package org.bouncycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import okhttp3.internal.http2.Http2;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.bc.EncryptedObjectStoreData;
import org.bouncycastle.asn1.bc.EncryptedPrivateKeyData;
import org.bouncycastle.asn1.bc.EncryptedSecretKeyData;
import org.bouncycastle.asn1.bc.ObjectData;
import org.bouncycastle.asn1.bc.ObjectDataSequence;
import org.bouncycastle.asn1.bc.ObjectStore;
import org.bouncycastle.asn1.bc.ObjectStoreData;
import org.bouncycastle.asn1.bc.ObjectStoreIntegrityCheck;
import org.bouncycastle.asn1.bc.PbkdMacIntegrityCheck;
import org.bouncycastle.asn1.bc.SecretKeyData;
import org.bouncycastle.asn1.bc.SignatureCheck;
import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.ScryptParams;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.nsri.NSRIObjectIdentifiers;
import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.EncryptionScheme;
import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
import org.bouncycastle.asn1.pkcs.PBES2Parameters;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.generators.SCrypt;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.util.PBKDF2Config;
import org.bouncycastle.crypto.util.PBKDFConfig;
import org.bouncycastle.crypto.util.ScryptConfig;
import org.bouncycastle.internal.asn1.cms.CCMParameters;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import org.bouncycastle.jcajce.BCFKSStoreParameter;
import org.bouncycastle.jcajce.BCLoadStoreParameter;
import org.bouncycastle.jcajce.provider.keystore.util.AdaptingKeyStoreSpi;
import org.bouncycastle.jcajce.provider.keystore.util.ParameterUtil;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.interfaces.ECKey;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;

/* loaded from: classes2.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {

    /* renamed from: l, reason: collision with root package name */
    private static final Map<String, ASN1ObjectIdentifier> f18401l;

    /* renamed from: m, reason: collision with root package name */
    private static final Map<ASN1ObjectIdentifier, String> f18402m;

    /* renamed from: n, reason: collision with root package name */
    private static final BigInteger f18403n;

    /* renamed from: o, reason: collision with root package name */
    private static final BigInteger f18404o;

    /* renamed from: p, reason: collision with root package name */
    private static final BigInteger f18405p;

    /* renamed from: q, reason: collision with root package name */
    private static final BigInteger f18406q;

    /* renamed from: r, reason: collision with root package name */
    private static final BigInteger f18407r;

    /* renamed from: a, reason: collision with root package name */
    private PublicKey f18408a;

    /* renamed from: b, reason: collision with root package name */
    private BCFKSLoadStoreParameter.CertChainValidator f18409b;

    /* renamed from: c, reason: collision with root package name */
    private final JcaJceHelper f18410c;

    /* renamed from: f, reason: collision with root package name */
    private AlgorithmIdentifier f18413f;

    /* renamed from: g, reason: collision with root package name */
    private KeyDerivationFunc f18414g;

    /* renamed from: h, reason: collision with root package name */
    private AlgorithmIdentifier f18415h;

    /* renamed from: i, reason: collision with root package name */
    private Date f18416i;

    /* renamed from: j, reason: collision with root package name */
    private Date f18417j;

    /* renamed from: d, reason: collision with root package name */
    private final Map<String, ObjectData> f18411d = new HashMap();

    /* renamed from: e, reason: collision with root package name */
    private final Map<String, PrivateKey> f18412e = new HashMap();

    /* renamed from: k, reason: collision with root package name */
    private ASN1ObjectIdentifier f18418k = NISTObjectIdentifiers.R;

    /* loaded from: classes2.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new DefaultJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class DefCompat extends AdaptingKeyStoreSpi {
        public DefCompat() {
            super(new DefaultJcaJceHelper(), new BcFKSKeyStoreSpi(new DefaultJcaJceHelper()));
        }
    }

    /* loaded from: classes2.dex */
    public static class DefShared extends c {
        public DefShared() {
            super(new DefaultJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class DefSharedCompat extends AdaptingKeyStoreSpi {
        public DefSharedCompat() {
            super(new DefaultJcaJceHelper(), new BcFKSKeyStoreSpi(new DefaultJcaJceHelper()));
        }
    }

    /* loaded from: classes2.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BCJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class StdCompat extends AdaptingKeyStoreSpi {
        public StdCompat() {
            super(new DefaultJcaJceHelper(), new BcFKSKeyStoreSpi(new BCJcaJceHelper()));
        }
    }

    /* loaded from: classes2.dex */
    public static class StdShared extends c {
        public StdShared() {
            super(new BCJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class StdSharedCompat extends AdaptingKeyStoreSpi {
        public StdSharedCompat() {
            super(new BCJcaJceHelper(), new BcFKSKeyStoreSpi(new BCJcaJceHelper()));
        }
    }

    /* loaded from: classes2.dex */
    class a implements Enumeration {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ Iterator f18419a;

        a(BcFKSKeyStoreSpi bcFKSKeyStoreSpi, Iterator it) {
            this.f18419a = it;
        }

        @Override // java.util.Enumeration
        public boolean hasMoreElements() {
            return this.f18419a.hasNext();
        }

        @Override // java.util.Enumeration
        public Object nextElement() {
            return this.f18419a.next();
        }
    }

    /* loaded from: classes2.dex */
    private static class b extends KeyStoreException {

        /* renamed from: a, reason: collision with root package name */
        private final Throwable f18420a;

        b(String str, Throwable th) {
            super(str);
            this.f18420a = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.f18420a;
        }
    }

    /* loaded from: classes2.dex */
    private static class c extends BcFKSKeyStoreSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers {

        /* renamed from: s, reason: collision with root package name */
        private final Map<String, byte[]> f18421s;

        /* renamed from: t, reason: collision with root package name */
        private final byte[] f18422t;

        public c(JcaJceHelper jcaJceHelper) {
            super(jcaJceHelper);
            try {
                byte[] bArr = new byte[32];
                this.f18422t = bArr;
                jcaJceHelper.b("DEFAULT").nextBytes(bArr);
                this.f18421s = new HashMap();
            } catch (GeneralSecurityException e7) {
                throw new IllegalArgumentException("can't create random - " + e7.toString());
            }
        }

        private byte[] r(String str, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException {
            return SCrypt.i(cArr != null ? Arrays.r(Strings.j(cArr), Strings.i(str)) : Arrays.r(this.f18422t, Strings.i(str)), this.f18422t, Http2.INITIAL_MAX_FRAME_SIZE, 8, 1, 32);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) throws KeyStoreException {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            try {
                byte[] r6 = r(str, cArr);
                if (!this.f18421s.containsKey(str) || Arrays.y(this.f18421s.get(str), r6)) {
                    Key engineGetKey = super.engineGetKey(str, cArr);
                    if (engineGetKey != null && !this.f18421s.containsKey(str)) {
                        this.f18421s.put(str, r6);
                    }
                    return engineGetKey;
                }
                throw new UnrecoverableKeyException("unable to recover key (" + str + ")");
            } catch (InvalidKeyException e7) {
                throw new UnrecoverableKeyException("unable to recover key (" + str + "): " + e7.getMessage());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    static {
        HashMap hashMap = new HashMap();
        f18401l = hashMap;
        HashMap hashMap2 = new HashMap();
        f18402m = hashMap2;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = OIWObjectIdentifiers.f15010h;
        hashMap.put("DESEDE", aSN1ObjectIdentifier);
        hashMap.put("TRIPLEDES", aSN1ObjectIdentifier);
        hashMap.put("TDEA", aSN1ObjectIdentifier);
        hashMap.put("HMACSHA1", PKCSObjectIdentifiers.f15106x0);
        hashMap.put("HMACSHA224", PKCSObjectIdentifiers.f15108y0);
        hashMap.put("HMACSHA256", PKCSObjectIdentifiers.f15110z0);
        hashMap.put("HMACSHA384", PKCSObjectIdentifiers.A0);
        hashMap.put("HMACSHA512", PKCSObjectIdentifiers.B0);
        hashMap.put("SEED", KISAObjectIdentifiers.f14826a);
        hashMap.put("CAMELLIA.128", NTTObjectIdentifiers.f14940a);
        hashMap.put("CAMELLIA.192", NTTObjectIdentifiers.f14941b);
        hashMap.put("CAMELLIA.256", NTTObjectIdentifiers.f14942c);
        hashMap.put("ARIA.128", NSRIObjectIdentifiers.f14918e);
        hashMap.put("ARIA.192", NSRIObjectIdentifiers.f14922i);
        hashMap.put("ARIA.256", NSRIObjectIdentifiers.f14926m);
        hashMap2.put(PKCSObjectIdentifiers.P, "RSA");
        hashMap2.put(X9ObjectIdentifiers.R1, "EC");
        hashMap2.put(OIWObjectIdentifiers.f15014l, "DH");
        hashMap2.put(PKCSObjectIdentifiers.f15070f0, "DH");
        hashMap2.put(X9ObjectIdentifiers.f15782x2, "DSA");
        f18403n = BigInteger.valueOf(0L);
        f18404o = BigInteger.valueOf(1L);
        f18405p = BigInteger.valueOf(2L);
        f18406q = BigInteger.valueOf(3L);
        f18407r = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(JcaJceHelper jcaJceHelper) {
        this.f18410c = jcaJceHelper;
    }

    private byte[] a(byte[] bArr, AlgorithmIdentifier algorithmIdentifier, KeyDerivationFunc keyDerivationFunc, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String x6 = algorithmIdentifier.i().x();
        Mac e7 = this.f18410c.e(x6);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            e7.init(new SecretKeySpec(g(keyDerivationFunc, "INTEGRITY_CHECK", cArr, -1), x6));
            return e7.doFinal(bArr);
        } catch (InvalidKeyException e8) {
            throw new IOException("Cannot set up MAC calculation: " + e8.getMessage());
        }
    }

    private Cipher b(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher d7 = this.f18410c.d(str);
        d7.init(1, new SecretKeySpec(bArr, "AES"));
        return d7;
    }

    private EncryptedPrivateKeyData c(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, Certificate[] certificateArr) throws CertificateEncodingException {
        org.bouncycastle.asn1.x509.Certificate[] certificateArr2 = new org.bouncycastle.asn1.x509.Certificate[certificateArr.length];
        for (int i7 = 0; i7 != certificateArr.length; i7++) {
            certificateArr2[i7] = org.bouncycastle.asn1.x509.Certificate.j(certificateArr[i7].getEncoded());
        }
        return new EncryptedPrivateKeyData(encryptedPrivateKeyInfo, certificateArr2);
    }

    private Certificate d(Object obj) {
        JcaJceHelper jcaJceHelper = this.f18410c;
        if (jcaJceHelper != null) {
            try {
                return jcaJceHelper.f("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.Certificate.j(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.Certificate.j(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] e(String str, AlgorithmIdentifier algorithmIdentifier, char[] cArr, byte[] bArr) throws IOException {
        Cipher d7;
        AlgorithmParameters algorithmParameters;
        if (!algorithmIdentifier.i().o(PKCSObjectIdentifiers.f15086n0)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        PBES2Parameters j7 = PBES2Parameters.j(algorithmIdentifier.l());
        EncryptionScheme i7 = j7.i();
        try {
            if (i7.i().o(NISTObjectIdentifiers.R)) {
                d7 = this.f18410c.d("AES/CCM/NoPadding");
                algorithmParameters = this.f18410c.g("CCM");
                algorithmParameters.init(CCMParameters.j(i7.k()).getEncoded());
            } else {
                if (!i7.i().o(NISTObjectIdentifiers.S)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                d7 = this.f18410c.d("AESKWP");
                algorithmParameters = null;
            }
            KeyDerivationFunc k7 = j7.k();
            if (cArr == null) {
                cArr = new char[0];
            }
            d7.init(2, new SecretKeySpec(g(k7, str, cArr, 32), "AES"), algorithmParameters);
            return d7.doFinal(bArr);
        } catch (IOException e7) {
            throw e7;
        } catch (Exception e8) {
            throw new IOException(e8.toString());
        }
    }

    private Date f(ObjectData objectData, Date date) {
        try {
            return objectData.i().w();
        } catch (ParseException unused) {
            return date;
        }
    }

    private byte[] g(KeyDerivationFunc keyDerivationFunc, String str, char[] cArr, int i7) throws IOException {
        byte[] a7 = PBEParametersGenerator.a(cArr);
        byte[] a8 = PBEParametersGenerator.a(str.toCharArray());
        if (MiscObjectIdentifiers.f14860y.o(keyDerivationFunc.i())) {
            ScryptParams k7 = ScryptParams.k(keyDerivationFunc.k());
            if (k7.l() != null) {
                i7 = k7.l().intValue();
            } else if (i7 == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return SCrypt.i(Arrays.r(a7, a8), k7.n(), k7.j().intValue(), k7.i().intValue(), k7.i().intValue(), i7);
        }
        if (!keyDerivationFunc.i().o(PKCSObjectIdentifiers.f15088o0)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        PBKDF2Params i8 = PBKDF2Params.i(keyDerivationFunc.k());
        if (i8.k() != null) {
            i7 = i8.k().intValue();
        } else if (i7 == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (i8.l().i().o(PKCSObjectIdentifiers.B0)) {
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA512Digest());
            pKCS5S2ParametersGenerator.g(Arrays.r(a7, a8), i8.m(), i8.j().intValue());
            return ((KeyParameter) pKCS5S2ParametersGenerator.e(i7 * 8)).a();
        }
        if (i8.l().i().o(NISTObjectIdentifiers.f14905r)) {
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator2 = new PKCS5S2ParametersGenerator(new SHA3Digest(512));
            pKCS5S2ParametersGenerator2.g(Arrays.r(a7, a8), i8.m(), i8.j().intValue());
            return ((KeyParameter) pKCS5S2ParametersGenerator2.e(i7 * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + i8.l().i());
    }

    private KeyDerivationFunc h(ASN1ObjectIdentifier aSN1ObjectIdentifier, int i7) {
        byte[] bArr = new byte[64];
        l().nextBytes(bArr);
        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = PKCSObjectIdentifiers.f15088o0;
        if (aSN1ObjectIdentifier2.o(aSN1ObjectIdentifier)) {
            return new KeyDerivationFunc(aSN1ObjectIdentifier2, new PBKDF2Params(bArr, 51200, i7, new AlgorithmIdentifier(PKCSObjectIdentifiers.B0, DERNull.f14004b)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + aSN1ObjectIdentifier);
    }

    private KeyDerivationFunc i(KeyDerivationFunc keyDerivationFunc, int i7) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = MiscObjectIdentifiers.f14860y;
        boolean o6 = aSN1ObjectIdentifier.o(keyDerivationFunc.i());
        ASN1Encodable k7 = keyDerivationFunc.k();
        if (o6) {
            ScryptParams k8 = ScryptParams.k(k7);
            byte[] bArr = new byte[k8.n().length];
            l().nextBytes(bArr);
            return new KeyDerivationFunc(aSN1ObjectIdentifier, new ScryptParams(bArr, k8.j(), k8.i(), k8.m(), BigInteger.valueOf(i7)));
        }
        PBKDF2Params i8 = PBKDF2Params.i(k7);
        byte[] bArr2 = new byte[i8.m().length];
        l().nextBytes(bArr2);
        return new KeyDerivationFunc(PKCSObjectIdentifiers.f15088o0, new PBKDF2Params(bArr2, i8.j().intValue(), i7, i8.l()));
    }

    private KeyDerivationFunc j(PBKDFConfig pBKDFConfig, int i7) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = MiscObjectIdentifiers.f14860y;
        if (aSN1ObjectIdentifier.o(pBKDFConfig.a())) {
            ScryptConfig scryptConfig = (ScryptConfig) pBKDFConfig;
            byte[] bArr = new byte[scryptConfig.e()];
            l().nextBytes(bArr);
            return new KeyDerivationFunc(aSN1ObjectIdentifier, new ScryptParams(bArr, scryptConfig.c(), scryptConfig.b(), scryptConfig.d(), i7));
        }
        PBKDF2Config pBKDF2Config = (PBKDF2Config) pBKDFConfig;
        byte[] bArr2 = new byte[pBKDF2Config.d()];
        l().nextBytes(bArr2);
        return new KeyDerivationFunc(PKCSObjectIdentifiers.f15088o0, new PBKDF2Params(bArr2, pBKDF2Config.b(), i7, pBKDF2Config.c()));
    }

    private AlgorithmIdentifier k(Key key, BCFKSLoadStoreParameter.SignatureAlgorithm signatureAlgorithm) throws IOException {
        if (key == null) {
            return null;
        }
        if (key instanceof ECKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA) {
                return new AlgorithmIdentifier(X9ObjectIdentifiers.W1);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withECDSA) {
                return new AlgorithmIdentifier(NISTObjectIdentifiers.f14889f0);
            }
        }
        if (key instanceof DSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA) {
                return new AlgorithmIdentifier(NISTObjectIdentifiers.X);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withDSA) {
                return new AlgorithmIdentifier(NISTObjectIdentifiers.f14881b0);
            }
        }
        if (key instanceof RSAKey) {
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA) {
                return new AlgorithmIdentifier(PKCSObjectIdentifiers.f15060a0, DERNull.f14004b);
            }
            if (signatureAlgorithm == BCFKSLoadStoreParameter.SignatureAlgorithm.SHA3_512withRSA) {
                return new AlgorithmIdentifier(NISTObjectIdentifiers.f14897j0, DERNull.f14004b);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private SecureRandom l() {
        return CryptoServicesRegistrar.b();
    }

    private EncryptedObjectStoreData m(AlgorithmIdentifier algorithmIdentifier, char[] cArr) throws IOException, NoSuchAlgorithmException {
        ObjectData[] objectDataArr = (ObjectData[]) this.f18411d.values().toArray(new ObjectData[this.f18411d.size()]);
        KeyDerivationFunc i7 = i(this.f18414g, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] g7 = g(i7, "STORE_ENCRYPTION", cArr, 32);
        ObjectStoreData objectStoreData = new ObjectStoreData(algorithmIdentifier, this.f18416i, this.f18417j, new ObjectDataSequence(objectDataArr), null);
        try {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = this.f18418k;
            ASN1ObjectIdentifier aSN1ObjectIdentifier2 = NISTObjectIdentifiers.R;
            if (!aSN1ObjectIdentifier.o(aSN1ObjectIdentifier2)) {
                return new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.f15086n0, new PBES2Parameters(i7, new EncryptionScheme(NISTObjectIdentifiers.S))), b("AESKWP", g7).doFinal(objectStoreData.getEncoded()));
            }
            Cipher b7 = b("AES/CCM/NoPadding", g7);
            return new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.f15086n0, new PBES2Parameters(i7, new EncryptionScheme(aSN1ObjectIdentifier2, CCMParameters.j(b7.getParameters().getEncoded())))), b7.doFinal(objectStoreData.getEncoded()));
        } catch (InvalidKeyException e7) {
            throw new IOException(e7.toString());
        } catch (NoSuchProviderException e8) {
            throw new IOException(e8.toString());
        } catch (BadPaddingException e9) {
            throw new IOException(e9.toString());
        } catch (IllegalBlockSizeException e10) {
            throw new IOException(e10.toString());
        } catch (NoSuchPaddingException e11) {
            throw new NoSuchAlgorithmException(e11.toString());
        }
    }

    private static String n(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        String str = f18402m.get(aSN1ObjectIdentifier);
        return str != null ? str : aSN1ObjectIdentifier.x();
    }

    private boolean o(PBKDFConfig pBKDFConfig, KeyDerivationFunc keyDerivationFunc) {
        if (!pBKDFConfig.a().o(keyDerivationFunc.i())) {
            return false;
        }
        if (MiscObjectIdentifiers.f14860y.o(keyDerivationFunc.i())) {
            if (!(pBKDFConfig instanceof ScryptConfig)) {
                return false;
            }
            ScryptConfig scryptConfig = (ScryptConfig) pBKDFConfig;
            ScryptParams k7 = ScryptParams.k(keyDerivationFunc.k());
            return scryptConfig.e() == k7.n().length && scryptConfig.b() == k7.i().intValue() && scryptConfig.c() == k7.j().intValue() && scryptConfig.d() == k7.m().intValue();
        }
        if (!(pBKDFConfig instanceof PBKDF2Config)) {
            return false;
        }
        PBKDF2Config pBKDF2Config = (PBKDF2Config) pBKDFConfig;
        PBKDF2Params i7 = PBKDF2Params.i(keyDerivationFunc.k());
        return pBKDF2Config.d() == i7.m().length && pBKDF2Config.b() == i7.j().intValue();
    }

    private void p(byte[] bArr, PbkdMacIntegrityCheck pbkdMacIntegrityCheck, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (!Arrays.y(a(bArr, pbkdMacIntegrityCheck.k(), pbkdMacIntegrityCheck.l(), cArr), pbkdMacIntegrityCheck.j())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private void q(ASN1Encodable aSN1Encodable, SignatureCheck signatureCheck, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature a7 = this.f18410c.a(signatureCheck.l().i().x());
        a7.initVerify(publicKey);
        a7.update(aSN1Encodable.b().h("DER"));
        if (!a7.verify(signatureCheck.k().x())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return new a(this, new HashSet(this.f18411d.keySet()).iterator());
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        Objects.requireNonNull(str, "alias value is null");
        return this.f18411d.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.f18411d.get(str) == null) {
            return;
        }
        this.f18412e.remove(str);
        this.f18411d.remove(str);
        this.f18417j = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        ObjectData objectData = this.f18411d.get(str);
        if (objectData == null) {
            return null;
        }
        if (objectData.getType().equals(f18404o) || objectData.getType().equals(f18406q)) {
            return d(EncryptedPrivateKeyData.k(objectData.j()).i()[0]);
        }
        if (objectData.getType().equals(f18403n)) {
            return d(objectData.j());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.f18411d.keySet()) {
                ObjectData objectData = this.f18411d.get(str);
                if (objectData.getType().equals(f18403n)) {
                    if (Arrays.c(objectData.j(), encoded)) {
                        return str;
                    }
                } else if (objectData.getType().equals(f18404o) || objectData.getType().equals(f18406q)) {
                    try {
                        if (Arrays.c(EncryptedPrivateKeyData.k(objectData.j()).i()[0].b().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        ObjectData objectData = this.f18411d.get(str);
        if (objectData == null) {
            return null;
        }
        if (!objectData.getType().equals(f18404o) && !objectData.getType().equals(f18406q)) {
            return null;
        }
        org.bouncycastle.asn1.x509.Certificate[] i7 = EncryptedPrivateKeyData.k(objectData.j()).i();
        int length = i7.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i8 = 0; i8 != length; i8++) {
            x509CertificateArr[i8] = d(i7[i8]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        ObjectData objectData = this.f18411d.get(str);
        if (objectData == null) {
            return null;
        }
        try {
            return objectData.l().w();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        ObjectData objectData = this.f18411d.get(str);
        if (objectData == null) {
            return null;
        }
        if (objectData.getType().equals(f18404o) || objectData.getType().equals(f18406q)) {
            PrivateKey privateKey = this.f18412e.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            EncryptedPrivateKeyInfo k7 = EncryptedPrivateKeyInfo.k(EncryptedPrivateKeyData.k(objectData.j()).j());
            try {
                PrivateKeyInfo j7 = PrivateKeyInfo.j(e("PRIVATE_KEY_ENCRYPTION", k7.j(), cArr, k7.i()));
                PrivateKey generatePrivate = this.f18410c.j(n(j7.l().i())).generatePrivate(new PKCS8EncodedKeySpec(j7.getEncoded()));
                this.f18412e.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e7) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e7.getMessage());
            }
        }
        if (!objectData.getType().equals(f18405p) && !objectData.getType().equals(f18407r)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        EncryptedSecretKeyData j8 = EncryptedSecretKeyData.j(objectData.j());
        try {
            SecretKeyData i7 = SecretKeyData.i(e("SECRET_KEY_ENCRYPTION", j8.k(), cArr, j8.i()));
            return this.f18410c.h(i7.j().x()).generateSecret(new SecretKeySpec(i7.k(), i7.j().x()));
        } catch (Exception e8) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e8.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        ObjectData objectData = this.f18411d.get(str);
        if (objectData != null) {
            return objectData.getType().equals(f18403n);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        ObjectData objectData = this.f18411d.get(str);
        if (objectData == null) {
            return false;
        }
        BigInteger type = objectData.getType();
        return type.equals(f18404o) || type.equals(f18405p) || type.equals(f18406q) || type.equals(f18407r);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        AlgorithmIdentifier l7;
        ASN1Encodable k7;
        PublicKey publicKey;
        ObjectStoreData j7;
        this.f18411d.clear();
        this.f18412e.clear();
        this.f18416i = null;
        this.f18417j = null;
        this.f18413f = null;
        if (inputStream == null) {
            Date date = new Date();
            this.f18416i = date;
            this.f18417j = date;
            this.f18408a = null;
            this.f18409b = null;
            this.f18413f = new AlgorithmIdentifier(PKCSObjectIdentifiers.B0, DERNull.f14004b);
            this.f18414g = h(PKCSObjectIdentifiers.f15088o0, 64);
            return;
        }
        try {
            ObjectStore i7 = ObjectStore.i(new ASN1InputStream(inputStream).B());
            ObjectStoreIntegrityCheck j8 = i7.j();
            if (j8.getType() == 0) {
                PbkdMacIntegrityCheck i8 = PbkdMacIntegrityCheck.i(j8.j());
                this.f18413f = i8.k();
                this.f18414g = i8.l();
                l7 = this.f18413f;
                try {
                    p(i7.k().b().getEncoded(), i8, cArr);
                } catch (NoSuchProviderException e7) {
                    throw new IOException(e7.getMessage());
                }
            } else {
                if (j8.getType() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                SignatureCheck j9 = SignatureCheck.j(j8.j());
                l7 = j9.l();
                try {
                    org.bouncycastle.asn1.x509.Certificate[] i9 = j9.i();
                    if (this.f18409b == null) {
                        k7 = i7.k();
                        publicKey = this.f18408a;
                    } else {
                        if (i9 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory f7 = this.f18410c.f("X.509");
                        int length = i9.length;
                        X509Certificate[] x509CertificateArr = new X509Certificate[length];
                        for (int i10 = 0; i10 != length; i10++) {
                            x509CertificateArr[i10] = (X509Certificate) f7.generateCertificate(new ByteArrayInputStream(i9[i10].getEncoded()));
                        }
                        if (!this.f18409b.a(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        k7 = i7.k();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    q(k7, j9, publicKey);
                } catch (GeneralSecurityException e8) {
                    throw new IOException("error verifying signature: " + e8.getMessage(), e8);
                }
            }
            ASN1Encodable k8 = i7.k();
            if (k8 instanceof EncryptedObjectStoreData) {
                EncryptedObjectStoreData encryptedObjectStoreData = (EncryptedObjectStoreData) k8;
                j7 = ObjectStoreData.j(e("STORE_ENCRYPTION", encryptedObjectStoreData.j(), cArr, encryptedObjectStoreData.i().v()));
            } else {
                j7 = ObjectStoreData.j(k8);
            }
            try {
                this.f18416i = j7.i().w();
                this.f18417j = j7.l().w();
                if (!j7.k().equals(l7)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<ASN1Encodable> it = j7.m().iterator();
                while (it.hasNext()) {
                    ObjectData k9 = ObjectData.k(it.next());
                    this.f18411d.put(k9.getIdentifier(), k9);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e9) {
            throw new IOException(e9.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            engineLoad(null, null);
            return;
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineLoad(((BCLoadStoreParameter) loadStoreParameter).a(), ParameterUtil.a(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        char[] a7 = ParameterUtil.a(bCFKSLoadStoreParameter);
        this.f18414g = j(bCFKSLoadStoreParameter.g(), 64);
        this.f18418k = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? NISTObjectIdentifiers.R : NISTObjectIdentifiers.S;
        this.f18413f = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new AlgorithmIdentifier(PKCSObjectIdentifiers.B0, DERNull.f14004b) : new AlgorithmIdentifier(NISTObjectIdentifiers.f14905r, DERNull.f14004b);
        this.f18408a = (PublicKey) bCFKSLoadStoreParameter.i();
        this.f18409b = bCFKSLoadStoreParameter.c();
        this.f18415h = k(this.f18408a, bCFKSLoadStoreParameter.h());
        ASN1ObjectIdentifier aSN1ObjectIdentifier = this.f18418k;
        InputStream a8 = bCFKSLoadStoreParameter.a();
        engineLoad(a8, a7);
        if (a8 != null) {
            if (!o(bCFKSLoadStoreParameter.g(), this.f18414g) || !aSN1ObjectIdentifier.o(this.f18418k)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        ObjectData objectData = this.f18411d.get(str);
        Date date2 = new Date();
        if (objectData == null) {
            date = date2;
        } else {
            if (!objectData.getType().equals(f18403n)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = f(objectData, date2);
        }
        try {
            this.f18411d.put(str, new ObjectData(f18403n, str, date, date2, certificate.getEncoded(), null));
            this.f18417j = date2;
        } catch (CertificateEncodingException e7) {
            throw new b("BCFKS KeyStore unable to handle certificate: " + e7.getMessage(), e7);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        SecretKeyData secretKeyData;
        EncryptedSecretKeyData encryptedSecretKeyData;
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo;
        Date date = new Date();
        ObjectData objectData = this.f18411d.get(str);
        Date f7 = objectData != null ? f(objectData, date) : date;
        this.f18412e.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                KeyDerivationFunc h7 = h(PKCSObjectIdentifiers.f15088o0, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] g7 = g(h7, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                ASN1ObjectIdentifier aSN1ObjectIdentifier = this.f18418k;
                ASN1ObjectIdentifier aSN1ObjectIdentifier2 = NISTObjectIdentifiers.R;
                if (aSN1ObjectIdentifier.o(aSN1ObjectIdentifier2)) {
                    Cipher b7 = b("AES/CCM/NoPadding", g7);
                    encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.f15086n0, new PBES2Parameters(h7, new EncryptionScheme(aSN1ObjectIdentifier2, CCMParameters.j(b7.getParameters().getEncoded())))), b7.doFinal(encoded));
                } else {
                    encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.f15086n0, new PBES2Parameters(h7, new EncryptionScheme(NISTObjectIdentifiers.S))), b("AESKWP", g7).doFinal(encoded));
                }
                this.f18411d.put(str, new ObjectData(f18404o, str, f7, date, c(encryptedPrivateKeyInfo, certificateArr).getEncoded(), null));
            } catch (Exception e7) {
                throw new b("BCFKS KeyStore exception storing private key: " + e7.toString(), e7);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                KeyDerivationFunc h8 = h(PKCSObjectIdentifiers.f15088o0, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] g8 = g(h8, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String k7 = Strings.k(key.getAlgorithm());
                if (k7.indexOf("AES") > -1) {
                    secretKeyData = new SecretKeyData(NISTObjectIdentifiers.f14908u, encoded2);
                } else {
                    Map<String, ASN1ObjectIdentifier> map = f18401l;
                    ASN1ObjectIdentifier aSN1ObjectIdentifier3 = map.get(k7);
                    if (aSN1ObjectIdentifier3 != null) {
                        secretKeyData = new SecretKeyData(aSN1ObjectIdentifier3, encoded2);
                    } else {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier4 = map.get(k7 + "." + (encoded2.length * 8));
                        if (aSN1ObjectIdentifier4 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + k7 + ") for storage.");
                        }
                        secretKeyData = new SecretKeyData(aSN1ObjectIdentifier4, encoded2);
                    }
                }
                ASN1ObjectIdentifier aSN1ObjectIdentifier5 = this.f18418k;
                ASN1ObjectIdentifier aSN1ObjectIdentifier6 = NISTObjectIdentifiers.R;
                if (aSN1ObjectIdentifier5.o(aSN1ObjectIdentifier6)) {
                    Cipher b8 = b("AES/CCM/NoPadding", g8);
                    encryptedSecretKeyData = new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.f15086n0, new PBES2Parameters(h8, new EncryptionScheme(aSN1ObjectIdentifier6, CCMParameters.j(b8.getParameters().getEncoded())))), b8.doFinal(secretKeyData.getEncoded()));
                } else {
                    encryptedSecretKeyData = new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.f15086n0, new PBES2Parameters(h8, new EncryptionScheme(NISTObjectIdentifiers.S))), b("AESKWP", g8).doFinal(secretKeyData.getEncoded()));
                }
                this.f18411d.put(str, new ObjectData(f18405p, str, f7, date, encryptedSecretKeyData.getEncoded(), null));
            } catch (Exception e8) {
                throw new b("BCFKS KeyStore exception storing private key: " + e8.toString(), e8);
            }
        }
        this.f18417j = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        ObjectData objectData = this.f18411d.get(str);
        Date f7 = objectData != null ? f(objectData, date) : date;
        if (certificateArr != null) {
            try {
                EncryptedPrivateKeyInfo k7 = EncryptedPrivateKeyInfo.k(bArr);
                try {
                    this.f18412e.remove(str);
                    this.f18411d.put(str, new ObjectData(f18406q, str, f7, date, c(k7, certificateArr).getEncoded(), null));
                } catch (Exception e7) {
                    throw new b("BCFKS KeyStore exception storing protected private key: " + e7.toString(), e7);
                }
            } catch (Exception e8) {
                throw new b("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e8);
            }
        } else {
            try {
                this.f18411d.put(str, new ObjectData(f18407r, str, f7, date, bArr, null));
            } catch (Exception e9) {
                throw new b("BCFKS KeyStore exception storing protected private key: " + e9.toString(), e9);
            }
        }
        this.f18417j = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.f18411d.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        KeyDerivationFunc keyDerivationFunc;
        BigInteger k7;
        if (this.f18416i == null) {
            throw new IOException("KeyStore not initialized");
        }
        EncryptedObjectStoreData m7 = m(this.f18413f, cArr);
        if (MiscObjectIdentifiers.f14860y.o(this.f18414g.i())) {
            ScryptParams k8 = ScryptParams.k(this.f18414g.k());
            keyDerivationFunc = this.f18414g;
            k7 = k8.l();
        } else {
            PBKDF2Params i7 = PBKDF2Params.i(this.f18414g.k());
            keyDerivationFunc = this.f18414g;
            k7 = i7.k();
        }
        this.f18414g = i(keyDerivationFunc, k7.intValue());
        try {
            outputStream.write(new ObjectStore(m7, new ObjectStoreIntegrityCheck(new PbkdMacIntegrityCheck(this.f18413f, this.f18414g, a(m7.getEncoded(), this.f18413f, this.f18414g, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e7) {
            throw new IOException("cannot calculate mac: " + e7.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        SignatureCheck signatureCheck;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof BCFKSStoreParameter) {
            BCFKSStoreParameter bCFKSStoreParameter = (BCFKSStoreParameter) loadStoreParameter;
            char[] a7 = ParameterUtil.a(loadStoreParameter);
            this.f18414g = j(bCFKSStoreParameter.b(), 64);
            engineStore(bCFKSStoreParameter.a(), a7);
            return;
        }
        if (!(loadStoreParameter instanceof BCFKSLoadStoreParameter)) {
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineStore(((BCLoadStoreParameter) loadStoreParameter).b(), ParameterUtil.a(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSLoadStoreParameter bCFKSLoadStoreParameter = (BCFKSLoadStoreParameter) loadStoreParameter;
        if (bCFKSLoadStoreParameter.i() == null) {
            char[] a8 = ParameterUtil.a(bCFKSLoadStoreParameter);
            this.f18414g = j(bCFKSLoadStoreParameter.g(), 64);
            this.f18418k = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? NISTObjectIdentifiers.R : NISTObjectIdentifiers.S;
            this.f18413f = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new AlgorithmIdentifier(PKCSObjectIdentifiers.B0, DERNull.f14004b) : new AlgorithmIdentifier(NISTObjectIdentifiers.f14905r, DERNull.f14004b);
            engineStore(bCFKSLoadStoreParameter.b(), a8);
            return;
        }
        this.f18415h = k(bCFKSLoadStoreParameter.i(), bCFKSLoadStoreParameter.h());
        this.f18414g = j(bCFKSLoadStoreParameter.g(), 64);
        this.f18418k = bCFKSLoadStoreParameter.e() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM ? NISTObjectIdentifiers.R : NISTObjectIdentifiers.S;
        this.f18413f = bCFKSLoadStoreParameter.f() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512 ? new AlgorithmIdentifier(PKCSObjectIdentifiers.B0, DERNull.f14004b) : new AlgorithmIdentifier(NISTObjectIdentifiers.f14905r, DERNull.f14004b);
        EncryptedObjectStoreData m7 = m(this.f18415h, ParameterUtil.a(bCFKSLoadStoreParameter));
        try {
            Signature a9 = this.f18410c.a(this.f18415h.i().x());
            a9.initSign((PrivateKey) bCFKSLoadStoreParameter.i());
            a9.update(m7.getEncoded());
            X509Certificate[] d7 = bCFKSLoadStoreParameter.d();
            if (d7 != null) {
                int length = d7.length;
                org.bouncycastle.asn1.x509.Certificate[] certificateArr = new org.bouncycastle.asn1.x509.Certificate[length];
                for (int i7 = 0; i7 != length; i7++) {
                    certificateArr[i7] = org.bouncycastle.asn1.x509.Certificate.j(d7[i7].getEncoded());
                }
                signatureCheck = new SignatureCheck(this.f18415h, certificateArr, a9.sign());
            } else {
                signatureCheck = new SignatureCheck(this.f18415h, a9.sign());
            }
            bCFKSLoadStoreParameter.b().write(new ObjectStore(m7, new ObjectStoreIntegrityCheck(signatureCheck)).getEncoded());
            bCFKSLoadStoreParameter.b().flush();
        } catch (GeneralSecurityException e7) {
            throw new IOException("error creating signature: " + e7.getMessage(), e7);
        }
    }
}
