package org.spongycastle.jcajce.provider.keystore.bcfks;

import F3.AbstractC0153m;
import F3.AbstractC0158s;
import F3.AbstractC0159t;
import F3.C0150j;
import F3.C0151k;
import F3.C0154n;
import F3.InterfaceC0145e;
import F3.Z;
import H3.c;
import H3.d;
import H3.e;
import H3.i;
import H3.j;
import J3.a;
import V3.b;
import W3.f;
import W3.g;
import W3.h;
import W3.k;
import W3.l;
import W3.n;
import c5.a;
import e4.C0423a;
import e4.C0433k;
import f4.InterfaceC0466n;
import i4.w;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import k2.C0557d;
import m4.p;
import org.spongycastle.crypto.u;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import s4.G;

/* loaded from: classes.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map<String, C0154n> oidMap;
    private static final Map<C0154n, String> publicAlgMap;
    private Date creationDate;
    private C0423a hmacAlgorithm;
    private h hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private final BouncyCastleProvider provider;
    private final Map<String, e> entries = new HashMap();
    private final Map<String, PrivateKey> privateKeyCache = new HashMap();

    /* loaded from: classes.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(null);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }
    }

    /* loaded from: classes.dex */
    public static class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        public ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: classes.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BouncyCastleProvider());
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }
    }

    static {
        HashMap hashMap = new HashMap();
        oidMap = hashMap;
        HashMap hashMap2 = new HashMap();
        publicAlgMap = hashMap2;
        C0154n c0154n = b.f2293e;
        hashMap.put("DESEDE", c0154n);
        hashMap.put("TRIPLEDES", c0154n);
        hashMap.put("TDEA", c0154n);
        hashMap.put("HMACSHA1", n.f2461P);
        hashMap.put("HMACSHA224", n.f2462Q);
        hashMap.put("HMACSHA256", n.f2463R);
        hashMap.put("HMACSHA384", n.f2464S);
        hashMap.put("HMACSHA512", n.f2465T);
        hashMap2.put(n.f2480i, "RSA");
        hashMap2.put(InterfaceC0466n.f6982z0, "EC");
        hashMap2.put(b.f2296i, "DH");
        hashMap2.put(n.f2447A, "DH");
        hashMap2.put(InterfaceC0466n.f6973c1, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    public BcFKSKeyStoreSpi(BouncyCastleProvider bouncyCastleProvider) {
        this.provider = bouncyCastleProvider;
    }

    private byte[] calculateMac(byte[] bArr, C0423a c0423a, h hVar, char[] cArr) {
        String str = c0423a.f6766c.f509c;
        BouncyCastleProvider bouncyCastleProvider = this.provider;
        Mac mac = bouncyCastleProvider != null ? Mac.getInstance(str, bouncyCastleProvider) : Mac.getInstance(str);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            mac.init(new SecretKeySpec(generateKey(hVar, "INTEGRITY_CHECK", cArr), str));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e3) {
            throw new IOException("Cannot set up MAC calculation: " + e3.getMessage());
        }
    }

    private c createPrivateKeySequence(f fVar, Certificate[] certificateArr) {
        C0433k[] c0433kArr = new C0433k[certificateArr.length];
        for (int i5 = 0; i5 != certificateArr.length; i5++) {
            c0433kArr[i5] = C0433k.n(certificateArr[i5].getEncoded());
        }
        return new c(fVar, c0433kArr);
    }

    private Certificate decodeCertificate(Object obj) {
        BouncyCastleProvider bouncyCastleProvider = this.provider;
        if (bouncyCastleProvider != null) {
            try {
                return CertificateFactory.getInstance("X.509", bouncyCastleProvider).generateCertificate(new ByteArrayInputStream(C0433k.n(obj).k()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(C0433k.n(obj).k()));
        } catch (Exception unused2) {
            return null;
        }
    }

    private byte[] decryptData(String str, C0423a c0423a, char[] cArr, byte[] bArr) {
        Cipher cipher;
        AlgorithmParameters algorithmParameters;
        if (!c0423a.f6766c.equals(n.f2454H)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        k n5 = k.n(c0423a.f6767d);
        g gVar = n5.f2439d;
        if (!gVar.f2430c.f6766c.equals(S3.b.f1910N)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        try {
            a n6 = a.n(gVar.f2430c.f6767d);
            BouncyCastleProvider bouncyCastleProvider = this.provider;
            if (bouncyCastleProvider == null) {
                cipher = Cipher.getInstance("AES/CCM/NoPadding");
                algorithmParameters = AlgorithmParameters.getInstance("CCM");
            } else {
                cipher = Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
                algorithmParameters = AlgorithmParameters.getInstance("CCM", this.provider);
            }
            algorithmParameters.init(n6.k());
            h hVar = n5.f2438c;
            if (cArr == null) {
                cArr = new char[0];
            }
            cipher.init(2, new SecretKeySpec(generateKey(hVar, str, cArr), "AES"), algorithmParameters);
            return cipher.doFinal(bArr);
        } catch (Exception e3) {
            throw new IOException(e3.toString());
        }
    }

    private Date extractCreationDate(e eVar, Date date) {
        try {
            return eVar.f728q.u();
        } catch (ParseException unused) {
            return date;
        }
    }

    private byte[] generateKey(h hVar, String str, char[] cArr) {
        byte[] PKCS12PasswordToBytes = u.PKCS12PasswordToBytes(cArr);
        byte[] PKCS12PasswordToBytes2 = u.PKCS12PasswordToBytes(str.toCharArray());
        p pVar = new p(new w());
        if (!hVar.f2431c.f6766c.equals(n.f2455I)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        l n5 = l.n(hVar.f2431c.f6767d);
        C0423a c0423a = n5.f2444x;
        if (c0423a == null) {
            c0423a = l.f2440y;
        }
        if (!c0423a.f6766c.equals(n.f2465T)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF.");
        }
        pVar.init(c5.a.i(PKCS12PasswordToBytes, PKCS12PasswordToBytes2), n5.f2441c.w(), n5.f2442d.x().intValue());
        C0151k c0151k = n5.f2443q;
        return ((G) pVar.generateDerivedParameters((c0151k != null ? c0151k.x() : null).intValue() * 8)).f9515c;
    }

    private h generatePkbdAlgorithmIdentifier(int i5) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        return new h(n.f2455I, new l(bArr, 1024, i5, new C0423a(n.f2465T, Z.f474c)));
    }

    private SecureRandom getDefaultSecureRandom() {
        return new SecureRandom();
    }

    private static String getPublicKeyAlg(C0154n c0154n) {
        String str = publicAlgMap.get(c0154n);
        return str != null ? str : c0154n.f509c;
    }

    private void verifyMac(byte[] bArr, j jVar, char[] cArr) {
        if (!c5.a.l(calculateMac(bArr, jVar.f741c, jVar.f742d, cArr), c5.a.c(jVar.f743q.w()))) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str != null) {
            return this.entries.containsKey(str);
        }
        throw new NullPointerException("alias value is null");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
        if (this.entries.get(str) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        BigInteger bigInteger = PRIVATE_KEY;
        BigInteger bigInteger2 = eVar.f725c;
        if (!bigInteger2.equals(bigInteger) && !bigInteger2.equals(PROTECTED_PRIVATE_KEY)) {
            if (bigInteger2.equals(CERTIFICATE)) {
                return decodeCertificate(eVar.n());
            }
            return null;
        }
        C0433k[] c0433kArr = c.n(eVar.n()).f722d;
        C0433k[] c0433kArr2 = new C0433k[c0433kArr.length];
        System.arraycopy(c0433kArr, 0, c0433kArr2, 0, c0433kArr.length);
        return decodeCertificate(c0433kArr2[0]);
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                e eVar = this.entries.get(str);
                if (!eVar.f725c.equals(CERTIFICATE)) {
                    BigInteger bigInteger = PRIVATE_KEY;
                    BigInteger bigInteger2 = eVar.f725c;
                    if (bigInteger2.equals(bigInteger) || bigInteger2.equals(PROTECTED_PRIVATE_KEY)) {
                        try {
                            C0433k[] c0433kArr = c.n(eVar.n()).f722d;
                            C0433k[] c0433kArr2 = new C0433k[c0433kArr.length];
                            System.arraycopy(c0433kArr, 0, c0433kArr2, 0, c0433kArr.length);
                            if (c5.a.a(c0433kArr2[0].f6795c.k(), encoded)) {
                                return str;
                            }
                        } catch (IOException unused) {
                            continue;
                        }
                    }
                } else if (c5.a.a(eVar.n(), encoded)) {
                    return str;
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        BigInteger bigInteger = PRIVATE_KEY;
        BigInteger bigInteger2 = eVar.f725c;
        if (!bigInteger2.equals(bigInteger) && !bigInteger2.equals(PROTECTED_PRIVATE_KEY)) {
            return null;
        }
        C0433k[] c0433kArr = c.n(eVar.n()).f722d;
        int length = c0433kArr.length;
        C0433k[] c0433kArr2 = new C0433k[length];
        System.arraycopy(c0433kArr, 0, c0433kArr2, 0, c0433kArr.length);
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i5 = 0; i5 != length; i5++) {
            x509CertificateArr[i5] = decodeCertificate(c0433kArr2[i5]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        try {
            return eVar.f729x.u();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        e eVar = this.entries.get(str);
        H3.k kVar = null;
        if (eVar == null) {
            return null;
        }
        BigInteger bigInteger = PRIVATE_KEY;
        BigInteger bigInteger2 = eVar.f725c;
        if (bigInteger2.equals(bigInteger) || bigInteger2.equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey privateKey = this.privateKeyCache.get(str);
            if (privateKey != null) {
                return privateKey;
            }
            f n5 = f.n(c.n(eVar.n()).f721c);
            try {
                W3.p n6 = W3.p.n(decryptData("PRIVATE_KEY_ENCRYPTION", n5.f2428c, cArr, n5.f2429d.w()));
                BouncyCastleProvider bouncyCastleProvider = this.provider;
                PrivateKey generatePrivate = (bouncyCastleProvider != null ? KeyFactory.getInstance(n6.f2506d.f6766c.f509c, bouncyCastleProvider) : KeyFactory.getInstance(getPublicKeyAlg(n6.f2506d.f6766c))).generatePrivate(new PKCS8EncodedKeySpec(n6.k()));
                this.privateKeyCache.put(str, generatePrivate);
                return generatePrivate;
            } catch (Exception e3) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e3.getMessage());
            }
        }
        if (!bigInteger2.equals(SECRET_KEY) && !bigInteger2.equals(PROTECTED_SECRET_KEY)) {
            throw new UnrecoverableKeyException(B0.a.o("BCFKS KeyStore unable to recover secret key (", str, "): type not recognized"));
        }
        byte[] n7 = eVar.n();
        d dVar = n7 instanceof d ? (d) n7 : n7 != 0 ? new d(AbstractC0159t.v(n7)) : null;
        try {
            byte[] decryptData = decryptData("SECRET_KEY_ENCRYPTION", dVar.f723c, cArr, c5.a.c(dVar.f724d.w()));
            if (decryptData instanceof H3.k) {
                kVar = (H3.k) decryptData;
            } else if (decryptData != 0) {
                kVar = new H3.k(AbstractC0159t.v(decryptData));
            }
            BouncyCastleProvider bouncyCastleProvider2 = this.provider;
            return (bouncyCastleProvider2 != null ? SecretKeyFactory.getInstance(kVar.f744c.f509c, bouncyCastleProvider2) : SecretKeyFactory.getInstance(kVar.f744c.f509c)).generateSecret(new SecretKeySpec(c5.a.c(kVar.f745d.w()), kVar.f744c.f509c));
        } catch (Exception e6) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e6.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return false;
        }
        return eVar.f725c.equals(CERTIFICATE);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        e eVar = this.entries.get(str);
        if (eVar == null) {
            return false;
        }
        BigInteger bigInteger = PRIVATE_KEY;
        BigInteger bigInteger2 = eVar.f725c;
        return bigInteger2.equals(bigInteger) || bigInteger2.equals(SECRET_KEY) || bigInteger2.equals(PROTECTED_PRIVATE_KEY) || bigInteger2.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        H3.h n5;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.hmacAlgorithm = new C0423a(n.f2465T, Z.f474c);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(64);
            return;
        }
        AbstractC0158s f6 = new C0150j(inputStream).f();
        H3.g gVar = f6 != null ? new H3.g(AbstractC0159t.v(f6)) : null;
        i iVar = gVar.f733d;
        iVar.getClass();
        j jVar = iVar.f740c;
        if (jVar == null) {
            jVar = jVar != null ? new j(AbstractC0159t.v(jVar)) : null;
        }
        this.hmacAlgorithm = jVar.f741c;
        this.hmacPkbdAlgorithm = jVar.f742d;
        AbstractC0153m abstractC0153m = gVar.f732c;
        verifyMac(abstractC0153m.f().k(), jVar, cArr);
        if (abstractC0153m instanceof H3.b) {
            H3.b bVar = (H3.b) abstractC0153m;
            n5 = H3.h.n(decryptData("STORE_ENCRYPTION", bVar.f719c, cArr, bVar.f720d.w()));
        } else {
            n5 = H3.h.n(abstractC0153m);
        }
        try {
            this.creationDate = n5.f737q.u();
            this.lastModifiedDate = n5.f738x.u();
            if (!n5.f735d.equals(this.hmacAlgorithm)) {
                throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
            }
            Iterator<InterfaceC0145e> it = n5.f739y.iterator();
            while (true) {
                a.C0065a c0065a = (a.C0065a) it;
                if (!c0065a.hasNext()) {
                    return;
                }
                Object next = c0065a.next();
                e eVar = next instanceof e ? (e) next : next != null ? new e(AbstractC0159t.v(next)) : null;
                this.entries.put(eVar.f726d, eVar);
            }
        } catch (ParseException unused) {
            throw new IOException("BCFKS KeyStore unable to parse store data information.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        Date date;
        e eVar = this.entries.get(str);
        Date date2 = new Date();
        if (eVar != null) {
            if (!eVar.f725c.equals(CERTIFICATE)) {
                throw new KeyStoreException(C0557d.v("BCFKS KeyStore already has a key entry with alias ", str));
            }
            date = extractCreationDate(eVar, date2);
        } else {
            date = date2;
        }
        try {
            this.entries.put(str, new e(CERTIFICATE, str, date, date2, certificate.getEncoded()));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e3) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e3.getMessage(), e3);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
        byte[] doFinal;
        Date date = new Date();
        e eVar = this.entries.get(str);
        Date extractCreationDate = eVar != null ? extractCreationDate(eVar, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                h generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr);
                BouncyCastleProvider bouncyCastleProvider = this.provider;
                Cipher cipher = bouncyCastleProvider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
                cipher.init(1, new SecretKeySpec(generateKey, "AES"));
                this.entries.put(str, new e(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(new f(new C0423a(n.f2454H, new k(generatePkbdAlgorithmIdentifier, new g(S3.b.f1910N, J3.a.n(cipher.getParameters().getEncoded())))), cipher.doFinal(encoded)), certificateArr).k()));
            } catch (Exception e3) {
                throw new ExtKeyStoreException(B0.a.m(e3, new StringBuilder("BCFKS KeyStore exception storing private key: ")), e3);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                h generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr);
                BouncyCastleProvider bouncyCastleProvider2 = this.provider;
                Cipher cipher2 = bouncyCastleProvider2 == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider2);
                cipher2.init(1, new SecretKeySpec(generateKey2, "AES"));
                String f6 = c5.l.f(key.getAlgorithm());
                if (f6.indexOf("AES") > -1) {
                    doFinal = cipher2.doFinal(new H3.k(S3.b.f1943q, encoded2).k());
                } else {
                    C0154n c0154n = oidMap.get(f6);
                    if (c0154n == null) {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + f6 + ") for storage.");
                    }
                    doFinal = cipher2.doFinal(new H3.k(c0154n, encoded2).k());
                }
                this.entries.put(str, new e(SECRET_KEY, str, extractCreationDate, date, new d(new C0423a(n.f2454H, new k(generatePkbdAlgorithmIdentifier2, new g(S3.b.f1910N, J3.a.n(cipher2.getParameters().getEncoded())))), doFinal).k()));
            } catch (Exception e6) {
                throw new ExtKeyStoreException(B0.a.m(e6, new StringBuilder("BCFKS KeyStore exception storing private key: ")), e6);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        Date date = new Date();
        e eVar = this.entries.get(str);
        Date extractCreationDate = eVar != null ? extractCreationDate(eVar, date) : date;
        if (certificateArr != null) {
            try {
                f n5 = f.n(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new e(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(n5, certificateArr).k()));
                } catch (Exception e3) {
                    throw new ExtKeyStoreException(B0.a.m(e3, new StringBuilder("BCFKS KeyStore exception storing protected private key: ")), e3);
                }
            } catch (Exception e6) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e6);
            }
        } else {
            try {
                this.entries.put(str, new e(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr));
            } catch (Exception e7) {
                throw new ExtKeyStoreException(B0.a.m(e7, new StringBuilder("BCFKS KeyStore exception storing protected private key: ")), e7);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
        e[] eVarArr = (e[]) this.entries.values().toArray(new e[this.entries.size()]);
        h generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(32);
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0]);
        H3.h hVar = new H3.h(this.hmacAlgorithm, this.creationDate, this.lastModifiedDate, new H3.f(eVarArr));
        try {
            BouncyCastleProvider bouncyCastleProvider = this.provider;
            Cipher cipher = bouncyCastleProvider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
            cipher.init(1, new SecretKeySpec(generateKey, "AES"));
            H3.b bVar = new H3.b(new C0423a(n.f2454H, new k(generatePkbdAlgorithmIdentifier, new g(S3.b.f1910N, J3.a.n(cipher.getParameters().getEncoded())))), cipher.doFinal(hVar.k()));
            l n5 = l.n(this.hmacPkbdAlgorithm.f2431c.f6767d);
            byte[] bArr = new byte[n5.f2441c.w().length];
            getDefaultSecureRandom().nextBytes(bArr);
            C0154n c0154n = this.hmacPkbdAlgorithm.f2431c.f6766c;
            int intValue = n5.f2442d.x().intValue();
            C0151k c0151k = n5.f2443q;
            int intValue2 = (c0151k != null ? c0151k.x() : null).intValue();
            C0423a c0423a = n5.f2444x;
            if (c0423a == null) {
                c0423a = l.f2440y;
            }
            this.hmacPkbdAlgorithm = new h(c0154n, new l(bArr, intValue, intValue2, c0423a));
            outputStream.write(new H3.g(bVar, new i(new j(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(bVar.k(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).k());
            outputStream.flush();
        } catch (InvalidKeyException e3) {
            throw new IOException(e3.toString());
        } catch (BadPaddingException e6) {
            throw new IOException(e6.toString());
        } catch (IllegalBlockSizeException e7) {
            throw new IOException(e7.toString());
        } catch (NoSuchPaddingException e8) {
            throw new NoSuchAlgorithmException(e8.toString());
        }
    }
}
