package org.spongycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import me.bnm;
import me.bnr;
import me.bnv;
import me.bph;
import me.bqo;
import me.bqp;
import me.bqq;
import me.bqr;
import me.bqs;
import me.bqt;
import me.bqu;
import me.bqv;
import me.bqw;
import me.bqx;
import me.brb;
import me.bsg;
import me.bsk;
import me.bsq;
import me.bsr;
import me.bss;
import me.bsv;
import me.bsw;
import me.bsy;
import me.bta;
import me.bud;
import me.buj;
import me.bvr;
import me.bxr;
import me.bzd;
import me.ccp;
import me.cgd;
import me.cio;
import me.cti;
import me.ctv;

/* loaded from: classes.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map<String, bnv> oidMap = new HashMap();
    private static final Map<bnv, String> publicAlgMap = new HashMap();
    private Date creationDate;
    private bud hmacAlgorithm;
    private bss hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private final cio provider;
    private final Map<String, bqr> entries = new HashMap();
    private final Map<String, PrivateKey> privateKeyCache = new HashMap();

    /* loaded from: classes.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(null);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new cio());
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }
    }

    static {
        oidMap.put("DESEDE", bsk.f5874);
        oidMap.put("TRIPLEDES", bsk.f5874);
        oidMap.put("TDEA", bsk.f5874);
        oidMap.put("HMACSHA1", bsy.f5929);
        oidMap.put("HMACSHA224", bsy.f5934);
        oidMap.put("HMACSHA256", bsy.f5940);
        oidMap.put("HMACSHA384", bsy.f5943);
        oidMap.put("HMACSHA512", bsy.f5945);
        publicAlgMap.put(bsy.b_, "RSA");
        publicAlgMap.put(bvr.f6620, "EC");
        publicAlgMap.put(bsk.f5878, "DH");
        publicAlgMap.put(bsy.f6000, "DH");
        publicAlgMap.put(bvr.f6666, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(cio cioVar) {
        this.provider = cioVar;
    }

    private byte[] calculateMac(byte[] bArr, bud budVar, bss bssVar, char[] cArr) throws NoSuchAlgorithmException, IOException {
        String m5956 = budVar.m6340().m5956();
        cio cioVar = this.provider;
        Mac mac = cioVar != null ? Mac.getInstance(m5956, cioVar) : Mac.getInstance(m5956);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            mac.init(new SecretKeySpec(generateKey(bssVar, "INTEGRITY_CHECK", cArr), m5956));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IOException("Cannot set up MAC calculation: " + e.getMessage());
        }
    }

    private bqp createPrivateKeySequence(bsq bsqVar, Certificate[] certificateArr) throws CertificateEncodingException {
        buj[] bujVarArr = new buj[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            bujVarArr[i] = buj.m6353(certificateArr[i].getEncoded());
        }
        return new bqp(bsqVar, bujVarArr);
    }

    private Certificate decodeCertificate(Object obj) {
        cio cioVar = this.provider;
        if (cioVar != null) {
            try {
                return CertificateFactory.getInstance("X.509", cioVar).generateCertificate(new ByteArrayInputStream(buj.m6353(obj).mo5943()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(buj.m6353(obj).mo5943()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] decryptData(String str, bud budVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher cipher;
        AlgorithmParameters algorithmParameters;
        if (!budVar.m6340().equals(bsy.f5980)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        bsv m6203 = bsv.m6203(budVar.m6341());
        bsr m6205 = m6203.m6205();
        if (!m6205.m6191().equals(bsg.f5797)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        try {
            brb m6113 = brb.m6113(m6205.m6192());
            if (this.provider == null) {
                cipher = Cipher.getInstance("AES/CCM/NoPadding");
                algorithmParameters = AlgorithmParameters.getInstance("CCM");
            } else {
                cipher = Cipher.getInstance("AES/CCM/NoPadding", this.provider);
                algorithmParameters = AlgorithmParameters.getInstance("CCM", this.provider);
            }
            algorithmParameters.init(m6113.mo5943());
            bss m6204 = m6203.m6204();
            if (cArr == null) {
                cArr = new char[0];
            }
            cipher.init(2, new SecretKeySpec(generateKey(m6204, str, cArr), "AES"), algorithmParameters);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new IOException(e.toString());
        }
    }

    private Date extractCreationDate(bqr bqrVar, Date date) {
        try {
            return bqrVar.m6087().m5925();
        } catch (ParseException unused) {
            return date;
        }
    }

    private byte[] generateKey(bss bssVar, String str, char[] cArr) throws IOException {
        byte[] m6604 = bxr.m6604(cArr);
        byte[] m66042 = bxr.m6604(str.toCharArray());
        ccp ccpVar = new ccp(new bzd());
        if (!bssVar.m6194().equals(bsy.f5984)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        bsw m6206 = bsw.m6206(bssVar.m6195());
        if (!m6206.m6209().m6340().equals(bsy.f5945)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF.");
        }
        ccpVar.m6609(cti.m8968(m6604, m66042), m6206.m6210(), m6206.m6211().intValue());
        return ((cgd) ccpVar.mo6607(m6206.m6207().intValue() * 8)).m7463();
    }

    private bss generatePkbdAlgorithmIdentifier(int i) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        return new bss(bsy.f5984, new bsw(bArr, 1024, i, new bud(bsy.f5945, bph.f5360)));
    }

    private SecureRandom getDefaultSecureRandom() {
        return new SecureRandom();
    }

    private static String getPublicKeyAlg(bnv bnvVar) {
        String str = publicAlgMap.get(bnvVar);
        return str != null ? str : bnvVar.m5956();
    }

    private void verifyMac(byte[] bArr, bqw bqwVar, char[] cArr) throws NoSuchAlgorithmException, IOException {
        if (!cti.m8991(calculateMac(bArr, bqwVar.m6103(), bqwVar.m6104(), cArr), bqwVar.m6102())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.entries.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.entries.get(str) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        bqr bqrVar = this.entries.get(str);
        if (bqrVar == null) {
            return null;
        }
        if (bqrVar.m6086().equals(PRIVATE_KEY) || bqrVar.m6086().equals(PROTECTED_PRIVATE_KEY)) {
            return decodeCertificate(bqp.m6077(bqrVar.m6088()).m6078()[0]);
        }
        if (bqrVar.m6086().equals(CERTIFICATE)) {
            return decodeCertificate(bqrVar.m6088());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                bqr bqrVar = this.entries.get(str);
                if (bqrVar.m6086().equals(CERTIFICATE)) {
                    if (cti.m8981(bqrVar.m6088(), encoded)) {
                        return str;
                    }
                } else if (bqrVar.m6086().equals(PRIVATE_KEY) || bqrVar.m6086().equals(PROTECTED_PRIVATE_KEY)) {
                    try {
                        if (cti.m8981(bqp.m6077(bqrVar.m6088()).m6078()[0].mo5914().mo5943(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                        continue;
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        bqr bqrVar = this.entries.get(str);
        if (bqrVar == null) {
            return null;
        }
        if (!bqrVar.m6086().equals(PRIVATE_KEY) && !bqrVar.m6086().equals(PROTECTED_PRIVATE_KEY)) {
            return null;
        }
        buj[] m6078 = bqp.m6077(bqrVar.m6088()).m6078();
        X509Certificate[] x509CertificateArr = new X509Certificate[m6078.length];
        for (int i = 0; i != x509CertificateArr.length; i++) {
            x509CertificateArr[i] = decodeCertificate(m6078[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        bqr bqrVar = this.entries.get(str);
        if (bqrVar == null) {
            return null;
        }
        try {
            return bqrVar.m6085().m5925();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        bqr bqrVar = this.entries.get(str);
        if (bqrVar == null) {
            return null;
        }
        if (bqrVar.m6086().equals(PRIVATE_KEY) || bqrVar.m6086().equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey privateKey = this.privateKeyCache.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            bsq m6187 = bsq.m6187(bqp.m6077(bqrVar.m6088()).m6079());
            try {
                bta m6221 = bta.m6221(decryptData("PRIVATE_KEY_ENCRYPTION", m6187.m6188(), cArr, m6187.m6189()));
                PrivateKey generatePrivate = (this.provider != null ? KeyFactory.getInstance(m6221.m6223().m6340().m5956(), this.provider) : KeyFactory.getInstance(getPublicKeyAlg(m6221.m6223().m6340()))).generatePrivate(new PKCS8EncodedKeySpec(m6221.mo5943()));
                this.privateKeyCache.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e.getMessage());
            }
        }
        if (!bqrVar.m6086().equals(SECRET_KEY) && !bqrVar.m6086().equals(PROTECTED_SECRET_KEY)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        bqq m6080 = bqq.m6080(bqrVar.m6088());
        try {
            bqx m6105 = bqx.m6105(decryptData("SECRET_KEY_ENCRYPTION", m6080.m6081(), cArr, m6080.m6082()));
            return (this.provider != null ? SecretKeyFactory.getInstance(m6105.m6107().m5956(), this.provider) : SecretKeyFactory.getInstance(m6105.m6107().m5956())).generateSecret(new SecretKeySpec(m6105.m6106(), m6105.m6107().m5956()));
        } catch (Exception e2) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        bqr bqrVar = this.entries.get(str);
        if (bqrVar != null) {
            return bqrVar.m6086().equals(CERTIFICATE);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        bqr bqrVar = this.entries.get(str);
        if (bqrVar == null) {
            return false;
        }
        BigInteger m6086 = bqrVar.m6086();
        return m6086.equals(PRIVATE_KEY) || m6086.equals(SECRET_KEY) || m6086.equals(PROTECTED_PRIVATE_KEY) || m6086.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        bqu m6093;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.hmacAlgorithm = new bud(bsy.f5945, bph.f5360);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(64);
            return;
        }
        bqt m6090 = bqt.m6090(new bnr(inputStream).m5933());
        bqv m6091 = m6090.m6091();
        if (m6091.m6099() != 0) {
            throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
        }
        bqw m6101 = bqw.m6101(m6091.m6100());
        this.hmacAlgorithm = m6101.m6103();
        this.hmacPkbdAlgorithm = m6101.m6104();
        verifyMac(m6090.m6092().mo5914().mo5943(), m6101, cArr);
        bnm m6092 = m6090.m6092();
        if (m6092 instanceof bqo) {
            bqo bqoVar = (bqo) m6092;
            m6093 = bqu.m6093(decryptData("STORE_ENCRYPTION", bqoVar.m6076(), cArr, bqoVar.m6075().mo5960()));
        } else {
            m6093 = bqu.m6093(m6092);
        }
        try {
            this.creationDate = m6093.m6096().m5925();
            this.lastModifiedDate = m6093.m6094().m5925();
            if (!m6093.m6097().equals(this.hmacAlgorithm)) {
                throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
            }
            Iterator<bnm> it = m6093.m6095().iterator();
            while (it.hasNext()) {
                bqr m6083 = bqr.m6083(it.next());
                this.entries.put(m6083.m6084(), m6083);
            }
        } catch (ParseException unused) {
            throw new IOException("BCFKS KeyStore unable to parse store data information.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        bqr bqrVar = this.entries.get(str);
        Date date2 = new Date();
        if (bqrVar == null) {
            date = date2;
        } else {
            if (!bqrVar.m6086().equals(CERTIFICATE)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = extractCreationDate(bqrVar, date2);
        }
        try {
            this.entries.put(str, new bqr(CERTIFICATE, str, date, date2, certificate.getEncoded(), null));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        byte[] doFinal;
        Date date = new Date();
        bqr bqrVar = this.entries.get(str);
        Date extractCreationDate = bqrVar != null ? extractCreationDate(bqrVar, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                bss generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr);
                Cipher cipher = this.provider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.provider);
                cipher.init(1, new SecretKeySpec(generateKey, "AES"));
                this.entries.put(str, new bqr(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(new bsq(new bud(bsy.f5980, new bsv(generatePkbdAlgorithmIdentifier, new bsr(bsg.f5797, brb.m6113(cipher.getParameters().getEncoded())))), cipher.doFinal(encoded)), certificateArr).mo5943(), null));
            } catch (Exception e) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                bss generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr);
                Cipher cipher2 = this.provider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.provider);
                cipher2.init(1, new SecretKeySpec(generateKey2, "AES"));
                String m9038 = ctv.m9038(key.getAlgorithm());
                if (m9038.indexOf("AES") > -1) {
                    doFinal = cipher2.doFinal(new bqx(bsg.f5822, encoded2).mo5943());
                } else {
                    bnv bnvVar = oidMap.get(m9038);
                    if (bnvVar == null) {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + m9038 + ") for storage.");
                    }
                    doFinal = cipher2.doFinal(new bqx(bnvVar, encoded2).mo5943());
                }
                this.entries.put(str, new bqr(SECRET_KEY, str, extractCreationDate, date, new bqq(new bud(bsy.f5980, new bsv(generatePkbdAlgorithmIdentifier2, new bsr(bsg.f5797, brb.m6113(cipher2.getParameters().getEncoded())))), doFinal).mo5943(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        bqr bqrVar = this.entries.get(str);
        Date extractCreationDate = bqrVar != null ? extractCreationDate(bqrVar, date) : date;
        if (certificateArr != null) {
            try {
                bsq m6187 = bsq.m6187(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new bqr(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(m6187, certificateArr).mo5943(), null));
                } catch (Exception e) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.entries.put(str, new bqr(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr, null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e3.toString(), e3);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        bqr[] bqrVarArr = (bqr[]) this.entries.values().toArray(new bqr[this.entries.size()]);
        bss generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(32);
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0]);
        bqu bquVar = new bqu(this.hmacAlgorithm, this.creationDate, this.lastModifiedDate, new bqs(bqrVarArr), null);
        try {
            Cipher cipher = this.provider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.provider);
            cipher.init(1, new SecretKeySpec(generateKey, "AES"));
            bqo bqoVar = new bqo(new bud(bsy.f5980, new bsv(generatePkbdAlgorithmIdentifier, new bsr(bsg.f5797, brb.m6113(cipher.getParameters().getEncoded())))), cipher.doFinal(bquVar.mo5943()));
            bsw m6206 = bsw.m6206(this.hmacPkbdAlgorithm.m6195());
            byte[] bArr = new byte[m6206.m6210().length];
            getDefaultSecureRandom().nextBytes(bArr);
            this.hmacPkbdAlgorithm = new bss(this.hmacPkbdAlgorithm.m6194(), new bsw(bArr, m6206.m6211().intValue(), m6206.m6207().intValue(), m6206.m6209()));
            outputStream.write(new bqt(bqoVar, new bqv(new bqw(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(bqoVar.mo5943(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).mo5943());
            outputStream.flush();
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (BadPaddingException e2) {
            throw new IOException(e2.toString());
        } catch (IllegalBlockSizeException e3) {
            throw new IOException(e3.toString());
        } catch (NoSuchPaddingException e4) {
            throw new NoSuchAlgorithmException(e4.toString());
        }
    }
}
