package defpackage;

import cn.egame.terminal.sdk.pay.tv.entrance.EgameTvPay;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.bouncycastle.jcajce.BCFKSStoreParameter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes2.dex */
class ddi extends KeyStoreSpi {
    private static final Map<String, axf> a = new HashMap();
    private static final Map<axf, String> b = new HashMap();
    private static final BigInteger c;
    private static final BigInteger d;
    private static final BigInteger e;
    private static final BigInteger f;
    private static final BigInteger g;
    private final BouncyCastleProvider h;
    private final Map<String, bao> i = new HashMap();
    private final Map<String, PrivateKey> j = new HashMap();
    private bom k;
    private bmf l;
    private Date m;
    private Date n;

    /* loaded from: classes2.dex */
    public static class a extends ddi {
        public a() {
            super(null);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class b extends KeyStoreException {
        private final Throwable a;

        b(String str, Throwable th) {
            super(str);
            this.a = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.a;
        }
    }

    /* loaded from: classes2.dex */
    public static class c extends ddi {
        public c() {
            super(new BouncyCastleProvider());
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }

        @Override // defpackage.ddi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
            super.engineStore(loadStoreParameter);
        }
    }

    static {
        a.put("DESEDE", bls.h);
        a.put("TRIPLEDES", bls.h);
        a.put("TDEA", bls.h);
        a.put("HMACSHA1", bml.K);
        a.put("HMACSHA224", bml.L);
        a.put("HMACSHA256", bml.M);
        a.put("HMACSHA384", bml.N);
        a.put("HMACSHA512", bml.O);
        b.put(bml.ai_, cn.egame.terminal.sdk.pay.tv.b.b.e);
        b.put(bsm.k, "EC");
        b.put(bls.l, "DH");
        b.put(bml.s, "DH");
        b.put(bsm.U, "DSA");
        c = BigInteger.valueOf(0L);
        d = BigInteger.valueOf(1L);
        e = BigInteger.valueOf(2L);
        f = BigInteger.valueOf(3L);
        g = BigInteger.valueOf(4L);
    }

    ddi(BouncyCastleProvider bouncyCastleProvider) {
        this.h = bouncyCastleProvider;
    }

    private bam a(bmc bmcVar, Certificate[] certificateArr) throws CertificateEncodingException {
        boz[] bozVarArr = new boz[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            bozVarArr[i] = boz.a(certificateArr[i].getEncoded());
        }
        return new bam(bmcVar, bozVarArr);
    }

    private bmf a(axf axfVar, int i) {
        byte[] bArr = new byte[64];
        a().nextBytes(bArr);
        if (bml.B.equals(axfVar)) {
            return new bmf(bml.B, new bmj(bArr, EgameTvPay.BUFFER_SIZE, i, new bom(bml.O, aza.a)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + axfVar);
    }

    private bmf a(bmf bmfVar, int i) {
        if (bkp.L.equals(bmfVar.a())) {
            bks a2 = bks.a(bmfVar.b());
            byte[] bArr = new byte[a2.a().length];
            a().nextBytes(bArr);
            return new bmf(bkp.L, new bks(bArr, a2.b(), a2.c(), a2.d(), BigInteger.valueOf(i)));
        }
        bmj a3 = bmj.a(bmfVar.b());
        byte[] bArr2 = new byte[a3.a().length];
        a().nextBytes(bArr2);
        return new bmf(bml.B, new bmj(bArr2, a3.b().intValue(), i, a3.e()));
    }

    private bmf a(cxo cxoVar, int i) {
        if (!bkp.L.equals(cxoVar.d())) {
            cxn cxnVar = (cxn) cxoVar;
            byte[] bArr = new byte[cxnVar.c()];
            a().nextBytes(bArr);
            return new bmf(bml.B, new bmj(bArr, cxnVar.a(), i, cxnVar.b()));
        }
        cxt cxtVar = (cxt) cxoVar;
        byte[] bArr2 = new byte[cxtVar.e()];
        a().nextBytes(bArr2);
        return new bmf(bkp.L, new bks(bArr2, cxtVar.a(), cxtVar.b(), cxtVar.c(), i));
    }

    private static String a(axf axfVar) {
        String str = b.get(axfVar);
        return str != null ? str : axfVar.b();
    }

    private SecureRandom a() {
        return new SecureRandom();
    }

    private Certificate a(Object obj) {
        CertificateFactory certificateFactory;
        ByteArrayInputStream byteArrayInputStream;
        try {
            if (this.h != null) {
                certificateFactory = CertificateFactory.getInstance("X.509", this.h);
                byteArrayInputStream = new ByteArrayInputStream(boz.a(obj).getEncoded());
            } else {
                certificateFactory = CertificateFactory.getInstance("X.509");
                byteArrayInputStream = new ByteArrayInputStream(boz.a(obj).getEncoded());
            }
            return certificateFactory.generateCertificate(byteArrayInputStream);
        } catch (Exception unused) {
            return null;
        }
    }

    private Date a(bao baoVar, Date date) {
        try {
            return baoVar.b().d();
        } catch (ParseException unused) {
            return date;
        }
    }

    private void a(byte[] bArr, bat batVar, char[] cArr) throws NoSuchAlgorithmException, IOException {
        if (!dyi.b(a(bArr, batVar.a(), batVar.b(), cArr), batVar.c())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed.");
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private byte[] a(bmf bmfVar, String str, char[] cArr) throws IOException {
        cjn cjnVar;
        byte[] PKCS12PasswordToBytes = ccg.PKCS12PasswordToBytes(cArr);
        byte[] PKCS12PasswordToBytes2 = ccg.PKCS12PasswordToBytes(str.toCharArray());
        if (bkp.L.equals(bmfVar.a())) {
            bks a2 = bks.a(bmfVar.b());
            return cjr.a(dyi.e(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), a2.a(), a2.b().intValue(), a2.c().intValue(), a2.c().intValue(), a2.e().intValue());
        }
        if (!bmfVar.a().equals(bml.B)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        bmj a3 = bmj.a(bmfVar.b());
        if (a3.e().a().equals(bml.O)) {
            cjnVar = new cjn(new ceq());
        } else {
            if (!a3.e().a().equals(bkx.r)) {
                throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + a3.e().a());
            }
            cjnVar = new cjn(new cep(512));
        }
        cjnVar.init(dyi.e(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), a3.a(), a3.b().intValue());
        return ((cov) cjnVar.generateDerivedParameters(a3.c().intValue() * 8)).a();
    }

    private byte[] a(String str, bom bomVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher cipher;
        AlgorithmParameters algorithmParameters;
        if (!bomVar.a().equals(bml.A)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        bmi a2 = bmi.a(bomVar.b());
        bmd b2 = a2.b();
        if (!b2.a().equals(bkx.P)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        try {
            bea a3 = bea.a(b2.b());
            if (this.h == null) {
                cipher = Cipher.getInstance("AES/CCM/NoPadding");
                algorithmParameters = AlgorithmParameters.getInstance("CCM");
            } else {
                cipher = Cipher.getInstance("AES/CCM/NoPadding", this.h);
                algorithmParameters = AlgorithmParameters.getInstance("CCM", this.h);
            }
            algorithmParameters.init(a3.getEncoded());
            bmf a4 = a2.a();
            if (cArr == null) {
                cArr = new char[0];
            }
            cipher.init(2, new SecretKeySpec(a(a4, str, cArr), "AES"), algorithmParameters);
            return cipher.doFinal(bArr);
        } catch (Exception e2) {
            throw new IOException(e2.toString());
        }
    }

    private byte[] a(byte[] bArr, bom bomVar, bmf bmfVar, char[] cArr) throws NoSuchAlgorithmException, IOException {
        String b2 = bomVar.a().b();
        Mac mac = this.h != null ? Mac.getInstance(b2, this.h) : Mac.getInstance(b2);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            mac.init(new SecretKeySpec(a(bmfVar, "INTEGRITY_CHECK", cArr), b2));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e2) {
            throw new IOException("Cannot set up MAC calculation: " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.i.keySet()).iterator();
        return new Enumeration() { // from class: ddi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str == null) {
            throw new NullPointerException("alias value is null");
        }
        return this.i.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.i.get(str) == null) {
            return;
        }
        this.j.remove(str);
        this.i.remove(str);
        this.n = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        Object obj;
        bao baoVar = this.i.get(str);
        if (baoVar == null) {
            return null;
        }
        if (baoVar.f().equals(d) || baoVar.f().equals(f)) {
            obj = bam.a(baoVar.c()).a()[0];
        } else {
            if (!baoVar.f().equals(c)) {
                return null;
            }
            obj = baoVar.c();
        }
        return a(obj);
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.i.keySet()) {
                bao baoVar = this.i.get(str);
                if (baoVar.f().equals(c)) {
                    if (dyi.a(baoVar.c(), encoded)) {
                    }
                } else if (baoVar.f().equals(d) || baoVar.f().equals(f)) {
                    try {
                        if (dyi.a(bam.a(baoVar.c()).a()[0].toASN1Primitive().getEncoded(), encoded)) {
                        }
                    } catch (IOException unused) {
                        continue;
                    }
                }
                return str;
            }
            return null;
        } catch (CertificateEncodingException unused2) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        bao baoVar = this.i.get(str);
        Certificate[] certificateArr = null;
        if (baoVar != null && (baoVar.f().equals(d) || baoVar.f().equals(f))) {
            boz[] a2 = bam.a(baoVar.c()).a();
            certificateArr = new X509Certificate[a2.length];
            for (int i = 0; i != certificateArr.length; i++) {
                certificateArr[i] = a(a2[i]);
            }
        }
        return certificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        bao baoVar = this.i.get(str);
        if (baoVar == null) {
            return null;
        }
        try {
            return baoVar.e().d();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        bao baoVar = this.i.get(str);
        if (baoVar == null) {
            return null;
        }
        if (baoVar.f().equals(d) || baoVar.f().equals(f)) {
            PrivateKey privateKey = this.j.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            bmc a2 = bmc.a(bam.a(baoVar.c()).b());
            try {
                bmn a3 = bmn.a(a("PRIVATE_KEY_ENCRYPTION", a2.a(), cArr, a2.b()));
                PrivateKey generatePrivate = (this.h != null ? KeyFactory.getInstance(a3.a().a().b(), this.h) : KeyFactory.getInstance(a(a3.a().a()))).generatePrivate(new PKCS8EncodedKeySpec(a3.getEncoded()));
                this.j.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e2) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e2.getMessage());
            }
        }
        if (!baoVar.f().equals(e) && !baoVar.f().equals(g)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        ban a4 = ban.a(baoVar.c());
        try {
            bau a5 = bau.a(a("SECRET_KEY_ENCRYPTION", a4.a(), cArr, a4.b()));
            return (this.h != null ? SecretKeyFactory.getInstance(a5.b().b(), this.h) : SecretKeyFactory.getInstance(a5.b().b())).generateSecret(new SecretKeySpec(a5.a(), a5.b().b()));
        } catch (Exception e3) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        bao baoVar = this.i.get(str);
        if (baoVar != null) {
            return baoVar.f().equals(c);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        bao baoVar = this.i.get(str);
        if (baoVar == null) {
            return false;
        }
        BigInteger f2 = baoVar.f();
        return f2.equals(d) || f2.equals(e) || f2.equals(f) || f2.equals(g);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        this.i.clear();
        this.j.clear();
        this.m = null;
        this.n = null;
        this.k = null;
        if (inputStream == null) {
            Date date = new Date();
            this.m = date;
            this.n = date;
            this.k = new bom(bml.O, aza.a);
            this.l = a(bml.B, 64);
            return;
        }
        try {
            baq a2 = baq.a(new axb(inputStream).d());
            bas a3 = a2.a();
            if (a3.a() != 0) {
                throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
            }
            bat a4 = bat.a(a3.b());
            this.k = a4.a();
            this.l = a4.b();
            a(a2.b().toASN1Primitive().getEncoded(), a4, cArr);
            Object b2 = a2.b();
            if (b2 instanceof bal) {
                bal balVar = (bal) b2;
                b2 = a("STORE_ENCRYPTION", balVar.b(), cArr, balVar.a().d());
            }
            bar a5 = bar.a(b2);
            try {
                this.m = a5.b().d();
                this.n = a5.d().d();
                if (!a5.c().equals(this.k)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<awv> it = a5.e().iterator();
                while (it.hasNext()) {
                    bao a6 = bao.a(it.next());
                    this.i.put(a6.d(), a6);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e2) {
            throw new IOException(e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        bao baoVar = this.i.get(str);
        Date date2 = new Date();
        if (baoVar == null) {
            date = date2;
        } else {
            if (!baoVar.f().equals(c)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = a(baoVar, date2);
        }
        try {
            this.i.put(str, new bao(c, str, date, date2, certificate.getEncoded(), null));
            this.n = date2;
        } catch (CertificateEncodingException e2) {
            throw new b("BCFKS KeyStore unable to handle certificate: " + e2.getMessage(), e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        byte[] encoded;
        Date date = new Date();
        bao baoVar = this.i.get(str);
        Date a2 = baoVar != null ? a(baoVar, date) : date;
        this.j.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                bmf a3 = a(bml.B, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a4 = a(a3, "PRIVATE_KEY_ENCRYPTION", cArr);
                Cipher cipher = this.h == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.h);
                cipher.init(1, new SecretKeySpec(a4, "AES"));
                this.i.put(str, new bao(d, str, a2, date, a(new bmc(new bom(bml.A, new bmi(a3, new bmd(bkx.P, bea.a(cipher.getParameters().getEncoded())))), cipher.doFinal(encoded2)), certificateArr).getEncoded(), null));
            } catch (Exception e2) {
                throw new b("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded3 = key.getEncoded();
                bmf a5 = a(bml.B, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a6 = a(a5, "SECRET_KEY_ENCRYPTION", cArr);
                Cipher cipher2 = this.h == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.h);
                cipher2.init(1, new SecretKeySpec(a6, "AES"));
                String b2 = dyy.b(key.getAlgorithm());
                if (b2.indexOf("AES") > -1) {
                    encoded = new bau(bkx.s, encoded3).getEncoded();
                } else {
                    axf axfVar = a.get(b2);
                    if (axfVar == null) {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + b2 + ") for storage.");
                    }
                    encoded = new bau(axfVar, encoded3).getEncoded();
                }
                this.i.put(str, new bao(e, str, a2, date, new ban(new bom(bml.A, new bmi(a5, new bmd(bkx.P, bea.a(cipher2.getParameters().getEncoded())))), cipher2.doFinal(encoded)).getEncoded(), null));
            } catch (Exception e3) {
                throw new b("BCFKS KeyStore exception storing private key: " + e3.toString(), e3);
            }
        }
        this.n = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        bao baoVar = this.i.get(str);
        Date a2 = baoVar != null ? a(baoVar, date) : date;
        if (certificateArr != null) {
            try {
                bmc a3 = bmc.a(bArr);
                try {
                    this.j.remove(str);
                    this.i.put(str, new bao(f, str, a2, date, a(a3, certificateArr).getEncoded(), null));
                } catch (Exception e2) {
                    throw new b("BCFKS KeyStore exception storing protected private key: " + e2.toString(), e2);
                }
            } catch (Exception e3) {
                throw new b("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e3);
            }
        } else {
            try {
                this.i.put(str, new bao(g, str, a2, date, bArr, null));
            } catch (Exception e4) {
                throw new b("BCFKS KeyStore exception storing protected private key: " + e4.toString(), e4);
            }
        }
        this.n = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.i.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        bmf bmfVar;
        BigInteger c2;
        bao[] baoVarArr = (bao[]) this.i.values().toArray(new bao[this.i.size()]);
        bmf a2 = a(this.l, 32);
        byte[] a3 = a(a2, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0]);
        bar barVar = new bar(this.k, this.m, this.n, new bap(baoVarArr), null);
        try {
            Cipher cipher = this.h == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.h);
            cipher.init(1, new SecretKeySpec(a3, "AES"));
            bal balVar = new bal(new bom(bml.A, new bmi(a2, new bmd(bkx.P, bea.a(cipher.getParameters().getEncoded())))), cipher.doFinal(barVar.getEncoded()));
            if (bkp.L.equals(this.l.a())) {
                bks a4 = bks.a(this.l.b());
                bmfVar = this.l;
                c2 = a4.e();
            } else {
                bmj a5 = bmj.a(this.l.b());
                bmfVar = this.l;
                c2 = a5.c();
            }
            this.l = a(bmfVar, c2.intValue());
            outputStream.write(new baq(balVar, new bas(new bat(this.k, this.l, a(balVar.getEncoded(), this.k, this.l, cArr)))).getEncoded());
            outputStream.flush();
        } catch (InvalidKeyException e2) {
            throw new IOException(e2.toString());
        } catch (BadPaddingException e3) {
            throw new IOException(e3.toString());
        } catch (IllegalBlockSizeException e4) {
            throw new IOException(e4.toString());
        } catch (NoSuchPaddingException e5) {
            throw new NoSuchAlgorithmException(e5.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (!(loadStoreParameter instanceof BCFKSStoreParameter)) {
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSStoreParameter bCFKSStoreParameter = (BCFKSStoreParameter) loadStoreParameter;
        KeyStore.ProtectionParameter protectionParameter = bCFKSStoreParameter.getProtectionParameter();
        char[] cArr = null;
        if (protectionParameter != null) {
            if (protectionParameter instanceof KeyStore.PasswordProtection) {
                cArr = ((KeyStore.PasswordProtection) protectionParameter).getPassword();
            } else {
                if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
                    throw new IllegalArgumentException("no support for protection parameter of type " + protectionParameter.getClass().getName());
                }
                CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
                PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
                try {
                    callbackHandler.handle(new Callback[]{passwordCallback});
                    cArr = passwordCallback.getPassword();
                } catch (UnsupportedCallbackException e2) {
                    throw new IllegalArgumentException("PasswordCallback not recognised: " + e2.getMessage(), e2);
                }
            }
        }
        bCFKSStoreParameter.getStorePBKDFConfig().d().equals(bkp.L);
        this.l = a(bCFKSStoreParameter.getStorePBKDFConfig(), 64);
        engineStore(bCFKSStoreParameter.getOutputStream(), cArr);
    }
}
