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.entries.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.entries.get(str) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.t().equals(PRIVATE_KEY) || eVar.t().equals(PROTECTED_PRIVATE_KEY)) {
            return decodeCertificate(hn.c.o(eVar.l()).k()[0]);
        }
        if (eVar.t().equals(CERTIFICATE)) {
            return decodeCertificate(eVar.l());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                e eVar = this.entries.get(str);
                if (eVar.t().equals(CERTIFICATE)) {
                    if (tq.a.c(eVar.l(), encoded)) {
                        return str;
                    }
                } else if (eVar.t().equals(PRIVATE_KEY) || eVar.t().equals(PROTECTED_PRIVATE_KEY)) {
                    try {
                        if (tq.a.c(hn.c.o(eVar.l()).k()[0].i().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                        continue;
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        if (!eVar.t().equals(PRIVATE_KEY) && !eVar.t().equals(PROTECTED_PRIVATE_KEY)) {
            return null;
        }
        fo.n[] k10 = hn.c.o(eVar.l()).k();
        int length = k10.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i10 = 0; i10 != length; i10++) {
            x509CertificateArr[i10] = decodeCertificate(k10[i10]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        try {
            return eVar.s().D();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.t().equals(PRIVATE_KEY) || eVar.t().equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey privateKey = this.privateKeyCache.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            f o10 = f.o(hn.c.o(eVar.l()).l());
            try {
                p l10 = p.l(decryptData("PRIVATE_KEY_ENCRYPTION", o10.l(), cArr, o10.k()));
                PrivateKey generatePrivate = this.helper.f(getPublicKeyAlg(l10.q().k())).generatePrivate(new PKCS8EncodedKeySpec(l10.getEncoded()));
                this.privateKeyCache.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e10) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e10.getMessage());
            }
        }
        if (!eVar.t().equals(SECRET_KEY) && !eVar.t().equals(PROTECTED_SECRET_KEY)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        hn.d l11 = hn.d.l(eVar.l());
        try {
            hn.k k10 = hn.k.k(decryptData("SECRET_KEY_ENCRYPTION", l11.o(), cArr, l11.k()));
            return this.helper.e(k10.l().E()).generateSecret(new SecretKeySpec(k10.o(), k10.l().E()));
        } catch (Exception e11) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e11.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        e eVar = this.entries.get(str);
        if (eVar != null) {
            return eVar.t().equals(CERTIFICATE);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return false;
        }
        BigInteger t10 = eVar.t();
        return t10.equals(PRIVATE_KEY) || t10.equals(SECRET_KEY) || t10.equals(PROTECTED_PRIVATE_KEY) || t10.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        b q10;
        hn.h l10;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.verificationKey = null;
            this.hmacAlgorithm = new b(n.f85549l4, r1.f56801c);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(n.Y3, 64);
            return;
        }
        try {
            hn.g k10 = hn.g.k(new fn.p(inputStream).u());
            i l11 = k10.l();
            if (l11.o() == 0) {
                hn.j k11 = hn.j.k(l11.l());
                this.hmacAlgorithm = k11.o();
                this.hmacPkbdAlgorithm = k11.q();
                q10 = this.hmacAlgorithm;
                try {
                    verifyMac(k10.o().i().getEncoded(), k11, cArr);
                } catch (NoSuchProviderException e10) {
                    throw new IOException(e10.getMessage());
                }
            } else {
                if (l11.o() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                hn.l l12 = hn.l.l(l11.l());
                q10 = l12.q();
                try {
                    l12.k();
                    verifySig(k10.o(), l12, this.verificationKey);
                } catch (GeneralSecurityException e11) {
                    throw new IOException("error verifying signature: " + e11.getMessage(), e11);
                }
            }
            fn.g o10 = k10.o();
            if (o10 instanceof hn.b) {
                hn.b bVar = (hn.b) o10;
                l10 = hn.h.l(decryptData("STORE_ENCRYPTION", bVar.l(), cArr, bVar.k().C()));
            } else {
                l10 = hn.h.l(o10);
            }
            try {
                this.creationDate = l10.k().D();
                this.lastModifiedDate = l10.q().D();
                if (!l10.o().equals(q10)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<fn.g> it = l10.s().iterator();
                while (it.hasNext()) {
                    e q11 = e.q(it.next());
                    this.entries.put(q11.o(), q11);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e12) {
            throw new IOException(e12.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            engineLoad(null, null);
            return;
        }
        if (!(loadStoreParameter instanceof a)) {
            if (loadStoreParameter instanceof fp.c) {
                engineLoad(((fp.c) loadStoreParameter).a(), ParameterUtil.extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        a aVar = (a) loadStoreParameter;
        char[] extractPassword = ParameterUtil.extractPassword(aVar);
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(aVar.g(), 64);
        this.storeEncryptionAlgorithm = aVar.e() == a.b.AES256_CCM ? sn.b.T : sn.b.U;
        this.hmacAlgorithm = aVar.f() == a.c.HmacSHA512 ? new b(n.f85549l4, r1.f56801c) : new b(sn.b.f74056r, r1.f56801c);
        this.verificationKey = (PublicKey) aVar.i();
        aVar.c();
        this.signatureAlgorithm = generateSignatureAlgId(this.verificationKey, aVar.h());
        v vVar = this.storeEncryptionAlgorithm;
        InputStream a10 = aVar.a();
        engineLoad(a10, extractPassword);
        if (a10 != null) {
            if (!isSimilarHmacPbkd(aVar.g(), this.hmacPkbdAlgorithm) || !vVar.u(this.storeEncryptionAlgorithm)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        e eVar = this.entries.get(str);
        Date date2 = new Date();
        if (eVar == null) {
            date = date2;
        } else {
            if (!eVar.t().equals(CERTIFICATE)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = extractCreationDate(eVar, date2);
        }
        try {
            this.entries.put(str, new e(CERTIFICATE, str, date, date2, certificate.getEncoded(), null));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e10) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e10.getMessage(), e10);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        hn.k kVar;
        hn.d dVar;
        f fVar;
        Date date = new Date();
        e eVar = this.entries.get(str);
        Date extractCreationDate = eVar != null ? extractCreationDate(eVar, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                h generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(n.Y3, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                v vVar = this.storeEncryptionAlgorithm;
                v vVar2 = sn.b.T;
                if (vVar.u(vVar2)) {
                    Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
                    fVar = new f(new b(n.X3, new k(generatePkbdAlgorithmIdentifier, new g(vVar2, cp.a.l(createCipher.getParameters().getEncoded())))), createCipher.doFinal(encoded));
                } else {
                    fVar = new f(new b(n.X3, new k(generatePkbdAlgorithmIdentifier, new g(sn.b.U))), createCipher("AESKWP", generateKey).doFinal(encoded));
                }
                this.entries.put(str, new e(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(fVar, certificateArr).getEncoded(), null));
            } catch (Exception e10) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e10.toString(), e10);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                h generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(n.Y3, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String k10 = q.k(key.getAlgorithm());
                if (k10.indexOf("AES") > -1) {
                    kVar = new hn.k(sn.b.f74061w, encoded2);
                } else {
                    Map<String, v> map = oidMap;
                    v vVar3 = map.get(k10);
                    if (vVar3 != null) {
                        kVar = new hn.k(vVar3, encoded2);
                    } else {
                        v vVar4 = map.get(k10 + "." + (encoded2.length * 8));
                        if (vVar4 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + k10 + ") for storage.");
                        }
                        kVar = new hn.k(vVar4, encoded2);
                    }
                }
                v vVar5 = this.storeEncryptionAlgorithm;
                v vVar6 = sn.b.T;
                if (vVar5.u(vVar6)) {
                    Cipher createCipher2 = createCipher("AES/CCM/NoPadding", generateKey2);
                    dVar = new hn.d(new b(n.X3, new k(generatePkbdAlgorithmIdentifier2, new g(vVar6, cp.a.l(createCipher2.getParameters().getEncoded())))), createCipher2.doFinal(kVar.getEncoded()));
                } else {
                    dVar = new hn.d(new b(n.X3, new k(generatePkbdAlgorithmIdentifier2, new g(sn.b.U))), createCipher("AESKWP", generateKey2).doFinal(kVar.getEncoded()));
                }
                this.entries.put(str, new e(SECRET_KEY, str, extractCreationDate, date, dVar.getEncoded(), null));
            } catch (Exception e11) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e11.toString(), e11);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        e eVar = this.entries.get(str);
        Date extractCreationDate = eVar != null ? extractCreationDate(eVar, date) : date;
        if (certificateArr != null) {
            try {
                f o10 = f.o(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new e(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(o10, certificateArr).getEncoded(), null));
                } catch (Exception e10) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e10.toString(), e10);
                }
            } catch (Exception e11) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e11);
            }
        } else {
            try {
                this.entries.put(str, new e(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr, null));
            } catch (Exception e12) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e12.toString(), e12);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        h hVar;
        BigInteger o10;
        if (this.creationDate == null) {
            throw new IOException("KeyStore not initialized");
        }
        hn.b encryptedObjectStoreData = getEncryptedObjectStoreData(this.hmacAlgorithm, cArr);
        if (rn.c.M.u(this.hmacPkbdAlgorithm.k())) {
            rn.f o11 = rn.f.o(this.hmacPkbdAlgorithm.o());
            hVar = this.hmacPkbdAlgorithm;
            o10 = o11.q();
        } else {
            l k10 = l.k(this.hmacPkbdAlgorithm.o());
            hVar = this.hmacPkbdAlgorithm;
            o10 = k10.o();
        }
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(hVar, o10.intValue());
        try {
            outputStream.write(new hn.g(encryptedObjectStoreData, new i(new hn.j(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(encryptedObjectStoreData.getEncoded(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e10) {
            throw new IOException("cannot calculate mac: " + e10.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        hn.l lVar;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof fp.b) {
            fp.b bVar = (fp.b) loadStoreParameter;
            char[] extractPassword = ParameterUtil.extractPassword(loadStoreParameter);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bVar.b(), 64);
            engineStore(bVar.a(), extractPassword);
            return;
        }
        if (!(loadStoreParameter instanceof a)) {
            if (loadStoreParameter instanceof fp.c) {
                engineStore(((fp.c) loadStoreParameter).b(), ParameterUtil.extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        a aVar = (a) loadStoreParameter;
        if (aVar.i() == null) {
            char[] extractPassword2 = ParameterUtil.extractPassword(aVar);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(aVar.g(), 64);
            this.storeEncryptionAlgorithm = aVar.e() == a.b.AES256_CCM ? sn.b.T : sn.b.U;
            this.hmacAlgorithm = aVar.f() == a.c.HmacSHA512 ? new b(n.f85549l4, r1.f56801c) : new b(sn.b.f74056r, r1.f56801c);
            engineStore(aVar.b(), extractPassword2);
            return;
        }
        this.signatureAlgorithm = generateSignatureAlgId(aVar.i(), aVar.h());
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(aVar.g(), 64);
        this.storeEncryptionAlgorithm = aVar.e() == a.b.AES256_CCM ? sn.b.T : sn.b.U;
        this.hmacAlgorithm = aVar.f() == a.c.HmacSHA512 ? new b(n.f85549l4, r1.f56801c) : new b(sn.b.f74056r, r1.f56801c);
        hn.b encryptedObjectStoreData = getEncryptedObjectStoreData(this.signatureAlgorithm, ParameterUtil.extractPassword(aVar));
        try {
            Signature createSignature = this.helper.createSignature(this.signatureAlgorithm.k().E());
            createSignature.initSign((PrivateKey) aVar.i());
            createSignature.update(encryptedObjectStoreData.getEncoded());
            X509Certificate[] d10 = aVar.d();
            if (d10 != null) {
                int length = d10.length;
                fo.n[] nVarArr = new fo.n[length];
                for (int i10 = 0; i10 != length; i10++) {
                    nVarArr[i10] = fo.n.o(d10[i10].getEncoded());
                }
                lVar = new hn.l(this.signatureAlgorithm, nVarArr, createSignature.sign());
            } else {
                lVar = new hn.l(this.signatureAlgorithm, createSignature.sign());
            }
            aVar.b().write(new hn.g(encryptedObjectStoreData, new i(lVar)).getEncoded());
            aVar.b().flush();
        } catch (GeneralSecurityException e10) {
            throw new IOException("error creating signature: " + e10.getMessage(), e10);
        }
    }
}
