package org.bouncycastle.jcajce.provider.keystore.bcfks;

import androidx.activity.result.k;
import bh.n;
import bh.w;
import cg.r;
import fj.y;
import ig.m0;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import jh.a;
import mf.d;
import nh.c;
import nh.f;
import og.j0;
import og.n0;
import org.bouncycastle.crypto.i0;
import org.bouncycastle.jcajce.provider.keystore.util.AdaptingKeyStoreSpi;
import org.bouncycastle.jcajce.provider.keystore.util.ParameterUtil;
import rf.j;
import rf.m;
import rf.p;
import rf.q;
import rf.t;
import rf.v;
import wg.n1;
import xe.c0;
import xe.e;
import xe.i2;
import ze.g;
import ze.h;
import ze.i;
import ze.l;
import zf.b;
import zf.b2;
import zf.o;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map<String, c0> oidMap;
    private static final Map<c0, String> publicAlgMap;
    private Date creationDate;
    private final f helper;
    private b hmacAlgorithm;
    private m hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private b signatureAlgorithm;
    private a.c validator;
    private PublicKey verificationKey;
    private final Map<String, ze.f> entries = new HashMap();
    private final Map<String, PrivateKey> privateKeyCache = new HashMap();
    private c0 storeEncryptionAlgorithm = d.T;

    /* loaded from: classes2.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new nh.d());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes2.dex */
    public static class DefCompat extends AdaptingKeyStoreSpi {
        public DefCompat() {
            super(new nh.d(), new BcFKSKeyStoreSpi(new nh.d()));
        }
    }

    /* loaded from: classes2.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new nh.d());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes2.dex */
    public static class DefSharedCompat extends AdaptingKeyStoreSpi {
        public DefSharedCompat() {
            super(new nh.d(), new BcFKSKeyStoreSpi(new nh.d()));
        }
    }

    /* loaded from: classes2.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        public ExtKeyStoreException(String str, Throwable th2) {
            super(str);
            this.cause = th2;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes2.dex */
    public static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements t, b2 {
        private final Map<String, byte[]> cache;
        private final byte[] seedKey;

        public SharedKeyStoreSpi(f fVar) {
            super(fVar);
            try {
                byte[] bArr = new byte[32];
                this.seedKey = bArr;
                fVar.c("DEFAULT").nextBytes(bArr);
                this.cache = new HashMap();
            } catch (GeneralSecurityException e10) {
                throw new IllegalArgumentException("can't create random - " + e10.toString());
            }
        }

        private byte[] calculateMac(String str, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException {
            return n0.i(cArr != null ? fj.a.B(y.n(cArr), y.m(str)) : fj.a.B(this.seedKey, y.m(str)), this.seedKey, 16384, 8, 1, 32);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) throws KeyStoreException {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            try {
                byte[] calculateMac = calculateMac(str, cArr);
                if (this.cache.containsKey(str) && !fj.a.I(this.cache.get(str), calculateMac)) {
                    throw new UnrecoverableKeyException(z.b.a("unable to recover key (", str, ")"));
                }
                Key engineGetKey = super.engineGetKey(str, cArr);
                if (engineGetKey != null && !this.cache.containsKey(str)) {
                    this.cache.put(str, calculateMac);
                }
                return engineGetKey;
            } catch (InvalidKeyException e10) {
                StringBuilder a10 = k.a("unable to recover key (", str, "): ");
                a10.append(e10.getMessage());
                throw new UnrecoverableKeyException(a10.toString());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes2.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new c());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes2.dex */
    public static class StdCompat extends AdaptingKeyStoreSpi {
        public StdCompat() {
            super(new nh.d(), new BcFKSKeyStoreSpi(new c()));
        }
    }

    /* loaded from: classes2.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new c());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes2.dex */
    public static class StdSharedCompat extends AdaptingKeyStoreSpi {
        public StdSharedCompat() {
            super(new c(), new BcFKSKeyStoreSpi(new c()));
        }
    }

    static {
        HashMap hashMap = new HashMap();
        oidMap = hashMap;
        HashMap hashMap2 = new HashMap();
        publicAlgMap = hashMap2;
        c0 c0Var = qf.b.f34047h;
        hashMap.put("DESEDE", c0Var);
        hashMap.put("TRIPLEDES", c0Var);
        hashMap.put("TDEA", c0Var);
        hashMap.put("HMACSHA1", t.H1);
        hashMap.put("HMACSHA224", t.I1);
        hashMap.put("HMACSHA256", t.J1);
        hashMap.put("HMACSHA384", t.K1);
        hashMap.put("HMACSHA512", t.L1);
        hashMap.put("SEED", p000if.a.f18633a);
        hashMap.put("CAMELLIA.128", of.a.f32241a);
        hashMap.put("CAMELLIA.192", of.a.f32242b);
        hashMap.put("CAMELLIA.256", of.a.f32243c);
        hashMap.put("ARIA.128", nf.a.f30526h);
        hashMap.put("ARIA.192", nf.a.f30531m);
        hashMap.put("ARIA.256", nf.a.f30536r);
        hashMap2.put(t.Y0, "RSA");
        hashMap2.put(r.A, "EC");
        hashMap2.put(qf.b.f34051l, "DH");
        hashMap2.put(t.f34820p1, "DH");
        hashMap2.put(r.f9643n0, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    public BcFKSKeyStoreSpi(f fVar) {
        this.helper = fVar;
    }

    private byte[] calculateMac(byte[] bArr, b bVar, m mVar, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String t02 = bVar.f0().t0();
        Mac j10 = this.helper.j(t02);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            j10.init(new SecretKeySpec(generateKey(mVar, "INTEGRITY_CHECK", cArr, -1), t02));
            return j10.doFinal(bArr);
        } catch (InvalidKeyException e10) {
            throw new IOException("Cannot set up MAC calculation: " + e10.getMessage());
        }
    }

    private Cipher createCipher(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher f10 = this.helper.f(str);
        f10.init(1, new SecretKeySpec(bArr, sb.a.f35991c));
        return f10;
    }

    private ze.c createPrivateKeySequence(j jVar, Certificate[] certificateArr) throws CertificateEncodingException {
        o[] oVarArr = new o[certificateArr.length];
        for (int i10 = 0; i10 != certificateArr.length; i10++) {
            oVarArr[i10] = o.g0(certificateArr[i10].getEncoded());
        }
        return new ze.c(jVar, oVarArr);
    }

    private Certificate decodeCertificate(Object obj) {
        f fVar = this.helper;
        if (fVar != null) {
            try {
                return fVar.n("X.509").generateCertificate(new ByteArrayInputStream(o.g0(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(o.g0(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] decryptData(String str, b bVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher f10;
        AlgorithmParameters algorithmParameters;
        if (!bVar.f0().k0(t.f34844x1)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        p g02 = p.g0(bVar.i0());
        rf.k f02 = g02.f0();
        try {
            if (f02.f0().k0(d.T)) {
                f10 = this.helper.f("AES/CCM/NoPadding");
                algorithmParameters = this.helper.o("CCM");
                algorithmParameters.init(gh.a.g0(f02.h0()).getEncoded());
            } else {
                if (!f02.f0().k0(d.U)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                f10 = this.helper.f("AESKWP");
                algorithmParameters = null;
            }
            m h02 = g02.h0();
            if (cArr == null) {
                cArr = new char[0];
            }
            f10.init(2, new SecretKeySpec(generateKey(h02, str, cArr, 32), sb.a.f35991c), algorithmParameters);
            return f10.doFinal(bArr);
        } catch (IOException e10) {
            throw e10;
        } catch (Exception e11) {
            throw new IOException(e11.toString());
        }
    }

    private Date extractCreationDate(ze.f fVar, Date date) {
        try {
            return fVar.g0().s0();
        } catch (ParseException unused) {
            return date;
        }
    }

    private byte[] generateKey(m mVar, String str, char[] cArr, int i10) throws IOException {
        byte[] PKCS12PasswordToBytes = i0.PKCS12PasswordToBytes(cArr);
        byte[] PKCS12PasswordToBytes2 = i0.PKCS12PasswordToBytes(str.toCharArray());
        if (kf.c.M.k0(mVar.f0())) {
            kf.f h02 = kf.f.h0(mVar.h0());
            if (h02.i0() != null) {
                i10 = h02.i0().intValue();
            } else if (i10 == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return n0.i(fj.a.B(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), h02.k0(), h02.g0().intValue(), h02.f0().intValue(), h02.f0().intValue(), i10);
        }
        if (!mVar.f0().k0(t.f34847y1)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        q f02 = q.f0(mVar.h0());
        if (f02.h0() != null) {
            i10 = f02.h0().intValue();
        } else if (i10 == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (f02.i0().f0().k0(t.L1)) {
            j0 j0Var = new j0(new ig.n0());
            j0Var.init(fj.a.B(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), f02.j0(), f02.g0().intValue());
            return ((n1) j0Var.generateDerivedParameters(i10 * 8)).a();
        }
        if (f02.i0().f0().k0(d.f27213r)) {
            j0 j0Var2 = new j0(new m0(512));
            j0Var2.init(fj.a.B(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), f02.j0(), f02.g0().intValue());
            return ((n1) j0Var2.generateDerivedParameters(i10 * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + f02.i0().f0());
    }

    private m generatePkbdAlgorithmIdentifier(bh.o oVar, int i10) {
        c0 c0Var = kf.c.M;
        if (c0Var.k0(oVar.a())) {
            w wVar = (w) oVar;
            byte[] bArr = new byte[wVar.e()];
            getDefaultSecureRandom().nextBytes(bArr);
            return new m(c0Var, new kf.f(bArr, wVar.c(), wVar.b(), wVar.d(), i10));
        }
        n nVar = (n) oVar;
        byte[] bArr2 = new byte[nVar.d()];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new m(t.f34847y1, new q(bArr2, nVar.b(), i10, nVar.c()));
    }

    private m generatePkbdAlgorithmIdentifier(m mVar, int i10) {
        c0 c0Var = kf.c.M;
        boolean k02 = c0Var.k0(mVar.f0());
        xe.k h02 = mVar.h0();
        if (k02) {
            kf.f h03 = kf.f.h0(h02);
            byte[] bArr = new byte[h03.k0().length];
            getDefaultSecureRandom().nextBytes(bArr);
            return new m(c0Var, new kf.f(bArr, h03.g0(), h03.f0(), h03.j0(), BigInteger.valueOf(i10)));
        }
        q f02 = q.f0(h02);
        byte[] bArr2 = new byte[f02.j0().length];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new m(t.f34847y1, new q(bArr2, f02.g0().intValue(), i10, f02.i0()));
    }

    private m generatePkbdAlgorithmIdentifier(c0 c0Var, int i10) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        c0 c0Var2 = t.f34847y1;
        if (c0Var2.k0(c0Var)) {
            return new m(c0Var2, new q(bArr, 51200, i10, new b(t.L1, i2.f42086d)));
        }
        throw new IllegalStateException(bh.c.a("unknown derivation algorithm: ", c0Var));
    }

    private b generateSignatureAlgId(Key key, a.f fVar) throws IOException {
        if (key == null) {
            return null;
        }
        if (key instanceof qh.b) {
            if (fVar == a.f.SHA512withECDSA) {
                return new b(r.F);
            }
            if (fVar == a.f.SHA3_512withECDSA) {
                return new b(d.f27200i0);
            }
        }
        if (key instanceof DSAKey) {
            if (fVar == a.f.SHA512withDSA) {
                return new b(d.f27184a0);
            }
            if (fVar == a.f.SHA3_512withDSA) {
                return new b(d.f27192e0);
            }
        }
        if (key instanceof RSAKey) {
            if (fVar == a.f.SHA512withRSA) {
                return new b(t.f34805k1, i2.f42086d);
            }
            if (fVar == a.f.SHA3_512withRSA) {
                return new b(d.f27208m0, i2.f42086d);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private SecureRandom getDefaultSecureRandom() {
        return org.bouncycastle.crypto.p.f();
    }

    private ze.b getEncryptedObjectStoreData(b bVar, char[] cArr) throws IOException, NoSuchAlgorithmException {
        ze.f[] fVarArr = (ze.f[]) this.entries.values().toArray(new ze.f[this.entries.size()]);
        m generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(this.hmacPkbdAlgorithm, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr, 32);
        i iVar = new i(bVar, this.creationDate, this.lastModifiedDate, new g(fVarArr), null);
        try {
            c0 c0Var = this.storeEncryptionAlgorithm;
            c0 c0Var2 = d.T;
            if (!c0Var.k0(c0Var2)) {
                return new ze.b(new b(t.f34844x1, new p(generatePkbdAlgorithmIdentifier, new rf.k(d.U))), createCipher("AESKWP", generateKey).doFinal(iVar.getEncoded()));
            }
            Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
            return new ze.b(new b(t.f34844x1, new p(generatePkbdAlgorithmIdentifier, new rf.k(c0Var2, gh.a.g0(createCipher.getParameters().getEncoded())))), createCipher.doFinal(iVar.getEncoded()));
        } catch (InvalidKeyException e10) {
            throw new IOException(e10.toString());
        } catch (NoSuchProviderException e11) {
            throw new IOException(e11.toString());
        } catch (BadPaddingException e12) {
            throw new IOException(e12.toString());
        } catch (IllegalBlockSizeException e13) {
            throw new IOException(e13.toString());
        } catch (NoSuchPaddingException e14) {
            throw new NoSuchAlgorithmException(e14.toString());
        }
    }

    private static String getPublicKeyAlg(c0 c0Var) {
        String str = publicAlgMap.get(c0Var);
        return str != null ? str : c0Var.t0();
    }

    private boolean isSimilarHmacPbkd(bh.o oVar, m mVar) {
        if (!oVar.a().k0(mVar.f0())) {
            return false;
        }
        if (kf.c.M.k0(mVar.f0())) {
            if (!(oVar instanceof w)) {
                return false;
            }
            w wVar = (w) oVar;
            kf.f h02 = kf.f.h0(mVar.h0());
            return wVar.e() == h02.k0().length && wVar.b() == h02.f0().intValue() && wVar.c() == h02.g0().intValue() && wVar.d() == h02.j0().intValue();
        }
        if (!(oVar instanceof n)) {
            return false;
        }
        n nVar = (n) oVar;
        q f02 = q.f0(mVar.h0());
        return nVar.d() == f02.j0().length && nVar.b() == f02.g0().intValue();
    }

    private void verifyMac(byte[] bArr, ze.k kVar, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (!fj.a.I(calculateMac(bArr, kVar.h0(), kVar.i0(), cArr), kVar.g0())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private void verifySig(xe.k kVar, ze.m mVar, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature createSignature = this.helper.createSignature(mVar.i0().f0().t0());
        createSignature.initVerify(publicKey);
        createSignature.update(kVar.d().X(xe.m.f42123a));
        if (!createSignature.verify(mVar.h0().t0())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.entries.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.entries.get(str) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        ze.f fVar = this.entries.get(str);
        if (fVar == null) {
            return null;
        }
        if (fVar.l0().equals(PRIVATE_KEY) || fVar.l0().equals(PROTECTED_PRIVATE_KEY)) {
            return decodeCertificate(ze.c.h0(fVar.h0()).f0()[0]);
        }
        if (fVar.l0().equals(CERTIFICATE)) {
            return decodeCertificate(fVar.h0());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                ze.f fVar = this.entries.get(str);
                if (fVar.l0().equals(CERTIFICATE)) {
                    if (Arrays.equals(fVar.h0(), encoded)) {
                        return str;
                    }
                } else if (fVar.l0().equals(PRIVATE_KEY) || fVar.l0().equals(PROTECTED_PRIVATE_KEY)) {
                    try {
                        if (Arrays.equals(ze.c.h0(fVar.h0()).f0()[0].d().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        ze.f fVar = this.entries.get(str);
        if (fVar == null) {
            return null;
        }
        if (!fVar.l0().equals(PRIVATE_KEY) && !fVar.l0().equals(PROTECTED_PRIVATE_KEY)) {
            return null;
        }
        o[] f02 = ze.c.h0(fVar.h0()).f0();
        int length = f02.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i10 = 0; i10 != length; i10++) {
            x509CertificateArr[i10] = decodeCertificate(f02[i10]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        ze.f fVar = this.entries.get(str);
        if (fVar == null) {
            return null;
        }
        try {
            return fVar.k0().s0();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        ze.f fVar = this.entries.get(str);
        if (fVar == null) {
            return null;
        }
        if (!fVar.l0().equals(PRIVATE_KEY) && !fVar.l0().equals(PROTECTED_PRIVATE_KEY)) {
            if (!fVar.l0().equals(SECRET_KEY) && !fVar.l0().equals(PROTECTED_SECRET_KEY)) {
                throw new UnrecoverableKeyException(z.b.a("BCFKS KeyStore unable to recover secret key (", str, "): type not recognized"));
            }
            ze.d g02 = ze.d.g0(fVar.h0());
            try {
                l f02 = l.f0(decryptData("SECRET_KEY_ENCRYPTION", g02.h0(), cArr, g02.f0()));
                return this.helper.p(f02.g0().t0()).generateSecret(new SecretKeySpec(f02.h0(), f02.g0().t0()));
            } catch (Exception e10) {
                throw new UnrecoverableKeyException(j6.f.a(e10, k.a("BCFKS KeyStore unable to recover secret key (", str, "): ")));
            }
        }
        PrivateKey privateKey = this.privateKeyCache.get(str);
        if (privateKey != null) {
            return privateKey;
        }
        j h02 = j.h0(ze.c.h0(fVar.h0()).g0());
        try {
            v g03 = v.g0(decryptData("PRIVATE_KEY_ENCRYPTION", h02.g0(), cArr, h02.f0()));
            PrivateKey generatePrivate = this.helper.r(getPublicKeyAlg(g03.j0().f0())).generatePrivate(new PKCS8EncodedKeySpec(g03.getEncoded()));
            this.privateKeyCache.put(str, generatePrivate);
            return generatePrivate;
        } catch (Exception e11) {
            throw new UnrecoverableKeyException(j6.f.a(e11, k.a("BCFKS KeyStore unable to recover private key (", str, "): ")));
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        ze.f fVar = this.entries.get(str);
        if (fVar != null) {
            return fVar.l0().equals(CERTIFICATE);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        ze.f fVar = this.entries.get(str);
        if (fVar == null) {
            return false;
        }
        BigInteger l02 = fVar.l0();
        return l02.equals(PRIVATE_KEY) || l02.equals(SECRET_KEY) || l02.equals(PROTECTED_PRIVATE_KEY) || l02.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        b i02;
        xe.k h02;
        PublicKey publicKey;
        i h03;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.verificationKey = null;
            this.validator = null;
            this.hmacAlgorithm = new b(t.L1, i2.f42086d);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(t.f34847y1, 64);
            return;
        }
        try {
            h f02 = h.f0(new xe.w(inputStream).l());
            ze.j g02 = f02.g0();
            if (g02.h0() == 0) {
                ze.k f03 = ze.k.f0(g02.g0());
                this.hmacAlgorithm = f03.h0();
                this.hmacPkbdAlgorithm = f03.i0();
                i02 = this.hmacAlgorithm;
                try {
                    verifyMac(f02.h0().d().getEncoded(), f03, cArr);
                } catch (NoSuchProviderException e10) {
                    throw new IOException(e10.getMessage());
                }
            } else {
                if (g02.h0() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                ze.m g03 = ze.m.g0(g02.g0());
                i02 = g03.i0();
                try {
                    o[] f04 = g03.f0();
                    if (this.validator == null) {
                        h02 = f02.h0();
                        publicKey = this.verificationKey;
                    } else {
                        if (f04 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory n10 = this.helper.n("X.509");
                        int length = f04.length;
                        X509Certificate[] x509CertificateArr = new X509Certificate[length];
                        for (int i10 = 0; i10 != length; i10++) {
                            x509CertificateArr[i10] = (X509Certificate) n10.generateCertificate(new ByteArrayInputStream(f04[i10].getEncoded()));
                        }
                        if (!this.validator.a(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        h02 = f02.h0();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    verifySig(h02, g03, publicKey);
                } catch (GeneralSecurityException e11) {
                    throw new IOException("error verifying signature: " + e11.getMessage(), e11);
                }
            }
            xe.k h04 = f02.h0();
            if (h04 instanceof ze.b) {
                ze.b bVar = (ze.b) h04;
                h03 = i.h0(decryptData("STORE_ENCRYPTION", bVar.g0(), cArr, bVar.f0().r0()));
            } else {
                h03 = i.h0(h04);
            }
            try {
                this.creationDate = h03.g0().s0();
                this.lastModifiedDate = h03.j0().s0();
                if (!h03.i0().equals(i02)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<xe.k> it = h03.k0().iterator();
                while (it.hasNext()) {
                    ze.f j02 = ze.f.j0(it.next());
                    this.entries.put(j02.i0(), j02);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e12) {
            throw new IOException(e12.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            engineLoad(null, null);
            return;
        }
        if (!(loadStoreParameter instanceof a)) {
            if (!(loadStoreParameter instanceof jh.c)) {
                throw new IllegalArgumentException("no support for 'parameter' of type ".concat(loadStoreParameter.getClass().getName()));
            }
            engineLoad(((jh.c) loadStoreParameter).a(), ParameterUtil.extractPassword(loadStoreParameter));
            return;
        }
        a aVar = (a) loadStoreParameter;
        char[] extractPassword = ParameterUtil.extractPassword(aVar);
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(aVar.g(), 64);
        this.storeEncryptionAlgorithm = aVar.e() == a.d.AES256_CCM ? d.T : d.U;
        this.hmacAlgorithm = aVar.f() == a.e.HmacSHA512 ? new b(t.L1, i2.f42086d) : new b(d.f27213r, i2.f42086d);
        this.verificationKey = (PublicKey) aVar.i();
        this.validator = aVar.c();
        this.signatureAlgorithm = generateSignatureAlgId(this.verificationKey, aVar.h());
        c0 c0Var = this.storeEncryptionAlgorithm;
        InputStream a10 = aVar.a();
        engineLoad(a10, extractPassword);
        if (a10 != null) {
            if (!isSimilarHmacPbkd(aVar.g(), this.hmacPkbdAlgorithm) || !c0Var.k0(this.storeEncryptionAlgorithm)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        ze.f fVar = this.entries.get(str);
        Date date2 = new Date();
        if (fVar == null) {
            date = date2;
        } else {
            if (!fVar.l0().equals(CERTIFICATE)) {
                throw new KeyStoreException(w.c.a("BCFKS KeyStore already has a key entry with alias ", str));
            }
            date = extractCreationDate(fVar, date2);
        }
        try {
            this.entries.put(str, new ze.f(CERTIFICATE, str, date, date2, certificate.getEncoded(), null));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e10) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e10.getMessage(), e10);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        l lVar;
        ze.d dVar;
        j jVar;
        Date date = new Date();
        ze.f fVar = this.entries.get(str);
        Date extractCreationDate = fVar != null ? extractCreationDate(fVar, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                m generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(t.f34847y1, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                c0 c0Var = this.storeEncryptionAlgorithm;
                c0 c0Var2 = d.T;
                if (c0Var.k0(c0Var2)) {
                    Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
                    jVar = new j(new b(t.f34844x1, new p(generatePkbdAlgorithmIdentifier, new rf.k(c0Var2, gh.a.g0(createCipher.getParameters().getEncoded())))), createCipher.doFinal(encoded));
                } else {
                    jVar = new j(new b(t.f34844x1, new p(generatePkbdAlgorithmIdentifier, new rf.k(d.U))), createCipher("AESKWP", generateKey).doFinal(encoded));
                }
                this.entries.put(str, new ze.f(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(jVar, certificateArr).getEncoded(), null));
            } catch (Exception e10) {
                throw new ExtKeyStoreException(e.a(e10, new StringBuilder("BCFKS KeyStore exception storing private key: ")), e10);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                m generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(t.f34847y1, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String o10 = y.o(key.getAlgorithm());
                if (o10.indexOf(sb.a.f35991c) > -1) {
                    lVar = new l(d.f27218w, encoded2);
                } else {
                    Map<String, c0> map = oidMap;
                    c0 c0Var3 = map.get(o10);
                    if (c0Var3 != null) {
                        lVar = new l(c0Var3, encoded2);
                    } else {
                        c0 c0Var4 = map.get(o10 + "." + (encoded2.length * 8));
                        if (c0Var4 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + o10 + ") for storage.");
                        }
                        lVar = new l(c0Var4, encoded2);
                    }
                }
                c0 c0Var5 = this.storeEncryptionAlgorithm;
                c0 c0Var6 = d.T;
                if (c0Var5.k0(c0Var6)) {
                    Cipher createCipher2 = createCipher("AES/CCM/NoPadding", generateKey2);
                    dVar = new ze.d(new b(t.f34844x1, new p(generatePkbdAlgorithmIdentifier2, new rf.k(c0Var6, gh.a.g0(createCipher2.getParameters().getEncoded())))), createCipher2.doFinal(lVar.getEncoded()));
                } else {
                    dVar = new ze.d(new b(t.f34844x1, new p(generatePkbdAlgorithmIdentifier2, new rf.k(d.U))), createCipher("AESKWP", generateKey2).doFinal(lVar.getEncoded()));
                }
                this.entries.put(str, new ze.f(SECRET_KEY, str, extractCreationDate, date, dVar.getEncoded(), null));
            } catch (Exception e11) {
                throw new ExtKeyStoreException(e.a(e11, new StringBuilder("BCFKS KeyStore exception storing private key: ")), e11);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        ze.f fVar = this.entries.get(str);
        Date extractCreationDate = fVar != null ? extractCreationDate(fVar, date) : date;
        if (certificateArr != null) {
            try {
                j h02 = j.h0(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new ze.f(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(h02, certificateArr).getEncoded(), null));
                } catch (Exception e10) {
                    throw new ExtKeyStoreException(e.a(e10, new StringBuilder("BCFKS KeyStore exception storing protected private key: ")), e10);
                }
            } catch (Exception e11) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e11);
            }
        } else {
            try {
                this.entries.put(str, new ze.f(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr, null));
            } catch (Exception e12) {
                throw new ExtKeyStoreException(e.a(e12, new StringBuilder("BCFKS KeyStore exception storing protected private key: ")), e12);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        m mVar;
        BigInteger h02;
        if (this.creationDate == null) {
            throw new IOException("KeyStore not initialized");
        }
        ze.b encryptedObjectStoreData = getEncryptedObjectStoreData(this.hmacAlgorithm, cArr);
        if (kf.c.M.k0(this.hmacPkbdAlgorithm.f0())) {
            kf.f h03 = kf.f.h0(this.hmacPkbdAlgorithm.h0());
            mVar = this.hmacPkbdAlgorithm;
            h02 = h03.i0();
        } else {
            q f02 = q.f0(this.hmacPkbdAlgorithm.h0());
            mVar = this.hmacPkbdAlgorithm;
            h02 = f02.h0();
        }
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(mVar, h02.intValue());
        try {
            outputStream.write(new h(encryptedObjectStoreData, new ze.j((xe.k) new ze.k(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(encryptedObjectStoreData.getEncoded(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e10) {
            throw new IOException("cannot calculate mac: " + e10.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        ze.m mVar;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof jh.b) {
            jh.b bVar = (jh.b) loadStoreParameter;
            char[] extractPassword = ParameterUtil.extractPassword(loadStoreParameter);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bVar.b(), 64);
            engineStore(bVar.a(), extractPassword);
            return;
        }
        if (!(loadStoreParameter instanceof a)) {
            if (!(loadStoreParameter instanceof jh.c)) {
                throw new IllegalArgumentException("no support for 'parameter' of type ".concat(loadStoreParameter.getClass().getName()));
            }
            engineStore(((jh.c) loadStoreParameter).b(), ParameterUtil.extractPassword(loadStoreParameter));
            return;
        }
        a aVar = (a) loadStoreParameter;
        if (aVar.i() == null) {
            char[] extractPassword2 = ParameterUtil.extractPassword(aVar);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(aVar.g(), 64);
            this.storeEncryptionAlgorithm = aVar.e() == a.d.AES256_CCM ? d.T : d.U;
            this.hmacAlgorithm = aVar.f() == a.e.HmacSHA512 ? new b(t.L1, i2.f42086d) : new b(d.f27213r, i2.f42086d);
            engineStore(aVar.b(), extractPassword2);
            return;
        }
        this.signatureAlgorithm = generateSignatureAlgId(aVar.i(), aVar.h());
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(aVar.g(), 64);
        this.storeEncryptionAlgorithm = aVar.e() == a.d.AES256_CCM ? d.T : d.U;
        this.hmacAlgorithm = aVar.f() == a.e.HmacSHA512 ? new b(t.L1, i2.f42086d) : new b(d.f27213r, i2.f42086d);
        ze.b encryptedObjectStoreData = getEncryptedObjectStoreData(this.signatureAlgorithm, ParameterUtil.extractPassword(aVar));
        try {
            Signature createSignature = this.helper.createSignature(this.signatureAlgorithm.f0().t0());
            createSignature.initSign((PrivateKey) aVar.i());
            createSignature.update(encryptedObjectStoreData.getEncoded());
            X509Certificate[] d10 = aVar.d();
            if (d10 != null) {
                int length = d10.length;
                o[] oVarArr = new o[length];
                for (int i10 = 0; i10 != length; i10++) {
                    oVarArr[i10] = o.g0(d10[i10].getEncoded());
                }
                mVar = new ze.m(this.signatureAlgorithm, oVarArr, createSignature.sign());
            } else {
                mVar = new ze.m(this.signatureAlgorithm, createSignature.sign());
            }
            aVar.b().write(new h(encryptedObjectStoreData, new ze.j(mVar)).getEncoded());
            aVar.b().flush();
        } catch (GeneralSecurityException e10) {
            throw new IOException("error creating signature: " + e10.getMessage(), e10);
        }
    }
}
