package org.spongycastle.jcajce.provider.keystore.bcfks;

import a00.b;
import a00.e;
import f.g;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import morpho.ccmid.api.network.BaseCrypto;
import org.apache.commons.io.output.ByteArrayOutputStream;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DERNull;
import org.spongycastle.asn1.bc.EncryptedObjectStoreData;
import org.spongycastle.asn1.bc.EncryptedPrivateKeyData;
import org.spongycastle.asn1.bc.EncryptedSecretKeyData;
import org.spongycastle.asn1.bc.ObjectData;
import org.spongycastle.asn1.bc.ObjectDataSequence;
import org.spongycastle.asn1.bc.ObjectStore;
import org.spongycastle.asn1.bc.ObjectStoreData;
import org.spongycastle.asn1.bc.ObjectStoreIntegrityCheck;
import org.spongycastle.asn1.bc.PbkdMacIntegrityCheck;
import org.spongycastle.asn1.bc.SecretKeyData;
import org.spongycastle.asn1.cms.CCMParameters;
import org.spongycastle.asn1.nist.NISTObjectIdentifiers;
import org.spongycastle.asn1.oiw.OIWObjectIdentifiers;
import org.spongycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.spongycastle.asn1.pkcs.EncryptionScheme;
import org.spongycastle.asn1.pkcs.KeyDerivationFunc;
import org.spongycastle.asn1.pkcs.PBES2Parameters;
import org.spongycastle.asn1.pkcs.PBKDF2Params;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.pkcs.PrivateKeyInfo;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x9.X9ObjectIdentifiers;
import org.spongycastle.crypto.PBEParametersGenerator;
import org.spongycastle.crypto.digests.SHA512Digest;
import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.Encodable;
import org.spongycastle.util.Strings;

/* loaded from: classes3.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {

    /* renamed from: h, reason: collision with root package name */
    public static final HashMap f28263h;

    /* renamed from: i, reason: collision with root package name */
    public static final HashMap f28264i;

    /* renamed from: j, reason: collision with root package name */
    public static final BigInteger f28265j;

    /* renamed from: k, reason: collision with root package name */
    public static final BigInteger f28266k;

    /* renamed from: l, reason: collision with root package name */
    public static final BigInteger f28267l;

    /* renamed from: m, reason: collision with root package name */
    public static final BigInteger f28268m;

    /* renamed from: n, reason: collision with root package name */
    public static final BigInteger f28269n;

    /* renamed from: a, reason: collision with root package name */
    public final BouncyCastleProvider f28270a;

    /* renamed from: b, reason: collision with root package name */
    public final HashMap f28271b = new HashMap();

    /* renamed from: c, reason: collision with root package name */
    public final HashMap f28272c = new HashMap();

    /* renamed from: d, reason: collision with root package name */
    public AlgorithmIdentifier f28273d;
    public KeyDerivationFunc e;

    /* renamed from: f, reason: collision with root package name */
    public Date f28274f;

    /* renamed from: g, reason: collision with root package name */
    public Date f28275g;

    /* loaded from: classes3.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(null);
        }
    }

    /* loaded from: classes3.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        public ExtKeyStoreException(String str, Exception exc) {
            super(str);
            this.cause = exc;
        }

        @Override // java.lang.Throwable
        public final Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes3.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BouncyCastleProvider());
        }
    }

    static {
        HashMap hashMap = new HashMap();
        f28263h = hashMap;
        HashMap hashMap2 = new HashMap();
        f28264i = hashMap2;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = OIWObjectIdentifiers.f26407h;
        hashMap.put("DESEDE", aSN1ObjectIdentifier);
        hashMap.put("TRIPLEDES", aSN1ObjectIdentifier);
        hashMap.put("TDEA", aSN1ObjectIdentifier);
        hashMap.put("HMACSHA1", PKCSObjectIdentifiers.f26440c0);
        hashMap.put("HMACSHA224", PKCSObjectIdentifiers.f26441d0);
        hashMap.put("HMACSHA256", PKCSObjectIdentifiers.f26442e0);
        hashMap.put("HMACSHA384", PKCSObjectIdentifiers.f26443f0);
        hashMap.put("HMACSHA512", PKCSObjectIdentifiers.f26444g0);
        hashMap2.put(PKCSObjectIdentifiers.f26450m, "RSA");
        hashMap2.put(X9ObjectIdentifiers.O0, "EC");
        hashMap2.put(OIWObjectIdentifiers.f26411l, "DH");
        hashMap2.put(PKCSObjectIdentifiers.I, "DH");
        hashMap2.put(X9ObjectIdentifiers.t1, "DSA");
        f28265j = BigInteger.valueOf(0L);
        f28266k = BigInteger.valueOf(1L);
        f28267l = BigInteger.valueOf(2L);
        f28268m = BigInteger.valueOf(3L);
        f28269n = BigInteger.valueOf(4L);
    }

    public BcFKSKeyStoreSpi(BouncyCastleProvider bouncyCastleProvider) {
        this.f28270a = bouncyCastleProvider;
    }

    public static byte[] d(KeyDerivationFunc keyDerivationFunc, String str, char[] cArr) throws IOException {
        byte[] a10 = PBEParametersGenerator.a(cArr);
        byte[] a13 = PBEParametersGenerator.a(str.toCharArray());
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA512Digest());
        if (!keyDerivationFunc.f26426a.f26649a.equals(PKCSObjectIdentifiers.S)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        PBKDF2Params q3 = PBKDF2Params.q(keyDerivationFunc.f26426a.f26650c);
        AlgorithmIdentifier algorithmIdentifier = q3.e;
        if (algorithmIdentifier == null) {
            algorithmIdentifier = PBKDF2Params.f26432g;
        }
        if (!algorithmIdentifier.f26649a.equals(PKCSObjectIdentifiers.f26444g0)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF.");
        }
        pKCS5S2ParametersGenerator.e(q3.f26434c.E().intValue(), Arrays.h(a10, a13), q3.f26433a.D());
        ASN1Integer aSN1Integer = q3.f26435d;
        return pKCS5S2ParametersGenerator.c((aSN1Integer != null ? aSN1Integer.E() : null).intValue() * 8).f27841a;
    }

    public static KeyDerivationFunc e(int i13) {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        return new KeyDerivationFunc(PKCSObjectIdentifiers.S, new PBKDF2Params(bArr, ByteArrayOutputStream.DEFAULT_SIZE, i13, new AlgorithmIdentifier(PKCSObjectIdentifiers.f26444g0, DERNull.f26187a)));
    }

    public final byte[] a(byte[] bArr, AlgorithmIdentifier algorithmIdentifier, KeyDerivationFunc keyDerivationFunc, char[] cArr) throws NoSuchAlgorithmException, IOException {
        String str = algorithmIdentifier.f26649a.f26143a;
        BouncyCastleProvider bouncyCastleProvider = this.f28270a;
        Mac mac = bouncyCastleProvider != null ? Mac.getInstance(str, bouncyCastleProvider) : Mac.getInstance(str);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            mac.init(new SecretKeySpec(d(keyDerivationFunc, "INTEGRITY_CHECK", cArr), str));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e) {
            StringBuilder i13 = b.i("Cannot set up MAC calculation: ");
            i13.append(e.getMessage());
            throw new IOException(i13.toString());
        }
    }

    public final Certificate b(Object obj) {
        BouncyCastleProvider bouncyCastleProvider = this.f28270a;
        if (bouncyCastleProvider != null) {
            try {
                return CertificateFactory.getInstance("X.509", bouncyCastleProvider).generateCertificate(new ByteArrayInputStream(org.spongycastle.asn1.x509.Certificate.q(obj).n()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.spongycastle.asn1.x509.Certificate.q(obj).n()));
        } catch (Exception unused2) {
            return null;
        }
    }

    public final byte[] c(String str, AlgorithmIdentifier algorithmIdentifier, char[] cArr, byte[] bArr) throws IOException {
        Cipher cipher;
        AlgorithmParameters algorithmParameters;
        if (!algorithmIdentifier.f26649a.equals(PKCSObjectIdentifiers.R)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        ASN1Encodable aSN1Encodable = algorithmIdentifier.f26650c;
        PBES2Parameters pBES2Parameters = aSN1Encodable instanceof PBES2Parameters ? (PBES2Parameters) aSN1Encodable : aSN1Encodable != null ? new PBES2Parameters(ASN1Sequence.B(aSN1Encodable)) : null;
        EncryptionScheme encryptionScheme = pBES2Parameters.f26431c;
        if (!encryptionScheme.f26425a.f26649a.equals(NISTObjectIdentifiers.L)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        try {
            CCMParameters q3 = CCMParameters.q(encryptionScheme.f26425a.f26650c);
            BouncyCastleProvider bouncyCastleProvider = this.f28270a;
            if (bouncyCastleProvider == null) {
                cipher = Cipher.getInstance(BaseCrypto.SRP_K_SYMETRIC_ALGORITHM);
                algorithmParameters = AlgorithmParameters.getInstance("CCM");
            } else {
                cipher = Cipher.getInstance(BaseCrypto.SRP_K_SYMETRIC_ALGORITHM, bouncyCastleProvider);
                algorithmParameters = AlgorithmParameters.getInstance("CCM", this.f28270a);
            }
            algorithmParameters.init(q3.n());
            KeyDerivationFunc keyDerivationFunc = pBES2Parameters.f26430a;
            if (cArr == null) {
                cArr = new char[0];
            }
            cipher.init(2, new SecretKeySpec(d(keyDerivationFunc, str, cArr), "AES"), algorithmParameters);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new IOException(e.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public final Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.f28271b.keySet()).iterator();
        return new Enumeration() { // from class: org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public final boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public final Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.f28271b.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public final void engineDeleteEntry(String str) throws KeyStoreException {
        if (((ObjectData) this.f28271b.get(str)) == null) {
            return;
        }
        this.f28272c.remove(str);
        this.f28271b.remove(str);
        this.f28275g = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public final Certificate engineGetCertificate(String str) {
        ObjectData objectData = (ObjectData) this.f28271b.get(str);
        if (objectData == null) {
            return null;
        }
        if (!objectData.f26237a.equals(f28266k) && !objectData.f26237a.equals(f28268m)) {
            if (objectData.f26237a.equals(f28265j)) {
                return b(objectData.q());
            }
            return null;
        }
        org.spongycastle.asn1.x509.Certificate[] certificateArr = EncryptedPrivateKeyData.q(objectData.q()).f26234c;
        org.spongycastle.asn1.x509.Certificate[] certificateArr2 = new org.spongycastle.asn1.x509.Certificate[certificateArr.length];
        System.arraycopy(certificateArr, 0, certificateArr2, 0, certificateArr.length);
        return b(certificateArr2[0]);
    }

    @Override // java.security.KeyStoreSpi
    public final String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.f28271b.keySet()) {
                ObjectData objectData = (ObjectData) this.f28271b.get(str);
                if (objectData.f26237a.equals(f28265j)) {
                    if (Arrays.a(objectData.q(), encoded)) {
                        return str;
                    }
                } else if (objectData.f26237a.equals(f28266k) || objectData.f26237a.equals(f28268m)) {
                    try {
                        org.spongycastle.asn1.x509.Certificate[] certificateArr = EncryptedPrivateKeyData.q(objectData.q()).f26234c;
                        org.spongycastle.asn1.x509.Certificate[] certificateArr2 = new org.spongycastle.asn1.x509.Certificate[certificateArr.length];
                        System.arraycopy(certificateArr, 0, certificateArr2, 0, certificateArr.length);
                        if (Arrays.a(certificateArr2[0].f26665a.n(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                        continue;
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public final Certificate[] engineGetCertificateChain(String str) {
        ObjectData objectData = (ObjectData) this.f28271b.get(str);
        if (objectData == null) {
            return null;
        }
        if (!objectData.f26237a.equals(f28266k) && !objectData.f26237a.equals(f28268m)) {
            return null;
        }
        org.spongycastle.asn1.x509.Certificate[] certificateArr = EncryptedPrivateKeyData.q(objectData.q()).f26234c;
        int length = certificateArr.length;
        org.spongycastle.asn1.x509.Certificate[] certificateArr2 = new org.spongycastle.asn1.x509.Certificate[length];
        System.arraycopy(certificateArr, 0, certificateArr2, 0, certificateArr.length);
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i13 = 0; i13 != length; i13++) {
            x509CertificateArr[i13] = b(certificateArr2[i13]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public final Date engineGetCreationDate(String str) {
        ObjectData objectData = (ObjectData) this.f28271b.get(str);
        if (objectData == null) {
            return null;
        }
        try {
            return objectData.e.B();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public final Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyFactory keyFactory;
        ObjectData objectData = (ObjectData) this.f28271b.get(str);
        SecretKeyData secretKeyData = null;
        if (objectData == null) {
            return null;
        }
        if (!objectData.f26237a.equals(f28266k) && !objectData.f26237a.equals(f28268m)) {
            if (!objectData.f26237a.equals(f28267l) && !objectData.f26237a.equals(f28269n)) {
                throw new UnrecoverableKeyException(b.f("BCFKS KeyStore unable to recover secret key (", str, "): type not recognized"));
            }
            byte[] q3 = objectData.q();
            EncryptedSecretKeyData encryptedSecretKeyData = q3 instanceof EncryptedSecretKeyData ? (EncryptedSecretKeyData) q3 : q3 != 0 ? new EncryptedSecretKeyData(ASN1Sequence.B(q3)) : null;
            try {
                byte[] c9 = c("SECRET_KEY_ENCRYPTION", encryptedSecretKeyData.f26235a, cArr, Arrays.c(encryptedSecretKeyData.f26236c.D()));
                if (c9 instanceof SecretKeyData) {
                    secretKeyData = (SecretKeyData) c9;
                } else if (c9 != 0) {
                    secretKeyData = new SecretKeyData(ASN1Sequence.B(c9));
                }
                BouncyCastleProvider bouncyCastleProvider = this.f28270a;
                return (bouncyCastleProvider != null ? SecretKeyFactory.getInstance(secretKeyData.f26254a.f26143a, bouncyCastleProvider) : SecretKeyFactory.getInstance(secretKeyData.f26254a.f26143a)).generateSecret(new SecretKeySpec(Arrays.c(secretKeyData.f26255c.D()), secretKeyData.f26254a.f26143a));
            } catch (Exception e) {
                StringBuilder q13 = e.q("BCFKS KeyStore unable to recover secret key (", str, "): ");
                q13.append(e.getMessage());
                throw new UnrecoverableKeyException(q13.toString());
            }
        }
        PrivateKey privateKey = (PrivateKey) this.f28272c.get(str);
        if (privateKey != null) {
            return privateKey;
        }
        EncryptedPrivateKeyInfo q14 = EncryptedPrivateKeyInfo.q(EncryptedPrivateKeyData.q(objectData.q()).f26233a);
        try {
            PrivateKeyInfo q15 = PrivateKeyInfo.q(c("PRIVATE_KEY_ENCRYPTION", q14.f26423a, cArr, q14.f26424c.D()));
            BouncyCastleProvider bouncyCastleProvider2 = this.f28270a;
            if (bouncyCastleProvider2 != null) {
                keyFactory = KeyFactory.getInstance(q15.f26475c.f26649a.f26143a, bouncyCastleProvider2);
            } else {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = q15.f26475c.f26649a;
                String str2 = (String) f28264i.get(aSN1ObjectIdentifier);
                if (str2 == null) {
                    str2 = aSN1ObjectIdentifier.f26143a;
                }
                keyFactory = KeyFactory.getInstance(str2);
            }
            PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(q15.n()));
            this.f28272c.put(str, generatePrivate);
            return generatePrivate;
        } catch (Exception e13) {
            StringBuilder q16 = e.q("BCFKS KeyStore unable to recover private key (", str, "): ");
            q16.append(e13.getMessage());
            throw new UnrecoverableKeyException(q16.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineIsCertificateEntry(String str) {
        ObjectData objectData = (ObjectData) this.f28271b.get(str);
        if (objectData != null) {
            return objectData.f26237a.equals(f28265j);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineIsKeyEntry(String str) {
        ObjectData objectData = (ObjectData) this.f28271b.get(str);
        if (objectData != null) {
            BigInteger bigInteger = objectData.f26237a;
            if (bigInteger.equals(f28266k) || bigInteger.equals(f28267l) || bigInteger.equals(f28268m) || bigInteger.equals(f28269n)) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public final void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        ObjectStoreData q3;
        this.f28271b.clear();
        this.f28272c.clear();
        this.f28274f = null;
        this.f28275g = null;
        this.f28273d = null;
        if (inputStream == null) {
            Date date = new Date();
            this.f28274f = date;
            this.f28275g = date;
            this.f28273d = new AlgorithmIdentifier(PKCSObjectIdentifiers.f26444g0, DERNull.f26187a);
            this.e = e(64);
            return;
        }
        Encodable m2 = new ASN1InputStream(inputStream).m();
        ObjectStore objectStore = m2 instanceof ObjectStore ? (ObjectStore) m2 : m2 != null ? new ObjectStore(ASN1Sequence.B(m2)) : null;
        ObjectStoreIntegrityCheck objectStoreIntegrityCheck = objectStore.f26244c;
        objectStoreIntegrityCheck.getClass();
        PbkdMacIntegrityCheck pbkdMacIntegrityCheck = objectStoreIntegrityCheck.f26250a;
        if (!(pbkdMacIntegrityCheck instanceof PbkdMacIntegrityCheck)) {
            pbkdMacIntegrityCheck = pbkdMacIntegrityCheck != null ? new PbkdMacIntegrityCheck(ASN1Sequence.B(pbkdMacIntegrityCheck)) : null;
        }
        this.f28273d = pbkdMacIntegrityCheck.f26251a;
        this.e = pbkdMacIntegrityCheck.f26252c;
        if (!Arrays.k(a(objectStore.f26243a.h().n(), pbkdMacIntegrityCheck.f26251a, pbkdMacIntegrityCheck.f26252c, cArr), Arrays.c(pbkdMacIntegrityCheck.f26253d.D()))) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed.");
        }
        ASN1Encodable aSN1Encodable = objectStore.f26243a;
        if (aSN1Encodable instanceof EncryptedObjectStoreData) {
            EncryptedObjectStoreData encryptedObjectStoreData = (EncryptedObjectStoreData) aSN1Encodable;
            q3 = ObjectStoreData.q(c("STORE_ENCRYPTION", encryptedObjectStoreData.f26231a, cArr, encryptedObjectStoreData.f26232c.D()));
        } else {
            q3 = ObjectStoreData.q(aSN1Encodable);
        }
        try {
            this.f28274f = q3.f26247d.B();
            this.f28275g = q3.e.B();
            if (!q3.f26246c.equals(this.f28273d)) {
                throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
            }
            Iterator<ASN1Encodable> it = q3.f26248g.iterator();
            while (it.hasNext()) {
                ASN1Encodable next = it.next();
                ObjectData objectData = next instanceof ObjectData ? (ObjectData) next : next != null ? new ObjectData(ASN1Sequence.B(next)) : null;
                this.f28271b.put(objectData.f26238c, objectData);
            }
        } catch (ParseException unused) {
            throw new IOException("BCFKS KeyStore unable to parse store data information.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        Date date2;
        ObjectData objectData = (ObjectData) this.f28271b.get(str);
        Date date3 = new Date();
        if (objectData == null) {
            date = date3;
        } else {
            if (!objectData.f26237a.equals(f28265j)) {
                throw new KeyStoreException(g.c("BCFKS KeyStore already has a key entry with alias ", str));
            }
            try {
                date2 = objectData.f26239d.B();
            } catch (ParseException unused) {
                date2 = date3;
            }
            date = date2;
        }
        try {
            this.f28271b.put(str, new ObjectData(f28265j, str, date, date3, certificate.getEncoded()));
            this.f28275g = date3;
        } catch (CertificateEncodingException e) {
            StringBuilder i13 = b.i("BCFKS KeyStore unable to handle certificate: ");
            i13.append(e.getMessage());
            throw new ExtKeyStoreException(i13.toString(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date;
        Date date2;
        byte[] doFinal;
        Date date3 = new Date();
        ObjectData objectData = (ObjectData) this.f28271b.get(str);
        if (objectData != null) {
            try {
                date = objectData.f26239d.B();
            } catch (ParseException unused) {
                date = date3;
            }
            date2 = date;
        } else {
            date2 = date3;
        }
        this.f28272c.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                KeyDerivationFunc e = e(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] d13 = d(e, "PRIVATE_KEY_ENCRYPTION", cArr);
                BouncyCastleProvider bouncyCastleProvider = this.f28270a;
                Cipher cipher = bouncyCastleProvider == null ? Cipher.getInstance(BaseCrypto.SRP_K_SYMETRIC_ALGORITHM) : Cipher.getInstance(BaseCrypto.SRP_K_SYMETRIC_ALGORITHM, bouncyCastleProvider);
                cipher.init(1, new SecretKeySpec(d13, "AES"));
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.R, new PBES2Parameters(e, new EncryptionScheme(NISTObjectIdentifiers.L, CCMParameters.q(cipher.getParameters().getEncoded())))), cipher.doFinal(encoded));
                org.spongycastle.asn1.x509.Certificate[] certificateArr2 = new org.spongycastle.asn1.x509.Certificate[certificateArr.length];
                for (int i13 = 0; i13 != certificateArr.length; i13++) {
                    certificateArr2[i13] = org.spongycastle.asn1.x509.Certificate.q(certificateArr[i13].getEncoded());
                }
                this.f28271b.put(str, new ObjectData(f28266k, str, date2, date3, new EncryptedPrivateKeyData(encryptedPrivateKeyInfo, certificateArr2).n()));
            } catch (Exception e13) {
                throw new ExtKeyStoreException(nl0.b.f(e13, b.i("BCFKS KeyStore exception storing private key: ")), e13);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                KeyDerivationFunc e14 = e(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] d14 = d(e14, "SECRET_KEY_ENCRYPTION", cArr);
                BouncyCastleProvider bouncyCastleProvider2 = this.f28270a;
                Cipher cipher2 = bouncyCastleProvider2 == null ? Cipher.getInstance(BaseCrypto.SRP_K_SYMETRIC_ALGORITHM) : Cipher.getInstance(BaseCrypto.SRP_K_SYMETRIC_ALGORITHM, bouncyCastleProvider2);
                cipher2.init(1, new SecretKeySpec(d14, "AES"));
                String g13 = Strings.g(key.getAlgorithm());
                if (g13.indexOf("AES") > -1) {
                    doFinal = cipher2.doFinal(new SecretKeyData(NISTObjectIdentifiers.f26383q, encoded2).n());
                } else {
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) f28263h.get(g13);
                    if (aSN1ObjectIdentifier == null) {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + g13 + ") for storage.");
                    }
                    doFinal = cipher2.doFinal(new SecretKeyData(aSN1ObjectIdentifier, encoded2).n());
                }
                this.f28271b.put(str, new ObjectData(f28267l, str, date2, date3, new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.R, new PBES2Parameters(e14, new EncryptionScheme(NISTObjectIdentifiers.L, CCMParameters.q(cipher2.getParameters().getEncoded())))), doFinal).n()));
            } catch (Exception e15) {
                throw new ExtKeyStoreException(nl0.b.f(e15, b.i("BCFKS KeyStore exception storing private key: ")), e15);
            }
        }
        this.f28275g = date3;
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date;
        Date date2;
        Date date3 = new Date();
        ObjectData objectData = (ObjectData) this.f28271b.get(str);
        if (objectData != null) {
            try {
                date = objectData.f26239d.B();
            } catch (ParseException unused) {
                date = date3;
            }
            date2 = date;
        } else {
            date2 = date3;
        }
        if (certificateArr != null) {
            try {
                EncryptedPrivateKeyInfo q3 = EncryptedPrivateKeyInfo.q(bArr);
                try {
                    this.f28272c.remove(str);
                    HashMap hashMap = this.f28271b;
                    BigInteger bigInteger = f28268m;
                    org.spongycastle.asn1.x509.Certificate[] certificateArr2 = new org.spongycastle.asn1.x509.Certificate[certificateArr.length];
                    for (int i13 = 0; i13 != certificateArr.length; i13++) {
                        certificateArr2[i13] = org.spongycastle.asn1.x509.Certificate.q(certificateArr[i13].getEncoded());
                    }
                    hashMap.put(str, new ObjectData(bigInteger, str, date2, date3, new EncryptedPrivateKeyData(q3, certificateArr2).n()));
                } catch (Exception e) {
                    throw new ExtKeyStoreException(nl0.b.f(e, b.i("BCFKS KeyStore exception storing protected private key: ")), e);
                }
            } catch (Exception e13) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e13);
            }
        } else {
            try {
                this.f28271b.put(str, new ObjectData(f28269n, str, date2, date3, bArr));
            } catch (Exception e14) {
                throw new ExtKeyStoreException(nl0.b.f(e14, b.i("BCFKS KeyStore exception storing protected private key: ")), e14);
            }
        }
        this.f28275g = date3;
    }

    @Override // java.security.KeyStoreSpi
    public final int engineSize() {
        return this.f28271b.size();
    }

    @Override // java.security.KeyStoreSpi
    public final void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        ObjectData[] objectDataArr = (ObjectData[]) this.f28271b.values().toArray(new ObjectData[this.f28271b.size()]);
        KeyDerivationFunc e = e(32);
        byte[] d13 = d(e, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0]);
        ObjectStoreData objectStoreData = new ObjectStoreData(this.f28273d, this.f28274f, this.f28275g, new ObjectDataSequence(objectDataArr));
        try {
            BouncyCastleProvider bouncyCastleProvider = this.f28270a;
            Cipher cipher = bouncyCastleProvider == null ? Cipher.getInstance(BaseCrypto.SRP_K_SYMETRIC_ALGORITHM) : Cipher.getInstance(BaseCrypto.SRP_K_SYMETRIC_ALGORITHM, bouncyCastleProvider);
            cipher.init(1, new SecretKeySpec(d13, "AES"));
            EncryptedObjectStoreData encryptedObjectStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.R, new PBES2Parameters(e, new EncryptionScheme(NISTObjectIdentifiers.L, CCMParameters.q(cipher.getParameters().getEncoded())))), cipher.doFinal(objectStoreData.n()));
            PBKDF2Params q3 = PBKDF2Params.q(this.e.f26426a.f26650c);
            byte[] bArr = new byte[q3.f26433a.D().length];
            new SecureRandom().nextBytes(bArr);
            ASN1ObjectIdentifier aSN1ObjectIdentifier = this.e.f26426a.f26649a;
            int intValue = q3.f26434c.E().intValue();
            ASN1Integer aSN1Integer = q3.f26435d;
            int intValue2 = (aSN1Integer != null ? aSN1Integer.E() : null).intValue();
            AlgorithmIdentifier algorithmIdentifier = q3.e;
            if (algorithmIdentifier == null) {
                algorithmIdentifier = PBKDF2Params.f26432g;
            }
            this.e = new KeyDerivationFunc(aSN1ObjectIdentifier, new PBKDF2Params(bArr, intValue, intValue2, algorithmIdentifier));
            outputStream.write(new ObjectStore(encryptedObjectStoreData, new ObjectStoreIntegrityCheck(new PbkdMacIntegrityCheck(this.f28273d, this.e, a(encryptedObjectStoreData.n(), this.f28273d, this.e, cArr)))).n());
            outputStream.flush();
        } catch (InvalidKeyException e13) {
            throw new IOException(e13.toString());
        } catch (BadPaddingException e14) {
            throw new IOException(e14.toString());
        } catch (IllegalBlockSizeException e15) {
            throw new IOException(e15.toString());
        } catch (NoSuchPaddingException e16) {
            throw new NoSuchAlgorithmException(e16.toString());
        }
    }
}
