package org.bouncycastle.jcajce.provider.keystore.bcfks;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.bc.EncryptedObjectStoreData;
import org.bouncycastle.asn1.bc.EncryptedPrivateKeyData;
import org.bouncycastle.asn1.bc.EncryptedSecretKeyData;
import org.bouncycastle.asn1.bc.ObjectData;
import org.bouncycastle.asn1.bc.ObjectDataSequence;
import org.bouncycastle.asn1.bc.ObjectStore;
import org.bouncycastle.asn1.bc.ObjectStoreData;
import org.bouncycastle.asn1.bc.ObjectStoreIntegrityCheck;
import org.bouncycastle.asn1.bc.PbkdMacIntegrityCheck;
import org.bouncycastle.asn1.bc.SecretKeyData;
import org.bouncycastle.asn1.cms.CCMParameters;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.EncryptionScheme;
import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
import org.bouncycastle.asn1.pkcs.PBES2Parameters;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;
import p057.p058.p059.p060.C0895;

/* loaded from: classes2.dex */
class BcFKSKeyStoreSpi extends KeyStoreSpi {

    /* renamed from: Ԯ, reason: contains not printable characters */
    private static final Map<String, ASN1ObjectIdentifier> f17727;

    /* renamed from: ԯ, reason: contains not printable characters */
    private static final Map<ASN1ObjectIdentifier, String> f17728;

    /* renamed from: ֏, reason: contains not printable characters */
    private static final BigInteger f17729;

    /* renamed from: ؠ, reason: contains not printable characters */
    private static final BigInteger f17730;

    /* renamed from: ހ, reason: contains not printable characters */
    private static final BigInteger f17731;

    /* renamed from: ށ, reason: contains not printable characters */
    private static final BigInteger f17732;

    /* renamed from: ނ, reason: contains not printable characters */
    private static final BigInteger f17733;

    /* renamed from: Ϳ, reason: contains not printable characters */
    private final BouncyCastleProvider f17734;

    /* renamed from: Ԩ, reason: contains not printable characters */
    private final Map<String, ObjectData> f17735 = new HashMap();

    /* renamed from: ԩ, reason: contains not printable characters */
    private final Map<String, PrivateKey> f17736 = new HashMap();

    /* renamed from: Ԫ, reason: contains not printable characters */
    private AlgorithmIdentifier f17737;

    /* renamed from: ԫ, reason: contains not printable characters */
    private KeyDerivationFunc f17738;

    /* renamed from: Ԭ, reason: contains not printable characters */
    private Date f17739;

    /* renamed from: ԭ, reason: contains not printable characters */
    private Date f17740;

    /* loaded from: classes2.dex */
    public static class Def extends BcFKSKeyStoreSpi {
        public Def() {
            super(null);
        }
    }

    /* loaded from: classes2.dex */
    private static class ExtKeyStoreException extends KeyStoreException {

        /* renamed from: ߴ, reason: contains not printable characters */
        private final Throwable f17742;

        ExtKeyStoreException(String str, Throwable th) {
            super(str);
            this.f17742 = th;
        }

        @Override // java.lang.Throwable
        public Throwable getCause() {
            return this.f17742;
        }
    }

    /* loaded from: classes2.dex */
    public static class Std extends BcFKSKeyStoreSpi {
        public Std() {
            super(new BouncyCastleProvider());
        }
    }

    static {
        HashMap hashMap = new HashMap();
        f17727 = hashMap;
        HashMap hashMap2 = new HashMap();
        f17728 = hashMap2;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = OIWObjectIdentifiers.f15184;
        hashMap.put("DESEDE", aSN1ObjectIdentifier);
        hashMap.put("TRIPLEDES", aSN1ObjectIdentifier);
        hashMap.put("TDEA", aSN1ObjectIdentifier);
        hashMap.put("HMACSHA1", PKCSObjectIdentifiers.f15252);
        hashMap.put("HMACSHA224", PKCSObjectIdentifiers.f15253);
        hashMap.put("HMACSHA256", PKCSObjectIdentifiers.f15254);
        hashMap.put("HMACSHA384", PKCSObjectIdentifiers.f15255);
        hashMap.put("HMACSHA512", PKCSObjectIdentifiers.f15256);
        hashMap2.put(PKCSObjectIdentifiers.f15218, "RSA");
        hashMap2.put(X9ObjectIdentifiers.f15919, "EC");
        hashMap2.put(OIWObjectIdentifiers.f15188, "DH");
        hashMap2.put(PKCSObjectIdentifiers.f15234, "DH");
        hashMap2.put(X9ObjectIdentifiers.f15894, "DSA");
        f17729 = BigInteger.valueOf(0L);
        f17730 = BigInteger.valueOf(1L);
        f17731 = BigInteger.valueOf(2L);
        f17732 = BigInteger.valueOf(3L);
        f17733 = BigInteger.valueOf(4L);
    }

    BcFKSKeyStoreSpi(BouncyCastleProvider bouncyCastleProvider) {
        this.f17734 = bouncyCastleProvider;
    }

    /* renamed from: Ϳ, reason: contains not printable characters */
    private byte[] m9020(byte[] bArr, AlgorithmIdentifier algorithmIdentifier, KeyDerivationFunc keyDerivationFunc, char[] cArr) throws NoSuchAlgorithmException, IOException {
        String m7649 = algorithmIdentifier.m7944().m7649();
        BouncyCastleProvider bouncyCastleProvider = this.f17734;
        Mac mac = bouncyCastleProvider != null ? Mac.getInstance(m7649, bouncyCastleProvider) : Mac.getInstance(m7649);
        try {
            if (cArr == null) {
                cArr = new char[0];
            }
            mac.init(new SecretKeySpec(m9025(keyDerivationFunc, "INTEGRITY_CHECK", cArr), m7649));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e) {
            StringBuilder m10302 = C0895.m10302("Cannot set up MAC calculation: ");
            m10302.append(e.getMessage());
            throw new IOException(m10302.toString());
        }
    }

    /* renamed from: Ԩ, reason: contains not printable characters */
    private EncryptedPrivateKeyData m9021(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, Certificate[] certificateArr) throws CertificateEncodingException {
        org.bouncycastle.asn1.x509.Certificate[] certificateArr2 = new org.bouncycastle.asn1.x509.Certificate[certificateArr.length];
        for (int i = 0; i != certificateArr.length; i++) {
            certificateArr2[i] = org.bouncycastle.asn1.x509.Certificate.m7964(certificateArr[i].getEncoded());
        }
        return new EncryptedPrivateKeyData(encryptedPrivateKeyInfo, certificateArr2);
    }

    /* renamed from: ԩ, reason: contains not printable characters */
    private Certificate m9022(Object obj) {
        BouncyCastleProvider bouncyCastleProvider = this.f17734;
        if (bouncyCastleProvider != null) {
            try {
                return CertificateFactory.getInstance("X.509", bouncyCastleProvider).generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.Certificate.m7964(obj).mo7638()));
            } catch (Exception unused) {
                return null;
            }
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.asn1.x509.Certificate.m7964(obj).mo7638()));
        } catch (Exception unused2) {
            return null;
        }
    }

    /* renamed from: Ԫ, reason: contains not printable characters */
    private byte[] m9023(String str, AlgorithmIdentifier algorithmIdentifier, char[] cArr, byte[] bArr) throws IOException {
        Cipher cipher;
        AlgorithmParameters algorithmParameters;
        if (!algorithmIdentifier.m7944().equals(PKCSObjectIdentifiers.f15242)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
        }
        PBES2Parameters m7818 = PBES2Parameters.m7818(algorithmIdentifier.m7945());
        EncryptionScheme m7819 = m7818.m7819();
        if (!m7819.m7809().equals(NISTObjectIdentifiers.f15144)) {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        try {
            CCMParameters m7756 = CCMParameters.m7756(m7819.m7810());
            BouncyCastleProvider bouncyCastleProvider = this.f17734;
            if (bouncyCastleProvider == null) {
                cipher = Cipher.getInstance("AES/CCM/NoPadding");
                algorithmParameters = AlgorithmParameters.getInstance("CCM");
            } else {
                cipher = Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
                algorithmParameters = AlgorithmParameters.getInstance("CCM", this.f17734);
            }
            algorithmParameters.init(m7756.mo7638());
            KeyDerivationFunc m7820 = m7818.m7820();
            if (cArr == null) {
                cArr = new char[0];
            }
            cipher.init(2, new SecretKeySpec(m9025(m7820, str, cArr), "AES"), algorithmParameters);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new IOException(e.toString());
        }
    }

    /* renamed from: ԫ, reason: contains not printable characters */
    private Date m9024(ObjectData objectData, Date date) {
        try {
            return objectData.m7732().m7624();
        } catch (ParseException unused) {
            return date;
        }
    }

    /* renamed from: Ԭ, reason: contains not printable characters */
    private byte[] m9025(KeyDerivationFunc keyDerivationFunc, String str, char[] cArr) throws IOException {
        byte[] m8159 = PBEParametersGenerator.m8159(cArr);
        byte[] m81592 = PBEParametersGenerator.m8159(str.toCharArray());
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA512Digest());
        if (!keyDerivationFunc.m7812().equals(PKCSObjectIdentifiers.f15243)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
        }
        PBKDF2Params m7821 = PBKDF2Params.m7821(keyDerivationFunc.m7813());
        if (!m7821.m7824().m7944().equals(PKCSObjectIdentifiers.f15256)) {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF.");
        }
        pKCS5S2ParametersGenerator.m8165(Arrays.m10095(m8159, m81592), m7821.m7825(), m7821.m7822().intValue());
        return ((KeyParameter) pKCS5S2ParametersGenerator.mo8163(m7821.m7823().intValue() * 8)).m8689();
    }

    /* renamed from: ԭ, reason: contains not printable characters */
    private KeyDerivationFunc m9026(int i) {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        return new KeyDerivationFunc(PKCSObjectIdentifiers.f15243, new PBKDF2Params(bArr, 1024, i, new AlgorithmIdentifier(PKCSObjectIdentifiers.f15256, DERNull.f14844)));
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final Iterator it = new HashSet(this.f17735.keySet()).iterator();
        return new Enumeration(this) { // from class: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi.1
            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return it.hasNext();
            }

            @Override // java.util.Enumeration
            public Object nextElement() {
                return it.next();
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        Objects.requireNonNull(str, "alias value is null");
        return this.f17735.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (this.f17735.get(str) == null) {
            return;
        }
        this.f17736.remove(str);
        this.f17735.remove(str);
        this.f17740 = new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        ObjectData objectData = this.f17735.get(str);
        if (objectData == null) {
            return null;
        }
        if (objectData.m7736().equals(f17730) || objectData.m7736().equals(f17732)) {
            return m9022(EncryptedPrivateKeyData.m7725(objectData.m7733()).m7726()[0]);
        }
        if (objectData.m7736().equals(f17729)) {
            return m9022(objectData.m7733());
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            byte[] encoded = certificate.getEncoded();
            for (String str : this.f17735.keySet()) {
                ObjectData objectData = this.f17735.get(str);
                if (objectData.m7736().equals(f17729)) {
                    if (Arrays.m10087(objectData.m7733(), encoded)) {
                        return str;
                    }
                } else if (objectData.m7736().equals(f17730) || objectData.m7736().equals(f17732)) {
                    try {
                        if (Arrays.m10087(EncryptedPrivateKeyData.m7725(objectData.m7733()).m7726()[0].mo7614().mo7638(), encoded)) {
                            return str;
                        }
                    } catch (IOException unused) {
                    }
                }
            }
        } catch (CertificateEncodingException unused2) {
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        ObjectData objectData = this.f17735.get(str);
        if (objectData == null) {
            return null;
        }
        if (!objectData.m7736().equals(f17730) && !objectData.m7736().equals(f17732)) {
            return null;
        }
        org.bouncycastle.asn1.x509.Certificate[] m7726 = EncryptedPrivateKeyData.m7725(objectData.m7733()).m7726();
        int length = m7726.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i != length; i++) {
            x509CertificateArr[i] = m9022(m7726[i]);
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        ObjectData objectData = this.f17735.get(str);
        if (objectData == null) {
            return null;
        }
        try {
            return objectData.m7735().m7624();
        } catch (ParseException unused) {
            return new Date();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyFactory keyFactory;
        ObjectData objectData = this.f17735.get(str);
        if (objectData == null) {
            return null;
        }
        if (!objectData.m7736().equals(f17730) && !objectData.m7736().equals(f17732)) {
            if (!objectData.m7736().equals(f17731) && !objectData.m7736().equals(f17733)) {
                throw new UnrecoverableKeyException(C0895.m10290("BCFKS KeyStore unable to recover secret key (", str, "): type not recognized"));
            }
            EncryptedSecretKeyData m7728 = EncryptedSecretKeyData.m7728(objectData.m7733());
            try {
                SecretKeyData m7752 = SecretKeyData.m7752(m9023("SECRET_KEY_ENCRYPTION", m7728.m7730(), cArr, m7728.m7729()));
                return (this.f17734 != null ? SecretKeyFactory.getInstance(m7752.m7753().m7649(), this.f17734) : SecretKeyFactory.getInstance(m7752.m7753().m7649())).generateSecret(new SecretKeySpec(m7752.m7754(), m7752.m7753().m7649()));
            } catch (Exception e) {
                StringBuilder m10305 = C0895.m10305("BCFKS KeyStore unable to recover secret key (", str, "): ");
                m10305.append(e.getMessage());
                throw new UnrecoverableKeyException(m10305.toString());
            }
        }
        PrivateKey privateKey = this.f17736.get(str);
        if (privateKey != null) {
            return privateKey;
        }
        EncryptedPrivateKeyInfo m7805 = EncryptedPrivateKeyInfo.m7805(EncryptedPrivateKeyData.m7725(objectData.m7733()).m7727());
        try {
            PrivateKeyInfo m7833 = PrivateKeyInfo.m7833(m9023("PRIVATE_KEY_ENCRYPTION", m7805.m7807(), cArr, m7805.m7806()));
            if (this.f17734 != null) {
                keyFactory = KeyFactory.getInstance(m7833.m7835().m7944().m7649(), this.f17734);
            } else {
                ASN1ObjectIdentifier m7944 = m7833.m7835().m7944();
                String str2 = f17728.get(m7944);
                if (str2 == null) {
                    str2 = m7944.m7649();
                }
                keyFactory = KeyFactory.getInstance(str2);
            }
            PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(m7833.mo7638()));
            this.f17736.put(str, generatePrivate);
            return generatePrivate;
        } catch (Exception e2) {
            StringBuilder m103052 = C0895.m10305("BCFKS KeyStore unable to recover private key (", str, "): ");
            m103052.append(e2.getMessage());
            throw new UnrecoverableKeyException(m103052.toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        ObjectData objectData = this.f17735.get(str);
        if (objectData != null) {
            return objectData.m7736().equals(f17729);
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        ObjectData objectData = this.f17735.get(str);
        if (objectData == null) {
            return false;
        }
        BigInteger m7736 = objectData.m7736();
        return m7736.equals(f17730) || m7736.equals(f17731) || m7736.equals(f17732) || m7736.equals(f17733);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        ObjectStoreData m7741;
        this.f17735.clear();
        this.f17736.clear();
        this.f17739 = null;
        this.f17740 = null;
        this.f17737 = null;
        if (inputStream == null) {
            Date date = new Date();
            this.f17739 = date;
            this.f17740 = date;
            this.f17737 = new AlgorithmIdentifier(PKCSObjectIdentifiers.f15256, DERNull.f14844);
            this.f17738 = m9026(64);
            return;
        }
        ObjectStore m7738 = ObjectStore.m7738(new ASN1InputStream(inputStream).m7633());
        ObjectStoreIntegrityCheck m7739 = m7738.m7739();
        Objects.requireNonNull(m7739);
        PbkdMacIntegrityCheck m7748 = PbkdMacIntegrityCheck.m7748(m7739.m7747());
        this.f17737 = m7748.m7750();
        this.f17738 = m7748.m7751();
        if (!Arrays.m10098(m9020(m7738.m7740().mo7614().mo7638(), m7748.m7750(), m7748.m7751(), cArr), m7748.m7749())) {
            throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed.");
        }
        ASN1Encodable m7740 = m7738.m7740();
        if (m7740 instanceof EncryptedObjectStoreData) {
            EncryptedObjectStoreData encryptedObjectStoreData = (EncryptedObjectStoreData) m7740;
            m7741 = ObjectStoreData.m7741(m9023("STORE_ENCRYPTION", encryptedObjectStoreData.m7724(), cArr, encryptedObjectStoreData.m7723().mo7654()));
        } else {
            m7741 = ObjectStoreData.m7741(m7740);
        }
        try {
            this.f17739 = m7741.m7742().m7624();
            this.f17740 = m7741.m7744().m7624();
            if (!m7741.m7743().equals(this.f17737)) {
                throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
            }
            Iterator<ASN1Encodable> it = m7741.m7745().iterator();
            while (it.hasNext()) {
                ObjectData m7731 = ObjectData.m7731(it.next());
                this.f17735.put(m7731.m7734(), m7731);
            }
        } catch (ParseException unused) {
            throw new IOException("BCFKS KeyStore unable to parse store data information.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Date date;
        ObjectData objectData = this.f17735.get(str);
        Date date2 = new Date();
        if (objectData == null) {
            date = date2;
        } else {
            if (!objectData.m7736().equals(f17729)) {
                throw new KeyStoreException(C0895.m10289("BCFKS KeyStore already has a key entry with alias ", str));
            }
            date = m9024(objectData, date2);
        }
        try {
            this.f17735.put(str, new ObjectData(f17729, str, date, date2, certificate.getEncoded(), null));
            this.f17740 = date2;
        } catch (CertificateEncodingException e) {
            StringBuilder m10302 = C0895.m10302("BCFKS KeyStore unable to handle certificate: ");
            m10302.append(e.getMessage());
            throw new ExtKeyStoreException(m10302.toString(), e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        byte[] doFinal;
        Date date = new Date();
        ObjectData objectData = this.f17735.get(str);
        Date m9024 = objectData != null ? m9024(objectData, date) : date;
        this.f17736.remove(str);
        if (key instanceof PrivateKey) {
            if (certificateArr == null) {
                throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
            }
            try {
                byte[] encoded = key.getEncoded();
                KeyDerivationFunc m9026 = m9026(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] m9025 = m9025(m9026, "PRIVATE_KEY_ENCRYPTION", cArr);
                BouncyCastleProvider bouncyCastleProvider = this.f17734;
                Cipher cipher = bouncyCastleProvider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
                cipher.init(1, new SecretKeySpec(m9025, "AES"));
                this.f17735.put(str, new ObjectData(f17730, str, m9024, date, m9021(new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.f15242, new PBES2Parameters(m9026, new EncryptionScheme(NISTObjectIdentifiers.f15144, CCMParameters.m7756(cipher.getParameters().getEncoded())))), cipher.doFinal(encoded)), certificateArr).mo7638(), null));
            } catch (Exception e) {
                throw new ExtKeyStoreException(C0895.m10277(e, C0895.m10302("BCFKS KeyStore exception storing private key: ")), e);
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
            }
            if (certificateArr != null) {
                throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
            }
            try {
                byte[] encoded2 = key.getEncoded();
                KeyDerivationFunc m90262 = m9026(32);
                if (cArr == null) {
                    cArr = new char[0];
                }
                byte[] m90252 = m9025(m90262, "SECRET_KEY_ENCRYPTION", cArr);
                BouncyCastleProvider bouncyCastleProvider2 = this.f17734;
                Cipher cipher2 = bouncyCastleProvider2 == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider2);
                cipher2.init(1, new SecretKeySpec(m90252, "AES"));
                String m10138 = Strings.m10138(key.getAlgorithm());
                if (m10138.indexOf("AES") > -1) {
                    doFinal = cipher2.doFinal(new SecretKeyData(NISTObjectIdentifiers.f15123, encoded2).mo7638());
                } else {
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = f17727.get(m10138);
                    if (aSN1ObjectIdentifier == null) {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + m10138 + ") for storage.");
                    }
                    doFinal = cipher2.doFinal(new SecretKeyData(aSN1ObjectIdentifier, encoded2).mo7638());
                }
                this.f17735.put(str, new ObjectData(f17731, str, m9024, date, new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.f15242, new PBES2Parameters(m90262, new EncryptionScheme(NISTObjectIdentifiers.f15144, CCMParameters.m7756(cipher2.getParameters().getEncoded())))), doFinal).mo7638(), null));
            } catch (Exception e2) {
                throw new ExtKeyStoreException(C0895.m10277(e2, C0895.m10302("BCFKS KeyStore exception storing private key: ")), e2);
            }
        }
        this.f17740 = date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Date date = new Date();
        ObjectData objectData = this.f17735.get(str);
        Date m9024 = objectData != null ? m9024(objectData, date) : date;
        if (certificateArr != null) {
            try {
                EncryptedPrivateKeyInfo m7805 = EncryptedPrivateKeyInfo.m7805(bArr);
                try {
                    this.f17736.remove(str);
                    this.f17735.put(str, new ObjectData(f17732, str, m9024, date, m9021(m7805, certificateArr).mo7638(), null));
                } catch (Exception e) {
                    throw new ExtKeyStoreException(C0895.m10277(e, C0895.m10302("BCFKS KeyStore exception storing protected private key: ")), e);
                }
            } catch (Exception e2) {
                throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e2);
            }
        } else {
            try {
                this.f17735.put(str, new ObjectData(f17733, str, m9024, date, bArr, null));
            } catch (Exception e3) {
                throw new ExtKeyStoreException(C0895.m10277(e3, C0895.m10302("BCFKS KeyStore exception storing protected private key: ")), e3);
            }
        }
        this.f17740 = date;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.f17735.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        ObjectData[] objectDataArr = (ObjectData[]) this.f17735.values().toArray(new ObjectData[this.f17735.size()]);
        KeyDerivationFunc m9026 = m9026(32);
        byte[] m9025 = m9025(m9026, "STORE_ENCRYPTION", cArr != null ? cArr : new char[0]);
        ObjectStoreData objectStoreData = new ObjectStoreData(this.f17737, this.f17739, this.f17740, new ObjectDataSequence(objectDataArr), null);
        try {
            BouncyCastleProvider bouncyCastleProvider = this.f17734;
            Cipher cipher = bouncyCastleProvider == null ? Cipher.getInstance("AES/CCM/NoPadding") : Cipher.getInstance("AES/CCM/NoPadding", bouncyCastleProvider);
            cipher.init(1, new SecretKeySpec(m9025, "AES"));
            EncryptedObjectStoreData encryptedObjectStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.f15242, new PBES2Parameters(m9026, new EncryptionScheme(NISTObjectIdentifiers.f15144, CCMParameters.m7756(cipher.getParameters().getEncoded())))), cipher.doFinal(objectStoreData.mo7638()));
            PBKDF2Params m7821 = PBKDF2Params.m7821(this.f17738.m7813());
            byte[] bArr = new byte[m7821.m7825().length];
            new SecureRandom().nextBytes(bArr);
            this.f17738 = new KeyDerivationFunc(this.f17738.m7812(), new PBKDF2Params(bArr, m7821.m7822().intValue(), m7821.m7823().intValue(), m7821.m7824()));
            outputStream.write(new ObjectStore(encryptedObjectStoreData, new ObjectStoreIntegrityCheck(new PbkdMacIntegrityCheck(this.f17737, this.f17738, m9020(encryptedObjectStoreData.mo7638(), this.f17737, this.f17738, cArr)))).mo7638());
            outputStream.flush();
        } catch (InvalidKeyException e) {
            throw new IOException(e.toString());
        } catch (BadPaddingException e2) {
            throw new IOException(e2.toString());
        } catch (IllegalBlockSizeException e3) {
            throw new IOException(e3.toString());
        } catch (NoSuchPaddingException e4) {
            throw new NoSuchAlgorithmException(e4.toString());
        }
    }
}
