package org.bouncycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.bc.EncryptedObjectStoreData;
import org.bouncycastle.asn1.bc.EncryptedPrivateKeyData;
import org.bouncycastle.asn1.bc.EncryptedSecretKeyData;
import org.bouncycastle.asn1.bc.ObjectData;
import org.bouncycastle.asn1.bc.ObjectDataSequence;
import org.bouncycastle.asn1.bc.ObjectStore;
import org.bouncycastle.asn1.bc.ObjectStoreData;
import org.bouncycastle.asn1.bc.ObjectStoreIntegrityCheck;
import org.bouncycastle.asn1.bc.PbkdMacIntegrityCheck;
import org.bouncycastle.asn1.bc.SecretKeyData;
import org.bouncycastle.asn1.cms.CCMParameters;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.ScryptParams;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.EncryptionScheme;
import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
import org.bouncycastle.asn1.pkcs.PBES2Parameters;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.generators.SCrypt;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.util.PBKDF2Config;
import org.bouncycastle.crypto.util.PBKDFConfig;
import org.bouncycastle.crypto.util.ScryptConfig;
import org.bouncycastle.jcajce.BCFKSStoreParameter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;
import tv.danmaku.ijk.media.player.IjkMediaMeta;

/* loaded from: classes2.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {

    /* renamed from: h, reason: collision with root package name */
    private static final Map<String, ASN1ObjectIdentifier> f18396h;

    /* renamed from: i, reason: collision with root package name */
    private static final Map<ASN1ObjectIdentifier, String> f18397i;

    /* renamed from: j, reason: collision with root package name */
    private static final BigInteger f18398j;

    /* renamed from: k, reason: collision with root package name */
    private static final BigInteger f18399k;

    /* renamed from: l, reason: collision with root package name */
    private static final BigInteger f18400l;

    /* renamed from: m, reason: collision with root package name */
    private static final BigInteger f18401m;

    /* renamed from: n, reason: collision with root package name */
    private static final BigInteger f18402n;

    /* renamed from: a, reason: collision with root package name */
    private final BouncyCastleProvider f18403a;

    /* renamed from: b, reason: collision with root package name */
    private final Map<String, ObjectData> f18404b = new HashMap();

    /* renamed from: c, reason: collision with root package name */
    private final Map<String, PrivateKey> f18405c = new HashMap();

    /* renamed from: d, reason: collision with root package name */
    private AlgorithmIdentifier f18406d;

    /* renamed from: e, reason: collision with root package name */
    private KeyDerivationFunc f18407e;

    /* renamed from: f, reason: collision with root package name */
    private Date f18408f;

    /* renamed from: g, reason: collision with root package name */
    private Date f18409g;

    /* loaded from: classes2.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(null);
        }
    }

    /* loaded from: classes2.dex */
    private static class ExtKeyStoreException extends KeyStoreException {

        /* renamed from: i2, reason: collision with root package name */
        private final Throwable f18411i2;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.f18411i2 = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.f18411i2;
        }
    }

    /* loaded from: classes2.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BouncyCastleProvider());
        }
    }

    static {
        HashMap hashMap = new HashMap();
        f18396h = hashMap;
        HashMap hashMap2 = new HashMap();
        f18397i = hashMap2;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = OIWObjectIdentifiers.f15049h;
        hashMap.put("DESEDE", aSN1ObjectIdentifier);
        hashMap.put("TRIPLEDES", aSN1ObjectIdentifier);
        hashMap.put("TDEA", aSN1ObjectIdentifier);
        hashMap.put("HMACSHA1", PKCSObjectIdentifiers.P);
        hashMap.put("HMACSHA224", PKCSObjectIdentifiers.Q);
        hashMap.put("HMACSHA256", PKCSObjectIdentifiers.R);
        hashMap.put("HMACSHA384", PKCSObjectIdentifiers.S);
        hashMap.put("HMACSHA512", PKCSObjectIdentifiers.T);
        hashMap2.put(PKCSObjectIdentifiers.f15105h, "RSA");
        hashMap2.put(X9ObjectIdentifiers.f15780r1, "EC");
        hashMap2.put(OIWObjectIdentifiers.f15053l, "DH");
        hashMap2.put(PKCSObjectIdentifiers.f15137x, "DH");
        hashMap2.put(X9ObjectIdentifiers.X1, "DSA");
        f18398j = BigInteger.valueOf(0L);
        f18399k = BigInteger.valueOf(1L);
        f18400l = BigInteger.valueOf(2L);
        f18401m = BigInteger.valueOf(3L);
        f18402n = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(BouncyCastleProvider bouncyCastleProvider) {
        this.f18403a = bouncyCastleProvider;
    }

    private static String a(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        String str = f18397i.get(aSN1ObjectIdentifier);
        return str != null ? str : aSN1ObjectIdentifier.k();
    }

    private SecureRandom a() {
        return new SecureRandom();
    }

    private Certificate a(Object obj) {
        BouncyCastleProvider bouncyCastleProvider = this.f18403a;
        if (bouncyCastleProvider != null) {
            try {
                return CertificateFactory.getInstance("X.509", bouncyCastleProvider).generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.Certificate.a(obj).e()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.Certificate.a(obj).e()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private Date a(ObjectData objectData, Date date) {
        try {
            return objectData.f().k();
        } catch (ParseException unused) {
            return date;
        }
    }

    private EncryptedPrivateKeyData a(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, Certificate[] certificateArr) {
        org.bouncycastle.asn1.x509.Certificate[] certificateArr2 = new org.bouncycastle.asn1.x509.Certificate[certificateArr.length];
        for (int i10 = 0; i10 != certificateArr.length; i10++) {
            certificateArr2[i10] = org.bouncycastle.asn1.x509.Certificate.a(certificateArr[i10].getEncoded());
        }
        return new EncryptedPrivateKeyData(encryptedPrivateKeyInfo, certificateArr2);
    }

    private KeyDerivationFunc a(ASN1ObjectIdentifier aSN1ObjectIdentifier, int i10) {
        byte[] bArr = new byte[64];
        a().nextBytes(bArr);
        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = PKCSObjectIdentifiers.G;
        if (aSN1ObjectIdentifier2.equals(aSN1ObjectIdentifier)) {
            return new KeyDerivationFunc(aSN1ObjectIdentifier2, new PBKDF2Params(bArr, 51200, i10, new AlgorithmIdentifier(PKCSObjectIdentifiers.T, DERNull.f14082i2)));
        }
        throw new IllegalStateException("unknown derivation algorithm: " + aSN1ObjectIdentifier);
    }

    private KeyDerivationFunc a(KeyDerivationFunc keyDerivationFunc, int i10) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = MiscObjectIdentifiers.f14916y;
        boolean equals = aSN1ObjectIdentifier.equals(keyDerivationFunc.f());
        ASN1Encodable g10 = keyDerivationFunc.g();
        if (equals) {
            ScryptParams a10 = ScryptParams.a(g10);
            byte[] bArr = new byte[a10.j().length];
            a().nextBytes(bArr);
            return new KeyDerivationFunc(aSN1ObjectIdentifier, new ScryptParams(bArr, a10.g(), a10.f(), a10.i(), BigInteger.valueOf(i10)));
        }
        PBKDF2Params a11 = PBKDF2Params.a(g10);
        byte[] bArr2 = new byte[a11.i().length];
        a().nextBytes(bArr2);
        return new KeyDerivationFunc(PKCSObjectIdentifiers.G, new PBKDF2Params(bArr2, a11.f().intValue(), i10, a11.h()));
    }

    private KeyDerivationFunc a(PBKDFConfig pBKDFConfig, int i10) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = MiscObjectIdentifiers.f14916y;
        if (aSN1ObjectIdentifier.equals(pBKDFConfig.a())) {
            ScryptConfig scryptConfig = (ScryptConfig) pBKDFConfig;
            byte[] bArr = new byte[scryptConfig.e()];
            a().nextBytes(bArr);
            return new KeyDerivationFunc(aSN1ObjectIdentifier, new ScryptParams(bArr, scryptConfig.c(), scryptConfig.b(), scryptConfig.d(), i10));
        }
        PBKDF2Config pBKDF2Config = (PBKDF2Config) pBKDFConfig;
        byte[] bArr2 = new byte[pBKDF2Config.d()];
        a().nextBytes(bArr2);
        return new KeyDerivationFunc(PKCSObjectIdentifiers.G, new PBKDF2Params(bArr2, pBKDF2Config.b(), i10, pBKDF2Config.c()));
    }

    private void a(byte[] bArr, PbkdMacIntegrityCheck pbkdMacIntegrityCheck, char[] cArr) {
        if (!Arrays.d(a(bArr, pbkdMacIntegrityCheck.g(), pbkdMacIntegrityCheck.h(), cArr), pbkdMacIntegrityCheck.f())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed.");
        }
    }

    private byte[] a(String str, AlgorithmIdentifier algorithmIdentifier, char[] cArr, byte[] bArr) {
        Cipher cipher;
        AlgorithmParameters algorithmParameters;
        if (!algorithmIdentifier.f().equals(PKCSObjectIdentifiers.F)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        PBES2Parameters a10 = PBES2Parameters.a(algorithmIdentifier.g());
        EncryptionScheme f10 = a10.f();
        if (!f10.f().equals(NISTObjectIdentifiers.P)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        try {
            CCMParameters a11 = CCMParameters.a(f10.g());
            BouncyCastleProvider bouncyCastleProvider = this.f18403a;
            if (bouncyCastleProvider == null) {
                cipher = Cipher.getInstance("AES/CCM/NoPadding");
                algorithmParameters = AlgorithmParameters.getInstance("CCM");
            } else {
                cipher = Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
                algorithmParameters = AlgorithmParameters.getInstance("CCM", this.f18403a);
            }
            algorithmParameters.init(a11.e());
            KeyDerivationFunc g10 = a10.g();
            if (cArr == null) {
                cArr = new char[0];
            }
            cipher.init(2, new SecretKeySpec(a(g10, str, cArr), "AES"), algorithmParameters);
            return cipher.doFinal(bArr);
        } catch (Exception e10) {
            throw new IOException(e10.toString());
        }
    }

    private byte[] a(KeyDerivationFunc keyDerivationFunc, String str, char[] cArr) {
        byte[] a10 = PBEParametersGenerator.a(cArr);
        byte[] a11 = PBEParametersGenerator.a(str.toCharArray());
        if (MiscObjectIdentifiers.f14916y.equals(keyDerivationFunc.f())) {
            ScryptParams a12 = ScryptParams.a(keyDerivationFunc.g());
            return SCrypt.b(Arrays.c(a10, a11), a12.j(), a12.g().intValue(), a12.f().intValue(), a12.f().intValue(), a12.h().intValue());
        }
        if (!keyDerivationFunc.f().equals(PKCSObjectIdentifiers.G)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        PBKDF2Params a13 = PBKDF2Params.a(keyDerivationFunc.g());
        if (a13.h().f().equals(PKCSObjectIdentifiers.T)) {
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA512Digest());
            pKCS5S2ParametersGenerator.a(Arrays.c(a10, a11), a13.i(), a13.f().intValue());
            return ((KeyParameter) pKCS5S2ParametersGenerator.b(a13.g().intValue() * 8)).a();
        }
        if (a13.h().f().equals(NISTObjectIdentifiers.f14951r)) {
            PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator2 = new PKCS5S2ParametersGenerator(new SHA3Digest(IjkMediaMeta.FF_PROFILE_H264_CONSTRAINED));
            pKCS5S2ParametersGenerator2.a(Arrays.c(a10, a11), a13.i(), a13.f().intValue());
            return ((KeyParameter) pKCS5S2ParametersGenerator2.b(a13.g().intValue() * 8)).a();
        }
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + a13.h().f());
    }

    private byte[] a(byte[] bArr, AlgorithmIdentifier algorithmIdentifier, KeyDerivationFunc keyDerivationFunc, char[] cArr) {
        String k10 = algorithmIdentifier.f().k();
        BouncyCastleProvider bouncyCastleProvider = this.f18403a;
        Mac mac = bouncyCastleProvider != null ? Mac.getInstance(k10, bouncyCastleProvider) : Mac.getInstance(k10);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            mac.init(new SecretKeySpec(a(keyDerivationFunc, "INTEGRITY_CHECK", cArr), k10));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e10) {
            throw new IOException("Cannot set up MAC calculation: " + e10.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.f18404b.keySet()).iterator();
        return new Enumeration(this) { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.f18404b.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
        if (this.f18404b.get(str) == null) {
            return;
        }
        this.f18405c.remove(str);
        this.f18404b.remove(str);
        this.f18409g = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        ObjectData objectData = this.f18404b.get(str);
        if (objectData == null) {
            return null;
        }
        if (objectData.j().equals(f18399k) || objectData.j().equals(f18401m)) {
            return a(EncryptedPrivateKeyData.a(objectData.g()).f()[0]);
        }
        if (objectData.j().equals(f18398j)) {
            return a(objectData.g());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.f18404b.keySet()) {
                ObjectData objectData = this.f18404b.get(str);
                if (objectData.j().equals(f18398j)) {
                    if (Arrays.a(objectData.g(), encoded)) {
                        return str;
                    }
                } else if (objectData.j().equals(f18399k) || objectData.j().equals(f18401m)) {
                    try {
                        if (Arrays.a(EncryptedPrivateKeyData.a(objectData.g()).f()[0].b().e(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        ObjectData objectData = this.f18404b.get(str);
        if (objectData == null) {
            return null;
        }
        if (!objectData.j().equals(f18399k) && !objectData.j().equals(f18401m)) {
            return null;
        }
        org.bouncycastle.asn1.x509.Certificate[] f10 = EncryptedPrivateKeyData.a(objectData.g()).f();
        int length = f10.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i10 = 0; i10 != length; i10++) {
            x509CertificateArr[i10] = a(f10[i10]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        ObjectData objectData = this.f18404b.get(str);
        if (objectData == null) {
            return null;
        }
        try {
            return objectData.i().k();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        ObjectData objectData = this.f18404b.get(str);
        if (objectData == null) {
            return null;
        }
        if (objectData.j().equals(f18399k) || objectData.j().equals(f18401m)) {
            PrivateKey privateKey = this.f18405c.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            EncryptedPrivateKeyInfo a10 = EncryptedPrivateKeyInfo.a(EncryptedPrivateKeyData.a(objectData.g()).g());
            try {
                PrivateKeyInfo a11 = PrivateKeyInfo.a(a("PRIVATE_KEY_ENCRYPTION", a10.g(), cArr, a10.f()));
                PrivateKey generatePrivate = (this.f18403a != null ? KeyFactory.getInstance(a11.f().f().k(), this.f18403a) : KeyFactory.getInstance(a(a11.f().f()))).generatePrivate(new PKCS8EncodedKeySpec(a11.e()));
                this.f18405c.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e10) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e10.getMessage());
            }
        }
        if (!objectData.j().equals(f18400l) && !objectData.j().equals(f18402n)) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
        }
        EncryptedSecretKeyData a12 = EncryptedSecretKeyData.a(objectData.g());
        try {
            SecretKeyData a13 = SecretKeyData.a(a("SECRET_KEY_ENCRYPTION", a12.g(), cArr, a12.f()));
            return (this.f18403a != null ? SecretKeyFactory.getInstance(a13.f().k(), this.f18403a) : SecretKeyFactory.getInstance(a13.f().k())).generateSecret(new SecretKeySpec(a13.g(), a13.f().k()));
        } catch (Exception e11) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e11.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        ObjectData objectData = this.f18404b.get(str);
        if (objectData != null) {
            return objectData.j().equals(f18398j);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        ObjectData objectData = this.f18404b.get(str);
        if (objectData == null) {
            return false;
        }
        BigInteger j10 = objectData.j();
        return j10.equals(f18399k) || j10.equals(f18400l) || j10.equals(f18401m) || j10.equals(f18402n);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        ObjectStoreData a10;
        this.f18404b.clear();
        this.f18405c.clear();
        this.f18408f = null;
        this.f18409g = null;
        this.f18406d = null;
        if (inputStream == null) {
            Date date = new Date();
            this.f18408f = date;
            this.f18409g = date;
            this.f18406d = new AlgorithmIdentifier(PKCSObjectIdentifiers.T, DERNull.f14082i2);
            this.f18407e = a(PKCSObjectIdentifiers.G, 64);
            return;
        }
        try {
            ObjectStore a11 = ObjectStore.a(new ASN1InputStream(inputStream).d());
            ObjectStoreIntegrityCheck f10 = a11.f();
            if (f10.g() != 0) {
                throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
            }
            PbkdMacIntegrityCheck a12 = PbkdMacIntegrityCheck.a(f10.f());
            this.f18406d = a12.g();
            this.f18407e = a12.h();
            a(a11.g().b().e(), a12, cArr);
            ASN1Encodable g10 = a11.g();
            if (g10 instanceof EncryptedObjectStoreData) {
                EncryptedObjectStoreData encryptedObjectStoreData = (EncryptedObjectStoreData) g10;
                a10 = ObjectStoreData.a(a("STORE_ENCRYPTION", encryptedObjectStoreData.g(), cArr, encryptedObjectStoreData.f().j()));
            } else {
                a10 = ObjectStoreData.a(g10);
            }
            try {
                this.f18408f = a10.f().k();
                this.f18409g = a10.h().k();
                if (!a10.g().equals(this.f18406d)) {
                    throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
                }
                Iterator<ASN1Encodable> it = a10.i().iterator();
                while (it.hasNext()) {
                    ObjectData a13 = ObjectData.a(it.next());
                    this.f18404b.put(a13.h(), a13);
                }
            } catch (ParseException unused) {
                throw new IOException("BCFKS KeyStore unable to parse store data information.");
            }
        } catch (Exception e10) {
            throw new IOException(e10.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        Date date;
        ObjectData objectData = this.f18404b.get(str);
        Date date2 = new Date();
        if (objectData == null) {
            date = date2;
        } else {
            if (!objectData.j().equals(f18398j)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = a(objectData, date2);
        }
        try {
            this.f18404b.put(str, new ObjectData(f18398j, str, date, date2, certificate.getEncoded(), null));
            this.f18409g = date2;
        } catch (CertificateEncodingException e10) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e10.getMessage(), e10);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
        byte[] doFinal;
        Date date = new Date();
        ObjectData objectData = this.f18404b.get(str);
        Date a10 = objectData != null ? a(objectData, date) : date;
        this.f18405c.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                KeyDerivationFunc a11 = a(PKCSObjectIdentifiers.G, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a12 = a(a11, "PRIVATE_KEY_ENCRYPTION", cArr);
                BouncyCastleProvider bouncyCastleProvider = this.f18403a;
                Cipher cipher = bouncyCastleProvider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
                cipher.init(1, new SecretKeySpec(a12, "AES"));
                this.f18404b.put(str, new ObjectData(f18399k, str, a10, date, a(new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.F, new PBES2Parameters(a11, new EncryptionScheme(NISTObjectIdentifiers.P, CCMParameters.a(cipher.getParameters().getEncoded())))), cipher.doFinal(encoded)), certificateArr).e(), null));
            } catch (Exception e10) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e10.toString(), e10);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                KeyDerivationFunc a13 = a(PKCSObjectIdentifiers.G, 32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] a14 = a(a13, "SECRET_KEY_ENCRYPTION", cArr);
                BouncyCastleProvider bouncyCastleProvider2 = this.f18403a;
                Cipher cipher2 = bouncyCastleProvider2 == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider2);
                cipher2.init(1, new SecretKeySpec(a14, "AES"));
                String d10 = Strings.d(key.getAlgorithm());
                if (d10.indexOf("AES") > -1) {
                    doFinal = cipher2.doFinal(new SecretKeyData(NISTObjectIdentifiers.f14952s, encoded2).e());
                } else {
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = f18396h.get(d10);
                    if (aSN1ObjectIdentifier == null) {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + d10 + ") for storage.");
                    }
                    doFinal = cipher2.doFinal(new SecretKeyData(aSN1ObjectIdentifier, encoded2).e());
                }
                this.f18404b.put(str, new ObjectData(f18400l, str, a10, date, new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.F, new PBES2Parameters(a13, new EncryptionScheme(NISTObjectIdentifiers.P, CCMParameters.a(cipher2.getParameters().getEncoded())))), doFinal).e(), null));
            } catch (Exception e11) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e11.toString(), e11);
            }
        }
        this.f18409g = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        Date date = new Date();
        ObjectData objectData = this.f18404b.get(str);
        Date a10 = objectData != null ? a(objectData, date) : date;
        if (certificateArr != null) {
            try {
                EncryptedPrivateKeyInfo a11 = EncryptedPrivateKeyInfo.a(bArr);
                try {
                    this.f18405c.remove(str);
                    this.f18404b.put(str, new ObjectData(f18401m, str, a10, date, a(a11, certificateArr).e(), null));
                } catch (Exception e10) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e10.toString(), e10);
                }
            } catch (Exception e11) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e11);
            }
        } else {
            try {
                this.f18404b.put(str, new ObjectData(f18402n, str, a10, date, bArr, null));
            } catch (Exception e12) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e12.toString(), e12);
            }
        }
        this.f18409g = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.f18404b.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
        KeyDerivationFunc keyDerivationFunc;
        BigInteger g10;
        ObjectData[] objectDataArr = (ObjectData[]) this.f18404b.values().toArray(new ObjectData[this.f18404b.size()]);
        KeyDerivationFunc a10 = a(this.f18407e, 32);
        byte[] a11 = a(a10, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0]);
        ObjectStoreData objectStoreData = new ObjectStoreData(this.f18406d, this.f18408f, this.f18409g, new ObjectDataSequence(objectDataArr), null);
        try {
            BouncyCastleProvider bouncyCastleProvider = this.f18403a;
            Cipher cipher = bouncyCastleProvider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
            cipher.init(1, new SecretKeySpec(a11, "AES"));
            EncryptedObjectStoreData encryptedObjectStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.F, new PBES2Parameters(a10, new EncryptionScheme(NISTObjectIdentifiers.P, CCMParameters.a(cipher.getParameters().getEncoded())))), cipher.doFinal(objectStoreData.e()));
            if (MiscObjectIdentifiers.f14916y.equals(this.f18407e.f())) {
                ScryptParams a12 = ScryptParams.a(this.f18407e.g());
                keyDerivationFunc = this.f18407e;
                g10 = a12.h();
            } else {
                PBKDF2Params a13 = PBKDF2Params.a(this.f18407e.g());
                keyDerivationFunc = this.f18407e;
                g10 = a13.g();
            }
            this.f18407e = a(keyDerivationFunc, g10.intValue());
            outputStream.write(new ObjectStore(encryptedObjectStoreData, new ObjectStoreIntegrityCheck(new PbkdMacIntegrityCheck(this.f18406d, this.f18407e, a(encryptedObjectStoreData.e(), this.f18406d, this.f18407e, cArr)))).e());
            outputStream.flush();
        } catch (InvalidKeyException e10) {
            throw new IOException(e10.toString());
        } catch (BadPaddingException e11) {
            throw new IOException(e11.toString());
        } catch (IllegalBlockSizeException e12) {
            throw new IOException(e12.toString());
        } catch (NoSuchPaddingException e13) {
            throw new NoSuchAlgorithmException(e13.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
        char[] password;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'parameter' arg cannot be null");
        }
        if (!(loadStoreParameter instanceof BCFKSStoreParameter)) {
            throw new IllegalArgumentException("no support for 'parameter' of type " + loadStoreParameter.getClass().getName());
        }
        BCFKSStoreParameter bCFKSStoreParameter = (BCFKSStoreParameter) loadStoreParameter;
        KeyStore.ProtectionParameter protectionParameter = bCFKSStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            password = null;
        } else if (protectionParameter instanceof KeyStore.PasswordProtection) {
            password = ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        } else {
            if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
                throw new IllegalArgumentException("no support for protection parameter of type " + protectionParameter.getClass().getName());
            }
            CallbackHandler callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
            PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
            try {
                callbackHandler.handle(new Callback[]{passwordCallback});
                password = passwordCallback.getPassword();
            } catch (UnsupportedCallbackException e10) {
                throw new IllegalArgumentException("PasswordCallback not recognised: " + e10.getMessage(), e10);
            }
        }
        bCFKSStoreParameter.b().a().equals(MiscObjectIdentifiers.f14916y);
        this.f18407e = a(bCFKSStoreParameter.b(), 64);
        engineStore(bCFKSStoreParameter.a(), password);
    }
}
