package com.rsa.cryptoj.e;

import com.rsa.crypto.AlgorithmStrings;
import com.rsa.jsafe.cms.AuthenticatedDataDecoder;
import com.rsa.jsafe.cms.CMSException;
import com.rsa.jsafe.cms.ContentType;
import com.rsa.jsafe.cms.InfoObjectFactory;
import com.rsa.jsafe.cms.KeyContainer;
import com.rsa.jsafe.cms.ParameterFactory;
import com.rsa.jsafe.cms.PasswordRecipientInfo;
import com.rsa.jsafe.cms.RecipientInfo;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/rsa/cryptoj/e/mf.class */
public class mf extends KeyStoreSpi {
    private static final ContentType b = ContentType.getContentType("1.2.840.113549.1.15.3.1");
    private static final String c = "Error adding key to KeyStore ";
    private static final String d = "Could not decrypt key: ";
    private static final String e = "Error decoding PKCS 15 input.";
    private static final int f = 1073741824;
    private static final int g = 1073741828;
    private static int h;
    static int a;
    private static final int i = 10000;
    private static final String j = "com.rsa.cryptoj.jce.pkcs15.iterationcount";
    private final Map<String, Object> k = new HashMap();
    private final ch l;
    private final List<cc> m;

    public mf(ch chVar, List<cc> list) {
        this.l = chVar;
        this.m = list;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Enumeration<String> engineAliases() {
        return new Hashtable(this.k).keys();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineContainsAlias(String str) {
        return this.k.get(str.toLowerCase()) != null;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineDeleteEntry(String str) throws KeyStoreException {
        this.k.remove(str.toLowerCase());
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Certificate engineGetCertificate(String str) {
        Object obj = this.k.get(str.toLowerCase());
        if (obj == null) {
            return null;
        }
        return obj instanceof me ? ((me) obj).b() : ((mc) obj).a();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        Iterator<String> it = this.k.keySet().iterator();
        while (it.hasNext()) {
            md mdVar = (md) this.k.get(it.next());
            Certificate certificate2 = null;
            if (mdVar instanceof me) {
                certificate2 = ((me) mdVar).b();
            } else if (mdVar instanceof mc) {
                certificate2 = ((mc) mdVar).a();
            }
            if (certificate.equals(certificate2)) {
                return mdVar.d();
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Certificate[] engineGetCertificateChain(String str) {
        Object obj = this.k.get(str.toLowerCase());
        if (obj instanceof me) {
            return ((me) obj).e();
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Date engineGetCreationDate(String str) {
        md mdVar = (md) this.k.get(str.toLowerCase());
        if (mdVar == null) {
            return null;
        }
        return mdVar.c();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        md mdVar = (md) this.k.get(str.toLowerCase());
        if (!(mdVar instanceof me)) {
            return null;
        }
        try {
            return ((me) mdVar).a(cArr);
        } catch (IOException e2) {
            throw new UnrecoverableKeyException(d + e2.getMessage());
        } catch (InvalidKeyException e3) {
            throw new UnrecoverableKeyException(d + e3.getMessage());
        } catch (InvalidKeySpecException e4) {
            throw new UnrecoverableKeyException(d + e4.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineIsCertificateEntry(String str) {
        return this.k.get(str.toLowerCase()) instanceof mc;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineIsKeyEntry(String str) {
        return this.k.get(str.toLowerCase()) instanceof me;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (inputStream == null) {
            return;
        }
        this.k.clear();
        try {
            ir irVar = new ir(inputStream, null, this.l);
            if (irVar.getContentType().equals(b)) {
                if (cArr != null) {
                    throw new IOException("Integrity-protection not present.");
                }
                a(irVar.getContentBytes(), cArr);
                return;
            }
            if (!irVar.getContentType().equals(ContentType.AUTHENTICATED_DATA)) {
                throw new IOException(e);
            }
            if (cArr == null) {
                IOException iOException = new IOException();
                iOException.initCause(new UnrecoverableKeyException("Could not load keystore: integrity check failed"));
                throw iOException;
            }
            AuthenticatedDataDecoder authenticatedDataDecoder = (AuthenticatedDataDecoder) irVar.getContentDecoder();
            if (!authenticatedDataDecoder.getContentType().equals(b)) {
                throw new IOException(e);
            }
            RecipientInfo[] recipientInfos = authenticatedDataDecoder.getRecipientInfos();
            boolean z = false;
            int i2 = 0;
            while (true) {
                if (i2 >= recipientInfos.length) {
                    break;
                }
                if (recipientInfos[i2] instanceof PasswordRecipientInfo) {
                    try {
                        authenticatedDataDecoder.decryptAuthenticationKey(recipientInfos[0], new KeyContainer(cArr));
                        z = true;
                        break;
                    } catch (CMSException e2) {
                        IOException iOException2 = new IOException();
                        iOException2.initCause(new UnrecoverableKeyException("Could not load keystore: invalid password"));
                        throw iOException2;
                    }
                }
                i2++;
            }
            byte[] contentBytes = authenticatedDataDecoder.getContentBytes();
            if (z && authenticatedDataDecoder.verify()) {
                a(contentBytes, cArr);
            } else {
                IOException iOException3 = new IOException();
                iOException3.initCause(new UnrecoverableKeyException("Could not load keystore: integrity check failed"));
                throw iOException3;
            }
        } catch (b e3) {
            throw new IOException(e + e3.getMessage());
        } catch (CMSException e4) {
            throw new IOException(e + e4.getMessage());
        }
    }

    private void a(byte[] bArr, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        byte[] a2;
        try {
            d a3 = a.a("PKCS15Token", bArr).a(2);
            int c2 = a3.c();
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            for (int i2 = 0; i2 < c2; i2++) {
                d a4 = a3.a(i2);
                int c3 = a4.b().c();
                if (c3 == f || c3 == g) {
                    if (a4.b().e() == a.c(0)) {
                        a(cArr, hashMap, hashMap2, a4, c3);
                    } else if (a4.b().e() == a.c(2) && (a2 = lz.a(cArr, this.l, a4)) != null) {
                        a(cArr, hashMap, hashMap2, (aj) a.a("ObjectTypeSequence", a2), c3);
                    }
                }
            }
            b(hashMap);
            a(hashMap2);
        } catch (b e2) {
            throw new IOException(e + e2.getMessage());
        }
    }

    private d a(f fVar, c cVar) {
        try {
            return a.a(cVar.c(a.c(0)), fVar.i());
        } catch (b e2) {
            return a.a(cVar.b(a.c(0)), fVar.i());
        }
    }

    private void a(char[] cArr, Map map, Map map2, d dVar, int i2) throws NoSuchAlgorithmException, IOException, CertificateException {
        if (dVar instanceof f) {
            f fVar = (f) dVar;
            if (i2 == f) {
                dVar = a(fVar, ar.a.b("PrivateKeyTypeSequence"));
            } else if (i2 == g) {
                dVar = a(fVar, ar.a.b("CertificateTypeSequence"));
            }
        }
        for (int i3 = 0; i3 < dVar.c(); i3++) {
            d a2 = dVar.a(i3);
            if (a2 instanceof f) {
                a2 = a.a("PKCS15Object", ((f) a2).i());
            }
            d a3 = a2.a(0).a(0);
            String a4 = a3 == null ? a() : a3.toString().toLowerCase();
            f fVar2 = (f) a2.a(1);
            f fVar3 = (f) a2.a(3);
            if (i2 == f) {
                a(a2, a4, fVar2, fVar3, cArr);
            } else if (i2 == g) {
                a(a4, fVar2, fVar3, map, map2, cArr);
            }
        }
    }

    private String a() {
        int i2 = h;
        h = i2 + 1;
        return String.valueOf(i2);
    }

    private void a(Map map) {
        for (mc mcVar : map.values()) {
            if (this.k.containsKey(mcVar.d())) {
                this.k.put(a(), mcVar);
            } else {
                this.k.put(mcVar.d(), mcVar);
            }
        }
    }

    private void b(Map map) {
        Iterator<Object> it = this.k.values().iterator();
        while (it.hasNext()) {
            md mdVar = (md) it.next();
            if (mdVar instanceof me) {
                me meVar = (me) mdVar;
                Object obj = map.get(dw.a(meVar.a()));
                while (true) {
                    X509Certificate x509Certificate = (X509Certificate) obj;
                    if (x509Certificate != null) {
                        meVar.a((Certificate) x509Certificate);
                        if (x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
                            break;
                        } else {
                            obj = map.get(x509Certificate.getIssuerX500Principal());
                        }
                    }
                }
            }
        }
    }

    private void a(String str, f fVar, f fVar2, Map map, Map map2, char[] cArr) throws CertificateException, NoSuchAlgorithmException, IOException {
        d a2 = a.a("CommonCertificateAttributes", fVar.i());
        byte[] g2 = ((ad) a2.a(0)).g();
        m mVar = (m) a2.b(a.c(3));
        boolean g3 = mVar == null ? false : mVar.g();
        X509Certificate a3 = a(fVar2, cArr);
        if (a3 != null) {
            if (g3) {
                map2.put(str.toLowerCase(), new mc(a3, str, this.l, this.m));
            } else {
                map.put(dw.a(g2), a3);
                map.put(a3.getSubjectX500Principal(), a3);
            }
        }
    }

    private void a(d dVar, String str, f fVar, d dVar2, char[] cArr) throws NoSuchAlgorithmException, IOException {
        String a2 = a(dVar.b().e());
        this.k.put(str, new me(a2, str, null, mb.a(a2).a(dVar2, cArr, this.l), ((ad) a.a("CommonKeyAttributes", fVar.i()).a(0)).g(), this.l, this.m));
    }

    private static String a(int i2) throws NoSuchAlgorithmException {
        switch (a.f(i2)) {
            case 0:
                return AlgorithmStrings.EC;
            case 1:
                return "DH";
            case 2:
                return AlgorithmStrings.DSA;
            case 16:
                return "RSA";
            default:
                throw new NoSuchAlgorithmException("Key type not supported");
        }
    }

    private X509Certificate a(f fVar, char[] cArr) throws CertificateException, IOException {
        d a2 = a.a("X509CertificateAttributes", fVar.i()).a(0);
        if (a2.b().c() == a.c(0)) {
            return ly.a.a(a2, cArr, this.l, this.m);
        }
        if (a2.b().e() == a.c(2)) {
            return ly.b.a(a2, cArr, this.l, this.m);
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Object obj = this.k.get(str.toLowerCase());
        if (obj != null && !(obj instanceof mc)) {
            throw new KeyStoreException("Can not override an entry which is not a trusted certificate entry.");
        }
        if (!(certificate instanceof X509Certificate)) {
            throw new KeyStoreException("Unsupported certificate class. Expected java.security.cert.X509Certificate");
        }
        try {
            this.k.put(str.toLowerCase(), new mc((X509Certificate) certificate, str, this.l, this.m));
        } catch (CertificateEncodingException e2) {
            throw new KeyStoreException("Unable to encode certificate", e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("Error adding key to KeyStore  Operation not supported");
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if (str == null) {
            throw new KeyStoreException("Alias must be present");
        }
        if (!(key instanceof PrivateKey)) {
            throw new KeyStoreException("Only PrivateKey storage is supported.");
        }
        if (certificateArr == null) {
            throw new KeyStoreException("Certificate chain is required");
        }
        if (cArr == null || cArr.length == 0) {
            throw new KeyStoreException("Password must be non-null and must not be of length 0.");
        }
        try {
            this.k.put(str.toLowerCase(), new me(key.getAlgorithm(), str, certificateArr, mb.a(key.getAlgorithm()).a(key, cArr, this.l), null, this.l, this.m));
        } catch (Exception e2) {
            throw new KeyStoreException(c + e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized int engineSize() {
        return this.k.size();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        d a2 = a.a("PKCS15Token", new Object[]{0, null, b()});
        if (cArr == null) {
            outputStream.write(a.c(a.a("ContentInfo", new Object[]{b.getIdentifier(), a2.c(a.c(0))})));
            return;
        }
        OutputStream outputStream2 = null;
        OutputStream outputStream3 = null;
        try {
            outputStream2 = new is(outputStream, null, this.l).getContentOutputStream(ContentType.AUTHENTICATED_DATA);
            outputStream3 = new ig(outputStream2, null, (ih) ParameterFactory.newAuthenticatedDataParameters(new RecipientInfo[]{InfoObjectFactory.newPasswordRecipientInfo(cArr, "PBKDF2WithSHA256", a)}, "HmacSHA256"), this.l).getContentOutputStream(b);
            outputStream3.write(a.c(a2));
            outputStream3.close();
            if (outputStream2 != null) {
                try {
                    outputStream2.close();
                } catch (Exception e2) {
                }
            }
            if (outputStream3 != null) {
                try {
                    outputStream3.close();
                } catch (Exception e3) {
                }
            }
        } catch (Throwable th) {
            if (outputStream2 != null) {
                try {
                    outputStream2.close();
                } catch (Exception e4) {
                }
            }
            if (outputStream3 != null) {
                try {
                    outputStream3.close();
                } catch (Exception e5) {
                }
            }
            throw th;
        }
    }

    private List<d> b() throws CertificateEncodingException, UnsupportedEncodingException, NoSuchAlgorithmException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<String> it = this.k.keySet().iterator();
        while (it.hasNext()) {
            Object obj = this.k.get(it.next());
            if (obj instanceof me) {
                me meVar = (me) obj;
                arrayList.add(meVar.f());
                List<d> g2 = meVar.g();
                if (g2 != null) {
                    arrayList2.addAll(g2);
                }
            } else if (obj instanceof mc) {
                arrayList2.add(((mc) obj).b());
            }
        }
        d c2 = a.a("PrivateKeyTypeSequence", arrayList).d(a.c(0)).c(a.c(0));
        d c3 = a.a("CertificateTypeSequence", arrayList2).d(a.c(0)).c(a.c(4));
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(c2);
        arrayList3.add(c3);
        return arrayList3;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineProbe(InputStream inputStream) throws IOException {
        if (inputStream == null) {
            throw new NullPointerException("input stream must not be null");
        }
        try {
            a.a("PKCS15Object", a.a(inputStream instanceof DataInputStream ? (DataInputStream) inputStream : new DataInputStream(inputStream)));
            return true;
        } catch (b e2) {
            return false;
        }
    }

    static {
        try {
            a = Security.getProperty(j) == null ? i : Integer.parseInt(Security.getProperty(j));
        } catch (Exception e2) {
            a = i;
        }
    }
}
