package org.bouncycastle.jcajce.provider.keystore.bcfks;

import com.itextpdf.text.pdf.security.SecurityConstants;
import com.microsoft.clarity.B0.AbstractC1300a;
import com.microsoft.clarity.F.AbstractC2428v;
import com.microsoft.clarity.Pa.a;
import com.microsoft.clarity.Z.e;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.bouncycastle.asn1.ASN1BitString;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.bc.EncryptedObjectStoreData;
import org.bouncycastle.asn1.bc.EncryptedPrivateKeyData;
import org.bouncycastle.asn1.bc.EncryptedSecretKeyData;
import org.bouncycastle.asn1.bc.ObjectData;
import org.bouncycastle.asn1.bc.ObjectDataSequence;
import org.bouncycastle.asn1.bc.ObjectStore;
import org.bouncycastle.asn1.bc.ObjectStoreData;
import org.bouncycastle.asn1.bc.ObjectStoreIntegrityCheck;
import org.bouncycastle.asn1.bc.PbkdMacIntegrityCheck;
import org.bouncycastle.asn1.bc.SecretKeyData;
import org.bouncycastle.asn1.bc.SignatureCheck;
import org.bouncycastle.asn1.cms.CCMParameters;
import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.ScryptParams;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.nsri.NSRIObjectIdentifiers;
import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.EncryptionScheme;
import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
import org.bouncycastle.asn1.pkcs.PBES2Parameters;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.generators.SCrypt;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import org.bouncycastle.jcajce.BCFKSStoreParameter;
import org.bouncycastle.jcajce.BCLoadStoreParameter;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;

/* loaded from: classes2.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {
    public static final HashMap E;
    public static final HashMap F;
    public static final BigInteger H;
    public static final BigInteger I;
    public static final BigInteger K;
    public static final BigInteger L;
    public static final BigInteger M;
    public KeyDerivationFunc A;
    public Date B;
    public Date C;
    public final JcaJceHelper n;
    public AlgorithmIdentifier y;
    public final HashMap p = new HashMap();
    public final HashMap x = new HashMap();
    public final ASN1ObjectIdentifier D = NISTObjectIdentifiers.N;

    /* loaded from: classes2.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new DefaultJcaJceHelper());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public final int engineSize() {
            return this.p.size();
        }
    }

    /* loaded from: classes2.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new DefaultJcaJceHelper());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public final int engineSize() {
            return this.p.size();
        }
    }

    /* loaded from: classes2.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        public final Exception n;

        public ExtKeyStoreException(String str, Exception exc) {
            super(str);
            this.n = exc;
        }

        @Override // java.lang.Throwable
        public final Throwable getCause() {
            return this.n;
        }
    }

    /* loaded from: classes2.dex */
    public static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers {
        public final HashMap N;
        public final byte[] O;

        public SharedKeyStoreSpi(JcaJceHelper jcaJceHelper) {
            super(jcaJceHelper);
            try {
                byte[] bArr = new byte[32];
                this.O = bArr;
                jcaJceHelper.e().nextBytes(bArr);
                this.N = new HashMap();
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException("can't create random - " + e.toString());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) {
            byte[] g;
            try {
                if (cArr != null) {
                    g = Arrays.g(Strings.f(cArr), Strings.f(str.toCharArray()));
                } else {
                    byte[] bArr = this.O;
                    String str2 = Strings.a;
                    g = Arrays.g(bArr, Strings.f(str.toCharArray()));
                }
                byte[] d = SCrypt.d(g, 16384, 8, this.O, 1, 32);
                HashMap hashMap = this.N;
                if (hashMap.containsKey(str) && !Arrays.j((byte[]) hashMap.get(str), d)) {
                    throw new UnrecoverableKeyException(a.j("unable to recover key (", str, ")"));
                }
                Key engineGetKey = super.engineGetKey(str, cArr);
                if (engineGetKey != null && !hashMap.containsKey(str)) {
                    hashMap.put(str, d);
                }
                return engineGetKey;
            } catch (InvalidKeyException e) {
                StringBuilder w = e.w("unable to recover key (", str, "): ");
                w.append(e.getMessage());
                throw new UnrecoverableKeyException(w.toString());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes2.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BCJcaJceHelper());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public final int engineSize() {
            return this.p.size();
        }
    }

    /* loaded from: classes2.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new BCJcaJceHelper());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public final int engineSize() {
            return this.p.size();
        }
    }

    static {
        HashMap hashMap = new HashMap();
        E = hashMap;
        HashMap hashMap2 = new HashMap();
        F = hashMap2;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = OIWObjectIdentifiers.e;
        hashMap.put("DESEDE", aSN1ObjectIdentifier);
        hashMap.put("TRIPLEDES", aSN1ObjectIdentifier);
        hashMap.put("TDEA", aSN1ObjectIdentifier);
        hashMap.put("HMACSHA1", PKCSObjectIdentifiers.o1);
        hashMap.put("HMACSHA224", PKCSObjectIdentifiers.p1);
        hashMap.put("HMACSHA256", PKCSObjectIdentifiers.q1);
        hashMap.put("HMACSHA384", PKCSObjectIdentifiers.r1);
        hashMap.put("HMACSHA512", PKCSObjectIdentifiers.s1);
        hashMap.put("SEED", KISAObjectIdentifiers.a);
        hashMap.put("CAMELLIA.128", NTTObjectIdentifiers.a);
        hashMap.put("CAMELLIA.192", NTTObjectIdentifiers.b);
        hashMap.put("CAMELLIA.256", NTTObjectIdentifiers.c);
        hashMap.put("ARIA.128", NSRIObjectIdentifiers.b);
        hashMap.put("ARIA.192", NSRIObjectIdentifiers.f);
        hashMap.put("ARIA.256", NSRIObjectIdentifiers.j);
        hashMap2.put(PKCSObjectIdentifiers.J0, SecurityConstants.RSA);
        hashMap2.put(X9ObjectIdentifiers.l2, "EC");
        hashMap2.put(OIWObjectIdentifiers.i, "DH");
        hashMap2.put(PKCSObjectIdentifiers.Z0, "DH");
        hashMap2.put(X9ObjectIdentifiers.S2, SecurityConstants.DSA);
        H = BigInteger.valueOf(0L);
        I = BigInteger.valueOf(1L);
        K = BigInteger.valueOf(2L);
        L = BigInteger.valueOf(3L);
        M = BigInteger.valueOf(4L);
    }

    public BcFKSKeyStoreSpi(JcaJceHelper jcaJceHelper) {
        this.n = jcaJceHelper;
    }

    public static char[] e(KeyStore.LoadStoreParameter loadStoreParameter) {
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            return null;
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
            throw new IllegalArgumentException("no support for protection parameter of type ".concat(protectionParameter.getClass().getName()));
        }
        CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (UnsupportedCallbackException e) {
            throw new IllegalArgumentException("PasswordCallback not recognised: " + e.getMessage(), e);
        }
    }

    public static byte[] f(KeyDerivationFunc keyDerivationFunc, String str, char[] cArr, int i) {
        byte[] a = PBEParametersGenerator.a(cArr);
        byte[] a2 = PBEParametersGenerator.a(str.toCharArray());
        boolean X = MiscObjectIdentifiers.r.X(keyDerivationFunc.n.n);
        AlgorithmIdentifier algorithmIdentifier = keyDerivationFunc.n;
        if (X) {
            ScryptParams O = ScryptParams.O(algorithmIdentifier.p);
            BigInteger bigInteger = O.A;
            if (bigInteger != null) {
                i = bigInteger.intValue();
            } else if (i == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            int i2 = i;
            byte[] g = Arrays.g(a, a2);
            byte[] b = Arrays.b(O.n);
            int intValue = O.p.intValue();
            BigInteger bigInteger2 = O.x;
            return SCrypt.d(g, intValue, bigInteger2.intValue(), b, bigInteger2.intValue(), i2);
        }
        if (!algorithmIdentifier.n.X(PKCSObjectIdentifiers.h1)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        PBKDF2Params O2 = PBKDF2Params.O(algorithmIdentifier.p);
        ASN1Integer aSN1Integer = O2.x;
        if ((aSN1Integer != null ? aSN1Integer.m0() : null) != null) {
            ASN1Integer aSN1Integer2 = O2.x;
            i = (aSN1Integer2 != null ? aSN1Integer2.m0() : null).intValue();
        } else if (i == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        AlgorithmIdentifier algorithmIdentifier2 = O2.y;
        boolean X2 = (algorithmIdentifier2 != null ? algorithmIdentifier2 : PBKDF2Params.A).n.X(PKCSObjectIdentifiers.s1);
        ASN1Integer aSN1Integer3 = O2.p;
        ASN1OctetString aSN1OctetString = O2.n;
        if (X2) {
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA512Digest());
            pKCS5S2ParametersGenerator.f(Arrays.g(a, a2), aSN1OctetString.n, aSN1Integer3.m0().intValue());
            return pKCS5S2ParametersGenerator.d(i * 8).n;
        }
        if ((algorithmIdentifier2 != null ? algorithmIdentifier2 : PBKDF2Params.A).n.X(NISTObjectIdentifiers.p)) {
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator2 = new PKCS5S2ParametersGenerator(new SHA3Digest(512));
            pKCS5S2ParametersGenerator2.f(Arrays.g(a, a2), aSN1OctetString.n, aSN1Integer3.m0().intValue());
            return pKCS5S2ParametersGenerator2.d(i * 8).n;
        }
        StringBuilder sb = new StringBuilder("BCFKS KeyStore: unrecognized MAC PBKD PRF: ");
        if (algorithmIdentifier2 == null) {
            algorithmIdentifier2 = PBKDF2Params.A;
        }
        sb.append(algorithmIdentifier2.n);
        throw new IOException(sb.toString());
    }

    public static KeyDerivationFunc g(int i, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        byte[] bArr = new byte[64];
        CryptoServicesRegistrar.a().nextBytes(bArr);
        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = PKCSObjectIdentifiers.h1;
        if (aSN1ObjectIdentifier2.X(aSN1ObjectIdentifier)) {
            return new KeyDerivationFunc(aSN1ObjectIdentifier2, new PBKDF2Params(bArr, 51200, i, new AlgorithmIdentifier(PKCSObjectIdentifiers.s1, DERNull.n)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + aSN1ObjectIdentifier);
    }

    public static KeyDerivationFunc h(KeyDerivationFunc keyDerivationFunc, int i) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = MiscObjectIdentifiers.r;
        boolean X = aSN1ObjectIdentifier.X(keyDerivationFunc.n.n);
        AlgorithmIdentifier algorithmIdentifier = keyDerivationFunc.n;
        if (X) {
            ScryptParams O = ScryptParams.O(algorithmIdentifier.p);
            byte[] bArr = new byte[Arrays.b(O.n).length];
            CryptoServicesRegistrar.a().nextBytes(bArr);
            return new KeyDerivationFunc(aSN1ObjectIdentifier, new ScryptParams(bArr, O.p, O.x, O.y, BigInteger.valueOf(i)));
        }
        PBKDF2Params O2 = PBKDF2Params.O(algorithmIdentifier.p);
        byte[] bArr2 = new byte[O2.n.n.length];
        CryptoServicesRegistrar.a().nextBytes(bArr2);
        int intValue = O2.p.m0().intValue();
        AlgorithmIdentifier algorithmIdentifier2 = O2.y;
        if (algorithmIdentifier2 == null) {
            algorithmIdentifier2 = PBKDF2Params.A;
        }
        return new KeyDerivationFunc(PKCSObjectIdentifiers.h1, new PBKDF2Params(bArr2, intValue, i, algorithmIdentifier2));
    }

    public final byte[] a(byte[] bArr, AlgorithmIdentifier algorithmIdentifier, KeyDerivationFunc keyDerivationFunc, char[] cArr) {
        String str = algorithmIdentifier.n.n;
        Mac d = this.n.d(str);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            d.init(new SecretKeySpec(f(keyDerivationFunc, "INTEGRITY_CHECK", cArr, -1), str));
            return d.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IOException("Cannot set up MAC calculation: " + e.getMessage());
        }
    }

    public final Cipher b(String str, byte[] bArr) {
        Cipher c = this.n.c(str);
        c.init(1, new SecretKeySpec(bArr, "AES"));
        return c;
    }

    public final Certificate c(Object obj) {
        JcaJceHelper jcaJceHelper = this.n;
        if (jcaJceHelper != null) {
            try {
                return jcaJceHelper.b().generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.Certificate.O(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.Certificate.O(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    public final byte[] d(String str, AlgorithmIdentifier algorithmIdentifier, char[] cArr, byte[] bArr) {
        Cipher c;
        AlgorithmParameters algorithmParameters;
        if (!algorithmIdentifier.n.X(PKCSObjectIdentifiers.g1)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        PBES2Parameters O = PBES2Parameters.O(algorithmIdentifier.p);
        EncryptionScheme encryptionScheme = O.p;
        try {
            boolean X = encryptionScheme.n.n.X(NISTObjectIdentifiers.N);
            AlgorithmIdentifier algorithmIdentifier2 = encryptionScheme.n;
            JcaJceHelper jcaJceHelper = this.n;
            if (X) {
                c = jcaJceHelper.c("AES/CCM/NoPadding");
                algorithmParameters = jcaJceHelper.f("CCM");
                algorithmParameters.init(CCMParameters.O(algorithmIdentifier2.p).getEncoded());
            } else {
                if (!algorithmIdentifier2.n.X(NISTObjectIdentifiers.O)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                c = jcaJceHelper.c("AESKWP");
                algorithmParameters = null;
            }
            KeyDerivationFunc keyDerivationFunc = O.n;
            if (cArr == null) {
                cArr = new char[0];
            }
            c.init(2, new SecretKeySpec(f(keyDerivationFunc, str, cArr, 32), "AES"), algorithmParameters);
            return c.doFinal(bArr);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new IOException(e2.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration engineAliases() {
        final Iterator it = new HashSet(this.p.keySet()).iterator();
        return new Enumeration() { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public final boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public final Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.p.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
        HashMap hashMap = this.p;
        if (((ObjectData) hashMap.get(str)) == null) {
            return;
        }
        this.x.remove(str);
        hashMap.remove(str);
        this.C = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        ObjectData objectData = (ObjectData) this.p.get(str);
        if (objectData == null) {
            return null;
        }
        BigInteger bigInteger = objectData.n;
        if (!bigInteger.equals(I) && !bigInteger.equals(L)) {
            if (bigInteger.equals(H)) {
                return c(objectData.O());
            }
            return null;
        }
        org.bouncycastle.asn1.x509.Certificate[] certificateArr = EncryptedPrivateKeyData.O(objectData.O()).p;
        org.bouncycastle.asn1.x509.Certificate[] certificateArr2 = new org.bouncycastle.asn1.x509.Certificate[certificateArr.length];
        System.arraycopy(certificateArr, 0, certificateArr2, 0, certificateArr.length);
        return c(certificateArr2[0]);
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            HashMap hashMap = this.p;
            for (String str : hashMap.keySet()) {
                ObjectData objectData = (ObjectData) hashMap.get(str);
                if (!objectData.n.equals(H)) {
                    BigInteger bigInteger = objectData.n;
                    if (bigInteger.equals(I) || bigInteger.equals(L)) {
                        try {
                            org.bouncycastle.asn1.x509.Certificate[] certificateArr = EncryptedPrivateKeyData.O(objectData.O()).p;
                            org.bouncycastle.asn1.x509.Certificate[] certificateArr2 = new org.bouncycastle.asn1.x509.Certificate[certificateArr.length];
                            System.arraycopy(certificateArr, 0, certificateArr2, 0, certificateArr.length);
                            if (java.util.Arrays.equals(certificateArr2[0].n.getEncoded(), encoded)) {
                                return str;
                            }
                        } catch (IOException unused) {
                        }
                    }
                } else if (java.util.Arrays.equals(objectData.O(), encoded)) {
                    return str;
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        ObjectData objectData = (ObjectData) this.p.get(str);
        if (objectData == null) {
            return null;
        }
        BigInteger bigInteger = objectData.n;
        if (!bigInteger.equals(I) && !bigInteger.equals(L)) {
            return null;
        }
        org.bouncycastle.asn1.x509.Certificate[] certificateArr = EncryptedPrivateKeyData.O(objectData.O()).p;
        int length = certificateArr.length;
        org.bouncycastle.asn1.x509.Certificate[] certificateArr2 = new org.bouncycastle.asn1.x509.Certificate[length];
        System.arraycopy(certificateArr, 0, certificateArr2, 0, certificateArr.length);
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i != length; i++) {
            x509CertificateArr[i] = c(certificateArr2[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        ObjectData objectData = (ObjectData) this.p.get(str);
        if (objectData == null) {
            return null;
        }
        try {
            return objectData.y.l0();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        ObjectData objectData = (ObjectData) this.p.get(str);
        SecretKeyData secretKeyData = null;
        if (objectData == null) {
            return null;
        }
        BigInteger bigInteger = objectData.n;
        boolean equals = bigInteger.equals(I);
        JcaJceHelper jcaJceHelper = this.n;
        if (!equals && !bigInteger.equals(L)) {
            if (!bigInteger.equals(K) && !bigInteger.equals(M)) {
                throw new UnrecoverableKeyException(a.j("BCFKS KeyStore unable to recover secret key (", str, "): type not recognized"));
            }
            byte[] O = objectData.O();
            EncryptedSecretKeyData encryptedSecretKeyData = O instanceof EncryptedSecretKeyData ? (EncryptedSecretKeyData) O : O != 0 ? new EncryptedSecretKeyData(ASN1Sequence.f0(O)) : null;
            try {
                byte[] d = d("SECRET_KEY_ENCRYPTION", encryptedSecretKeyData.n, cArr, Arrays.b(encryptedSecretKeyData.p.n));
                if (d instanceof SecretKeyData) {
                    secretKeyData = (SecretKeyData) d;
                } else if (d != 0) {
                    secretKeyData = new SecretKeyData(ASN1Sequence.f0(d));
                }
                return jcaJceHelper.g(secretKeyData.n.n).generateSecret(new SecretKeySpec(Arrays.b(secretKeyData.p.n), secretKeyData.n.n));
            } catch (Exception e) {
                throw new UnrecoverableKeyException(AbstractC1300a.i(e, e.w("BCFKS KeyStore unable to recover secret key (", str, "): ")));
            }
        }
        HashMap hashMap = this.x;
        PrivateKey privateKey = (PrivateKey) hashMap.get(str);
        if (privateKey != null) {
            return privateKey;
        }
        EncryptedPrivateKeyInfo O2 = EncryptedPrivateKeyInfo.O(EncryptedPrivateKeyData.O(objectData.O()).n);
        try {
            PrivateKeyInfo O3 = PrivateKeyInfo.O(d("PRIVATE_KEY_ENCRYPTION", O2.n, cArr, O2.p.n));
            ASN1ObjectIdentifier aSN1ObjectIdentifier = O3.p.n;
            String str2 = (String) F.get(aSN1ObjectIdentifier);
            if (str2 == null) {
                str2 = aSN1ObjectIdentifier.n;
            }
            PrivateKey generatePrivate = jcaJceHelper.h(str2).generatePrivate(new PKCS8EncodedKeySpec(O3.getEncoded()));
            hashMap.put(str, generatePrivate);
            return generatePrivate;
        } catch (Exception e2) {
            throw new UnrecoverableKeyException(AbstractC1300a.i(e2, e.w("BCFKS KeyStore unable to recover private key (", str, "): ")));
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        ObjectData objectData = (ObjectData) this.p.get(str);
        if (objectData == null) {
            return false;
        }
        return objectData.n.equals(H);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        ObjectData objectData = (ObjectData) this.p.get(str);
        if (objectData == null) {
            return false;
        }
        BigInteger bigInteger = objectData.n;
        return bigInteger.equals(I) || bigInteger.equals(K) || bigInteger.equals(L) || bigInteger.equals(M);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        AlgorithmIdentifier algorithmIdentifier;
        ObjectStoreData O;
        HashMap hashMap = this.p;
        hashMap.clear();
        this.x.clear();
        this.B = null;
        this.C = null;
        this.y = null;
        if (inputStream == null) {
            Date date = new Date();
            this.B = date;
            this.C = date;
            this.y = new AlgorithmIdentifier(PKCSObjectIdentifiers.s1, DERNull.n);
            this.A = g(64, PKCSObjectIdentifiers.h1);
            return;
        }
        try {
            ASN1Primitive i = new ASN1InputStream(inputStream).i();
            ObjectStore objectStore = i != null ? new ObjectStore(ASN1Sequence.f0(i)) : null;
            ObjectStoreIntegrityCheck objectStoreIntegrityCheck = objectStore.p;
            int i2 = objectStoreIntegrityCheck.n;
            ASN1Object aSN1Object = objectStore.n;
            ASN1Object aSN1Object2 = objectStoreIntegrityCheck.p;
            if (i2 == 0) {
                PbkdMacIntegrityCheck pbkdMacIntegrityCheck = aSN1Object2 instanceof PbkdMacIntegrityCheck ? (PbkdMacIntegrityCheck) aSN1Object2 : aSN1Object2 != null ? new PbkdMacIntegrityCheck(ASN1Sequence.f0(aSN1Object2)) : null;
                algorithmIdentifier = pbkdMacIntegrityCheck.n;
                this.y = algorithmIdentifier;
                KeyDerivationFunc keyDerivationFunc = pbkdMacIntegrityCheck.p;
                this.A = keyDerivationFunc;
                try {
                    if (!Arrays.j(a(aSN1Object.i().getEncoded(), pbkdMacIntegrityCheck.n, keyDerivationFunc, cArr), Arrays.b(pbkdMacIntegrityCheck.x.n))) {
                        throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
                    }
                } catch (NoSuchProviderException e) {
                    throw new IOException(e.getMessage());
                }
            } else {
                if (i2 != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                SignatureCheck signatureCheck = aSN1Object2 instanceof SignatureCheck ? (SignatureCheck) aSN1Object2 : aSN1Object2 != null ? new SignatureCheck(ASN1Sequence.f0(aSN1Object2)) : null;
                algorithmIdentifier = signatureCheck.n;
                try {
                    ASN1Sequence aSN1Sequence = signatureCheck.p;
                    if (aSN1Sequence != null) {
                        int size = aSN1Sequence.size();
                        org.bouncycastle.asn1.x509.Certificate[] certificateArr = new org.bouncycastle.asn1.x509.Certificate[size];
                        for (int i3 = 0; i3 != size; i3++) {
                            certificateArr[i3] = org.bouncycastle.asn1.x509.Certificate.O(aSN1Sequence.l0(i3));
                        }
                    }
                    i(aSN1Object, signatureCheck, null);
                } catch (GeneralSecurityException e2) {
                    throw new IOException("error verifying signature: " + e2.getMessage(), e2);
                }
            }
            if (aSN1Object instanceof EncryptedObjectStoreData) {
                EncryptedObjectStoreData encryptedObjectStoreData = (EncryptedObjectStoreData) aSN1Object;
                O = ObjectStoreData.O(d("STORE_ENCRYPTION", encryptedObjectStoreData.n, cArr, encryptedObjectStoreData.p.n));
            } else {
                O = ObjectStoreData.O(aSN1Object);
            }
            try {
                this.B = O.x.l0();
                this.C = O.y.l0();
                if (!O.p.equals(algorithmIdentifier)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator it = O.A.iterator();
                while (true) {
                    Arrays.Iterator iterator = (Arrays.Iterator) it;
                    if (!iterator.hasNext()) {
                        return;
                    }
                    Object next = iterator.next();
                    ObjectData objectData = next instanceof ObjectData ? (ObjectData) next : next != null ? new ObjectData(ASN1Sequence.f0(next)) : null;
                    hashMap.put(objectData.p, objectData);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e3) {
            throw new IOException(e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof BCFKSLoadStoreParameter) {
            e((BCFKSLoadStoreParameter) loadStoreParameter);
            ASN1ObjectIdentifier aSN1ObjectIdentifier = MiscObjectIdentifiers.a;
            throw null;
        }
        if (!(loadStoreParameter instanceof BCLoadStoreParameter)) {
            throw new IllegalArgumentException("no support for 'parameter' of type ".concat(loadStoreParameter.getClass().getName()));
        }
        engineLoad(null, e(loadStoreParameter));
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        Date date;
        Date date2;
        HashMap hashMap = this.p;
        ObjectData objectData = (ObjectData) hashMap.get(str);
        Date date3 = new Date();
        if (objectData != null) {
            if (!objectData.n.equals(H)) {
                throw new KeyStoreException(AbstractC2428v.r("BCFKS KeyStore already has a key entry with alias ", str));
            }
            try {
                date2 = objectData.x.l0();
            } catch (ParseException unused) {
                date2 = date3;
            }
            date = date2;
        } else {
            date = date3;
        }
        try {
            hashMap.put(str, new ObjectData(H, str, date, date3, certificate.getEncoded()));
            this.C = date3;
        } catch (CertificateEncodingException e) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
        Date date;
        Date date2;
        SecretKeyData secretKeyData;
        EncryptedSecretKeyData encryptedSecretKeyData;
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo;
        Date date3 = new Date();
        HashMap hashMap = this.p;
        ObjectData objectData = (ObjectData) hashMap.get(str);
        if (objectData != null) {
            try {
                date = objectData.x.l0();
            } catch (ParseException unused) {
                date = date3;
            }
            date2 = date;
        } else {
            date2 = date3;
        }
        this.x.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                KeyDerivationFunc g = g(32, PKCSObjectIdentifiers.h1);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] f = f(g, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                ASN1ObjectIdentifier aSN1ObjectIdentifier = this.D;
                ASN1ObjectIdentifier aSN1ObjectIdentifier2 = NISTObjectIdentifiers.N;
                if (aSN1ObjectIdentifier.X(aSN1ObjectIdentifier2)) {
                    Cipher b = b("AES/CCM/NoPadding", f);
                    encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.g1, new PBES2Parameters(g, new EncryptionScheme(aSN1ObjectIdentifier2, CCMParameters.O(b.getParameters().getEncoded())))), b.doFinal(encoded));
                } else {
                    encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.g1, new PBES2Parameters(g, new EncryptionScheme(NISTObjectIdentifiers.O))), b("AESKWP", f).doFinal(encoded));
                }
                org.bouncycastle.asn1.x509.Certificate[] certificateArr2 = new org.bouncycastle.asn1.x509.Certificate[certificateArr.length];
                for (int i = 0; i != certificateArr.length; i++) {
                    certificateArr2[i] = org.bouncycastle.asn1.x509.Certificate.O(certificateArr[i].getEncoded());
                }
                hashMap.put(str, new ObjectData(I, str, date2, date3, new EncryptedPrivateKeyData(encryptedPrivateKeyInfo, certificateArr2).getEncoded()));
            } catch (Exception e) {
                throw new ExtKeyStoreException(AbstractC2428v.q(e, new StringBuilder("BCFKS KeyStore exception storing private key: ")), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                KeyDerivationFunc g2 = g(32, PKCSObjectIdentifiers.h1);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] f2 = f(g2, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String g3 = Strings.g(key.getAlgorithm());
                if (g3.indexOf("AES") > -1) {
                    secretKeyData = new SecretKeyData(NISTObjectIdentifiers.q, encoded2);
                } else {
                    HashMap hashMap2 = E;
                    ASN1ObjectIdentifier aSN1ObjectIdentifier3 = (ASN1ObjectIdentifier) hashMap2.get(g3);
                    if (aSN1ObjectIdentifier3 != null) {
                        secretKeyData = new SecretKeyData(aSN1ObjectIdentifier3, encoded2);
                    } else {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier4 = (ASN1ObjectIdentifier) hashMap2.get(g3 + "." + (encoded2.length * 8));
                        if (aSN1ObjectIdentifier4 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + g3 + ") for storage.");
                        }
                        secretKeyData = new SecretKeyData(aSN1ObjectIdentifier4, encoded2);
                    }
                }
                ASN1ObjectIdentifier aSN1ObjectIdentifier5 = this.D;
                ASN1ObjectIdentifier aSN1ObjectIdentifier6 = NISTObjectIdentifiers.N;
                if (aSN1ObjectIdentifier5.X(aSN1ObjectIdentifier6)) {
                    Cipher b2 = b("AES/CCM/NoPadding", f2);
                    encryptedSecretKeyData = new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.g1, new PBES2Parameters(g2, new EncryptionScheme(aSN1ObjectIdentifier6, CCMParameters.O(b2.getParameters().getEncoded())))), b2.doFinal(secretKeyData.getEncoded()));
                } else {
                    encryptedSecretKeyData = new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.g1, new PBES2Parameters(g2, new EncryptionScheme(NISTObjectIdentifiers.O))), b("AESKWP", f2).doFinal(secretKeyData.getEncoded()));
                }
                hashMap.put(str, new ObjectData(K, str, date2, date3, encryptedSecretKeyData.getEncoded()));
            } catch (Exception e2) {
                throw new ExtKeyStoreException(AbstractC2428v.q(e2, new StringBuilder("BCFKS KeyStore exception storing private key: ")), e2);
            }
        }
        this.C = date3;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        Date date;
        Date date2;
        Date date3 = new Date();
        HashMap hashMap = this.p;
        ObjectData objectData = (ObjectData) hashMap.get(str);
        if (objectData != null) {
            try {
                date = objectData.x.l0();
            } catch (ParseException unused) {
                date = date3;
            }
            date2 = date;
        } else {
            date2 = date3;
        }
        if (certificateArr != null) {
            try {
                EncryptedPrivateKeyInfo O = EncryptedPrivateKeyInfo.O(bArr);
                try {
                    this.x.remove(str);
                    BigInteger bigInteger = L;
                    org.bouncycastle.asn1.x509.Certificate[] certificateArr2 = new org.bouncycastle.asn1.x509.Certificate[certificateArr.length];
                    for (int i = 0; i != certificateArr.length; i++) {
                        certificateArr2[i] = org.bouncycastle.asn1.x509.Certificate.O(certificateArr[i].getEncoded());
                    }
                    hashMap.put(str, new ObjectData(bigInteger, str, date2, date3, new EncryptedPrivateKeyData(O, certificateArr2).getEncoded()));
                } catch (Exception e) {
                    throw new ExtKeyStoreException(AbstractC2428v.q(e, new StringBuilder("BCFKS KeyStore exception storing protected private key: ")), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                hashMap.put(str, new ObjectData(M, str, date2, date3, bArr));
            } catch (Exception e3) {
                throw new ExtKeyStoreException(AbstractC2428v.q(e3, new StringBuilder("BCFKS KeyStore exception storing protected private key: ")), e3);
            }
        }
        this.C = date3;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.p.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
        EncryptedObjectStoreData encryptedObjectStoreData;
        KeyDerivationFunc keyDerivationFunc;
        BigInteger m0;
        if (this.B == null) {
            throw new IOException("KeyStore not initialized");
        }
        AlgorithmIdentifier algorithmIdentifier = this.y;
        HashMap hashMap = this.p;
        ObjectData[] objectDataArr = (ObjectData[]) hashMap.values().toArray(new ObjectData[hashMap.size()]);
        KeyDerivationFunc h = h(this.A, 32);
        byte[] f = f(h, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0], 32);
        ObjectStoreData objectStoreData = new ObjectStoreData(algorithmIdentifier, this.B, this.C, new ObjectDataSequence(objectDataArr));
        try {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = this.D;
            ASN1ObjectIdentifier aSN1ObjectIdentifier2 = NISTObjectIdentifiers.N;
            if (aSN1ObjectIdentifier.X(aSN1ObjectIdentifier2)) {
                Cipher b = b("AES/CCM/NoPadding", f);
                encryptedObjectStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.g1, new PBES2Parameters(h, new EncryptionScheme(aSN1ObjectIdentifier2, CCMParameters.O(b.getParameters().getEncoded())))), b.doFinal(objectStoreData.getEncoded()));
            } else {
                encryptedObjectStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.g1, new PBES2Parameters(h, new EncryptionScheme(NISTObjectIdentifiers.O))), b("AESKWP", f).doFinal(objectStoreData.getEncoded()));
            }
            if (MiscObjectIdentifiers.r.X(this.A.n.n)) {
                ScryptParams O = ScryptParams.O(this.A.n.p);
                keyDerivationFunc = this.A;
                m0 = O.A;
            } else {
                PBKDF2Params O2 = PBKDF2Params.O(this.A.n.p);
                keyDerivationFunc = this.A;
                ASN1Integer aSN1Integer = O2.x;
                m0 = aSN1Integer != null ? aSN1Integer.m0() : null;
            }
            this.A = h(keyDerivationFunc, m0.intValue());
            try {
                outputStream.write(new ObjectStore(encryptedObjectStoreData, new ObjectStoreIntegrityCheck(new PbkdMacIntegrityCheck(this.y, this.A, a(encryptedObjectStoreData.getEncoded(), this.y, this.A, cArr)))).getEncoded());
                outputStream.flush();
            } catch (NoSuchProviderException e) {
                throw new IOException("cannot calculate mac: " + e.getMessage());
            }
        } catch (InvalidKeyException e2) {
            throw new IOException(e2.toString());
        } catch (NoSuchProviderException e3) {
            throw new IOException(e3.toString());
        } catch (BadPaddingException e4) {
            throw new IOException(e4.toString());
        } catch (IllegalBlockSizeException e5) {
            throw new IOException(e5.toString());
        } catch (NoSuchPaddingException e6) {
            throw new NoSuchAlgorithmException(e6.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof BCFKSStoreParameter) {
            e(loadStoreParameter);
            ASN1ObjectIdentifier aSN1ObjectIdentifier = MiscObjectIdentifiers.a;
            throw null;
        }
        if (loadStoreParameter instanceof BCFKSLoadStoreParameter) {
            e((BCFKSLoadStoreParameter) loadStoreParameter);
            ASN1ObjectIdentifier aSN1ObjectIdentifier2 = MiscObjectIdentifiers.a;
            throw null;
        }
        if (!(loadStoreParameter instanceof BCLoadStoreParameter)) {
            throw new IllegalArgumentException("no support for 'parameter' of type ".concat(loadStoreParameter.getClass().getName()));
        }
        throw new UnsupportedOperationException("parameter not configured for storage - no OutputStream");
    }

    public final void i(ASN1Object aSN1Object, SignatureCheck signatureCheck, PublicKey publicKey) {
        Signature a = this.n.a(signatureCheck.n.n.n);
        a.initVerify(publicKey);
        a.update(aSN1Object.i().N("DER"));
        DERBitString dERBitString = signatureCheck.x;
        if (!a.verify(new ASN1BitString(dERBitString.f0(), dERBitString.p).h0())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }
}
