package org.spongycastle.jcajce.provider.keystore.bcfks;

import exp.bnr;
import exp.bnw;
import exp.boa;
import exp.bpm;
import exp.bqt;
import exp.bqu;
import exp.bqv;
import exp.bqw;
import exp.bqx;
import exp.bqy;
import exp.bqz;
import exp.bra;
import exp.brb;
import exp.brc;
import exp.brg;
import exp.bsl;
import exp.bsp;
import exp.bsv;
import exp.bsw;
import exp.bsx;
import exp.bta;
import exp.btb;
import exp.btd;
import exp.btf;
import exp.bui;
import exp.buo;
import exp.bvw;
import exp.bxw;
import exp.bzi;
import exp.ccu;
import exp.cgi;
import exp.cit;
import exp.ctn;
import exp.cua;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map<String, boa> oidMap = new HashMap();
    private static final Map<boa, String> publicAlgMap = new HashMap();
    private Date creationDate;
    private bui hmacAlgorithm;
    private bsx hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private final cit provider;
    private final Map<String, bqw> entries = new HashMap();
    private final Map<String, PrivateKey> privateKeyCache = new HashMap();

    /* loaded from: classes.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(null);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new cit());
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) throws KeyStoreException {
            super.engineDeleteEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
            super.engineStore(outputStream, cArr);
        }
    }

    static {
        oidMap.put("DESEDE", bsp.f5967);
        oidMap.put("TRIPLEDES", bsp.f5967);
        oidMap.put("TDEA", bsp.f5967);
        oidMap.put("HMACSHA1", btd.f6025);
        oidMap.put("HMACSHA224", btd.f6030);
        oidMap.put("HMACSHA256", btd.f6036);
        oidMap.put("HMACSHA384", btd.f6039);
        oidMap.put("HMACSHA512", btd.f6041);
        publicAlgMap.put(btd.b_, "RSA");
        publicAlgMap.put(bvw.f6713, "EC");
        publicAlgMap.put(bsp.f5971, "DH");
        publicAlgMap.put(btd.f6096, "DH");
        publicAlgMap.put(bvw.f6759, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(cit citVar) {
        this.provider = citVar;
    }

    private byte[] calculateMac(byte[] bArr, bui buiVar, bsx bsxVar, char[] cArr) throws NoSuchAlgorithmException, IOException {
        String m6022 = buiVar.m6400().m6022();
        cit citVar = this.provider;
        Mac mac = citVar != null ? Mac.getInstance(m6022, citVar) : Mac.getInstance(m6022);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            mac.init(new SecretKeySpec(generateKey(bsxVar, "INTEGRITY_CHECK", cArr), m6022));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IOException("Cannot set up MAC calculation: " + e.getMessage());
        }
    }

    private bqu createPrivateKeySequence(bsv bsvVar, Certificate[] certificateArr) throws CertificateEncodingException {
        buo[] buoVarArr = new buo[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            buoVarArr[i] = buo.m6413(certificateArr[i].getEncoded());
        }
        return new bqu(bsvVar, buoVarArr);
    }

    private Certificate decodeCertificate(Object obj) {
        cit citVar = this.provider;
        if (citVar != null) {
            try {
                return CertificateFactory.getInstance("X.509", citVar).generateCertificate(new ByteArrayInputStream(buo.m6413(obj).mo6003()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(buo.m6413(obj).mo6003()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] decryptData(String str, bui buiVar, char[] cArr, byte[] bArr) throws IOException {
        Cipher cipher;
        AlgorithmParameters algorithmParameters;
        if (!buiVar.m6400().equals(btd.f6076)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        bta m6266 = bta.m6266(buiVar.m6401());
        bsw m6268 = m6266.m6268();
        if (!m6268.m6251().equals(bsl.f5890)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        try {
            brg m6173 = brg.m6173(m6268.m6252());
            if (this.provider == null) {
                cipher = Cipher.getInstance("AES/CCM/NoPadding");
                algorithmParameters = AlgorithmParameters.getInstance("CCM");
            } else {
                cipher = Cipher.getInstance("AES/CCM/NoPadding", this.provider);
                algorithmParameters = AlgorithmParameters.getInstance("CCM", this.provider);
            }
            algorithmParameters.init(m6173.mo6003());
            bsx m6267 = m6266.m6267();
            if (cArr == null) {
                cArr = new char[0];
            }
            cipher.init(2, new SecretKeySpec(generateKey(m6267, str, cArr), "AES"), algorithmParameters);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new IOException(e.toString());
        }
    }

    private Date extractCreationDate(bqw bqwVar, Date date) {
        try {
            return bqwVar.m6147().m5985();
        } catch (ParseException unused) {
            return date;
        }
    }

    private byte[] generateKey(bsx bsxVar, String str, char[] cArr) throws IOException {
        byte[] m6664 = bxw.m6664(cArr);
        byte[] m66642 = bxw.m6664(str.toCharArray());
        ccu ccuVar = new ccu(new bzi());
        if (!bsxVar.m6254().equals(btd.f6080)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        btb m6269 = btb.m6269(bsxVar.m6255());
        if (!m6269.m6272().m6400().equals(btd.f6041)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF.");
        }
        ccuVar.m6669(ctn.m9028(m6664, m66642), m6269.m6273(), m6269.m6274().intValue());
        return ((cgi) ccuVar.mo6667(m6269.m6270().intValue() * 8)).m7523();
    }

    private bsx generatePkbdAlgorithmIdentifier(int i) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        return new bsx(btd.f6080, new btb(bArr, 1024, i, new bui(btd.f6041, bpm.f5453)));
    }

    private SecureRandom getDefaultSecureRandom() {
        return new SecureRandom();
    }

    private static String getPublicKeyAlg(boa boaVar) {
        String str = publicAlgMap.get(boaVar);
        return str != null ? str : boaVar.m6022();
    }

    private void verifyMac(byte[] bArr, brb brbVar, char[] cArr) throws NoSuchAlgorithmException, IOException {
        if (!ctn.m9051(calculateMac(bArr, brbVar.m6164(), brbVar.m6165(), cArr), brbVar.m6163())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.entries.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.entries.get(str) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        bqw bqwVar = this.entries.get(str);
        if (bqwVar == null) {
            return null;
        }
        if (bqwVar.m6146().equals(PRIVATE_KEY) || bqwVar.m6146().equals(PROTECTED_PRIVATE_KEY)) {
            return decodeCertificate(bqu.m6137(bqwVar.m6148()).m6138()[0]);
        }
        if (bqwVar.m6146().equals(CERTIFICATE)) {
            return decodeCertificate(bqwVar.m6148());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                bqw bqwVar = this.entries.get(str);
                if (bqwVar.m6146().equals(CERTIFICATE)) {
                    if (ctn.m9041(bqwVar.m6148(), encoded)) {
                        return str;
                    }
                } else if (bqwVar.m6146().equals(PRIVATE_KEY) || bqwVar.m6146().equals(PROTECTED_PRIVATE_KEY)) {
                    try {
                        if (ctn.m9041(bqu.m6137(bqwVar.m6148()).m6138()[0].mo5974().mo6003(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                        continue;
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        bqw bqwVar = this.entries.get(str);
        if (bqwVar == null) {
            return null;
        }
        if (!bqwVar.m6146().equals(PRIVATE_KEY) && !bqwVar.m6146().equals(PROTECTED_PRIVATE_KEY)) {
            return null;
        }
        buo[] m6138 = bqu.m6137(bqwVar.m6148()).m6138();
        X509Certificate[] x509CertificateArr = new X509Certificate[m6138.length];
        for (int i = 0; i != x509CertificateArr.length; i++) {
            x509CertificateArr[i] = decodeCertificate(m6138[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        bqw bqwVar = this.entries.get(str);
        if (bqwVar == null) {
            return null;
        }
        try {
            return bqwVar.m6145().m5985();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        bqw bqwVar = this.entries.get(str);
        if (bqwVar == null) {
            return null;
        }
        if (bqwVar.m6146().equals(PRIVATE_KEY) || bqwVar.m6146().equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey privateKey = this.privateKeyCache.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            bsv m6247 = bsv.m6247(bqu.m6137(bqwVar.m6148()).m6139());
            try {
                btf m6281 = btf.m6281(decryptData("PRIVATE_KEY_ENCRYPTION", m6247.m6248(), cArr, m6247.m6249()));
                PrivateKey generatePrivate = (this.provider != null ? KeyFactory.getInstance(m6281.m6283().m6400().m6022(), this.provider) : KeyFactory.getInstance(getPublicKeyAlg(m6281.m6283().m6400()))).generatePrivate(new PKCS8EncodedKeySpec(m6281.mo6003()));
                this.privateKeyCache.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e.getMessage());
            }
        }
        if (!bqwVar.m6146().equals(SECRET_KEY) && !bqwVar.m6146().equals(PROTECTED_SECRET_KEY)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        bqv m6140 = bqv.m6140(bqwVar.m6148());
        try {
            brc m6166 = brc.m6166(decryptData("SECRET_KEY_ENCRYPTION", m6140.m6141(), cArr, m6140.m6142()));
            return (this.provider != null ? SecretKeyFactory.getInstance(m6166.m6168().m6022(), this.provider) : SecretKeyFactory.getInstance(m6166.m6168().m6022())).generateSecret(new SecretKeySpec(m6166.m6167(), m6166.m6168().m6022()));
        } catch (Exception e2) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        bqw bqwVar = this.entries.get(str);
        if (bqwVar != null) {
            return bqwVar.m6146().equals(CERTIFICATE);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        bqw bqwVar = this.entries.get(str);
        if (bqwVar == null) {
            return false;
        }
        BigInteger m6146 = bqwVar.m6146();
        return m6146.equals(PRIVATE_KEY) || m6146.equals(SECRET_KEY) || m6146.equals(PROTECTED_PRIVATE_KEY) || m6146.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        bqz m6153;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.hmacAlgorithm = new bui(btd.f6041, bpm.f5453);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(64);
            return;
        }
        bqy m6150 = bqy.m6150(new bnw(inputStream).m5993());
        bra m6151 = m6150.m6151();
        if (m6151.m6160() != 0) {
            throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
        }
        brb m6162 = brb.m6162(m6151.m6161());
        this.hmacAlgorithm = m6162.m6164();
        this.hmacPkbdAlgorithm = m6162.m6165();
        verifyMac(m6150.m6152().mo5974().mo6003(), m6162, cArr);
        bnr m6152 = m6150.m6152();
        if (m6152 instanceof bqt) {
            bqt bqtVar = (bqt) m6152;
            m6153 = bqz.m6153(decryptData("STORE_ENCRYPTION", bqtVar.m6136(), cArr, bqtVar.m6135().mo6025()));
        } else {
            m6153 = bqz.m6153(m6152);
        }
        try {
            this.creationDate = m6153.m6156().m5985();
            this.lastModifiedDate = m6153.m6154().m5985();
            if (!m6153.m6157().equals(this.hmacAlgorithm)) {
                throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
            }
            Iterator<bnr> it = m6153.m6155().iterator();
            while (it.hasNext()) {
                bqw m6143 = bqw.m6143(it.next());
                this.entries.put(m6143.m6144(), m6143);
            }
        } catch (ParseException unused) {
            throw new IOException("BCFKS KeyStore unable to parse store data information.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        bqw bqwVar = this.entries.get(str);
        Date date2 = new Date();
        if (bqwVar == null) {
            date = date2;
        } else {
            if (!bqwVar.m6146().equals(CERTIFICATE)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = extractCreationDate(bqwVar, date2);
        }
        try {
            this.entries.put(str, new bqw(CERTIFICATE, str, date, date2, certificate.getEncoded(), null));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        byte[] doFinal;
        Date date = new Date();
        bqw bqwVar = this.entries.get(str);
        Date extractCreationDate = bqwVar != null ? extractCreationDate(bqwVar, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                bsx generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr);
                Cipher cipher = this.provider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.provider);
                cipher.init(1, new SecretKeySpec(generateKey, "AES"));
                this.entries.put(str, new bqw(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(new bsv(new bui(btd.f6076, new bta(generatePkbdAlgorithmIdentifier, new bsw(bsl.f5890, brg.m6173(cipher.getParameters().getEncoded())))), cipher.doFinal(encoded)), certificateArr).mo6003(), null));
            } catch (Exception e) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                bsx generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr);
                Cipher cipher2 = this.provider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.provider);
                cipher2.init(1, new SecretKeySpec(generateKey2, "AES"));
                String m9098 = cua.m9098(key.getAlgorithm());
                if (m9098.indexOf("AES") > -1) {
                    doFinal = cipher2.doFinal(new brc(bsl.f5915, encoded2).mo6003());
                } else {
                    boa boaVar = oidMap.get(m9098);
                    if (boaVar == null) {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + m9098 + ") for storage.");
                    }
                    doFinal = cipher2.doFinal(new brc(boaVar, encoded2).mo6003());
                }
                this.entries.put(str, new bqw(SECRET_KEY, str, extractCreationDate, date, new bqv(new bui(btd.f6076, new bta(generatePkbdAlgorithmIdentifier2, new bsw(bsl.f5890, brg.m6173(cipher2.getParameters().getEncoded())))), doFinal).mo6003(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        bqw bqwVar = this.entries.get(str);
        Date extractCreationDate = bqwVar != null ? extractCreationDate(bqwVar, date) : date;
        if (certificateArr != null) {
            try {
                bsv m6247 = bsv.m6247(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new bqw(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(m6247, certificateArr).mo6003(), null));
                } catch (Exception e) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.entries.put(str, new bqw(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr, null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e3.toString(), e3);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        bqw[] bqwVarArr = (bqw[]) this.entries.values().toArray(new bqw[this.entries.size()]);
        bsx generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(32);
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0]);
        bqz bqzVar = new bqz(this.hmacAlgorithm, this.creationDate, this.lastModifiedDate, new bqx(bqwVarArr), null);
        try {
            Cipher cipher = this.provider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.provider);
            cipher.init(1, new SecretKeySpec(generateKey, "AES"));
            bqt bqtVar = new bqt(new bui(btd.f6076, new bta(generatePkbdAlgorithmIdentifier, new bsw(bsl.f5890, brg.m6173(cipher.getParameters().getEncoded())))), cipher.doFinal(bqzVar.mo6003()));
            btb m6269 = btb.m6269(this.hmacPkbdAlgorithm.m6255());
            byte[] bArr = new byte[m6269.m6273().length];
            getDefaultSecureRandom().nextBytes(bArr);
            this.hmacPkbdAlgorithm = new bsx(this.hmacPkbdAlgorithm.m6254(), new btb(bArr, m6269.m6274().intValue(), m6269.m6270().intValue(), m6269.m6272()));
            outputStream.write(new bqy(bqtVar, new bra(new brb(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(bqtVar.mo6003(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).mo6003());
            outputStream.flush();
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (BadPaddingException e2) {
            throw new IOException(e2.toString());
        } catch (IllegalBlockSizeException e3) {
            throw new IOException(e3.toString());
        } catch (NoSuchPaddingException e4) {
            throw new NoSuchAlgorithmException(e4.toString());
        }
    }
}
