package org.bouncycastle.jcajce.provider.keystore.bcfks;

import defpackage.af5;
import defpackage.as4;
import defpackage.as5;
import defpackage.bs4;
import defpackage.by4;
import defpackage.cs4;
import defpackage.cz4;
import defpackage.dp4;
import defpackage.ds4;
import defpackage.dt4;
import defpackage.dw4;
import defpackage.es4;
import defpackage.fa5;
import defpackage.fs4;
import defpackage.fu4;
import defpackage.gs4;
import defpackage.gt4;
import defpackage.hp4;
import defpackage.hs4;
import defpackage.is4;
import defpackage.j55;
import defpackage.js4;
import defpackage.jt4;
import defpackage.lr5;
import defpackage.ls4;
import defpackage.lu4;
import defpackage.m55;
import defpackage.mt4;
import defpackage.mu4;
import defpackage.nc5;
import defpackage.nt4;
import defpackage.nu4;
import defpackage.o15;
import defpackage.oc5;
import defpackage.oe5;
import defpackage.ot4;
import defpackage.p15;
import defpackage.pe5;
import defpackage.pq4;
import defpackage.pw4;
import defpackage.qe5;
import defpackage.qu4;
import defpackage.qy4;
import defpackage.ru4;
import defpackage.sz4;
import defpackage.tc5;
import defpackage.tu4;
import defpackage.uc5;
import defpackage.vc5;
import defpackage.vu4;
import defpackage.wc5;
import defpackage.xo4;
import defpackage.zr4;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;

/* loaded from: classes3.dex */
public class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map<String, hp4> oidMap;
    private static final Map<hp4, String> publicAlgMap;
    private Date creationDate;
    private final qe5 helper;
    private dw4 hmacAlgorithm;
    private nu4 hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private dw4 signatureAlgorithm;
    private uc5.a validator;
    private PublicKey verificationKey;
    private final Map<String, cs4> entries = new HashMap();
    private final Map<String, PrivateKey> privateKeyCache = new HashMap();
    private hp4 storeEncryptionAlgorithm = mt4.T;

    /* loaded from: classes3.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(new pe5());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class DefShared extends SharedKeyStoreSpi {
        public DefShared() {
            super(new pe5());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        public ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes3.dex */
    public static class SharedKeyStoreSpi extends BcFKSKeyStoreSpi implements tu4, by4 {
        private final Map<String, byte[]> cache;
        private final byte[] seedKey;

        public SharedKeyStoreSpi(qe5 qe5Var) {
            super(qe5Var);
            try {
                byte[] bArr = new byte[32];
                this.seedKey = bArr;
                qe5Var.createSecureRandom("DEFAULT").nextBytes(bArr);
                this.cache = new HashMap();
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException("can't create random - " + e.toString());
            }
        }

        private byte[] calculateMac(String str, char[] cArr) {
            return m55.i(cArr != null ? lr5.o(as5.j(cArr), as5.i(str)) : lr5.o(this.seedKey, as5.i(str)), this.seedKey, 16384, 8, 1, 32);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) {
            throw new KeyStoreException("delete operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) {
            try {
                byte[] calculateMac = calculateMac(str, cArr);
                if (!this.cache.containsKey(str) || lr5.s(this.cache.get(str), calculateMac)) {
                    Key engineGetKey = super.engineGetKey(str, cArr);
                    if (engineGetKey != null && !this.cache.containsKey(str)) {
                        this.cache.put(str, calculateMac);
                    }
                    return engineGetKey;
                }
                throw new UnrecoverableKeyException("unable to recover key (" + str + ")");
            } catch (InvalidKeyException e) {
                throw new UnrecoverableKeyException("unable to recover key (" + str + "): " + e.getMessage());
            }
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            throw new KeyStoreException("set operation not supported in shared mode");
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            throw new KeyStoreException("set operation not supported in shared mode");
        }
    }

    /* loaded from: classes3.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new oe5());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineStore(loadStoreParameter);
        }
    }

    /* loaded from: classes3.dex */
    public static class StdShared extends SharedKeyStoreSpi {
        public StdShared() {
            super(new oe5());
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineLoad(loadStoreParameter);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.SharedKeyStoreSpi, org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }

        @Override // org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
            super.engineStore(loadStoreParameter);
        }
    }

    static {
        HashMap hashMap = new HashMap();
        oidMap = hashMap;
        HashMap hashMap2 = new HashMap();
        publicAlgMap = hashMap2;
        hp4 hp4Var = fu4.h;
        hashMap.put("DESEDE", hp4Var);
        hashMap.put("TRIPLEDES", hp4Var);
        hashMap.put("TDEA", hp4Var);
        hashMap.put("HMACSHA1", tu4.v3);
        hashMap.put("HMACSHA224", tu4.w3);
        hashMap.put("HMACSHA256", tu4.x3);
        hashMap.put("HMACSHA384", tu4.y3);
        hashMap.put("HMACSHA512", tu4.z3);
        hashMap.put("SEED", dt4.a);
        hashMap.put("CAMELLIA.128", ot4.a);
        hashMap.put("CAMELLIA.192", ot4.b);
        hashMap.put("CAMELLIA.256", ot4.c);
        hashMap.put("ARIA.128", nt4.h);
        hashMap.put("ARIA.192", nt4.m);
        hashMap.put("ARIA.256", nt4.r);
        hashMap2.put(tu4.M2, "RSA");
        hashMap2.put(qy4.n6, "EC");
        hashMap2.put(fu4.l, "DH");
        hashMap2.put(tu4.d3, "DH");
        hashMap2.put(qy4.X6, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    public BcFKSKeyStoreSpi(qe5 qe5Var) {
        this.helper = qe5Var;
    }

    private byte[] calculateMac(byte[] bArr, dw4 dw4Var, nu4 nu4Var, char[] cArr) {
        String u = dw4Var.h().u();
        Mac createMac = this.helper.createMac(u);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            createMac.init(new SecretKeySpec(generateKey(nu4Var, "INTEGRITY_CHECK", cArr, -1), u));
            return createMac.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IOException("Cannot set up MAC calculation: " + e.getMessage());
        }
    }

    private Cipher createCipher(String str, byte[] bArr) {
        Cipher createCipher = this.helper.createCipher(str);
        createCipher.init(1, new SecretKeySpec(bArr, "AES"));
        return createCipher;
    }

    private as4 createPrivateKeySequence(lu4 lu4Var, Certificate[] certificateArr) {
        pw4[] pw4VarArr = new pw4[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            pw4VarArr[i] = pw4.i(certificateArr[i].getEncoded());
        }
        return new as4(lu4Var, pw4VarArr);
    }

    private Certificate decodeCertificate(Object obj) {
        qe5 qe5Var = this.helper;
        if (qe5Var != null) {
            try {
                return qe5Var.createCertificateFactory("X.509").generateCertificate(new ByteArrayInputStream(pw4.i(obj).getEncoded()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(pw4.i(obj).getEncoded()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] decryptData(String str, dw4 dw4Var, char[] cArr, byte[] bArr) {
        Cipher createCipher;
        AlgorithmParameters algorithmParameters;
        if (!dw4Var.h().l(tu4.l3)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        qu4 i = qu4.i(dw4Var.k());
        mu4 h = i.h();
        try {
            if (h.h().l(mt4.T)) {
                createCipher = this.helper.createCipher("AES/CCM/NoPadding");
                algorithmParameters = this.helper.createAlgorithmParameters("CCM");
                algorithmParameters.init(ls4.i(h.j()).getEncoded());
            } else {
                if (!h.h().l(mt4.U)) {
                    throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
                }
                createCipher = this.helper.createCipher("AESKWP");
                algorithmParameters = null;
            }
            nu4 j = i.j();
            if (cArr == null) {
                cArr = new char[0];
            }
            createCipher.init(2, new SecretKeySpec(generateKey(j, str, cArr, 32), "AES"), algorithmParameters);
            return createCipher.doFinal(bArr);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new IOException(e2.toString());
        }
    }

    private Date extractCreationDate(cs4 cs4Var, Date date) {
        try {
            return cs4Var.h().t();
        } catch (ParseException unused) {
            return date;
        }
    }

    private char[] extractPassword(KeyStore.LoadStoreParameter loadStoreParameter) {
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            return null;
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
            throw new IllegalArgumentException("no support for protection parameter of type " + protectionParameter.getClass().getName());
        }
        CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (UnsupportedCallbackException e) {
            throw new IllegalArgumentException("PasswordCallback not recognised: " + e.getMessage(), e);
        }
    }

    private byte[] generateKey(nu4 nu4Var, String str, char[] cArr, int i) {
        byte[] PKCS12PasswordToBytes = sz4.PKCS12PasswordToBytes(cArr);
        byte[] PKCS12PasswordToBytes2 = sz4.PKCS12PasswordToBytes(str.toCharArray());
        if (gt4.M.l(nu4Var.h())) {
            jt4 j = jt4.j(nu4Var.j());
            if (j.k() != null) {
                i = j.k().intValue();
            } else if (i == -1) {
                throw new IOException("no keyLength found in ScryptParams");
            }
            return m55.i(lr5.o(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), j.m(), j.i().intValue(), j.h().intValue(), j.h().intValue(), i);
        }
        if (!nu4Var.h().l(tu4.m3)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        ru4 h = ru4.h(nu4Var.j());
        if (h.j() != null) {
            i = h.j().intValue();
        } else if (i == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (h.k().h().l(tu4.z3)) {
            j55 j55Var = new j55(new p15());
            j55Var.init(lr5.o(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), h.l(), h.i().intValue());
            return ((fa5) j55Var.generateDerivedParameters(i * 8)).a();
        }
        if (h.k().h().l(mt4.r)) {
            j55 j55Var2 = new j55(new o15(512));
            j55Var2.init(lr5.o(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), h.l(), h.i().intValue());
            return ((fa5) j55Var2.generateDerivedParameters(i * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + h.k().h());
    }

    private nu4 generatePkbdAlgorithmIdentifier(hp4 hp4Var, int i) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        hp4 hp4Var2 = tu4.m3;
        if (hp4Var2.l(hp4Var)) {
            return new nu4(hp4Var2, new ru4(bArr, 51200, i, new dw4(tu4.z3, pq4.a)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + hp4Var);
    }

    private nu4 generatePkbdAlgorithmIdentifier(nu4 nu4Var, int i) {
        hp4 hp4Var = gt4.M;
        boolean l = hp4Var.l(nu4Var.h());
        xo4 j = nu4Var.j();
        if (l) {
            jt4 j2 = jt4.j(j);
            byte[] bArr = new byte[j2.m().length];
            getDefaultSecureRandom().nextBytes(bArr);
            return new nu4(hp4Var, new jt4(bArr, j2.i(), j2.h(), j2.l(), BigInteger.valueOf(i)));
        }
        ru4 h = ru4.h(j);
        byte[] bArr2 = new byte[h.l().length];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new nu4(tu4.m3, new ru4(bArr2, h.i().intValue(), i, h.k()));
    }

    private nu4 generatePkbdAlgorithmIdentifier(oc5 oc5Var, int i) {
        hp4 hp4Var = gt4.M;
        if (hp4Var.l(oc5Var.a())) {
            tc5 tc5Var = (tc5) oc5Var;
            byte[] bArr = new byte[tc5Var.e()];
            getDefaultSecureRandom().nextBytes(bArr);
            return new nu4(hp4Var, new jt4(bArr, tc5Var.c(), tc5Var.b(), tc5Var.d(), i));
        }
        nc5 nc5Var = (nc5) oc5Var;
        byte[] bArr2 = new byte[nc5Var.d()];
        getDefaultSecureRandom().nextBytes(bArr2);
        return new nu4(tu4.m3, new ru4(bArr2, nc5Var.b(), i, nc5Var.c()));
    }

    private dw4 generateSignatureAlgId(Key key, uc5.d dVar) {
        if (key == null) {
            return null;
        }
        if (key instanceof af5) {
            if (dVar == uc5.d.SHA512withECDSA) {
                return new dw4(qy4.s6);
            }
            if (dVar == uc5.d.SHA3_512withECDSA) {
                return new dw4(mt4.i0);
            }
        }
        if (key instanceof DSAKey) {
            if (dVar == uc5.d.SHA512withDSA) {
                return new dw4(mt4.a0);
            }
            if (dVar == uc5.d.SHA3_512withDSA) {
                return new dw4(mt4.e0);
            }
        }
        if (key instanceof RSAKey) {
            if (dVar == uc5.d.SHA512withRSA) {
                return new dw4(tu4.Y2, pq4.a);
            }
            if (dVar == uc5.d.SHA3_512withRSA) {
                return new dw4(mt4.m0, pq4.a);
            }
        }
        throw new IOException("unknown signature algorithm");
    }

    private SecureRandom getDefaultSecureRandom() {
        return cz4.b();
    }

    private zr4 getEncryptedObjectStoreData(dw4 dw4Var, char[] cArr) {
        cs4[] cs4VarArr = (cs4[]) this.entries.values().toArray(new cs4[this.entries.size()]);
        nu4 generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(this.hmacPkbdAlgorithm, 32);
        if (cArr == null) {
            cArr = new char[0];
        }
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr, 32);
        fs4 fs4Var = new fs4(dw4Var, this.creationDate, this.lastModifiedDate, new ds4(cs4VarArr), null);
        try {
            hp4 hp4Var = this.storeEncryptionAlgorithm;
            hp4 hp4Var2 = mt4.T;
            if (!hp4Var.l(hp4Var2)) {
                return new zr4(new dw4(tu4.l3, new qu4(generatePkbdAlgorithmIdentifier, new mu4(mt4.U))), createCipher("AESKWP", generateKey).doFinal(fs4Var.getEncoded()));
            }
            Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
            return new zr4(new dw4(tu4.l3, new qu4(generatePkbdAlgorithmIdentifier, new mu4(hp4Var2, ls4.i(createCipher.getParameters().getEncoded())))), createCipher.doFinal(fs4Var.getEncoded()));
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (NoSuchProviderException e2) {
            throw new IOException(e2.toString());
        } catch (BadPaddingException e3) {
            throw new IOException(e3.toString());
        } catch (IllegalBlockSizeException e4) {
            throw new IOException(e4.toString());
        } catch (NoSuchPaddingException e5) {
            throw new NoSuchAlgorithmException(e5.toString());
        }
    }

    private static String getPublicKeyAlg(hp4 hp4Var) {
        String str = publicAlgMap.get(hp4Var);
        return str != null ? str : hp4Var.u();
    }

    private boolean isSimilarHmacPbkd(oc5 oc5Var, nu4 nu4Var) {
        if (!oc5Var.a().l(nu4Var.h())) {
            return false;
        }
        if (gt4.M.l(nu4Var.h())) {
            if (!(oc5Var instanceof tc5)) {
                return false;
            }
            tc5 tc5Var = (tc5) oc5Var;
            jt4 j = jt4.j(nu4Var.j());
            return tc5Var.e() == j.m().length && tc5Var.b() == j.h().intValue() && tc5Var.c() == j.i().intValue() && tc5Var.d() == j.l().intValue();
        }
        if (!(oc5Var instanceof nc5)) {
            return false;
        }
        nc5 nc5Var = (nc5) oc5Var;
        ru4 h = ru4.h(nu4Var.j());
        return nc5Var.d() == h.l().length && nc5Var.b() == h.i().intValue();
    }

    private void verifyMac(byte[] bArr, hs4 hs4Var, char[] cArr) {
        if (!lr5.s(calculateMac(bArr, hs4Var.j(), hs4Var.k(), cArr), hs4Var.i())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed");
        }
    }

    private void verifySig(xo4 xo4Var, js4 js4Var, PublicKey publicKey) {
        Signature createSignature = this.helper.createSignature(js4Var.k().h().u());
        createSignature.initVerify(publicKey);
        createSignature.update(xo4Var.c().g("DER"));
        if (!createSignature.verify(js4Var.j().s())) {
            throw new IOException("BCFKS KeyStore corrupted: signature calculation failed");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        Objects.requireNonNull(str, "alias value is null");
        return this.entries.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
        if (this.entries.get(str) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        cs4 cs4Var = this.entries.get(str);
        if (cs4Var == null) {
            return null;
        }
        if (cs4Var.m().equals(PRIVATE_KEY) || cs4Var.m().equals(PROTECTED_PRIVATE_KEY)) {
            return decodeCertificate(as4.j(cs4Var.i()).h()[0]);
        }
        if (cs4Var.m().equals(CERTIFICATE)) {
            return decodeCertificate(cs4Var.i());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                cs4 cs4Var = this.entries.get(str);
                if (cs4Var.m().equals(CERTIFICATE)) {
                    if (lr5.b(cs4Var.i(), encoded)) {
                        return str;
                    }
                } else if (cs4Var.m().equals(PRIVATE_KEY) || cs4Var.m().equals(PROTECTED_PRIVATE_KEY)) {
                    try {
                        if (lr5.b(as4.j(cs4Var.i()).h()[0].c().getEncoded(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        cs4 cs4Var = this.entries.get(str);
        if (cs4Var == null) {
            return null;
        }
        if (!cs4Var.m().equals(PRIVATE_KEY) && !cs4Var.m().equals(PROTECTED_PRIVATE_KEY)) {
            return null;
        }
        pw4[] h = as4.j(cs4Var.i()).h();
        int length = h.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i != length; i++) {
            x509CertificateArr[i] = decodeCertificate(h[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        cs4 cs4Var = this.entries.get(str);
        if (cs4Var == null) {
            return null;
        }
        try {
            return cs4Var.l().t();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        cs4 cs4Var = this.entries.get(str);
        if (cs4Var == null) {
            return null;
        }
        if (cs4Var.m().equals(PRIVATE_KEY) || cs4Var.m().equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey privateKey = this.privateKeyCache.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            lu4 j = lu4.j(as4.j(cs4Var.i()).i());
            try {
                vu4 i = vu4.i(decryptData("PRIVATE_KEY_ENCRYPTION", j.i(), cArr, j.h()));
                PrivateKey generatePrivate = this.helper.createKeyFactory(getPublicKeyAlg(i.k().h())).generatePrivate(new PKCS8EncodedKeySpec(i.getEncoded()));
                this.privateKeyCache.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e.getMessage());
            }
        }
        if (!cs4Var.m().equals(SECRET_KEY) && !cs4Var.m().equals(PROTECTED_SECRET_KEY)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        bs4 i2 = bs4.i(cs4Var.i());
        try {
            is4 h = is4.h(decryptData("SECRET_KEY_ENCRYPTION", i2.j(), cArr, i2.h()));
            return this.helper.createSecretKeyFactory(h.i().u()).generateSecret(new SecretKeySpec(h.j(), h.i().u()));
        } catch (Exception e2) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        cs4 cs4Var = this.entries.get(str);
        if (cs4Var != null) {
            return cs4Var.m().equals(CERTIFICATE);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        cs4 cs4Var = this.entries.get(str);
        if (cs4Var == null) {
            return false;
        }
        BigInteger m = cs4Var.m();
        return m.equals(PRIVATE_KEY) || m.equals(SECRET_KEY) || m.equals(PROTECTED_PRIVATE_KEY) || m.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        dw4 k;
        xo4 j;
        PublicKey publicKey;
        fs4 i;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.verificationKey = null;
            this.validator = null;
            this.hmacAlgorithm = new dw4(tu4.z3, pq4.a);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(tu4.m3, 64);
            return;
        }
        try {
            es4 h = es4.h(new dp4(inputStream).H());
            gs4 i2 = h.i();
            if (i2.j() == 0) {
                hs4 h2 = hs4.h(i2.i());
                this.hmacAlgorithm = h2.j();
                this.hmacPkbdAlgorithm = h2.k();
                k = this.hmacAlgorithm;
                try {
                    verifyMac(h.j().c().getEncoded(), h2, cArr);
                } catch (NoSuchProviderException e) {
                    throw new IOException(e.getMessage());
                }
            } else {
                if (i2.j() != 1) {
                    throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
                }
                js4 i3 = js4.i(i2.i());
                k = i3.k();
                try {
                    pw4[] h3 = i3.h();
                    if (this.validator == null) {
                        j = h.j();
                        publicKey = this.verificationKey;
                    } else {
                        if (h3 == null) {
                            throw new IOException("validator specified but no certifcates in store");
                        }
                        CertificateFactory createCertificateFactory = this.helper.createCertificateFactory("X.509");
                        int length = h3.length;
                        X509Certificate[] x509CertificateArr = new X509Certificate[length];
                        for (int i4 = 0; i4 != length; i4++) {
                            x509CertificateArr[i4] = (X509Certificate) createCertificateFactory.generateCertificate(new ByteArrayInputStream(h3[i4].getEncoded()));
                        }
                        if (!this.validator.isValid(x509CertificateArr)) {
                            throw new IOException("certificate chain in key store signature not valid");
                        }
                        j = h.j();
                        publicKey = x509CertificateArr[0].getPublicKey();
                    }
                    verifySig(j, i3, publicKey);
                } catch (GeneralSecurityException e2) {
                    throw new IOException("error verifying signature: " + e2.getMessage(), e2);
                }
            }
            xo4 j2 = h.j();
            if (j2 instanceof zr4) {
                zr4 zr4Var = (zr4) j2;
                i = fs4.i(decryptData("STORE_ENCRYPTION", zr4Var.i(), cArr, zr4Var.h().s()));
            } else {
                i = fs4.i(j2);
            }
            try {
                this.creationDate = i.h().t();
                this.lastModifiedDate = i.k().t();
                if (!i.j().equals(k)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<xo4> it = i.l().iterator();
                while (it.hasNext()) {
                    cs4 k2 = cs4.k(it.next());
                    this.entries.put(k2.j(), k2);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e3) {
            throw new IOException(e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (!(loadStoreParameter instanceof uc5)) {
            if (loadStoreParameter instanceof wc5) {
                engineLoad(((wc5) loadStoreParameter).a(), extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        uc5 uc5Var = (uc5) loadStoreParameter;
        char[] extractPassword = extractPassword(uc5Var);
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(uc5Var.g(), 64);
        this.storeEncryptionAlgorithm = uc5Var.e() == uc5.b.AES256_CCM ? mt4.T : mt4.U;
        this.hmacAlgorithm = uc5Var.f() == uc5.c.HmacSHA512 ? new dw4(tu4.z3, pq4.a) : new dw4(mt4.r, pq4.a);
        this.verificationKey = (PublicKey) uc5Var.i();
        this.validator = uc5Var.c();
        this.signatureAlgorithm = generateSignatureAlgId(this.verificationKey, uc5Var.h());
        hp4 hp4Var = this.storeEncryptionAlgorithm;
        InputStream a = uc5Var.a();
        engineLoad(a, extractPassword);
        if (a != null) {
            if (!isSimilarHmacPbkd(uc5Var.g(), this.hmacPkbdAlgorithm) || !hp4Var.l(this.storeEncryptionAlgorithm)) {
                throw new IOException("configuration parameters do not match existing store");
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        Date date;
        cs4 cs4Var = this.entries.get(str);
        Date date2 = new Date();
        if (cs4Var == null) {
            date = date2;
        } else {
            if (!cs4Var.m().equals(CERTIFICATE)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = extractCreationDate(cs4Var, date2);
        }
        try {
            this.entries.put(str, new cs4(CERTIFICATE, str, date, date2, certificate.getEncoded(), null));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
        is4 is4Var;
        bs4 bs4Var;
        lu4 lu4Var;
        Date date = new Date();
        cs4 cs4Var = this.entries.get(str);
        Date extractCreationDate = cs4Var != null ? extractCreationDate(cs4Var, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                nu4 generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(tu4.m3, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr, 32);
                hp4 hp4Var = this.storeEncryptionAlgorithm;
                hp4 hp4Var2 = mt4.T;
                if (hp4Var.l(hp4Var2)) {
                    Cipher createCipher = createCipher("AES/CCM/NoPadding", generateKey);
                    lu4Var = new lu4(new dw4(tu4.l3, new qu4(generatePkbdAlgorithmIdentifier, new mu4(hp4Var2, ls4.i(createCipher.getParameters().getEncoded())))), createCipher.doFinal(encoded));
                } else {
                    lu4Var = new lu4(new dw4(tu4.l3, new qu4(generatePkbdAlgorithmIdentifier, new mu4(mt4.U))), createCipher("AESKWP", generateKey).doFinal(encoded));
                }
                this.entries.put(str, new cs4(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(lu4Var, certificateArr).getEncoded(), null));
            } catch (Exception e) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                nu4 generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(tu4.m3, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr, 32);
                String k = as5.k(key.getAlgorithm());
                if (k.indexOf("AES") > -1) {
                    is4Var = new is4(mt4.w, encoded2);
                } else {
                    Map<String, hp4> map = oidMap;
                    hp4 hp4Var3 = map.get(k);
                    if (hp4Var3 != null) {
                        is4Var = new is4(hp4Var3, encoded2);
                    } else {
                        hp4 hp4Var4 = map.get(k + "." + (encoded2.length * 8));
                        if (hp4Var4 == null) {
                            throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + k + ") for storage.");
                        }
                        is4Var = new is4(hp4Var4, encoded2);
                    }
                }
                hp4 hp4Var5 = this.storeEncryptionAlgorithm;
                hp4 hp4Var6 = mt4.T;
                if (hp4Var5.l(hp4Var6)) {
                    Cipher createCipher2 = createCipher("AES/CCM/NoPadding", generateKey2);
                    bs4Var = new bs4(new dw4(tu4.l3, new qu4(generatePkbdAlgorithmIdentifier2, new mu4(hp4Var6, ls4.i(createCipher2.getParameters().getEncoded())))), createCipher2.doFinal(is4Var.getEncoded()));
                } else {
                    bs4Var = new bs4(new dw4(tu4.l3, new qu4(generatePkbdAlgorithmIdentifier2, new mu4(mt4.U))), createCipher("AESKWP", generateKey2).doFinal(is4Var.getEncoded()));
                }
                this.entries.put(str, new cs4(SECRET_KEY, str, extractCreationDate, date, bs4Var.getEncoded(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        Date date = new Date();
        cs4 cs4Var = this.entries.get(str);
        Date extractCreationDate = cs4Var != null ? extractCreationDate(cs4Var, date) : date;
        if (certificateArr != null) {
            try {
                lu4 j = lu4.j(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new cs4(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(j, certificateArr).getEncoded(), null));
                } catch (Exception e) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.entries.put(str, new cs4(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr, null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e3.toString(), e3);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
        nu4 nu4Var;
        BigInteger j;
        if (this.creationDate == null) {
            throw new IOException("KeyStore not initialized");
        }
        zr4 encryptedObjectStoreData = getEncryptedObjectStoreData(this.hmacAlgorithm, cArr);
        if (gt4.M.l(this.hmacPkbdAlgorithm.h())) {
            jt4 j2 = jt4.j(this.hmacPkbdAlgorithm.j());
            nu4Var = this.hmacPkbdAlgorithm;
            j = j2.k();
        } else {
            ru4 h = ru4.h(this.hmacPkbdAlgorithm.j());
            nu4Var = this.hmacPkbdAlgorithm;
            j = h.j();
        }
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(nu4Var, j.intValue());
        try {
            outputStream.write(new es4(encryptedObjectStoreData, new gs4(new hs4(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(encryptedObjectStoreData.getEncoded(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).getEncoded());
            outputStream.flush();
        } catch (NoSuchProviderException e) {
            throw new IOException("cannot calculate mac: " + e.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
        js4 js4Var;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (loadStoreParameter instanceof vc5) {
            vc5 vc5Var = (vc5) loadStoreParameter;
            char[] extractPassword = extractPassword(loadStoreParameter);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(vc5Var.b(), 64);
            engineStore(vc5Var.a(), extractPassword);
            return;
        }
        if (!(loadStoreParameter instanceof uc5)) {
            if (loadStoreParameter instanceof wc5) {
                engineStore(((wc5) loadStoreParameter).b(), extractPassword(loadStoreParameter));
                return;
            }
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        uc5 uc5Var = (uc5) loadStoreParameter;
        if (uc5Var.i() == null) {
            char[] extractPassword2 = extractPassword(uc5Var);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(uc5Var.g(), 64);
            this.storeEncryptionAlgorithm = uc5Var.e() == uc5.b.AES256_CCM ? mt4.T : mt4.U;
            this.hmacAlgorithm = uc5Var.f() == uc5.c.HmacSHA512 ? new dw4(tu4.z3, pq4.a) : new dw4(mt4.r, pq4.a);
            engineStore(uc5Var.b(), extractPassword2);
            return;
        }
        this.signatureAlgorithm = generateSignatureAlgId(uc5Var.i(), uc5Var.h());
        this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(uc5Var.g(), 64);
        this.storeEncryptionAlgorithm = uc5Var.e() == uc5.b.AES256_CCM ? mt4.T : mt4.U;
        this.hmacAlgorithm = uc5Var.f() == uc5.c.HmacSHA512 ? new dw4(tu4.z3, pq4.a) : new dw4(mt4.r, pq4.a);
        zr4 encryptedObjectStoreData = getEncryptedObjectStoreData(this.signatureAlgorithm, extractPassword(uc5Var));
        try {
            Signature createSignature = this.helper.createSignature(this.signatureAlgorithm.h().u());
            createSignature.initSign((PrivateKey) uc5Var.i());
            createSignature.update(encryptedObjectStoreData.getEncoded());
            X509Certificate[] d = uc5Var.d();
            if (d != null) {
                int length = d.length;
                pw4[] pw4VarArr = new pw4[length];
                for (int i = 0; i != length; i++) {
                    pw4VarArr[i] = pw4.i(d[i].getEncoded());
                }
                js4Var = new js4(this.signatureAlgorithm, pw4VarArr, createSignature.sign());
            } else {
                js4Var = new js4(this.signatureAlgorithm, createSignature.sign());
            }
            uc5Var.b().write(new es4(encryptedObjectStoreData, new gs4(js4Var)).getEncoded());
            uc5Var.b().flush();
        } catch (GeneralSecurityException e) {
            throw new IOException("error creating signature: " + e.getMessage(), e);
        }
    }
}
