package org.bouncycastle.jcajce.provider.keystore.bcfks;

import com.alipay.sdk.m.n.d;
import com.android.sdk.bdticketguard.TicketGuardKeyHelper;
import com.bytedance.librarian.LibrarianImpl;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.bouncycastle.asn1.ax;
import org.bouncycastle.asn1.b.e;
import org.bouncycastle.asn1.b.f;
import org.bouncycastle.asn1.b.l;
import org.bouncycastle.asn1.o;
import org.bouncycastle.asn1.q.b;
import org.bouncycastle.asn1.r.g;
import org.bouncycastle.asn1.r.h;
import org.bouncycastle.asn1.r.i;
import org.bouncycastle.asn1.r.j;
import org.bouncycastle.asn1.r.k;
import org.bouncycastle.asn1.x509.a;
import org.bouncycastle.crypto.b.m;
import org.bouncycastle.crypto.f.ah;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import org.bouncycastle.jcajce.util.c;
import org.bouncycastle.util.Strings;

/* loaded from: classes9.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {

    /* renamed from: a, reason: collision with root package name */
    private static final Map<String, o> f40416a = new HashMap();

    /* renamed from: b, reason: collision with root package name */
    private static final Map<o, String> f40417b = new HashMap();
    private static final BigInteger e;
    private static final BigInteger f;
    private static final BigInteger g;
    private static final BigInteger h;
    private static final BigInteger i;

    /* renamed from: c, reason: collision with root package name */
    private PublicKey f40418c;
    private BCFKSLoadStoreParameter.a d;
    private final c j;
    private final Map<String, e> k;
    private final Map<String, PrivateKey> l;
    private a m;
    private h n;
    private a o;
    private Date p;
    private Date q;
    private o r;

    /* loaded from: classes9.dex */
    private static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    static {
        f40416a.put("DESEDE", b.h);
        f40416a.put("TRIPLEDES", b.h);
        f40416a.put("TDEA", b.h);
        f40416a.put("HMACSHA1", k.K);
        f40416a.put("HMACSHA224", k.L);
        f40416a.put("HMACSHA256", k.M);
        f40416a.put("HMACSHA384", k.N);
        f40416a.put("HMACSHA512", k.O);
        f40416a.put("SEED", org.bouncycastle.asn1.l.a.f39902a);
        f40416a.put("CAMELLIA.128", org.bouncycastle.asn1.p.a.f39928a);
        f40416a.put("CAMELLIA.192", org.bouncycastle.asn1.p.a.f39929b);
        f40416a.put("CAMELLIA.256", org.bouncycastle.asn1.p.a.f39930c);
        f40416a.put("ARIA.128", org.bouncycastle.asn1.o.a.h);
        f40416a.put("ARIA.192", org.bouncycastle.asn1.o.a.m);
        f40416a.put("ARIA.256", org.bouncycastle.asn1.o.a.r);
        f40417b.put(k.f39957b, d.f1702a);
        f40417b.put(org.bouncycastle.asn1.y.o.k, TicketGuardKeyHelper.KEY_PAIR_ALGORITHM);
        f40417b.put(b.l, "DH");
        f40417b.put(k.s, "DH");
        f40417b.put(org.bouncycastle.asn1.y.o.U, "DSA");
        e = BigInteger.valueOf(0L);
        f = BigInteger.valueOf(1L);
        g = BigInteger.valueOf(2L);
        h = BigInteger.valueOf(3L);
        i = BigInteger.valueOf(4L);
    }

    private static String a(o oVar) {
        String str = f40417b.get(oVar);
        return str != null ? str : oVar.b();
    }

    private SecureRandom a() {
        return org.bouncycastle.crypto.e.a();
    }

    private Certificate a(Object obj) {
        c cVar = this.j;
        if (cVar != null) {
            try {
                return cVar.h("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.k.a(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.k.a(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private Date a(e eVar, Date date) {
        try {
            return eVar.a().c();
        } catch (ParseException unused) {
            return date;
        }
    }

    private Cipher a(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher a2 = this.j.a(str);
        a2.init(1, new SecretKeySpec(bArr, "AES"));
        return a2;
    }

    private org.bouncycastle.asn1.b.b a(a aVar, char[] cArr) throws IOException, NoSuchAlgorithmException {
        e[] eVarArr = (e[]) this.k.values().toArray(new e[this.k.size()]);
        h a2 = a(this.n, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] a3 = a(a2, "STORE_ENCRYPTION", cArr, 32);
        org.bouncycastle.asn1.b.h hVar = new org.bouncycastle.asn1.b.h(aVar, this.p, this.q, new f(eVarArr), null);
        try {
            if (!this.r.b(org.bouncycastle.asn1.n.b.T)) {
                return new org.bouncycastle.asn1.b.b(new a(k.A, new i(a2, new g(org.bouncycastle.asn1.n.b.U))), a("AESKWP", a3).doFinal(hVar.getEncoded()));
            }
            Cipher a4 = a("AES/CCM/NoPadding", a3);
            return new org.bouncycastle.asn1.b.b(new a(k.A, new i(a2, new g(org.bouncycastle.asn1.n.b.T, org.bouncycastle.asn1.d.a.a(a4.getParameters().getEncoded())))), a4.doFinal(hVar.getEncoded()));
        } catch (InvalidKeyException e2) {
            throw new IOException(e2.toString());
        } catch (NoSuchProviderException e3) {
            throw new IOException(e3.toString());
        } catch (BadPaddingException e4) {
            throw new IOException(e4.toString());
        } catch (IllegalBlockSizeException e5) {
            throw new IOException(e5.toString());
        } catch (NoSuchPaddingException e6) {
            throw new NoSuchAlgorithmException(e6.toString());
        }
    }

    private org.bouncycastle.asn1.b.c a(org.bouncycastle.asn1.r.f fVar, Certificate[] certificateArr) throws CertificateEncodingException {
        org.bouncycastle.asn1.x509.k[] kVarArr = new org.bouncycastle.asn1.x509.k[certificateArr.length];
        for (int i2 = 0; i2 != certificateArr.length; i2++) {
            kVarArr[i2] = org.bouncycastle.asn1.x509.k.a(certificateArr[i2].getEncoded());
        }
        return new org.bouncycastle.asn1.b.c(fVar, kVarArr);
    }

    private h a(o oVar, int i2) {
        byte[] bArr = new byte[64];
        a().nextBytes(bArr);
        if (k.B.b(oVar)) {
            return new h(k.B, new j(bArr, 51200, i2, new a(k.O, ax.f39774a)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + oVar);
    }

    private h a(h hVar, int i2) {
        boolean b2 = org.bouncycastle.asn1.m.a.M.b(hVar.a());
        org.bouncycastle.asn1.f b3 = hVar.b();
        if (b2) {
            org.bouncycastle.asn1.m.d a2 = org.bouncycastle.asn1.m.d.a(b3);
            byte[] bArr = new byte[a2.a().length];
            a().nextBytes(bArr);
            return new h(org.bouncycastle.asn1.m.a.M, new org.bouncycastle.asn1.m.d(bArr, a2.b(), a2.c(), a2.d(), BigInteger.valueOf(i2)));
        }
        j a3 = j.a(b3);
        byte[] bArr2 = new byte[a3.a().length];
        a().nextBytes(bArr2);
        return new h(k.B, new j(bArr2, a3.b().intValue(), i2, a3.d()));
    }

    private h a(org.bouncycastle.crypto.util.f fVar, int i2) {
        if (!org.bouncycastle.asn1.m.a.M.b(fVar.d())) {
            org.bouncycastle.crypto.util.e eVar = (org.bouncycastle.crypto.util.e) fVar;
            byte[] bArr = new byte[eVar.c()];
            a().nextBytes(bArr);
            return new h(k.B, new j(bArr, eVar.a(), i2, eVar.b()));
        }
        org.bouncycastle.crypto.util.k kVar = (org.bouncycastle.crypto.util.k) fVar;
        byte[] bArr2 = new byte[kVar.e()];
        a().nextBytes(bArr2);
        return new h(org.bouncycastle.asn1.m.a.M, new org.bouncycastle.asn1.m.d(bArr2, kVar.a(), kVar.b(), kVar.c(), i2));
    }

    private a a(Key key, BCFKSLoadStoreParameter.SignatureAlgorithm signatureAlgorithm) throws IOException {
        if (key == null) {
            return null;
        }
        if (key instanceof org.bouncycastle.jce.interfaces.a) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA) {
                return new a(org.bouncycastle.asn1.y.o.p);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withECDSA) {
                return new a(org.bouncycastle.asn1.n.b.ai);
            }
        }
        if (key instanceof DSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA) {
                return new a(org.bouncycastle.asn1.n.b.aa);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withDSA) {
                return new a(org.bouncycastle.asn1.n.b.ae);
            }
        }
        if (key instanceof RSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA) {
                return new a(k.n, ax.f39774a);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withRSA) {
                return new a(org.bouncycastle.asn1.n.b.am, ax.f39774a);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private void a(org.bouncycastle.asn1.f fVar, l lVar, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature g2 = this.j.g(lVar.b().a().b());
        g2.initVerify(publicKey);
        g2.update(fVar.i().a("DER"));
        if (!g2.verify(lVar.a().c())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    private void a(byte[] bArr, org.bouncycastle.asn1.b.j jVar, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (!org.bouncycastle.util.a.b(a(bArr, jVar.a(), jVar.b(), cArr), jVar.c())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private boolean a(org.bouncycastle.crypto.util.f fVar, h hVar) {
        if (!fVar.d().b(hVar.a())) {
            return false;
        }
        if (org.bouncycastle.asn1.m.a.M.b(hVar.a())) {
            if (!(fVar instanceof org.bouncycastle.crypto.util.k)) {
                return false;
            }
            org.bouncycastle.crypto.util.k kVar = (org.bouncycastle.crypto.util.k) fVar;
            org.bouncycastle.asn1.m.d a2 = org.bouncycastle.asn1.m.d.a(hVar.b());
            return kVar.e() == a2.a().length && kVar.b() == a2.c().intValue() && kVar.a() == a2.b().intValue() && kVar.c() == a2.d().intValue();
        }
        if (!(fVar instanceof org.bouncycastle.crypto.util.e)) {
            return false;
        }
        org.bouncycastle.crypto.util.e eVar = (org.bouncycastle.crypto.util.e) fVar;
        j a3 = j.a(hVar.b());
        return eVar.c() == a3.a().length && eVar.a() == a3.b().intValue();
    }

    private byte[] a(String str, a aVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher a2;
        AlgorithmParameters algorithmParameters;
        if (!aVar.a().b(k.A)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        i a3 = i.a(aVar.b());
        g b2 = a3.b();
        try {
            if (b2.a().b(org.bouncycastle.asn1.n.b.T)) {
                a2 = this.j.a("AES/CCM/NoPadding");
                algorithmParameters = this.j.c("CCM");
                algorithmParameters.init(org.bouncycastle.asn1.d.a.a(b2.b()).getEncoded());
            } else {
                if (!b2.a().b(org.bouncycastle.asn1.n.b.U)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                a2 = this.j.a("AESKWP");
                algorithmParameters = null;
            }
            h a4 = a3.a();
            if (cArr == null) {
                cArr = new char[0];
            }
            a2.init(2, new SecretKeySpec(a(a4, str, cArr, 32), "AES"), algorithmParameters);
            return a2.doFinal(bArr);
        } catch (IOException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new IOException(e3.toString());
        }
    }

    private byte[] a(h hVar, String str, char[] cArr, int i2) throws IOException {
        byte[] c2 = org.bouncycastle.crypto.k.c(cArr);
        byte[] c3 = org.bouncycastle.crypto.k.c(str.toCharArray());
        if (org.bouncycastle.asn1.m.a.M.b(hVar.a())) {
            org.bouncycastle.asn1.m.d a2 = org.bouncycastle.asn1.m.d.a(hVar.b());
            if (a2.e() != null) {
                i2 = a2.e().intValue();
            } else if (i2 == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return org.bouncycastle.crypto.d.e.a(org.bouncycastle.util.a.c(c2, c3), a2.a(), a2.b().intValue(), a2.c().intValue(), a2.c().intValue(), i2);
        }
        if (!hVar.a().b(k.B)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        j a3 = j.a(hVar.b());
        if (a3.c() != null) {
            i2 = a3.c().intValue();
        } else if (i2 == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (a3.d().a().b(k.O)) {
            org.bouncycastle.crypto.d.d dVar = new org.bouncycastle.crypto.d.d(new m());
            dVar.a(org.bouncycastle.util.a.c(c2, c3), a3.a(), a3.b().intValue());
            return ((ah) dVar.a(i2 * 8)).a();
        }
        if (a3.d().a().b(org.bouncycastle.asn1.n.b.r)) {
            org.bouncycastle.crypto.d.d dVar2 = new org.bouncycastle.crypto.d.d(new org.bouncycastle.crypto.b.l(512));
            dVar2.a(org.bouncycastle.util.a.c(c2, c3), a3.a(), a3.b().intValue());
            return ((ah) dVar2.a(i2 * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + a3.d().a());
    }

    private byte[] a(byte[] bArr, a aVar, h hVar, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String b2 = aVar.a().b();
        Mac b3 = this.j.b(b2);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            b3.init(new SecretKeySpec(a(hVar, "INTEGRITY_CHECK", cArr, -1), b2));
            return b3.doFinal(bArr);
        } catch (InvalidKeyException e2) {
            throw new IOException("Cannot set up MAC calculation: " + e2.getMessage());
        }
    }

    private char[] a(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException {
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            return null;
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
            throw new IllegalArgumentException("no support for protection parameter of type " + protectionParameter.getClass().getName());
        }
        CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (UnsupportedCallbackException e2) {
            throw new IllegalArgumentException("PasswordCallback not recognised: " + e2.getMessage(), e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.k.keySet()).iterator();
        return new Enumeration() { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.k.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.k.get(str) == null) {
            return;
        }
        this.l.remove(str);
        this.k.remove(str);
        this.q = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        e eVar = this.k.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.getType().equals(f) || eVar.getType().equals(h)) {
            return a(org.bouncycastle.asn1.b.c.a(eVar.b()).a()[0]);
        }
        if (eVar.getType().equals(e)) {
            return a(eVar.b());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.k.keySet()) {
                e eVar = this.k.get(str);
                if (eVar.getType().equals(e)) {
                    if (org.bouncycastle.util.a.a(eVar.b(), encoded)) {
                        return str;
                    }
                } else if (eVar.getType().equals(f) || eVar.getType().equals(h)) {
                    try {
                        if (org.bouncycastle.util.a.a(org.bouncycastle.asn1.b.c.a(eVar.b()).a()[0].i().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        e eVar = this.k.get(str);
        if (eVar == null) {
            return null;
        }
        if (!eVar.getType().equals(f) && !eVar.getType().equals(h)) {
            return null;
        }
        org.bouncycastle.asn1.x509.k[] a2 = org.bouncycastle.asn1.b.c.a(eVar.b()).a();
        X509Certificate[] x509CertificateArr = new X509Certificate[a2.length];
        for (int i2 = 0; i2 != x509CertificateArr.length; i2++) {
            x509CertificateArr[i2] = a(a2[i2]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        e eVar = this.k.get(str);
        if (eVar == null) {
            return null;
        }
        try {
            return eVar.c().c();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        e eVar = this.k.get(str);
        if (eVar == null) {
            return null;
        }
        if (eVar.getType().equals(f) || eVar.getType().equals(h)) {
            PrivateKey privateKey = this.l.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            org.bouncycastle.asn1.r.f a2 = org.bouncycastle.asn1.r.f.a(org.bouncycastle.asn1.b.c.a(eVar.b()).b());
            try {
                org.bouncycastle.asn1.r.l a3 = org.bouncycastle.asn1.r.l.a(a("PRIVATE_KEY_ENCRYPTION", a2.a(), cArr, a2.b()));
                PrivateKey generatePrivate = this.j.d(a(a3.b().a())).generatePrivate(new PKCS8EncodedKeySpec(a3.getEncoded()));
                this.l.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e2) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e2.getMessage());
            }
        }
        if (!eVar.getType().equals(g) && !eVar.getType().equals(i)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        org.bouncycastle.asn1.b.d a4 = org.bouncycastle.asn1.b.d.a(eVar.b());
        try {
            org.bouncycastle.asn1.b.k a5 = org.bouncycastle.asn1.b.k.a(a("SECRET_KEY_ENCRYPTION", a4.a(), cArr, a4.b()));
            return this.j.e(a5.b().b()).generateSecret(new SecretKeySpec(a5.a(), a5.b().b()));
        } catch (Exception e3) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        e eVar = this.k.get(str);
        if (eVar != null) {
            return eVar.getType().equals(e);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        e eVar = this.k.get(str);
        if (eVar == null) {
            return false;
        }
        BigInteger type = eVar.getType();
        return type.equals(f) || type.equals(g) || type.equals(h) || type.equals(i);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        a b2;
        org.bouncycastle.asn1.f b3;
        PublicKey publicKey;
        org.bouncycastle.asn1.b.h a2;
        this.k.clear();
        this.l.clear();
        this.p = null;
        this.q = null;
        this.m = null;
        if (inputStream == null) {
            Date date = new Date();
            this.p = date;
            this.q = date;
            this.f40418c = null;
            this.d = null;
            this.m = new a(k.O, ax.f39774a);
            this.n = a(k.B, 64);
            return;
        }
        try {
            org.bouncycastle.asn1.b.g a3 = org.bouncycastle.asn1.b.g.a(new org.bouncycastle.asn1.k(inputStream).c());
            org.bouncycastle.asn1.b.i a4 = a3.a();
            if (a4.getType() == 0) {
                org.bouncycastle.asn1.b.j a5 = org.bouncycastle.asn1.b.j.a(a4.a());
                this.m = a5.a();
                this.n = a5.b();
                b2 = this.m;
                try {
                    a(a3.b().i().getEncoded(), a5, cArr);
                } catch (NoSuchProviderException e2) {
                    throw new IOException(e2.getMessage());
                }
            } else {
                if (a4.getType() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                l a6 = l.a(a4.a());
                b2 = a6.b();
                try {
                    org.bouncycastle.asn1.x509.k[] c2 = a6.c();
                    if (this.d == null) {
                        b3 = a3.b();
                        publicKey = this.f40418c;
                    } else {
                        if (c2 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory h2 = this.j.h("X.509");
                        X509Certificate[] x509CertificateArr = new X509Certificate[c2.length];
                        for (int i2 = 0; i2 != x509CertificateArr.length; i2++) {
                            x509CertificateArr[i2] = (X509Certificate) h2.generateCertificate(new ByteArrayInputStream(c2[i2].getEncoded()));
                        }
                        if (!this.d.a(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        b3 = a3.b();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    a(b3, a6, publicKey);
                } catch (GeneralSecurityException e3) {
                    throw new IOException("error verifying signature: " + e3.getMessage(), e3);
                }
            }
            org.bouncycastle.asn1.f b4 = a3.b();
            if (b4 instanceof org.bouncycastle.asn1.b.b) {
                org.bouncycastle.asn1.b.b bVar = (org.bouncycastle.asn1.b.b) b4;
                a2 = org.bouncycastle.asn1.b.h.a(a("STORE_ENCRYPTION", bVar.b(), cArr, bVar.a().c()));
            } else {
                a2 = org.bouncycastle.asn1.b.h.a(b4);
            }
            try {
                this.p = a2.a().c();
                this.q = a2.c().c();
                if (!a2.b().equals(b2)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<org.bouncycastle.asn1.f> it = a2.d().iterator();
                while (it.hasNext()) {
                    e a7 = e.a(it.next());
                    this.k.put(a7.getIdentifier(), a7);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e4) {
            throw new IOException(e4.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof org.bouncycastle.jcajce.b) {
                engineLoad(((org.bouncycastle.jcajce.b) loadStoreParameter).i(), a(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        char[] a2 = a((KeyStore.LoadStoreParameter) bCFKSLoadStoreParameter);
        this.n = a(bCFKSLoadStoreParameter.a(), 64);
        this.r = bCFKSLoadStoreParameter.b() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? org.bouncycastle.asn1.n.b.T : org.bouncycastle.asn1.n.b.U;
        this.m = bCFKSLoadStoreParameter.c() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(k.O, ax.f39774a) : new a(org.bouncycastle.asn1.n.b.r, ax.f39774a);
        this.f40418c = (PublicKey) bCFKSLoadStoreParameter.e();
        this.d = bCFKSLoadStoreParameter.g();
        this.o = a(this.f40418c, bCFKSLoadStoreParameter.d());
        a aVar = this.m;
        o oVar = this.r;
        InputStream i2 = bCFKSLoadStoreParameter.i();
        engineLoad(i2, a2);
        if (i2 != null) {
            if (!a(bCFKSLoadStoreParameter.a(), this.n) || !oVar.b(this.r)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        e eVar = this.k.get(str);
        Date date2 = new Date();
        if (eVar == null) {
            date = date2;
        } else {
            if (!eVar.getType().equals(e)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = a(eVar, date2);
        }
        try {
            this.k.put(str, new e(e, str, date, date2, certificate.getEncoded(), null));
            this.q = date2;
        } catch (CertificateEncodingException e2) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e2.getMessage(), e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        org.bouncycastle.asn1.b.k kVar;
        org.bouncycastle.asn1.b.d dVar;
        org.bouncycastle.asn1.r.f fVar;
        Date date = new Date();
        e eVar = this.k.get(str);
        Date a2 = eVar != null ? a(eVar, date) : date;
        this.l.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                h a3 = a(k.B, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a4 = a(a3, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                if (this.r.b(org.bouncycastle.asn1.n.b.T)) {
                    Cipher a5 = a("AES/CCM/NoPadding", a4);
                    fVar = new org.bouncycastle.asn1.r.f(new a(k.A, new i(a3, new g(org.bouncycastle.asn1.n.b.T, org.bouncycastle.asn1.d.a.a(a5.getParameters().getEncoded())))), a5.doFinal(encoded));
                } else {
                    fVar = new org.bouncycastle.asn1.r.f(new a(k.A, new i(a3, new g(org.bouncycastle.asn1.n.b.U))), a("AESKWP", a4).doFinal(encoded));
                }
                this.k.put(str, new e(f, str, a2, date, a(fVar, certificateArr).getEncoded(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                h a6 = a(k.B, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a7 = a(a6, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String b2 = Strings.b(key.getAlgorithm());
                if (b2.indexOf("AES") > -1) {
                    kVar = new org.bouncycastle.asn1.b.k(org.bouncycastle.asn1.n.b.w, encoded2);
                } else {
                    o oVar = f40416a.get(b2);
                    if (oVar != null) {
                        kVar = new org.bouncycastle.asn1.b.k(oVar, encoded2);
                    } else {
                        o oVar2 = f40416a.get(b2 + LibrarianImpl.Constants.DOT + (encoded2.length * 8));
                        if (oVar2 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + b2 + ") for storage.");
                        }
                        kVar = new org.bouncycastle.asn1.b.k(oVar2, encoded2);
                    }
                }
                if (this.r.b(org.bouncycastle.asn1.n.b.T)) {
                    Cipher a8 = a("AES/CCM/NoPadding", a7);
                    dVar = new org.bouncycastle.asn1.b.d(new a(k.A, new i(a6, new g(org.bouncycastle.asn1.n.b.T, org.bouncycastle.asn1.d.a.a(a8.getParameters().getEncoded())))), a8.doFinal(kVar.getEncoded()));
                } else {
                    dVar = new org.bouncycastle.asn1.b.d(new a(k.A, new i(a6, new g(org.bouncycastle.asn1.n.b.U))), a("AESKWP", a7).doFinal(kVar.getEncoded()));
                }
                this.k.put(str, new e(g, str, a2, date, dVar.getEncoded(), null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e3.toString(), e3);
            }
        }
        this.q = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        e eVar = this.k.get(str);
        Date a2 = eVar != null ? a(eVar, date) : date;
        if (certificateArr != null) {
            try {
                org.bouncycastle.asn1.r.f a3 = org.bouncycastle.asn1.r.f.a(bArr);
                try {
                    this.l.remove(str);
                    this.k.put(str, new e(h, str, a2, date, a(a3, certificateArr).getEncoded(), null));
                } catch (Exception e2) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e2.toString(), e2);
                }
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e3);
            }
        } else {
            try {
                this.k.put(str, new e(i, str, a2, date, bArr, null));
            } catch (Exception e4) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e4.toString(), e4);
            }
        }
        this.q = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.k.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        h hVar;
        BigInteger c2;
        if (this.p == null) {
            throw new IOException("KeyStore not initialized");
        }
        org.bouncycastle.asn1.b.b a2 = a(this.m, cArr);
        if (org.bouncycastle.asn1.m.a.M.b(this.n.a())) {
            org.bouncycastle.asn1.m.d a3 = org.bouncycastle.asn1.m.d.a(this.n.b());
            hVar = this.n;
            c2 = a3.e();
        } else {
            j a4 = j.a(this.n.b());
            hVar = this.n;
            c2 = a4.c();
        }
        this.n = a(hVar, c2.intValue());
        try {
            outputStream.write(new org.bouncycastle.asn1.b.g(a2, new org.bouncycastle.asn1.b.i(new org.bouncycastle.asn1.b.j(this.m, this.n, a(a2.getEncoded(), this.m, this.n, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e2) {
            throw new IOException("cannot calculate mac: " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        l lVar;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof org.bouncycastle.jcajce.a) {
            org.bouncycastle.jcajce.a aVar = (org.bouncycastle.jcajce.a) loadStoreParameter;
            char[] a2 = a(loadStoreParameter);
            this.n = a(aVar.b(), 64);
            engineStore(aVar.a(), a2);
            return;
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof org.bouncycastle.jcajce.b) {
                engineStore(((org.bouncycastle.jcajce.b) loadStoreParameter).h(), a(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        if (bCFKSLoadStoreParameter.e() == null) {
            char[] a3 = a((KeyStore.LoadStoreParameter) bCFKSLoadStoreParameter);
            this.n = a(bCFKSLoadStoreParameter.a(), 64);
            this.r = bCFKSLoadStoreParameter.b() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? org.bouncycastle.asn1.n.b.T : org.bouncycastle.asn1.n.b.U;
            this.m = bCFKSLoadStoreParameter.c() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(k.O, ax.f39774a) : new a(org.bouncycastle.asn1.n.b.r, ax.f39774a);
            engineStore(bCFKSLoadStoreParameter.h(), a3);
            return;
        }
        this.o = a(bCFKSLoadStoreParameter.e(), bCFKSLoadStoreParameter.d());
        this.n = a(bCFKSLoadStoreParameter.a(), 64);
        this.r = bCFKSLoadStoreParameter.b() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? org.bouncycastle.asn1.n.b.T : org.bouncycastle.asn1.n.b.U;
        this.m = bCFKSLoadStoreParameter.c() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new a(k.O, ax.f39774a) : new a(org.bouncycastle.asn1.n.b.r, ax.f39774a);
        org.bouncycastle.asn1.b.b a4 = a(this.o, a((KeyStore.LoadStoreParameter) bCFKSLoadStoreParameter));
        try {
            Signature g2 = this.j.g(this.o.a().b());
            g2.initSign((PrivateKey) bCFKSLoadStoreParameter.e());
            g2.update(a4.getEncoded());
            X509Certificate[] f2 = bCFKSLoadStoreParameter.f();
            if (f2 != null) {
                org.bouncycastle.asn1.x509.k[] kVarArr = new org.bouncycastle.asn1.x509.k[f2.length];
                for (int i2 = 0; i2 != kVarArr.length; i2++) {
                    kVarArr[i2] = org.bouncycastle.asn1.x509.k.a(f2[i2].getEncoded());
                }
                lVar = new l(this.o, kVarArr, g2.sign());
            } else {
                lVar = new l(this.o, g2.sign());
            }
            bCFKSLoadStoreParameter.h().write(new org.bouncycastle.asn1.b.g(a4, new org.bouncycastle.asn1.b.i(lVar)).getEncoded());
            bCFKSLoadStoreParameter.h().flush();
        } catch (GeneralSecurityException e2) {
            throw new IOException("error creating signature: " + e2.getMessage(), e2);
        }
    }
}
