package org.bouncycastle.jcajce.provider.keystore.bcfks;

import ae.n;
import androidx.appcompat.app.b;
import androidx.appcompat.view.menu.a;
import androidx.concurrent.futures.c;
import cn.hutool.core.text.StrPool;
import com.applovin.impl.sdk.utils.v0;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.bc.EncryptedObjectStoreData;
import org.bouncycastle.asn1.bc.EncryptedPrivateKeyData;
import org.bouncycastle.asn1.bc.EncryptedSecretKeyData;
import org.bouncycastle.asn1.bc.ObjectData;
import org.bouncycastle.asn1.bc.ObjectDataSequence;
import org.bouncycastle.asn1.bc.ObjectStore;
import org.bouncycastle.asn1.bc.ObjectStoreData;
import org.bouncycastle.asn1.bc.ObjectStoreIntegrityCheck;
import org.bouncycastle.asn1.bc.PbkdMacIntegrityCheck;
import org.bouncycastle.asn1.bc.SecretKeyData;
import org.bouncycastle.asn1.bc.SignatureCheck;
import org.bouncycastle.asn1.cms.CCMParameters;
import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.ScryptParams;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.nsri.NSRIObjectIdentifiers;
import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.EncryptionScheme;
import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
import org.bouncycastle.asn1.pkcs.PBES2Parameters;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.generators.SCrypt;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import org.bouncycastle.jcajce.BCFKSStoreParameter;
import org.bouncycastle.jcajce.BCLoadStoreParameter;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;

/* loaded from: classes2.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {

    /* renamed from: i, reason: collision with root package name */
    public static final Map<String, ASN1ObjectIdentifier> f33419i;

    /* renamed from: j, reason: collision with root package name */
    public static final Map<ASN1ObjectIdentifier, String> f33420j;

    /* renamed from: k, reason: collision with root package name */
    public static final BigInteger f33421k;

    /* renamed from: l, reason: collision with root package name */
    public static final BigInteger f33422l;

    /* renamed from: m, reason: collision with root package name */
    public static final BigInteger f33423m;

    /* renamed from: n, reason: collision with root package name */
    public static final BigInteger f33424n;

    /* renamed from: o, reason: collision with root package name */
    public static final BigInteger f33425o;

    /* renamed from: a, reason: collision with root package name */
    public final JcaJceHelper f33426a;

    /* renamed from: d, reason: collision with root package name */
    public AlgorithmIdentifier f33429d;

    /* renamed from: e, reason: collision with root package name */
    public KeyDerivationFunc f33430e;

    /* renamed from: f, reason: collision with root package name */
    public Date f33431f;

    /* renamed from: g, reason: collision with root package name */
    public Date f33432g;

    /* renamed from: b, reason: collision with root package name */
    public final Map<String, ObjectData> f33427b = new HashMap();

    /* renamed from: c, reason: collision with root package name */
    public final Map<String, PrivateKey> f33428c = new HashMap();

    /* renamed from: h, reason: collision with root package name */
    public ASN1ObjectIdentifier f33433h = NISTObjectIdentifiers.N;

    /* loaded from: classes2.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new DefaultJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new DefaultJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class ExtKeyStoreException extends KeyStoreException {

        /* renamed from: a, reason: collision with root package name */
        public final Throwable f33435a;

        public ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.f33435a = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.f33435a;
        }
    }

    /* loaded from: classes2.dex */
    public static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers {

        /* renamed from: p, reason: collision with root package name */
        public final Map<String, byte[]> f33436p;

        /* renamed from: q, reason: collision with root package name */
        public final byte[] f33437q;

        public SharedKeyStoreSpi(JcaJceHelper jcaJceHelper) {
            super(jcaJceHelper);
            try {
                byte[] bArr = new byte[32];
                this.f33437q = bArr;
                jcaJceHelper.g("DEFAULT").nextBytes(bArr);
                this.f33436p = new HashMap();
            } catch (GeneralSecurityException e10) {
                StringBuilder g10 = n.g("can't create random - ");
                g10.append(e10.toString());
                throw new IllegalArgumentException(g10.toString());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) throws KeyStoreException {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            byte[] i5;
            try {
                if (cArr != null) {
                    i5 = Arrays.i(Strings.f(cArr), Strings.f(str.toCharArray()));
                } else {
                    byte[] bArr = this.f33437q;
                    String str2 = Strings.f35138a;
                    i5 = Arrays.i(bArr, Strings.f(str.toCharArray()));
                }
                byte[] generate = SCrypt.generate(i5, this.f33437q, 16384, 8, 1, 32);
                if (this.f33436p.containsKey(str) && !Arrays.l(this.f33436p.get(str), generate)) {
                    throw new UnrecoverableKeyException(c.a("unable to recover key (", str, ")"));
                }
                Key engineGetKey = super.engineGetKey(str, cArr);
                if (engineGetKey != null && !this.f33436p.containsKey(str)) {
                    this.f33436p.put(str, generate);
                }
                return engineGetKey;
            } catch (InvalidKeyException e10) {
                StringBuilder b10 = a.b("unable to recover key (", str, "): ");
                b10.append(e10.getMessage());
                throw new UnrecoverableKeyException(b10.toString());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes2.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BCJcaJceHelper());
        }
    }

    /* loaded from: classes2.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new BCJcaJceHelper());
        }
    }

    static {
        HashMap hashMap = new HashMap();
        f33419i = hashMap;
        HashMap hashMap2 = new HashMap();
        f33420j = hashMap2;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = OIWObjectIdentifiers.f32017h;
        hashMap.put("DESEDE", aSN1ObjectIdentifier);
        hashMap.put("TRIPLEDES", aSN1ObjectIdentifier);
        hashMap.put("TDEA", aSN1ObjectIdentifier);
        hashMap.put("HMACSHA1", PKCSObjectIdentifiers.O0);
        hashMap.put("HMACSHA224", PKCSObjectIdentifiers.P0);
        hashMap.put("HMACSHA256", PKCSObjectIdentifiers.Q0);
        hashMap.put("HMACSHA384", PKCSObjectIdentifiers.R0);
        hashMap.put("HMACSHA512", PKCSObjectIdentifiers.S0);
        hashMap.put("SEED", KISAObjectIdentifiers.f31876a);
        hashMap.put("CAMELLIA.128", NTTObjectIdentifiers.f31961a);
        hashMap.put("CAMELLIA.192", NTTObjectIdentifiers.f31962b);
        hashMap.put("CAMELLIA.256", NTTObjectIdentifiers.f31963c);
        hashMap.put("ARIA.128", NSRIObjectIdentifiers.f31939b);
        hashMap.put("ARIA.192", NSRIObjectIdentifiers.f31943f);
        hashMap.put("ARIA.256", NSRIObjectIdentifiers.f31947j);
        hashMap2.put(PKCSObjectIdentifiers.f32069k0, "RSA");
        hashMap2.put(X9ObjectIdentifiers.X1, "EC");
        hashMap2.put(OIWObjectIdentifiers.f32021l, "DH");
        hashMap2.put(PKCSObjectIdentifiers.f32095z0, "DH");
        hashMap2.put(X9ObjectIdentifiers.D2, "DSA");
        f33421k = BigInteger.valueOf(0L);
        f33422l = BigInteger.valueOf(1L);
        f33423m = BigInteger.valueOf(2L);
        f33424n = BigInteger.valueOf(3L);
        f33425o = BigInteger.valueOf(4L);
    }

    public BcFKSKeyStoreSpi(JcaJceHelper jcaJceHelper) {
        this.f33426a = jcaJceHelper;
    }

    public final byte[] a(byte[] bArr, AlgorithmIdentifier algorithmIdentifier, KeyDerivationFunc keyDerivationFunc, char[] cArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String str = algorithmIdentifier.f32331a.f31568a;
        Mac h10 = this.f33426a.h(str);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            h10.init(new SecretKeySpec(h(keyDerivationFunc, "INTEGRITY_CHECK", cArr, -1), str));
            return h10.doFinal(bArr);
        } catch (InvalidKeyException e10) {
            StringBuilder g10 = n.g("Cannot set up MAC calculation: ");
            g10.append(e10.getMessage());
            throw new IOException(g10.toString());
        }
    }

    public final Cipher b(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        Cipher c10 = this.f33426a.c(str);
        c10.init(1, new SecretKeySpec(bArr, "AES"));
        return c10;
    }

    public final EncryptedPrivateKeyData c(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, Certificate[] certificateArr) throws CertificateEncodingException {
        org.bouncycastle.asn1.x509.Certificate[] certificateArr2 = new org.bouncycastle.asn1.x509.Certificate[certificateArr.length];
        for (int i5 = 0; i5 != certificateArr.length; i5++) {
            certificateArr2[i5] = org.bouncycastle.asn1.x509.Certificate.m(certificateArr[i5].getEncoded());
        }
        return new EncryptedPrivateKeyData(encryptedPrivateKeyInfo, certificateArr2);
    }

    public final Certificate d(Object obj) {
        JcaJceHelper jcaJceHelper = this.f33426a;
        if (jcaJceHelper != null) {
            try {
                return jcaJceHelper.d("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.Certificate.m(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.Certificate.m(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    public final byte[] e(String str, AlgorithmIdentifier algorithmIdentifier, char[] cArr, byte[] bArr) throws IOException {
        Cipher c10;
        AlgorithmParameters algorithmParameters;
        if (!algorithmIdentifier.f32331a.q(PKCSObjectIdentifiers.G0)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        PBES2Parameters m10 = PBES2Parameters.m(algorithmIdentifier.f32332b);
        EncryptionScheme encryptionScheme = m10.f32053b;
        try {
            if (encryptionScheme.f32044a.f32331a.q(NISTObjectIdentifiers.N)) {
                c10 = this.f33426a.c("AES/CCM/NoPadding");
                algorithmParameters = this.f33426a.i("CCM");
                algorithmParameters.init(CCMParameters.m(encryptionScheme.f32044a.f32332b).getEncoded());
            } else {
                if (!encryptionScheme.f32044a.f32331a.q(NISTObjectIdentifiers.O)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                c10 = this.f33426a.c("AESKWP");
                algorithmParameters = null;
            }
            KeyDerivationFunc keyDerivationFunc = m10.f32052a;
            if (cArr == null) {
                cArr = new char[0];
            }
            c10.init(2, new SecretKeySpec(h(keyDerivationFunc, str, cArr, 32), "AES"), algorithmParameters);
            return c10.doFinal(bArr);
        } catch (IOException e10) {
            throw e10;
        } catch (Exception e11) {
            throw new IOException(e11.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.f33427b.keySet()).iterator();
        return new Enumeration(this) { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        Objects.requireNonNull(str, "alias value is null");
        return this.f33427b.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.f33427b.get(str) == null) {
            return;
        }
        this.f33428c.remove(str);
        this.f33427b.remove(str);
        this.f33432g = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        ObjectData objectData = this.f33427b.get(str);
        if (objectData == null) {
            return null;
        }
        if (objectData.f31686a.equals(f33422l) || objectData.f31686a.equals(f33424n)) {
            return d(EncryptedPrivateKeyData.n(objectData.m()).m()[0]);
        }
        if (objectData.f31686a.equals(f33421k)) {
            return d(objectData.m());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.f33427b.keySet()) {
                ObjectData objectData = this.f33427b.get(str);
                if (objectData.f31686a.equals(f33421k)) {
                    if (java.util.Arrays.equals(objectData.m(), encoded)) {
                        return str;
                    }
                } else if (objectData.f31686a.equals(f33422l) || objectData.f31686a.equals(f33424n)) {
                    try {
                        if (java.util.Arrays.equals(EncryptedPrivateKeyData.n(objectData.m()).m()[0].f32362a.getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                        continue;
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        ObjectData objectData = this.f33427b.get(str);
        if (objectData == null) {
            return null;
        }
        if (!objectData.f31686a.equals(f33422l) && !objectData.f31686a.equals(f33424n)) {
            return null;
        }
        org.bouncycastle.asn1.x509.Certificate[] m10 = EncryptedPrivateKeyData.n(objectData.m()).m();
        int length = m10.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i5 = 0; i5 != length; i5++) {
            x509CertificateArr[i5] = d(m10[i5]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        ObjectData objectData = this.f33427b.get(str);
        if (objectData == null) {
            return null;
        }
        try {
            return objectData.f31689d.y();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        ObjectData objectData = this.f33427b.get(str);
        SecretKeyData secretKeyData = null;
        if (objectData == null) {
            return null;
        }
        if (!objectData.f31686a.equals(f33422l) && !objectData.f31686a.equals(f33424n)) {
            if (!objectData.f31686a.equals(f33423m) && !objectData.f31686a.equals(f33425o)) {
                throw new UnrecoverableKeyException(c.a("BCFKS KeyStore unable to recover secret key (", str, "): type not recognized"));
            }
            byte[] m10 = objectData.m();
            EncryptedSecretKeyData encryptedSecretKeyData = m10 instanceof EncryptedSecretKeyData ? (EncryptedSecretKeyData) m10 : m10 != 0 ? new EncryptedSecretKeyData(ASN1Sequence.w(m10)) : null;
            try {
                byte[] e10 = e("SECRET_KEY_ENCRYPTION", encryptedSecretKeyData.f31684a, cArr, Arrays.c(encryptedSecretKeyData.f31685b.f31572a));
                if (e10 instanceof SecretKeyData) {
                    secretKeyData = (SecretKeyData) e10;
                } else if (e10 != 0) {
                    secretKeyData = new SecretKeyData(ASN1Sequence.w(e10));
                }
                return this.f33426a.e(secretKeyData.f31706a.f31568a).generateSecret(new SecretKeySpec(Arrays.c(secretKeyData.f31707b.f31572a), secretKeyData.f31706a.f31568a));
            } catch (Exception e11) {
                throw new UnrecoverableKeyException(b.c(e11, a.b("BCFKS KeyStore unable to recover secret key (", str, "): ")));
            }
        }
        PrivateKey privateKey = this.f33428c.get(str);
        if (privateKey != null) {
            return privateKey;
        }
        EncryptedPrivateKeyInfo m11 = EncryptedPrivateKeyInfo.m(EncryptedPrivateKeyData.n(objectData.m()).f31682a);
        try {
            PrivateKeyInfo m12 = PrivateKeyInfo.m(e("PRIVATE_KEY_ENCRYPTION", m11.f32042a, cArr, m11.f32043b.f31572a));
            JcaJceHelper jcaJceHelper = this.f33426a;
            ASN1ObjectIdentifier aSN1ObjectIdentifier = m12.f32100b.f32331a;
            String str2 = (String) ((HashMap) f33420j).get(aSN1ObjectIdentifier);
            if (str2 == null) {
                str2 = aSN1ObjectIdentifier.f31568a;
            }
            PrivateKey generatePrivate = jcaJceHelper.f(str2).generatePrivate(new PKCS8EncodedKeySpec(m12.getEncoded()));
            this.f33428c.put(str, generatePrivate);
            return generatePrivate;
        } catch (Exception e12) {
            throw new UnrecoverableKeyException(b.c(e12, a.b("BCFKS KeyStore unable to recover private key (", str, "): ")));
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        ObjectData objectData = this.f33427b.get(str);
        if (objectData != null) {
            return objectData.f31686a.equals(f33421k);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        ObjectData objectData = this.f33427b.get(str);
        if (objectData == null) {
            return false;
        }
        BigInteger bigInteger = objectData.f31686a;
        return bigInteger.equals(f33422l) || bigInteger.equals(f33423m) || bigInteger.equals(f33424n) || bigInteger.equals(f33425o);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        AlgorithmIdentifier algorithmIdentifier;
        ObjectStoreData m10;
        this.f33427b.clear();
        this.f33428c.clear();
        this.f33431f = null;
        this.f33432g = null;
        this.f33429d = null;
        if (inputStream == null) {
            Date date = new Date();
            this.f33431f = date;
            this.f33432g = date;
            this.f33429d = new AlgorithmIdentifier(PKCSObjectIdentifiers.S0, DERNull.f31613a);
            this.f33430e = i(PKCSObjectIdentifiers.H0, 64);
            return;
        }
        try {
            ASN1Encodable e10 = new ASN1InputStream(inputStream).e();
            ObjectStore objectStore = e10 instanceof ObjectStore ? (ObjectStore) e10 : e10 != null ? new ObjectStore(ASN1Sequence.w(e10)) : null;
            ObjectStoreIntegrityCheck objectStoreIntegrityCheck = objectStore.f31694b;
            int i5 = objectStoreIntegrityCheck.f31701a;
            if (i5 == 0) {
                PbkdMacIntegrityCheck m11 = PbkdMacIntegrityCheck.m(objectStoreIntegrityCheck.f31702b);
                algorithmIdentifier = m11.f31703a;
                this.f33429d = algorithmIdentifier;
                this.f33430e = m11.f31704b;
                try {
                    if (!Arrays.l(a(objectStore.f31693a.f().getEncoded(), m11.f31703a, m11.f31704b, cArr), Arrays.c(m11.f31705c.f31572a))) {
                        throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
                    }
                } catch (NoSuchProviderException e11) {
                    throw new IOException(e11.getMessage());
                }
            } else {
                if (i5 != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                SignatureCheck m12 = SignatureCheck.m(objectStoreIntegrityCheck.f31702b);
                AlgorithmIdentifier algorithmIdentifier2 = m12.f31708a;
                try {
                    ASN1Sequence aSN1Sequence = m12.f31709b;
                    if (aSN1Sequence != null) {
                        int size = aSN1Sequence.size();
                        org.bouncycastle.asn1.x509.Certificate[] certificateArr = new org.bouncycastle.asn1.x509.Certificate[size];
                        for (int i10 = 0; i10 != size; i10++) {
                            certificateArr[i10] = org.bouncycastle.asn1.x509.Certificate.m(m12.f31709b.y(i10));
                        }
                    }
                    l(objectStore.f31693a, m12, null);
                    algorithmIdentifier = algorithmIdentifier2;
                } catch (GeneralSecurityException e12) {
                    StringBuilder g10 = n.g("error verifying signature: ");
                    g10.append(e12.getMessage());
                    throw new IOException(g10.toString(), e12);
                }
            }
            ASN1Encodable aSN1Encodable = objectStore.f31693a;
            if (aSN1Encodable instanceof EncryptedObjectStoreData) {
                EncryptedObjectStoreData encryptedObjectStoreData = (EncryptedObjectStoreData) aSN1Encodable;
                m10 = ObjectStoreData.m(e("STORE_ENCRYPTION", encryptedObjectStoreData.f31680a, cArr, encryptedObjectStoreData.f31681b.f31572a));
            } else {
                m10 = ObjectStoreData.m(aSN1Encodable);
            }
            try {
                this.f33431f = m10.f31697c.y();
                this.f33432g = m10.f31698d.y();
                if (!m10.f31696b.equals(algorithmIdentifier)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<ASN1Encodable> it = m10.f31699e.iterator();
                while (it.hasNext()) {
                    ObjectData n10 = ObjectData.n(it.next());
                    this.f33427b.put(n10.f31687b, n10);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e13) {
            throw new IOException(e13.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof BCFKSLoadStoreParameter) {
            g((BCFKSLoadStoreParameter) loadStoreParameter);
            ASN1ObjectIdentifier aSN1ObjectIdentifier = MiscObjectIdentifiers.f31899r;
            throw null;
        }
        if (loadStoreParameter instanceof BCLoadStoreParameter) {
            engineLoad(null, g(loadStoreParameter));
        } else {
            StringBuilder g10 = n.g("no support for 'parameter' of type ");
            g10.append(loadStoreParameter.getClass().getName());
            throw new IllegalArgumentException(g10.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        ObjectData objectData = this.f33427b.get(str);
        Date date2 = new Date();
        if (objectData == null) {
            date = date2;
        } else {
            if (!objectData.f31686a.equals(f33421k)) {
                throw new KeyStoreException(androidx.constraintlayout.motion.widget.a.b("BCFKS KeyStore already has a key entry with alias ", str));
            }
            date = f(objectData, date2);
        }
        try {
            this.f33427b.put(str, new ObjectData(f33421k, str, date, date2, certificate.getEncoded(), null));
            this.f33432g = date2;
        } catch (CertificateEncodingException e10) {
            StringBuilder g10 = n.g("BCFKS KeyStore unable to handle certificate: ");
            g10.append(e10.getMessage());
            throw new ExtKeyStoreException(g10.toString(), e10);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        SecretKeyData secretKeyData;
        EncryptedSecretKeyData encryptedSecretKeyData;
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo;
        Date date = new Date();
        ObjectData objectData = this.f33427b.get(str);
        Date f8 = objectData != null ? f(objectData, date) : date;
        this.f33428c.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                KeyDerivationFunc i5 = i(PKCSObjectIdentifiers.H0, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] h10 = h(i5, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                ASN1ObjectIdentifier aSN1ObjectIdentifier = this.f33433h;
                ASN1ObjectIdentifier aSN1ObjectIdentifier2 = NISTObjectIdentifiers.N;
                if (aSN1ObjectIdentifier.q(aSN1ObjectIdentifier2)) {
                    Cipher b10 = b("AES/CCM/NoPadding", h10);
                    encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.G0, new PBES2Parameters(i5, new EncryptionScheme(aSN1ObjectIdentifier2, CCMParameters.m(b10.getParameters().getEncoded())))), b10.doFinal(encoded));
                } else {
                    encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.G0, new PBES2Parameters(i5, new EncryptionScheme(NISTObjectIdentifiers.O))), b("AESKWP", h10).doFinal(encoded));
                }
                this.f33427b.put(str, new ObjectData(f33422l, str, f8, date, c(encryptedPrivateKeyInfo, certificateArr).getEncoded(), null));
            } catch (Exception e10) {
                throw new ExtKeyStoreException(v0.b(e10, n.g("BCFKS KeyStore exception storing private key: ")), e10);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                KeyDerivationFunc i10 = i(PKCSObjectIdentifiers.H0, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] h11 = h(i10, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String g10 = Strings.g(key.getAlgorithm());
                if (g10.indexOf("AES") > -1) {
                    secretKeyData = new SecretKeyData(NISTObjectIdentifiers.f31929q, encoded2);
                } else {
                    Map<String, ASN1ObjectIdentifier> map = f33419i;
                    ASN1ObjectIdentifier aSN1ObjectIdentifier3 = (ASN1ObjectIdentifier) ((HashMap) map).get(g10);
                    if (aSN1ObjectIdentifier3 != null) {
                        secretKeyData = new SecretKeyData(aSN1ObjectIdentifier3, encoded2);
                    } else {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier4 = (ASN1ObjectIdentifier) ((HashMap) map).get(g10 + StrPool.DOT + (encoded2.length * 8));
                        if (aSN1ObjectIdentifier4 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + g10 + ") for storage.");
                        }
                        secretKeyData = new SecretKeyData(aSN1ObjectIdentifier4, encoded2);
                    }
                }
                ASN1ObjectIdentifier aSN1ObjectIdentifier5 = this.f33433h;
                ASN1ObjectIdentifier aSN1ObjectIdentifier6 = NISTObjectIdentifiers.N;
                if (aSN1ObjectIdentifier5.q(aSN1ObjectIdentifier6)) {
                    Cipher b11 = b("AES/CCM/NoPadding", h11);
                    encryptedSecretKeyData = new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.G0, new PBES2Parameters(i10, new EncryptionScheme(aSN1ObjectIdentifier6, CCMParameters.m(b11.getParameters().getEncoded())))), b11.doFinal(secretKeyData.getEncoded()));
                } else {
                    encryptedSecretKeyData = new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.G0, new PBES2Parameters(i10, new EncryptionScheme(NISTObjectIdentifiers.O))), b("AESKWP", h11).doFinal(secretKeyData.getEncoded()));
                }
                this.f33427b.put(str, new ObjectData(f33423m, str, f8, date, encryptedSecretKeyData.getEncoded(), null));
            } catch (Exception e11) {
                throw new ExtKeyStoreException(v0.b(e11, n.g("BCFKS KeyStore exception storing private key: ")), e11);
            }
        }
        this.f33432g = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        ObjectData objectData = this.f33427b.get(str);
        Date f8 = objectData != null ? f(objectData, date) : date;
        if (certificateArr != null) {
            try {
                EncryptedPrivateKeyInfo m10 = EncryptedPrivateKeyInfo.m(bArr);
                try {
                    this.f33428c.remove(str);
                    this.f33427b.put(str, new ObjectData(f33424n, str, f8, date, c(m10, certificateArr).getEncoded(), null));
                } catch (Exception e10) {
                    throw new ExtKeyStoreException(v0.b(e10, n.g("BCFKS KeyStore exception storing protected private key: ")), e10);
                }
            } catch (Exception e11) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e11);
            }
        } else {
            try {
                this.f33427b.put(str, new ObjectData(f33425o, str, f8, date, bArr, null));
            } catch (Exception e12) {
                throw new ExtKeyStoreException(v0.b(e12, n.g("BCFKS KeyStore exception storing protected private key: ")), e12);
            }
        }
        this.f33432g = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.f33427b.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        KeyDerivationFunc keyDerivationFunc;
        BigInteger o10;
        if (this.f33431f == null) {
            throw new IOException("KeyStore not initialized");
        }
        EncryptedObjectStoreData k10 = k(this.f33429d, cArr);
        if (MiscObjectIdentifiers.f31899r.q(this.f33430e.f32045a.f32331a)) {
            ScryptParams m10 = ScryptParams.m(this.f33430e.f32045a.f32332b);
            keyDerivationFunc = this.f33430e;
            o10 = m10.f31905e;
        } else {
            PBKDF2Params m11 = PBKDF2Params.m(this.f33430e.f32045a.f32332b);
            keyDerivationFunc = this.f33430e;
            o10 = m11.o();
        }
        this.f33430e = j(keyDerivationFunc, o10.intValue());
        try {
            outputStream.write(new ObjectStore(k10, new ObjectStoreIntegrityCheck(new PbkdMacIntegrityCheck(this.f33429d, this.f33430e, a(k10.getEncoded(), this.f33429d, this.f33430e, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e10) {
            StringBuilder g10 = n.g("cannot calculate mac: ");
            g10.append(e10.getMessage());
            throw new IOException(g10.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof BCFKSStoreParameter) {
            g(loadStoreParameter);
            ASN1ObjectIdentifier aSN1ObjectIdentifier = MiscObjectIdentifiers.f31899r;
            throw null;
        }
        if (loadStoreParameter instanceof BCFKSLoadStoreParameter) {
            g((BCFKSLoadStoreParameter) loadStoreParameter);
            ASN1ObjectIdentifier aSN1ObjectIdentifier2 = MiscObjectIdentifiers.f31899r;
            throw null;
        }
        if (loadStoreParameter instanceof BCLoadStoreParameter) {
            ((BCLoadStoreParameter) loadStoreParameter).a();
            throw null;
        }
        StringBuilder g10 = n.g("no support for 'parameter' of type ");
        g10.append(loadStoreParameter.getClass().getName());
        throw new IllegalArgumentException(g10.toString());
    }

    public final Date f(ObjectData objectData, Date date) {
        try {
            return objectData.f31688c.y();
        } catch (ParseException unused) {
            return date;
        }
    }

    public final char[] g(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException {
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            return null;
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
            StringBuilder g10 = n.g("no support for protection parameter of type ");
            g10.append(protectionParameter.getClass().getName());
            throw new IllegalArgumentException(g10.toString());
        }
        CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (UnsupportedCallbackException e10) {
            StringBuilder g11 = n.g("PasswordCallback not recognised: ");
            g11.append(e10.getMessage());
            throw new IllegalArgumentException(g11.toString(), e10);
        }
    }

    public final byte[] h(KeyDerivationFunc keyDerivationFunc, String str, char[] cArr, int i5) throws IOException {
        byte[] PKCS12PasswordToBytes = PBEParametersGenerator.PKCS12PasswordToBytes(cArr);
        byte[] PKCS12PasswordToBytes2 = PBEParametersGenerator.PKCS12PasswordToBytes(str.toCharArray());
        if (MiscObjectIdentifiers.f31899r.q(keyDerivationFunc.f32045a.f32331a)) {
            ScryptParams m10 = ScryptParams.m(keyDerivationFunc.f32045a.f32332b);
            BigInteger bigInteger = m10.f31905e;
            if (bigInteger != null) {
                i5 = bigInteger.intValue();
            } else if (i5 == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return SCrypt.generate(Arrays.i(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), m10.n(), m10.f31902b.intValue(), m10.f31903c.intValue(), m10.f31903c.intValue(), i5);
        }
        if (!keyDerivationFunc.f32045a.f32331a.q(PKCSObjectIdentifiers.H0)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        PBKDF2Params m11 = PBKDF2Params.m(keyDerivationFunc.f32045a.f32332b);
        if (m11.o() != null) {
            i5 = m11.o().intValue();
        } else if (i5 == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (m11.p().f32331a.q(PKCSObjectIdentifiers.S0)) {
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA512Digest());
            pKCS5S2ParametersGenerator.init(Arrays.i(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), m11.f32055a.f31572a, m11.n().intValue());
            return ((KeyParameter) pKCS5S2ParametersGenerator.generateDerivedParameters(i5 * 8)).getKey();
        }
        if (m11.p().f32331a.q(NISTObjectIdentifiers.f31928p)) {
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator2 = new PKCS5S2ParametersGenerator(new SHA3Digest(512));
            pKCS5S2ParametersGenerator2.init(Arrays.i(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), m11.f32055a.f31572a, m11.n().intValue());
            return ((KeyParameter) pKCS5S2ParametersGenerator2.generateDerivedParameters(i5 * 8)).getKey();
        }
        StringBuilder g10 = n.g("BCFKS KeyStore: unrecognized MAC PBKD PRF: ");
        g10.append(m11.p().f32331a);
        throw new IOException(g10.toString());
    }

    public final KeyDerivationFunc i(ASN1ObjectIdentifier aSN1ObjectIdentifier, int i5) {
        byte[] bArr = new byte[64];
        CryptoServicesRegistrar.getSecureRandom().nextBytes(bArr);
        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = PKCSObjectIdentifiers.H0;
        if (aSN1ObjectIdentifier2.q(aSN1ObjectIdentifier)) {
            return new KeyDerivationFunc(aSN1ObjectIdentifier2, new PBKDF2Params(bArr, 51200, i5, new AlgorithmIdentifier(PKCSObjectIdentifiers.S0, DERNull.f31613a)));
        }
        throw new IllegalStateException(androidx.constraintlayout.motion.widget.a.e("unknown derivation algorithm: ", aSN1ObjectIdentifier));
    }

    public final KeyDerivationFunc j(KeyDerivationFunc keyDerivationFunc, int i5) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = MiscObjectIdentifiers.f31899r;
        if (aSN1ObjectIdentifier.q(keyDerivationFunc.f32045a.f32331a)) {
            ScryptParams m10 = ScryptParams.m(keyDerivationFunc.f32045a.f32332b);
            byte[] bArr = new byte[m10.n().length];
            CryptoServicesRegistrar.getSecureRandom().nextBytes(bArr);
            return new KeyDerivationFunc(aSN1ObjectIdentifier, new ScryptParams(bArr, m10.f31902b, m10.f31903c, m10.f31904d, BigInteger.valueOf(i5)));
        }
        PBKDF2Params m11 = PBKDF2Params.m(keyDerivationFunc.f32045a.f32332b);
        byte[] bArr2 = new byte[m11.f32055a.f31572a.length];
        CryptoServicesRegistrar.getSecureRandom().nextBytes(bArr2);
        return new KeyDerivationFunc(PKCSObjectIdentifiers.H0, new PBKDF2Params(bArr2, m11.n().intValue(), i5, m11.p()));
    }

    public final EncryptedObjectStoreData k(AlgorithmIdentifier algorithmIdentifier, char[] cArr) throws IOException, NoSuchAlgorithmException {
        ObjectData[] objectDataArr = (ObjectData[]) this.f33427b.values().toArray(new ObjectData[this.f33427b.size()]);
        KeyDerivationFunc j8 = j(this.f33430e, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] h10 = h(j8, "STORE_ENCRYPTION", cArr, 32);
        ObjectStoreData objectStoreData = new ObjectStoreData(algorithmIdentifier, this.f33431f, this.f33432g, new ObjectDataSequence(objectDataArr), null);
        try {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = this.f33433h;
            ASN1ObjectIdentifier aSN1ObjectIdentifier2 = NISTObjectIdentifiers.N;
            if (!aSN1ObjectIdentifier.q(aSN1ObjectIdentifier2)) {
                return new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.G0, new PBES2Parameters(j8, new EncryptionScheme(NISTObjectIdentifiers.O))), b("AESKWP", h10).doFinal(objectStoreData.getEncoded()));
            }
            Cipher b10 = b("AES/CCM/NoPadding", h10);
            return new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.G0, new PBES2Parameters(j8, new EncryptionScheme(aSN1ObjectIdentifier2, CCMParameters.m(b10.getParameters().getEncoded())))), b10.doFinal(objectStoreData.getEncoded()));
        } catch (InvalidKeyException e10) {
            throw new IOException(e10.toString());
        } catch (NoSuchProviderException e11) {
            throw new IOException(e11.toString());
        } catch (BadPaddingException e12) {
            throw new IOException(e12.toString());
        } catch (IllegalBlockSizeException e13) {
            throw new IOException(e13.toString());
        } catch (NoSuchPaddingException e14) {
            throw new NoSuchAlgorithmException(e14.toString());
        }
    }

    public final void l(ASN1Encodable aSN1Encodable, SignatureCheck signatureCheck, PublicKey publicKey) throws GeneralSecurityException, IOException {
        Signature a10 = this.f33426a.a(signatureCheck.f31708a.f32331a.f31568a);
        a10.initVerify(publicKey);
        a10.update(aSN1Encodable.f().l("DER"));
        if (!a10.verify(new DERBitString(signatureCheck.f31710c.w(), signatureCheck.f31710c.f31544b).x())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }
}
