package org.spongycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.a.b.c;
import org.spongycastle.a.b.d;
import org.spongycastle.a.b.e;
import org.spongycastle.a.b.i;
import org.spongycastle.a.bd;
import org.spongycastle.a.n.b;
import org.spongycastle.a.o;
import org.spongycastle.a.o.f;
import org.spongycastle.a.o.h;
import org.spongycastle.a.o.j;
import org.spongycastle.a.o.k;
import org.spongycastle.a.o.m;
import org.spongycastle.a.v.a;
import org.spongycastle.a.v.g;
import org.spongycastle.a.w.aj;
import org.spongycastle.d.aa;
import org.spongycastle.d.f.v;
import org.spongycastle.d.k.am;
import org.spongycastle.h.n;

/* loaded from: lib/sign.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {
    private static final BigInteger CERTIFICATE;
    private static final BigInteger PRIVATE_KEY;
    private static final BigInteger PROTECTED_PRIVATE_KEY;
    private static final BigInteger PROTECTED_SECRET_KEY;
    private static final BigInteger SECRET_KEY;
    private static final Map oidMap = new HashMap();
    private static final Map publicAlgMap = new HashMap();
    private Date creationDate;
    private a hmacAlgorithm;
    private h hmacPkbdAlgorithm;
    private Date lastModifiedDate;
    private final org.spongycastle.e.b.a provider;
    private final Map entries = new HashMap();
    private final Map privateKeyCache = new HashMap();

    /* loaded from: lib/sign.dex */
    public class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(null);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: lib/sign.dex */
    public class ExtKeyStoreException extends KeyStoreException {
        private final Throwable cause;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.cause = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.cause;
        }
    }

    /* loaded from: lib/sign.dex */
    public class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new org.spongycastle.e.b.a());
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Enumeration engineAliases() {
            return super.engineAliases();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineContainsAlias(String str) {
            return super.engineContainsAlias(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineDeleteEntry(String str) {
            super.engineDeleteEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate engineGetCertificate(String str) {
            return super.engineGetCertificate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ String engineGetCertificateAlias(Certificate certificate) {
            return super.engineGetCertificateAlias(certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Certificate[] engineGetCertificateChain(String str) {
            return super.engineGetCertificateChain(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Date engineGetCreationDate(String str) {
            return super.engineGetCreationDate(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ Key engineGetKey(String str, char[] cArr) {
            return super.engineGetKey(str, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsCertificateEntry(String str) {
            return super.engineIsCertificateEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ boolean engineIsKeyEntry(String str) {
            return super.engineIsKeyEntry(str);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineLoad(InputStream inputStream, char[] cArr) {
            super.engineLoad(inputStream, cArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetCertificateEntry(String str, Certificate certificate) {
            super.engineSetCertificateEntry(str, certificate);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, key, cArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
            super.engineSetKeyEntry(str, bArr, certificateArr);
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ int engineSize() {
            return super.engineSize();
        }

        @Override // org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi, java.security.KeyStoreSpi
        public /* bridge */ /* synthetic */ void engineStore(OutputStream outputStream, char[] cArr) {
            super.engineStore(outputStream, cArr);
        }
    }

    static {
        oidMap.put("DESEDE", b.h);
        oidMap.put("TRIPLEDES", b.h);
        oidMap.put("TDEA", b.h);
        oidMap.put("HMACSHA1", m.K);
        oidMap.put("HMACSHA224", m.L);
        oidMap.put("HMACSHA256", m.M);
        oidMap.put("HMACSHA384", m.N);
        oidMap.put("HMACSHA512", m.O);
        publicAlgMap.put(m.b_, "RSA");
        publicAlgMap.put(aj.k, "EC");
        publicAlgMap.put(b.l, "DH");
        publicAlgMap.put(m.s, "DH");
        publicAlgMap.put(aj.U, "DSA");
        CERTIFICATE = BigInteger.valueOf(0L);
        PRIVATE_KEY = BigInteger.valueOf(1L);
        SECRET_KEY = BigInteger.valueOf(2L);
        PROTECTED_PRIVATE_KEY = BigInteger.valueOf(3L);
        PROTECTED_SECRET_KEY = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(org.spongycastle.e.b.a aVar) {
        this.provider = aVar;
    }

    private byte[] calculateMac(byte[] bArr, a aVar, h hVar, char[] cArr) {
        String b = aVar.a().b();
        Mac mac = this.provider != null ? Mac.getInstance(b, this.provider) : Mac.getInstance(b);
        if (cArr == null) {
            try {
                cArr = new char[0];
            } catch (InvalidKeyException e) {
                throw new IOException("Cannot set up MAC calculation: " + e.getMessage());
            }
        }
        mac.init(new SecretKeySpec(generateKey(hVar, "INTEGRITY_CHECK", cArr), b));
        return mac.doFinal(bArr);
    }

    private c createPrivateKeySequence(f fVar, Certificate[] certificateArr) {
        g[] gVarArr = new g[certificateArr.length];
        for (int i2 = 0; i2 != certificateArr.length; i2++) {
            gVarArr[i2] = g.a(certificateArr[i2].getEncoded());
        }
        return new c(fVar, gVarArr);
    }

    private Certificate decodeCertificate(Object obj) {
        if (this.provider != null) {
            try {
                return CertificateFactory.getInstance("X.509", this.provider).generateCertificate(new ByteArrayInputStream(g.a(obj).j()));
            } catch (Exception e) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(g.a(obj).j()));
        } catch (Exception e2) {
            return null;
        }
    }

    private byte[] decryptData(String str, a aVar, char[] cArr, byte[] bArr) {
        Cipher cipher;
        AlgorithmParameters algorithmParameters;
        if (!aVar.a().equals(m.A)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        j a = j.a(aVar.b());
        org.spongycastle.a.o.g b = a.b();
        if (!b.a().equals(org.spongycastle.a.l.b.P)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        try {
            org.spongycastle.a.d.c a2 = org.spongycastle.a.d.c.a(b.b());
            if (this.provider == null) {
                cipher = Cipher.getInstance("AES/CCM/NoPadding");
                algorithmParameters = AlgorithmParameters.getInstance("CCM");
            } else {
                cipher = Cipher.getInstance("AES/CCM/NoPadding", this.provider);
                algorithmParameters = AlgorithmParameters.getInstance("CCM", this.provider);
            }
            algorithmParameters.init(a2.j());
            h a3 = a.a();
            if (cArr == null) {
                cArr = new char[0];
            }
            cipher.init(2, new SecretKeySpec(generateKey(a3, str, cArr), "AES"), algorithmParameters);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new IOException(e.toString());
        }
    }

    private Date extractCreationDate(e eVar, Date date) {
        try {
            return eVar.a().c();
        } catch (ParseException e) {
            return date;
        }
    }

    private byte[] generateKey(h hVar, String str, char[] cArr) {
        byte[] c2 = aa.c(cArr);
        byte[] c3 = aa.c(str.toCharArray());
        v vVar = new v(new org.spongycastle.d.b.v());
        if (!hVar.a().equals(m.B)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        k a = k.a(hVar.b());
        if (!a.e().a().equals(m.O)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF.");
        }
        vVar.a(org.spongycastle.h.a.d(c2, c3), a.a(), a.b().intValue());
        return ((am) vVar.a(a.c().intValue() * 8)).a();
    }

    private h generatePkbdAlgorithmIdentifier(int i2) {
        byte[] bArr = new byte[64];
        getDefaultSecureRandom().nextBytes(bArr);
        return new h(m.B, new k(bArr, 1024, i2, new a(m.O, bd.a)));
    }

    private SecureRandom getDefaultSecureRandom() {
        return new SecureRandom();
    }

    private static String getPublicKeyAlg(o oVar) {
        String str = (String) publicAlgMap.get(oVar);
        return str != null ? str : oVar.b();
    }

    private void verifyMac(byte[] bArr, org.spongycastle.a.b.j jVar, char[] cArr) {
        if (!org.spongycastle.h.a.b(calculateMac(bArr, jVar.a(), jVar.b(), cArr), jVar.c())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration engineAliases() {
        final Iterator it = new HashSet(this.entries.keySet()).iterator();
        return new Enumeration() { // from class: org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str == null) {
            throw new NullPointerException("alias value is null");
        }
        return this.entries.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
        if (((e) this.entries.get(str)) == null) {
            return;
        }
        this.privateKeyCache.remove(str);
        this.entries.remove(str);
        this.lastModifiedDate = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        e eVar = (e) this.entries.get(str);
        if (eVar != null) {
            if (eVar.e().equals(PRIVATE_KEY) || eVar.e().equals(PROTECTED_PRIVATE_KEY)) {
                return decodeCertificate(c.a(eVar.b()).a()[0]);
            }
            if (eVar.e().equals(CERTIFICATE)) {
                return decodeCertificate(eVar.b());
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.entries.keySet()) {
                e eVar = (e) this.entries.get(str);
                if (eVar.e().equals(CERTIFICATE)) {
                    if (org.spongycastle.h.a.a(eVar.b(), encoded)) {
                        return str;
                    }
                } else if (eVar.e().equals(PRIVATE_KEY) || eVar.e().equals(PROTECTED_PRIVATE_KEY)) {
                    try {
                        if (org.spongycastle.h.a.a(c.a(eVar.b()).a()[0].i().j(), encoded)) {
                            return str;
                        }
                    } catch (IOException e) {
                    }
                }
            }
            return null;
        } catch (CertificateEncodingException e2) {
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        e eVar = (e) this.entries.get(str);
        if (eVar == null || !(eVar.e().equals(PRIVATE_KEY) || eVar.e().equals(PROTECTED_PRIVATE_KEY))) {
            return null;
        }
        g[] a = c.a(eVar.b()).a();
        X509Certificate[] x509CertificateArr = new X509Certificate[a.length];
        for (int i2 = 0; i2 != x509CertificateArr.length; i2++) {
            x509CertificateArr[i2] = decodeCertificate(a[i2]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        e eVar = (e) this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        try {
            return eVar.d().c();
        } catch (ParseException e) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        e eVar = (e) this.entries.get(str);
        if (eVar == null) {
            return null;
        }
        if (!eVar.e().equals(PRIVATE_KEY) && !eVar.e().equals(PROTECTED_PRIVATE_KEY)) {
            if (!eVar.e().equals(SECRET_KEY) && !eVar.e().equals(PROTECTED_SECRET_KEY)) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): type not recognized");
            }
            d a = d.a(eVar.b());
            try {
                org.spongycastle.a.b.k a2 = org.spongycastle.a.b.k.a(decryptData("SECRET_KEY_ENCRYPTION", a.a(), cArr, a.b()));
                return (this.provider != null ? SecretKeyFactory.getInstance(a2.b().b(), this.provider) : SecretKeyFactory.getInstance(a2.b().b())).generateSecret(new SecretKeySpec(a2.a(), a2.b().b()));
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + str + "): " + e.getMessage());
            }
        }
        PrivateKey privateKey = (PrivateKey) this.privateKeyCache.get(str);
        if (privateKey != null) {
            return privateKey;
        }
        f a3 = f.a(c.a(eVar.b()).b());
        try {
            org.spongycastle.a.o.o a4 = org.spongycastle.a.o.o.a(decryptData("PRIVATE_KEY_ENCRYPTION", a3.a(), cArr, a3.b()));
            PrivateKey generatePrivate = (this.provider != null ? KeyFactory.getInstance(a4.a().a().b(), this.provider) : KeyFactory.getInstance(getPublicKeyAlg(a4.a().a()))).generatePrivate(new PKCS8EncodedKeySpec(a4.j()));
            this.privateKeyCache.put(str, generatePrivate);
            return generatePrivate;
        } catch (Exception e2) {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + str + "): " + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        e eVar = (e) this.entries.get(str);
        if (eVar != null) {
            return eVar.e().equals(CERTIFICATE);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        e eVar = (e) this.entries.get(str);
        if (eVar == null) {
            return false;
        }
        BigInteger e = eVar.e();
        return e.equals(PRIVATE_KEY) || e.equals(SECRET_KEY) || e.equals(PROTECTED_PRIVATE_KEY) || e.equals(PROTECTED_SECRET_KEY);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        org.spongycastle.a.b.h a;
        this.entries.clear();
        this.privateKeyCache.clear();
        this.creationDate = null;
        this.lastModifiedDate = null;
        this.hmacAlgorithm = null;
        if (inputStream == null) {
            Date date = new Date();
            this.creationDate = date;
            this.lastModifiedDate = date;
            this.hmacAlgorithm = new a(m.O, bd.a);
            this.hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(64);
            return;
        }
        org.spongycastle.a.b.g a2 = org.spongycastle.a.b.g.a(new org.spongycastle.a.k(inputStream).b());
        i a3 = a2.a();
        if (a3.a() != 0) {
            throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
        }
        org.spongycastle.a.b.j a4 = org.spongycastle.a.b.j.a(a3.b());
        this.hmacAlgorithm = a4.a();
        this.hmacPkbdAlgorithm = a4.b();
        verifyMac(a2.b().i().j(), a4, cArr);
        org.spongycastle.a.f b = a2.b();
        if (b instanceof org.spongycastle.a.b.b) {
            org.spongycastle.a.b.b bVar = (org.spongycastle.a.b.b) b;
            a = org.spongycastle.a.b.h.a(decryptData("STORE_ENCRYPTION", bVar.b(), cArr, bVar.a().c()));
        } else {
            a = org.spongycastle.a.b.h.a(b);
        }
        try {
            this.creationDate = a.a().c();
            this.lastModifiedDate = a.c().c();
            if (!a.b().equals(this.hmacAlgorithm)) {
                throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
            }
            Iterator it = a.d().iterator();
            while (it.hasNext()) {
                e a5 = e.a(it.next());
                this.entries.put(a5.c(), a5);
            }
        } catch (ParseException e) {
            throw new IOException("BCFKS KeyStore unable to parse store data information.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        Date date;
        e eVar = (e) this.entries.get(str);
        Date date2 = new Date();
        if (eVar == null) {
            date = date2;
        } else {
            if (!eVar.e().equals(CERTIFICATE)) {
                throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + str);
            }
            date = extractCreationDate(eVar, date2);
        }
        try {
            this.entries.put(str, new e(CERTIFICATE, str, date, date2, certificate.getEncoded()));
            this.lastModifiedDate = date2;
        } catch (CertificateEncodingException e) {
            throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
        byte[] doFinal;
        Date date = new Date();
        e eVar = (e) this.entries.get(str);
        Date extractCreationDate = eVar != null ? extractCreationDate(eVar, date) : date;
        this.privateKeyCache.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                h generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "PRIVATE_KEY_ENCRYPTION", cArr);
                Cipher cipher = this.provider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.provider);
                cipher.init(1, new SecretKeySpec(generateKey, "AES"));
                this.entries.put(str, new e(PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(new f(new a(m.A, new j(generatePkbdAlgorithmIdentifier, new org.spongycastle.a.o.g(org.spongycastle.a.l.b.P, org.spongycastle.a.d.c.a(cipher.getParameters().getEncoded())))), cipher.doFinal(encoded)), certificateArr).j()));
            } catch (Exception e) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                h generatePkbdAlgorithmIdentifier2 = generatePkbdAlgorithmIdentifier(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] generateKey2 = generateKey(generatePkbdAlgorithmIdentifier2, "SECRET_KEY_ENCRYPTION", cArr);
                Cipher cipher2 = this.provider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.provider);
                cipher2.init(1, new SecretKeySpec(generateKey2, "AES"));
                String b = n.b(key.getAlgorithm());
                if (b.indexOf("AES") >= 0) {
                    doFinal = cipher2.doFinal(new org.spongycastle.a.b.k(org.spongycastle.a.l.b.s, encoded2).j());
                } else {
                    o oVar = (o) oidMap.get(b);
                    if (oVar == null) {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + b + ") for storage.");
                    }
                    doFinal = cipher2.doFinal(new org.spongycastle.a.b.k(oVar, encoded2).j());
                }
                this.entries.put(str, new e(SECRET_KEY, str, extractCreationDate, date, new d(new a(m.A, new j(generatePkbdAlgorithmIdentifier2, new org.spongycastle.a.o.g(org.spongycastle.a.l.b.P, org.spongycastle.a.d.c.a(cipher2.getParameters().getEncoded())))), doFinal).j()));
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e2.toString(), e2);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        Date date = new Date();
        e eVar = (e) this.entries.get(str);
        Date extractCreationDate = eVar != null ? extractCreationDate(eVar, date) : date;
        if (certificateArr != null) {
            try {
                f a = f.a(bArr);
                try {
                    this.privateKeyCache.remove(str);
                    this.entries.put(str, new e(PROTECTED_PRIVATE_KEY, str, extractCreationDate, date, createPrivateKeySequence(a, certificateArr).j()));
                } catch (Exception e) {
                    throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.entries.put(str, new e(PROTECTED_SECRET_KEY, str, extractCreationDate, date, bArr));
            } catch (Exception e3) {
                throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e3.toString(), e3);
            }
        }
        this.lastModifiedDate = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
        e[] eVarArr = (e[]) this.entries.values().toArray(new e[this.entries.size()]);
        h generatePkbdAlgorithmIdentifier = generatePkbdAlgorithmIdentifier(32);
        byte[] generateKey = generateKey(generatePkbdAlgorithmIdentifier, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0]);
        org.spongycastle.a.b.h hVar = new org.spongycastle.a.b.h(this.hmacAlgorithm, this.creationDate, this.lastModifiedDate, new org.spongycastle.a.b.f(eVarArr));
        try {
            Cipher cipher = this.provider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", this.provider);
            cipher.init(1, new SecretKeySpec(generateKey, "AES"));
            org.spongycastle.a.b.b bVar = new org.spongycastle.a.b.b(new a(m.A, new j(generatePkbdAlgorithmIdentifier, new org.spongycastle.a.o.g(org.spongycastle.a.l.b.P, org.spongycastle.a.d.c.a(cipher.getParameters().getEncoded())))), cipher.doFinal(hVar.j()));
            k a = k.a(this.hmacPkbdAlgorithm.b());
            byte[] bArr = new byte[a.a().length];
            getDefaultSecureRandom().nextBytes(bArr);
            this.hmacPkbdAlgorithm = new h(this.hmacPkbdAlgorithm.a(), new k(bArr, a.b().intValue(), a.c().intValue(), a.e()));
            outputStream.write(new org.spongycastle.a.b.g(bVar, new i(new org.spongycastle.a.b.j(this.hmacAlgorithm, this.hmacPkbdAlgorithm, calculateMac(bVar.j(), this.hmacAlgorithm, this.hmacPkbdAlgorithm, cArr)))).j());
            outputStream.flush();
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (BadPaddingException e2) {
            throw new IOException(e2.toString());
        } catch (IllegalBlockSizeException e3) {
            throw new IOException(e3.toString());
        } catch (NoSuchPaddingException e4) {
            throw new NoSuchAlgorithmException(e4.toString());
        }
    }
}
