package org.spongycastle.jcajce.provider.keystore.bcfks;

import android.support.v4.media.b;
import androidx.activity.result.d;
import androidx.fragment.app.n;
import androidx.media.a;
import androidx.recyclerview.widget.f;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DERNull;
import org.spongycastle.asn1.bc.EncryptedObjectStoreData;
import org.spongycastle.asn1.bc.EncryptedPrivateKeyData;
import org.spongycastle.asn1.bc.EncryptedSecretKeyData;
import org.spongycastle.asn1.bc.ObjectData;
import org.spongycastle.asn1.bc.ObjectDataSequence;
import org.spongycastle.asn1.bc.ObjectStore;
import org.spongycastle.asn1.bc.ObjectStoreData;
import org.spongycastle.asn1.bc.ObjectStoreIntegrityCheck;
import org.spongycastle.asn1.bc.PbkdMacIntegrityCheck;
import org.spongycastle.asn1.bc.SecretKeyData;
import org.spongycastle.asn1.cms.CCMParameters;
import org.spongycastle.asn1.nist.NISTObjectIdentifiers;
import org.spongycastle.asn1.oiw.OIWObjectIdentifiers;
import org.spongycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.spongycastle.asn1.pkcs.EncryptionScheme;
import org.spongycastle.asn1.pkcs.KeyDerivationFunc;
import org.spongycastle.asn1.pkcs.PBES2Parameters;
import org.spongycastle.asn1.pkcs.PBKDF2Params;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.pkcs.PrivateKeyInfo;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x9.X9ObjectIdentifiers;
import org.spongycastle.crypto.PBEParametersGenerator;
import org.spongycastle.crypto.digests.SHA512Digest;
import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.Encodable;
import org.spongycastle.util.Strings;

/* loaded from: classes.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {

    /* renamed from: h, reason: collision with root package name */
    public static final Map<String, ASN1ObjectIdentifier> f11372h;

    /* renamed from: i, reason: collision with root package name */
    public static final Map<ASN1ObjectIdentifier, String> f11373i;

    /* renamed from: j, reason: collision with root package name */
    public static final BigInteger f11374j;

    /* renamed from: k, reason: collision with root package name */
    public static final BigInteger f11375k;

    /* renamed from: l, reason: collision with root package name */
    public static final BigInteger f11376l;

    /* renamed from: m, reason: collision with root package name */
    public static final BigInteger f11377m;

    /* renamed from: n, reason: collision with root package name */
    public static final BigInteger f11378n;

    /* renamed from: a, reason: collision with root package name */
    public final BouncyCastleProvider f11379a;

    /* renamed from: b, reason: collision with root package name */
    public final Map<String, ObjectData> f11380b = new HashMap();

    /* renamed from: c, reason: collision with root package name */
    public final Map<String, PrivateKey> f11381c = new HashMap();

    /* renamed from: d, reason: collision with root package name */
    public AlgorithmIdentifier f11382d;

    /* renamed from: e, reason: collision with root package name */
    public KeyDerivationFunc f11383e;

    /* renamed from: f, reason: collision with root package name */
    public Date f11384f;

    /* renamed from: g, reason: collision with root package name */
    public Date f11385g;

    /* loaded from: classes.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(null);
        }
    }

    /* loaded from: classes.dex */
    public static class ExtKeyStoreException extends KeyStoreException {

        /* renamed from: c, reason: collision with root package name */
        public final Throwable f11387c;

        public ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.f11387c = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.f11387c;
        }
    }

    /* loaded from: classes.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BouncyCastleProvider());
        }
    }

    static {
        HashMap hashMap = new HashMap();
        f11372h = hashMap;
        HashMap hashMap2 = new HashMap();
        f11373i = hashMap2;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = OIWObjectIdentifiers.f9078e;
        hashMap.put("DESEDE", aSN1ObjectIdentifier);
        hashMap.put("TRIPLEDES", aSN1ObjectIdentifier);
        hashMap.put("TDEA", aSN1ObjectIdentifier);
        hashMap.put("HMACSHA1", PKCSObjectIdentifiers.F);
        hashMap.put("HMACSHA224", PKCSObjectIdentifiers.G);
        hashMap.put("HMACSHA256", PKCSObjectIdentifiers.H);
        hashMap.put("HMACSHA384", PKCSObjectIdentifiers.I);
        hashMap.put("HMACSHA512", PKCSObjectIdentifiers.J);
        hashMap2.put(PKCSObjectIdentifiers.f9113a, "RSA");
        hashMap2.put(X9ObjectIdentifiers.f9600u0, "EC");
        hashMap2.put(OIWObjectIdentifiers.f9082i, "DH");
        hashMap2.put(PKCSObjectIdentifiers.f9137q, "DH");
        hashMap2.put(X9ObjectIdentifiers.X0, "DSA");
        f11374j = BigInteger.valueOf(0L);
        f11375k = BigInteger.valueOf(1L);
        f11376l = BigInteger.valueOf(2L);
        f11377m = BigInteger.valueOf(3L);
        f11378n = BigInteger.valueOf(4L);
    }

    public BcFKSKeyStoreSpi(BouncyCastleProvider bouncyCastleProvider) {
        this.f11379a = bouncyCastleProvider;
    }

    public final byte[] a(byte[] bArr, AlgorithmIdentifier algorithmIdentifier, KeyDerivationFunc keyDerivationFunc, char[] cArr) {
        String str = algorithmIdentifier.f9366c.f8749c;
        BouncyCastleProvider bouncyCastleProvider = this.f11379a;
        Mac mac = bouncyCastleProvider != null ? Mac.getInstance(str, bouncyCastleProvider) : Mac.getInstance(str);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            mac.init(new SecretKeySpec(f(keyDerivationFunc, "INTEGRITY_CHECK", cArr), str));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e10) {
            StringBuilder d10 = b.d("Cannot set up MAC calculation: ");
            d10.append(e10.getMessage());
            throw new IOException(d10.toString());
        }
    }

    public final EncryptedPrivateKeyData b(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, Certificate[] certificateArr) {
        org.spongycastle.asn1.x509.Certificate[] certificateArr2 = new org.spongycastle.asn1.x509.Certificate[certificateArr.length];
        for (int i10 = 0; i10 != certificateArr.length; i10++) {
            certificateArr2[i10] = org.spongycastle.asn1.x509.Certificate.j(certificateArr[i10].getEncoded());
        }
        return new EncryptedPrivateKeyData(encryptedPrivateKeyInfo, certificateArr2);
    }

    public final Certificate c(Object obj) {
        BouncyCastleProvider bouncyCastleProvider = this.f11379a;
        if (bouncyCastleProvider != null) {
            try {
                return CertificateFactory.getInstance("X.509", bouncyCastleProvider).generateCertificate(new ByteArrayInputStream(org.spongycastle.asn1.x509.Certificate.j(obj).g()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.spongycastle.asn1.x509.Certificate.j(obj).g()));
        } catch (Exception unused2) {
            return null;
        }
    }

    public final byte[] d(String str, AlgorithmIdentifier algorithmIdentifier, char[] cArr, byte[] bArr) {
        Cipher cipher;
        AlgorithmParameters algorithmParameters;
        if (!algorithmIdentifier.f9366c.equals(PKCSObjectIdentifiers.f9144x)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        PBES2Parameters j10 = PBES2Parameters.j(algorithmIdentifier.f9367i1);
        EncryptionScheme encryptionScheme = j10.f9105i1;
        if (!encryptionScheme.f9096c.f9366c.equals(NISTObjectIdentifiers.N)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        try {
            CCMParameters j11 = CCMParameters.j(encryptionScheme.f9096c.f9367i1);
            BouncyCastleProvider bouncyCastleProvider = this.f11379a;
            if (bouncyCastleProvider == null) {
                cipher = Cipher.getInstance("AES/CCM/NoPadding");
                algorithmParameters = AlgorithmParameters.getInstance("CCM");
            } else {
                cipher = Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
                algorithmParameters = AlgorithmParameters.getInstance("CCM", this.f11379a);
            }
            algorithmParameters.init(j11.g());
            KeyDerivationFunc keyDerivationFunc = j10.f9104c;
            if (cArr == null) {
                cArr = new char[0];
            }
            cipher.init(2, new SecretKeySpec(f(keyDerivationFunc, str, cArr), "AES"), algorithmParameters);
            return cipher.doFinal(bArr);
        } catch (Exception e10) {
            throw new IOException(e10.toString());
        }
    }

    public final Date e(ObjectData objectData, Date date) {
        try {
            return objectData.f8860j1.t();
        } catch (ParseException unused) {
            return date;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.f11380b.keySet()).iterator();
        return new Enumeration(this) { // from class: org.spongycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        Objects.requireNonNull(str, "alias value is null");
        return this.f11380b.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
        if (this.f11380b.get(str) == null) {
            return;
        }
        this.f11381c.remove(str);
        this.f11380b.remove(str);
        this.f11385g = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        ObjectData objectData = this.f11380b.get(str);
        if (objectData == null) {
            return null;
        }
        if (objectData.f8858c.equals(f11375k) || objectData.f8858c.equals(f11377m)) {
            return c(EncryptedPrivateKeyData.l(objectData.j()).j()[0]);
        }
        if (objectData.f8858c.equals(f11374j)) {
            return c(objectData.j());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.f11380b.keySet()) {
                ObjectData objectData = this.f11380b.get(str);
                if (objectData.f8858c.equals(f11374j)) {
                    if (Arrays.a(objectData.j(), encoded)) {
                        return str;
                    }
                } else if (objectData.f8858c.equals(f11375k) || objectData.f8858c.equals(f11377m)) {
                    try {
                        if (Arrays.a(EncryptedPrivateKeyData.l(objectData.j()).j()[0].f9396c.g(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        ObjectData objectData = this.f11380b.get(str);
        if (objectData == null) {
            return null;
        }
        if (!objectData.f8858c.equals(f11375k) && !objectData.f8858c.equals(f11377m)) {
            return null;
        }
        org.spongycastle.asn1.x509.Certificate[] j10 = EncryptedPrivateKeyData.l(objectData.j()).j();
        int length = j10.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i10 = 0; i10 != length; i10++) {
            x509CertificateArr[i10] = c(j10[i10]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        ObjectData objectData = this.f11380b.get(str);
        if (objectData == null) {
            return null;
        }
        try {
            return objectData.f8861k1.t();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        KeyFactory keyFactory;
        ObjectData objectData = this.f11380b.get(str);
        SecretKeyData secretKeyData = null;
        if (objectData == null) {
            return null;
        }
        if (!objectData.f8858c.equals(f11375k) && !objectData.f8858c.equals(f11377m)) {
            if (!objectData.f8858c.equals(f11376l) && !objectData.f8858c.equals(f11378n)) {
                throw new UnrecoverableKeyException(f.c("BCFKS KeyStore unable to recover secret key (", str, "): type not recognized"));
            }
            byte[] j10 = objectData.j();
            EncryptedSecretKeyData encryptedSecretKeyData = j10 instanceof EncryptedSecretKeyData ? (EncryptedSecretKeyData) j10 : j10 != 0 ? new EncryptedSecretKeyData(ASN1Sequence.s(j10)) : null;
            try {
                byte[] d10 = d("SECRET_KEY_ENCRYPTION", encryptedSecretKeyData.f8856c, cArr, Arrays.c(encryptedSecretKeyData.f8857i1.u()));
                if (d10 instanceof SecretKeyData) {
                    secretKeyData = (SecretKeyData) d10;
                } else if (d10 != 0) {
                    secretKeyData = new SecretKeyData(ASN1Sequence.s(d10));
                }
                BouncyCastleProvider bouncyCastleProvider = this.f11379a;
                return (bouncyCastleProvider != null ? SecretKeyFactory.getInstance(secretKeyData.f8877c.f8749c, bouncyCastleProvider) : SecretKeyFactory.getInstance(secretKeyData.f8877c.f8749c)).generateSecret(new SecretKeySpec(Arrays.c(secretKeyData.f8878i1.u()), secretKeyData.f8877c.f8749c));
            } catch (Exception e10) {
                throw new UnrecoverableKeyException(b.b(e10, d.b("BCFKS KeyStore unable to recover secret key (", str, "): ")));
            }
        }
        PrivateKey privateKey = this.f11381c.get(str);
        if (privateKey != null) {
            return privateKey;
        }
        EncryptedPrivateKeyInfo l10 = EncryptedPrivateKeyInfo.l(EncryptedPrivateKeyData.l(objectData.j()).f8854c);
        try {
            PrivateKeyInfo j11 = PrivateKeyInfo.j(d("PRIVATE_KEY_ENCRYPTION", l10.f9094c, cArr, l10.j()));
            BouncyCastleProvider bouncyCastleProvider2 = this.f11379a;
            if (bouncyCastleProvider2 != null) {
                keyFactory = KeyFactory.getInstance(j11.f9149i1.f9366c.f8749c, bouncyCastleProvider2);
            } else {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = j11.f9149i1.f9366c;
                String str2 = (String) ((HashMap) f11373i).get(aSN1ObjectIdentifier);
                if (str2 == null) {
                    str2 = aSN1ObjectIdentifier.f8749c;
                }
                keyFactory = KeyFactory.getInstance(str2);
            }
            PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(j11.g()));
            this.f11381c.put(str, generatePrivate);
            return generatePrivate;
        } catch (Exception e11) {
            throw new UnrecoverableKeyException(b.b(e11, d.b("BCFKS KeyStore unable to recover private key (", str, "): ")));
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        ObjectData objectData = this.f11380b.get(str);
        if (objectData != null) {
            return objectData.f8858c.equals(f11374j);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        ObjectData objectData = this.f11380b.get(str);
        if (objectData == null) {
            return false;
        }
        BigInteger bigInteger = objectData.f8858c;
        return bigInteger.equals(f11375k) || bigInteger.equals(f11376l) || bigInteger.equals(f11377m) || bigInteger.equals(f11378n);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        ObjectStoreData j10;
        this.f11380b.clear();
        this.f11381c.clear();
        ObjectStore objectStore = null;
        this.f11384f = null;
        this.f11385g = null;
        this.f11382d = null;
        if (inputStream == null) {
            Date date = new Date();
            this.f11384f = date;
            this.f11385g = date;
            this.f11382d = new AlgorithmIdentifier(PKCSObjectIdentifiers.J, DERNull.f8795c);
            this.f11383e = g(64);
            return;
        }
        Encodable B = new ASN1InputStream(inputStream).B();
        if (B instanceof ObjectStore) {
            objectStore = (ObjectStore) B;
        } else if (B != null) {
            objectStore = new ObjectStore(ASN1Sequence.s(B));
        }
        ObjectStoreIntegrityCheck objectStoreIntegrityCheck = objectStore.f8866i1;
        Objects.requireNonNull(objectStoreIntegrityCheck);
        PbkdMacIntegrityCheck j11 = PbkdMacIntegrityCheck.j(objectStoreIntegrityCheck.f8873c);
        this.f11382d = j11.f8874c;
        this.f11383e = j11.f8875i1;
        if (!Arrays.m(a(objectStore.f8865c.c().g(), j11.f8874c, j11.f8875i1, cArr), Arrays.c(j11.f8876j1.u()))) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed.");
        }
        ASN1Encodable aSN1Encodable = objectStore.f8865c;
        if (aSN1Encodable instanceof EncryptedObjectStoreData) {
            EncryptedObjectStoreData encryptedObjectStoreData = (EncryptedObjectStoreData) aSN1Encodable;
            j10 = ObjectStoreData.j(d("STORE_ENCRYPTION", encryptedObjectStoreData.f8852c, cArr, encryptedObjectStoreData.f8853i1.u()));
        } else {
            j10 = ObjectStoreData.j(aSN1Encodable);
        }
        try {
            this.f11384f = j10.f8869j1.t();
            this.f11385g = j10.f8870k1.t();
            if (!j10.f8868i1.equals(this.f11382d)) {
                throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
            }
            Iterator<ASN1Encodable> it = j10.f8871l1.iterator();
            while (it.hasNext()) {
                ObjectData l10 = ObjectData.l(it.next());
                this.f11380b.put(l10.f8859i1, l10);
            }
        } catch (ParseException unused) {
            throw new IOException("BCFKS KeyStore unable to parse store data information.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        Date date;
        ObjectData objectData = this.f11380b.get(str);
        Date date2 = new Date();
        if (objectData == null) {
            date = date2;
        } else {
            if (!objectData.f8858c.equals(f11374j)) {
                throw new KeyStoreException(n.b("BCFKS KeyStore already has a key entry with alias ", str));
            }
            date = e(objectData, date2);
        }
        try {
            this.f11380b.put(str, new ObjectData(f11374j, str, date, date2, certificate.getEncoded(), null));
            this.f11385g = date2;
        } catch (CertificateEncodingException e10) {
            StringBuilder d10 = b.d("BCFKS KeyStore unable to handle certificate: ");
            d10.append(e10.getMessage());
            throw new ExtKeyStoreException(d10.toString(), e10);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
        byte[] doFinal;
        Date date = new Date();
        ObjectData objectData = this.f11380b.get(str);
        Date e10 = objectData != null ? e(objectData, date) : date;
        this.f11381c.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                KeyDerivationFunc g10 = g(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] f10 = f(g10, "PRIVATE_KEY_ENCRYPTION", cArr);
                BouncyCastleProvider bouncyCastleProvider = this.f11379a;
                Cipher cipher = bouncyCastleProvider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
                cipher.init(1, new SecretKeySpec(f10, "AES"));
                this.f11380b.put(str, new ObjectData(f11375k, str, e10, date, b(new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.f9144x, new PBES2Parameters(g10, new EncryptionScheme(NISTObjectIdentifiers.N, CCMParameters.j(cipher.getParameters().getEncoded())))), cipher.doFinal(encoded)), certificateArr).g(), null));
            } catch (Exception e11) {
                throw new ExtKeyStoreException(a.b(e11, b.d("BCFKS KeyStore exception storing private key: ")), e11);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                KeyDerivationFunc g11 = g(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] f11 = f(g11, "SECRET_KEY_ENCRYPTION", cArr);
                BouncyCastleProvider bouncyCastleProvider2 = this.f11379a;
                Cipher cipher2 = bouncyCastleProvider2 == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider2);
                cipher2.init(1, new SecretKeySpec(f11, "AES"));
                String g12 = Strings.g(key.getAlgorithm());
                if (g12.indexOf("AES") > -1) {
                    doFinal = cipher2.doFinal(new SecretKeyData(NISTObjectIdentifiers.f9028q, encoded2).g());
                } else {
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) ((HashMap) f11372h).get(g12);
                    if (aSN1ObjectIdentifier == null) {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + g12 + ") for storage.");
                    }
                    doFinal = cipher2.doFinal(new SecretKeyData(aSN1ObjectIdentifier, encoded2).g());
                }
                this.f11380b.put(str, new ObjectData(f11376l, str, e10, date, new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.f9144x, new PBES2Parameters(g11, new EncryptionScheme(NISTObjectIdentifiers.N, CCMParameters.j(cipher2.getParameters().getEncoded())))), doFinal).g(), null));
            } catch (Exception e12) {
                throw new ExtKeyStoreException(a.b(e12, b.d("BCFKS KeyStore exception storing private key: ")), e12);
            }
        }
        this.f11385g = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        Date date = new Date();
        ObjectData objectData = this.f11380b.get(str);
        Date e10 = objectData != null ? e(objectData, date) : date;
        if (certificateArr != null) {
            try {
                EncryptedPrivateKeyInfo l10 = EncryptedPrivateKeyInfo.l(bArr);
                try {
                    this.f11381c.remove(str);
                    this.f11380b.put(str, new ObjectData(f11377m, str, e10, date, b(l10, certificateArr).g(), null));
                } catch (Exception e11) {
                    throw new ExtKeyStoreException(a.b(e11, b.d("BCFKS KeyStore exception storing protected private key: ")), e11);
                }
            } catch (Exception e12) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e12);
            }
        } else {
            try {
                this.f11380b.put(str, new ObjectData(f11378n, str, e10, date, bArr, null));
            } catch (Exception e13) {
                throw new ExtKeyStoreException(a.b(e13, b.d("BCFKS KeyStore exception storing protected private key: ")), e13);
            }
        }
        this.f11385g = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.f11380b.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
        ObjectData[] objectDataArr = (ObjectData[]) this.f11380b.values().toArray(new ObjectData[this.f11380b.size()]);
        KeyDerivationFunc g10 = g(32);
        byte[] f10 = f(g10, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0]);
        ObjectStoreData objectStoreData = new ObjectStoreData(this.f11382d, this.f11384f, this.f11385g, new ObjectDataSequence(objectDataArr), null);
        try {
            BouncyCastleProvider bouncyCastleProvider = this.f11379a;
            Cipher cipher = bouncyCastleProvider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
            cipher.init(1, new SecretKeySpec(f10, "AES"));
            EncryptedObjectStoreData encryptedObjectStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.f9144x, new PBES2Parameters(g10, new EncryptionScheme(NISTObjectIdentifiers.N, CCMParameters.j(cipher.getParameters().getEncoded())))), cipher.doFinal(objectStoreData.g()));
            PBKDF2Params j10 = PBKDF2Params.j(this.f11383e.f9097c.f9367i1);
            byte[] bArr = new byte[j10.n().length];
            new SecureRandom().nextBytes(bArr);
            ASN1ObjectIdentifier aSN1ObjectIdentifier = this.f11383e.f9097c.f9366c;
            int intValue = j10.l().intValue();
            ASN1Integer aSN1Integer = j10.f9109j1;
            this.f11383e = new KeyDerivationFunc(aSN1ObjectIdentifier, new PBKDF2Params(bArr, intValue, (aSN1Integer != null ? aSN1Integer.v() : null).intValue(), j10.m()));
            outputStream.write(new ObjectStore(encryptedObjectStoreData, new ObjectStoreIntegrityCheck(new PbkdMacIntegrityCheck(this.f11382d, this.f11383e, a(encryptedObjectStoreData.g(), this.f11382d, this.f11383e, cArr)))).g());
            outputStream.flush();
        } catch (InvalidKeyException e10) {
            throw new IOException(e10.toString());
        } catch (BadPaddingException e11) {
            throw new IOException(e11.toString());
        } catch (IllegalBlockSizeException e12) {
            throw new IOException(e12.toString());
        } catch (NoSuchPaddingException e13) {
            throw new NoSuchAlgorithmException(e13.toString());
        }
    }

    public final byte[] f(KeyDerivationFunc keyDerivationFunc, String str, char[] cArr) {
        byte[] a10 = PBEParametersGenerator.a(cArr);
        byte[] a11 = PBEParametersGenerator.a(str.toCharArray());
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA512Digest());
        if (!keyDerivationFunc.f9097c.f9366c.equals(PKCSObjectIdentifiers.y)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        PBKDF2Params j10 = PBKDF2Params.j(keyDerivationFunc.f9097c.f9367i1);
        if (!j10.m().f9366c.equals(PKCSObjectIdentifiers.J)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF.");
        }
        pKCS5S2ParametersGenerator.g(Arrays.j(a10, a11), j10.n(), j10.l().intValue());
        ASN1Integer aSN1Integer = j10.f9109j1;
        return ((KeyParameter) pKCS5S2ParametersGenerator.e((aSN1Integer != null ? aSN1Integer.v() : null).intValue() * 8)).f10741c;
    }

    public final KeyDerivationFunc g(int i10) {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        return new KeyDerivationFunc(PKCSObjectIdentifiers.y, new PBKDF2Params(bArr, 1024, i10, new AlgorithmIdentifier(PKCSObjectIdentifiers.J, DERNull.f8795c)));
    }
}
