package org.bouncycastle.jcajce.provider;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.KeySpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BEROctetString;
import org.bouncycastle.asn1.BEROutputStream;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.cryptopro.GOST28147Parameters;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
import org.bouncycastle.asn1.pkcs.CertBag;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.EncryptedData;
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.MacData;
import org.bouncycastle.asn1.pkcs.PBES2Parameters;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.Pfx;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.SafeBag;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.crypto.DigestAlgorithm;
import org.bouncycastle.crypto.PasswordBasedDeriver;
import org.bouncycastle.crypto.PasswordConverter;
import org.bouncycastle.crypto.fips.FipsDigestAlgorithm;
import org.bouncycastle.crypto.fips.FipsOutputDigestCalculator;
import org.bouncycastle.crypto.fips.FipsSHS;
import org.bouncycastle.crypto.general.PBKD;
import org.bouncycastle.crypto.general.SecureHash;
import org.bouncycastle.jcajce.BCLoadStoreParameter;
import org.bouncycastle.jcajce.ConsistentKeyPair;
import org.bouncycastle.jcajce.PKCS12Key;
import org.bouncycastle.jcajce.PKCS12KeyWithParameters;
import org.bouncycastle.jcajce.PKCS12StoreParameter;
import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
import org.bouncycastle.jcajce.spec.PBKDF2KeySpec;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;
import org.elasticsearch.xpack.core.ml.process.writer.RecordWriter;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:lib/bc-fips-1.0.2.1.jar:org/bouncycastle/jcajce/provider/ProvPKCS12.class */
public class ProvPKCS12 extends AsymmetricAlgorithmProvider {
    private static final Logger LOG = Logger.getLogger(ProvPKCS12.class.getName());
    private static final KeyIvSizeProvider sizeProvider = new KeyIvSizeProvider();
    private static final String PREFIX = "org.bouncycastle.jcajce.provider.keystore.pkcs12.";

    /* loaded from: input_file:lib/bc-fips-1.0.2.1.jar:org/bouncycastle/jcajce/provider/ProvPKCS12$AlgParams.class */
    static class AlgParams extends BaseAlgorithmParameters {
        PKCS12PBEParams params;

        AlgParams() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        public byte[] localGetEncoded() throws IOException {
            return this.params.getEncoded(ASN1Encoding.DER);
        }

        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        protected AlgorithmParameterSpec localEngineGetParameterSpec(Class cls) throws InvalidParameterSpecException {
            if (cls == PBEParameterSpec.class || cls == AlgorithmParameterSpec.class) {
                return new PBEParameterSpec(this.params.getIV(), this.params.getIterations().intValue());
            }
            throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + cls.getName());
        }

        @Override // java.security.AlgorithmParametersSpi
        protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidParameterSpecException {
            if (!(algorithmParameterSpec instanceof PBEParameterSpec)) {
                throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PBKDF-PKCS12 parameters algorithm parameters object");
            }
            PBEParameterSpec pBEParameterSpec = (PBEParameterSpec) algorithmParameterSpec;
            this.params = new PKCS12PBEParams(pBEParameterSpec.getSalt(), pBEParameterSpec.getIterationCount());
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        public void localInit(byte[] bArr) throws IOException {
            this.params = PKCS12PBEParams.getInstance(bArr);
        }

        @Override // java.security.AlgorithmParametersSpi
        protected String engineToString() {
            return "PBKDF-PKCS12 Parameters";
        }
    }

    /* loaded from: input_file:lib/bc-fips-1.0.2.1.jar:org/bouncycastle/jcajce/provider/ProvPKCS12$BCPKCS12KeyStore3DES.class */
    private static class BCPKCS12KeyStore3DES extends PKCS12KeyStoreSpi {
        public BCPKCS12KeyStore3DES(boolean z, BouncyCastleFipsProvider bouncyCastleFipsProvider) {
            super(true, bouncyCastleFipsProvider, bouncyCastleFipsProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
        }
    }

    /* loaded from: input_file:lib/bc-fips-1.0.2.1.jar:org/bouncycastle/jcajce/provider/ProvPKCS12$BCPKCS12KeyStore3DES40BitRC2.class */
    private static class BCPKCS12KeyStore3DES40BitRC2 extends PKCS12KeyStoreSpi {
        public BCPKCS12KeyStore3DES40BitRC2(BouncyCastleFipsProvider bouncyCastleFipsProvider) {
            super(bouncyCastleFipsProvider, bouncyCastleFipsProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
        }
    }

    /* loaded from: input_file:lib/bc-fips-1.0.2.1.jar:org/bouncycastle/jcajce/provider/ProvPKCS12$DefPKCS12KeyStore3DES.class */
    private static class DefPKCS12KeyStore3DES extends PKCS12KeyStoreSpi {
        public DefPKCS12KeyStore3DES(BouncyCastleFipsProvider bouncyCastleFipsProvider) {
            super(bouncyCastleFipsProvider, null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
        }
    }

    /* loaded from: input_file:lib/bc-fips-1.0.2.1.jar:org/bouncycastle/jcajce/provider/ProvPKCS12$DefPKCS12KeyStore3DES40BitRC2.class */
    private static class DefPKCS12KeyStore3DES40BitRC2 extends PKCS12KeyStoreSpi {
        public DefPKCS12KeyStore3DES40BitRC2(BouncyCastleFipsProvider bouncyCastleFipsProvider) {
            super(bouncyCastleFipsProvider, null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
        }
    }

    /* loaded from: input_file:lib/bc-fips-1.0.2.1.jar:org/bouncycastle/jcajce/provider/ProvPKCS12$GeneralKeyFactory.class */
    static class GeneralKeyFactory extends BaseKDFSecretKeyFactory {
        private final String algName;
        private final FipsDigestAlgorithm prf;
        private final PasswordBasedDeriver.KeyType keyType;

        protected GeneralKeyFactory(String str, FipsDigestAlgorithm fipsDigestAlgorithm, PasswordBasedDeriver.KeyType keyType) {
            this.algName = str;
            this.prf = fipsDigestAlgorithm;
            this.keyType = keyType;
        }

        @Override // javax.crypto.SecretKeyFactorySpi
        protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
            if (!(keySpec instanceof PBEKeySpec)) {
                throw new InvalidKeySpecException("Invalid KeySpec: " + keySpec.getClass().getName());
            }
            PBEKeySpec pBEKeySpec = (PBEKeySpec) keySpec;
            return pBEKeySpec.getSalt() == null ? new PKCS12Key(pBEKeySpec.getPassword()) : ProvPKCS12.getSecretKey(this.prf, this.algName, pBEKeySpec, this.keyType, pBEKeySpec.getKeyLength());
        }
    }

    /* loaded from: input_file:lib/bc-fips-1.0.2.1.jar:org/bouncycastle/jcajce/provider/ProvPKCS12$KeyFactory.class */
    static class KeyFactory extends BaseKDFSecretKeyFactory {
        private final String algName;
        private final int keySizeInBits;
        private final PasswordBasedDeriver.KeyType keyType;
        private final DigestAlgorithm prf;

        /* JADX INFO: Access modifiers changed from: protected */
        public KeyFactory(String str, DigestAlgorithm digestAlgorithm, PasswordBasedDeriver.KeyType keyType, int i) {
            this.algName = str;
            this.prf = digestAlgorithm;
            this.keyType = keyType;
            this.keySizeInBits = i;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public KeyFactory(String str, PasswordBasedDeriver.KeyType keyType, int i) {
            this(str, FipsSHS.Algorithm.SHA1, keyType, i);
        }

        @Override // javax.crypto.SecretKeyFactorySpi
        protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
            if (!(keySpec instanceof PBEKeySpec)) {
                throw new InvalidKeySpecException("Invalid KeySpec: " + keySpec.getClass().getName());
            }
            PBEKeySpec pBEKeySpec = (PBEKeySpec) keySpec;
            return pBEKeySpec.getSalt() == null ? new PKCS12Key(((PBEKeySpec) keySpec).getPassword()) : ProvPKCS12.getSecretKey(this.prf, this.algName, pBEKeySpec, this.keyType, this.keySizeInBits);
        }
    }

    /* loaded from: input_file:lib/bc-fips-1.0.2.1.jar:org/bouncycastle/jcajce/provider/ProvPKCS12$PKCS12KeyStoreSpi.class */
    private static class PKCS12KeyStoreSpi extends KeyStoreSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers {
        private static final int SALT_SIZE = 20;
        private static final int MIN_ITERATIONS = 1024;
        private IgnoresCaseHashtable privateKeyCache;
        private IgnoresCaseHashtable keys;
        private Hashtable localIds;
        private IgnoresCaseHashtable certs;
        private Hashtable chainCerts;
        private Hashtable keyCerts;
        private boolean wrongPKCS12Zero;
        static final int NULL = 0;
        static final int CERTIFICATE = 1;
        static final int KEY = 2;
        static final int SECRET = 3;
        static final int SEALED = 4;
        static final int KEY_PRIVATE = 0;
        static final int KEY_PUBLIC = 1;
        static final int KEY_SECRET = 2;
        protected final SecureRandom random;
        private java.security.cert.CertificateFactory certFact;
        private final boolean matchOnProbe;
        private BouncyCastleFipsProvider fipsProvider;
        private ASN1ObjectIdentifier keyAlgorithm;
        private ASN1ObjectIdentifier certAlgorithm;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:lib/bc-fips-1.0.2.1.jar:org/bouncycastle/jcajce/provider/ProvPKCS12$PKCS12KeyStoreSpi$CertId.class */
        public static class CertId {
            byte[] id;

            CertId(PublicKey publicKey) throws IOException {
                this.id = PKCS12KeyStoreSpi.createSubjectKeyId(publicKey).getKeyIdentifier();
            }

            CertId(byte[] bArr) {
                this.id = bArr;
            }

            public int hashCode() {
                return Arrays.hashCode(this.id);
            }

            public boolean equals(Object obj) {
                if (obj == this) {
                    return true;
                }
                if (obj instanceof CertId) {
                    return Arrays.areEqual(this.id, ((CertId) obj).id);
                }
                return false;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:lib/bc-fips-1.0.2.1.jar:org/bouncycastle/jcajce/provider/ProvPKCS12$PKCS12KeyStoreSpi$IgnoresCaseHashtable.class */
        public static class IgnoresCaseHashtable {
            private Hashtable orig;
            private Hashtable keys;

            private IgnoresCaseHashtable() {
                this.orig = new Hashtable();
                this.keys = new Hashtable();
            }

            public void put(String str, Object obj) {
                String lowerCase = Strings.toLowerCase(str);
                String str2 = (String) this.keys.get(lowerCase);
                if (str2 != null) {
                    this.orig.remove(str2);
                }
                this.keys.put(lowerCase, str);
                this.orig.put(str, obj);
            }

            public Enumeration keys() {
                return this.orig.keys();
            }

            public Object remove(String str) {
                String str2;
                if (str == null || (str2 = (String) this.keys.remove(Strings.toLowerCase(str))) == null) {
                    return null;
                }
                return this.orig.remove(str2);
            }

            public Object get(String str) {
                String str2;
                if (str == null || (str2 = (String) this.keys.get(Strings.toLowerCase(str))) == null) {
                    return null;
                }
                return this.orig.get(str2);
            }

            public Enumeration elements() {
                return this.orig.elements();
            }

            public void clear() {
                this.orig.clear();
            }
        }

        public PKCS12KeyStoreSpi(BouncyCastleFipsProvider bouncyCastleFipsProvider, Provider provider, ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1ObjectIdentifier aSN1ObjectIdentifier2) {
            this(false, bouncyCastleFipsProvider, provider, aSN1ObjectIdentifier, aSN1ObjectIdentifier2);
        }

        public PKCS12KeyStoreSpi(boolean z, BouncyCastleFipsProvider bouncyCastleFipsProvider, Provider provider, ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1ObjectIdentifier aSN1ObjectIdentifier2) {
            this.privateKeyCache = new IgnoresCaseHashtable();
            this.keys = new IgnoresCaseHashtable();
            this.localIds = new Hashtable();
            this.certs = new IgnoresCaseHashtable();
            this.chainCerts = new Hashtable();
            this.keyCerts = new Hashtable();
            this.wrongPKCS12Zero = false;
            this.matchOnProbe = z;
            this.fipsProvider = bouncyCastleFipsProvider;
            this.keyAlgorithm = aSN1ObjectIdentifier;
            this.certAlgorithm = aSN1ObjectIdentifier2;
            this.random = bouncyCastleFipsProvider.getDefaultSecureRandom();
            try {
                if (provider != null) {
                    this.certFact = java.security.cert.CertificateFactory.getInstance("X.509", provider);
                } else {
                    this.certFact = java.security.cert.CertificateFactory.getInstance("X.509");
                }
            } catch (Exception e) {
                throw new IllegalArgumentException("can't create cert factory - " + e.toString());
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey) throws IOException {
            return new SubjectKeyIdentifier(getDigest(SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(publicKey.getEncoded()))));
        }

        private static byte[] getDigest(SubjectPublicKeyInfo subjectPublicKeyInfo) {
            FipsOutputDigestCalculator createOutputDigestCalculator = new FipsSHS.OperatorFactory().createOutputDigestCalculator((FipsSHS.OperatorFactory) FipsSHS.SHA1);
            createOutputDigestCalculator.getDigestStream().update(subjectPublicKeyInfo.getPublicKeyData().getBytes());
            return createOutputDigestCalculator.getDigest();
        }

        @Override // java.security.KeyStoreSpi
        public boolean engineProbe(InputStream inputStream) throws IOException {
            if (!this.matchOnProbe) {
                return false;
            }
            BufferedInputStream bufferedInputStream = inputStream instanceof BufferedInputStream ? (BufferedInputStream) inputStream : new BufferedInputStream(inputStream);
            bufferedInputStream.mark(10);
            if (bufferedInputStream.read() != 48) {
                return false;
            }
            bufferedInputStream.reset();
            ASN1InputStream aSN1InputStream = new ASN1InputStream(bufferedInputStream);
            try {
                Pfx.getInstance(aSN1InputStream.readObject());
                return aSN1InputStream.available() == 0;
            } catch (Exception e) {
                return false;
            }
        }

        @Override // java.security.KeyStoreSpi
        public Enumeration engineAliases() {
            Hashtable hashtable = new Hashtable();
            Enumeration keys = this.certs.keys();
            while (keys.hasMoreElements()) {
                hashtable.put(keys.nextElement(), "cert");
            }
            Enumeration keys2 = this.keys.keys();
            while (keys2.hasMoreElements()) {
                String str = (String) keys2.nextElement();
                if (hashtable.get(str) == null) {
                    hashtable.put(str, "key");
                }
            }
            return hashtable.keys();
        }

        @Override // java.security.KeyStoreSpi
        public boolean engineContainsAlias(String str) {
            if (str == null) {
                throw new NullPointerException("alias value is null");
            }
            return (this.certs.get(str) == null && this.keys.get(str) == null) ? false : true;
        }

        @Override // java.security.KeyStoreSpi
        public void engineDeleteEntry(String str) throws KeyStoreException {
            Key key = (Key) this.keys.remove(str);
            this.privateKeyCache.remove(str);
            Certificate certificate = (Certificate) this.certs.remove(str);
            if (certificate != null) {
                removeChainCert(certificate);
            }
            if (key != null) {
                String str2 = (String) this.localIds.remove(str);
                if (str2 != null) {
                    certificate = (Certificate) this.keyCerts.remove(str2);
                }
                if (certificate != null) {
                    removeChainCert(certificate);
                }
            }
        }

        private void removeChainCert(Certificate certificate) throws KeyStoreException {
            try {
                this.chainCerts.remove(new CertId(certificate.getPublicKey()));
            } catch (IOException e) {
                throw new KeyStoreException("Exception: " + e.getMessage(), e);
            }
        }

        @Override // java.security.KeyStoreSpi
        public Certificate engineGetCertificate(String str) {
            if (str == null) {
                throw new IllegalArgumentException("null alias passed to getCertificate.");
            }
            Certificate certificate = (Certificate) this.certs.get(str);
            if (certificate == null) {
                String str2 = (String) this.localIds.get(str);
                certificate = str2 != null ? (Certificate) this.keyCerts.get(str2) : (Certificate) this.keyCerts.get(str);
            }
            return certificate;
        }

        @Override // java.security.KeyStoreSpi
        public String engineGetCertificateAlias(Certificate certificate) {
            Enumeration elements = this.certs.elements();
            Enumeration keys = this.certs.keys();
            while (elements.hasMoreElements()) {
                Certificate certificate2 = (Certificate) elements.nextElement();
                String str = (String) keys.nextElement();
                if (certificate2.equals(certificate)) {
                    return str;
                }
            }
            Enumeration elements2 = this.keyCerts.elements();
            Enumeration keys2 = this.keyCerts.keys();
            while (elements2.hasMoreElements()) {
                Certificate certificate3 = (Certificate) elements2.nextElement();
                String str2 = (String) keys2.nextElement();
                if (certificate3.equals(certificate)) {
                    return str2;
                }
            }
            return null;
        }

        @Override // java.security.KeyStoreSpi
        public Certificate[] engineGetCertificateChain(String str) {
            if (str == null) {
                throw new IllegalArgumentException("null alias passed to getCertificateChain.");
            }
            if (!engineIsKeyEntry(str)) {
                return null;
            }
            Certificate engineGetCertificate = engineGetCertificate(str);
            if (engineGetCertificate == null) {
                return null;
            }
            Vector vector = new Vector();
            while (engineGetCertificate != null) {
                X509Certificate x509Certificate = (X509Certificate) engineGetCertificate;
                Certificate certificate = null;
                byte[] extensionValue = x509Certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId());
                if (extensionValue != null) {
                    AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(ASN1OctetString.getInstance(extensionValue).getOctets());
                    if (authorityKeyIdentifier.getKeyIdentifier() != null) {
                        certificate = (Certificate) this.chainCerts.get(new CertId(authorityKeyIdentifier.getKeyIdentifier()));
                    }
                }
                if (certificate == null) {
                    Principal issuerDN = x509Certificate.getIssuerDN();
                    if (!issuerDN.equals(x509Certificate.getSubjectDN())) {
                        Enumeration keys = this.chainCerts.keys();
                        while (keys.hasMoreElements()) {
                            X509Certificate x509Certificate2 = (X509Certificate) this.chainCerts.get(keys.nextElement());
                            if (x509Certificate2.getSubjectDN().equals(issuerDN)) {
                                try {
                                    x509Certificate.verify(x509Certificate2.getPublicKey());
                                    certificate = x509Certificate2;
                                    break;
                                } catch (Exception e) {
                                }
                            }
                        }
                    }
                }
                if (vector.contains(engineGetCertificate)) {
                    engineGetCertificate = null;
                } else {
                    vector.addElement(engineGetCertificate);
                    engineGetCertificate = certificate != engineGetCertificate ? certificate : null;
                }
            }
            Certificate[] certificateArr = new Certificate[vector.size()];
            for (int i = 0; i != certificateArr.length; i++) {
                certificateArr[i] = (Certificate) vector.elementAt(i);
            }
            return certificateArr;
        }

        @Override // java.security.KeyStoreSpi
        public Date engineGetCreationDate(String str) {
            if (str == null) {
                throw new NullPointerException("alias == null");
            }
            if (this.keys.get(str) == null && this.certs.get(str) == null) {
                return null;
            }
            return new Date();
        }

        @Override // java.security.KeyStoreSpi
        public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
            if (str == null) {
                throw new IllegalArgumentException("null alias passed to getKey.");
            }
            Key key = (Key) this.keys.get(str);
            try {
                if (key instanceof PrivateKey) {
                    if (this.privateKeyCache.get(str) != null) {
                        return key;
                    }
                    Certificate engineGetCertificate = engineGetCertificate(str);
                    if (engineGetCertificate != null) {
                        new ConsistentKeyPair(engineGetCertificate.getPublicKey(), (PrivateKey) key);
                        this.privateKeyCache.put(str, key);
                    }
                }
                return key;
            } catch (IllegalArgumentException e) {
                throw new UnrecoverableKeyException(e.getMessage());
            }
        }

        @Override // java.security.KeyStoreSpi
        public boolean engineIsCertificateEntry(String str) {
            return this.certs.get(str) != null && this.keys.get(str) == null;
        }

        @Override // java.security.KeyStoreSpi
        public boolean engineIsKeyEntry(String str) {
            return this.keys.get(str) != null;
        }

        @Override // java.security.KeyStoreSpi
        public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
            if (this.keys.get(str) != null) {
                throw new KeyStoreException("There is a key entry with the name " + str + RecordWriter.CONTROL_FIELD_NAME);
            }
            this.certs.put(str, certificate);
            putChainCert(certificate);
        }

        @Override // java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
            throw new KeyStoreException("operation not supported");
        }

        @Override // java.security.KeyStoreSpi
        public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
            if (!(key instanceof PrivateKey)) {
                throw new KeyStoreException("PKCS12 does not support non-PrivateKeys");
            }
            if (certificateArr == null) {
                throw new KeyStoreException("no certificate chain for private key");
            }
            if (this.keys.get(str) != null) {
                engineDeleteEntry(str);
            }
            try {
                new ConsistentKeyPair(certificateArr[0].getPublicKey(), (PrivateKey) key);
                this.keys.put(str, key);
                this.privateKeyCache.put(str, key);
                this.certs.put(str, certificateArr[0]);
                for (int i = 0; i != certificateArr.length; i++) {
                    putChainCert(certificateArr[i]);
                }
            } catch (IllegalArgumentException e) {
                throw new KeyStoreException(e.getMessage());
            }
        }

        private void putChainCert(Certificate certificate) throws KeyStoreException {
            try {
                this.chainCerts.put(new CertId(certificate.getPublicKey()), certificate);
            } catch (IOException e) {
                throw new KeyStoreException("Exception: " + e.getMessage(), e);
            }
        }

        @Override // java.security.KeyStoreSpi
        public int engineSize() {
            Hashtable hashtable = new Hashtable();
            Enumeration keys = this.certs.keys();
            while (keys.hasMoreElements()) {
                hashtable.put(keys.nextElement(), "cert");
            }
            Enumeration keys2 = this.keys.keys();
            while (keys2.hasMoreElements()) {
                String str = (String) keys2.nextElement();
                if (hashtable.get(str) == null) {
                    hashtable.put(str, "key");
                }
            }
            return hashtable.size();
        }

        @Override // java.security.KeyStoreSpi
        public void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                super.engineSetEntry(str, entry, new KeyStore.PasswordProtection(new char[0]));
            } else {
                if (entry instanceof KeyStore.SecretKeyEntry) {
                    throw new KeyStoreException("PKCS12 does not support storage of symmetric keys.");
                }
                super.engineSetEntry(str, entry, null);
            }
        }

        protected PrivateKey unwrapKey(AlgorithmIdentifier algorithmIdentifier, byte[] bArr, char[] cArr) throws IOException {
            Cipher createPBES2Cipher;
            ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
            try {
                if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
                    createPBES2Cipher = createPKCS12Cipher(4, cArr, algorithmIdentifier);
                } else {
                    if (!algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
                        throw new IOException("exception unwrapping private key - cannot recognize: " + algorithm);
                    }
                    createPBES2Cipher = createPBES2Cipher(4, cArr, algorithmIdentifier);
                }
                return (PrivateKey) createPBES2Cipher.unwrap(bArr, "", 2);
            } catch (IOException e) {
                throw e;
            } catch (Exception e2) {
                throw new ProvIOException("exception unwrapping private key - " + e2.toString(), e2);
            }
        }

        protected byte[] wrapKey(AlgorithmIdentifier algorithmIdentifier, Key key, char[] cArr) throws IOException {
            Cipher createPBES2Cipher;
            ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
            try {
                if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
                    createPBES2Cipher = createPKCS12Cipher(3, cArr, algorithmIdentifier);
                } else {
                    if (!algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
                        throw new IOException("exception unwrapping private key - cannot recognize: " + algorithm);
                    }
                    createPBES2Cipher = createPBES2Cipher(3, cArr, algorithmIdentifier);
                }
                return createPBES2Cipher.wrap(key);
            } catch (IOException e) {
                throw e;
            } catch (Exception e2) {
                throw new ProvIOException("exception unwrapping private key - " + e2.toString(), e2);
            }
        }

        protected byte[] cryptData(boolean z, AlgorithmIdentifier algorithmIdentifier, char[] cArr, byte[] bArr) throws IOException {
            Cipher createPBES2Cipher;
            ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
            int i = z ? 1 : 2;
            try {
                if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
                    createPBES2Cipher = createPKCS12Cipher(i, cArr, algorithmIdentifier);
                } else {
                    if (!algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
                        throw new IOException("unknown PBE algorithm: " + algorithm);
                    }
                    createPBES2Cipher = createPBES2Cipher(i, cArr, algorithmIdentifier);
                }
                return createPBES2Cipher.doFinal(bArr);
            } catch (IOException e) {
                throw e;
            } catch (Exception e2) {
                throw new ProvIOException("exception decrypting data - " + e2.toString(), e2);
            }
        }

        private Cipher createPKCS12Cipher(int i, char[] cArr, AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
            PKCS12PBEParams pKCS12PBEParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());
            Cipher cipher = Cipher.getInstance(algorithmIdentifier.getAlgorithm().getId(), this.fipsProvider);
            cipher.init(i, new PKCS12KeyWithParameters(cArr, this.wrongPKCS12Zero, pKCS12PBEParams.getIV(), pKCS12PBEParams.getIterations().intValue()));
            return cipher;
        }

        private Cipher createPBES2Cipher(int i, char[] cArr, AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
            PBES2Parameters pBES2Parameters = PBES2Parameters.getInstance(algorithmIdentifier.getParameters());
            PBKDF2Params pBKDF2Params = PBKDF2Params.getInstance(pBES2Parameters.getKeyDerivationFunc().getParameters());
            AlgorithmIdentifier algorithmIdentifier2 = AlgorithmIdentifier.getInstance(pBES2Parameters.getEncryptionScheme());
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(pBES2Parameters.getKeyDerivationFunc().getAlgorithm().getId(), this.fipsProvider);
            SecretKey generateSecret = pBKDF2Params.isDefaultPrf() ? secretKeyFactory.generateSecret(new PBEKeySpec(cArr, pBKDF2Params.getSalt(), pBKDF2Params.getIterationCount().intValue(), ProvPKCS12.sizeProvider.getKeySize(algorithmIdentifier2) * 8)) : secretKeyFactory.generateSecret(new PBKDF2KeySpec(cArr, pBKDF2Params.getSalt(), pBKDF2Params.getIterationCount().intValue(), ProvPKCS12.sizeProvider.getKeySize(algorithmIdentifier2) * 8, pBKDF2Params.getPrf()));
            Cipher cipher = Cipher.getInstance(algorithmIdentifier2.getAlgorithm().getId());
            ASN1Encodable parameters = algorithmIdentifier2.getParameters();
            if (parameters instanceof ASN1OctetString) {
                cipher.init(i, generateSecret, new IvParameterSpec(ASN1OctetString.getInstance(parameters).getOctets()));
            } else {
                GOST28147Parameters gOST28147Parameters = GOST28147Parameters.getInstance(parameters);
                cipher.init(i, generateSecret, new GOST28147ParameterSpec(gOST28147Parameters.getEncryptionParamSet(), gOST28147Parameters.getIV()));
            }
            return cipher;
        }

        @Override // java.security.KeyStoreSpi
        public void engineLoad(InputStream inputStream, char[] cArr) throws IOException {
            this.privateKeyCache.clear();
            if (inputStream == null) {
                return;
            }
            if (cArr == null) {
                throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
            }
            BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
            bufferedInputStream.mark(10);
            if (bufferedInputStream.read() != 48) {
                throw new IOException("stream does not represent a PKCS12 key store");
            }
            bufferedInputStream.reset();
            Pfx pfx = Pfx.getInstance((ASN1Sequence) new ASN1InputStream(bufferedInputStream).readObject());
            ContentInfo authSafe = pfx.getAuthSafe();
            Vector vector = new Vector();
            boolean z = false;
            if (pfx.getMacData() != null) {
                MacData macData = pfx.getMacData();
                DigestInfo mac = macData.getMac();
                AlgorithmIdentifier algorithmId = mac.getAlgorithmId();
                byte[] salt = macData.getSalt();
                int intValue = macData.getIterationCount().intValue();
                byte[] octets = ((ASN1OctetString) authSafe.getContent()).getOctets();
                try {
                    byte[] calculatePbeMac = calculatePbeMac(algorithmId, salt, intValue, cArr, octets);
                    byte[] digest = mac.getDigest();
                    if (!Arrays.constantTimeAreEqual(calculatePbeMac, digest)) {
                        if (cArr.length > 0) {
                            throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
                        }
                        if (!Arrays.constantTimeAreEqual(calculatePbeMacWrongZero(algorithmId, salt, intValue, octets), digest)) {
                            throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
                        }
                        this.wrongPKCS12Zero = true;
                    }
                } catch (IOException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new ProvIOException("error constructing MAC: " + e2.toString(), e2);
                }
            }
            this.keys = new IgnoresCaseHashtable();
            this.localIds = new Hashtable();
            if (authSafe.getContentType().equals(data)) {
                ContentInfo[] contentInfo = AuthenticatedSafe.getInstance(new ASN1InputStream(((ASN1OctetString) authSafe.getContent()).getOctets()).readObject()).getContentInfo();
                for (int i = 0; i != contentInfo.length; i++) {
                    if (contentInfo[i].getContentType().equals(data)) {
                        ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(((ASN1OctetString) contentInfo[i].getContent()).getOctets()).readObject();
                        for (int i2 = 0; i2 != aSN1Sequence.size(); i2++) {
                            SafeBag safeBag = SafeBag.getInstance(aSN1Sequence.getObjectAt(i2));
                            if (safeBag.getBagId().equals(pkcs8ShroudedKeyBag)) {
                                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = EncryptedPrivateKeyInfo.getInstance(safeBag.getBagValue());
                                PrivateKey unwrapKey = unwrapKey(encryptedPrivateKeyInfo.getEncryptionAlgorithm(), encryptedPrivateKeyInfo.getEncryptedData(), cArr);
                                String str = null;
                                ASN1OctetString aSN1OctetString = null;
                                if (safeBag.getBagAttributes() != null) {
                                    Enumeration objects = safeBag.getBagAttributes().getObjects();
                                    while (objects.hasMoreElements()) {
                                        ASN1Sequence aSN1Sequence2 = (ASN1Sequence) objects.nextElement();
                                        ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) aSN1Sequence2.getObjectAt(0);
                                        ASN1Set aSN1Set = (ASN1Set) aSN1Sequence2.getObjectAt(1);
                                        if (aSN1Set.size() > 0) {
                                            ASN1Primitive aSN1Primitive = (ASN1Primitive) aSN1Set.getObjectAt(0);
                                            if (aSN1ObjectIdentifier.equals(pkcs_9_at_friendlyName)) {
                                                if (str != null && !str.equals(DERBMPString.getInstance(aSN1Primitive).getString())) {
                                                    throw new IOException("attempt to add existing attribute with different value");
                                                }
                                                str = DERBMPString.getInstance(aSN1Primitive).getString();
                                                this.keys.put(str, unwrapKey);
                                            } else if (!aSN1ObjectIdentifier.equals(pkcs_9_at_localKeyId)) {
                                                continue;
                                            } else {
                                                if (aSN1OctetString != null && !aSN1OctetString.equals(aSN1Primitive)) {
                                                    throw new IOException("attempt to add existing attribute with different value");
                                                }
                                                aSN1OctetString = ASN1OctetString.getInstance(aSN1Primitive);
                                            }
                                        }
                                    }
                                }
                                if (aSN1OctetString != null) {
                                    String fromByteArray = Strings.fromByteArray(Hex.encode(aSN1OctetString.getOctets()));
                                    if (str == null) {
                                        this.keys.put(fromByteArray, unwrapKey);
                                    } else {
                                        this.localIds.put(str, fromByteArray);
                                    }
                                } else {
                                    z = true;
                                    this.keys.put("unmarked", unwrapKey);
                                }
                            } else if (safeBag.getBagId().equals(certBag)) {
                                vector.addElement(safeBag);
                            } else {
                                ProvPKCS12.LOG.info("extra in data " + safeBag.getBagId());
                                ProvPKCS12.LOG.fine(ASN1Dump.dumpAsString(safeBag));
                            }
                        }
                    } else if (contentInfo[i].getContentType().equals(encryptedData)) {
                        EncryptedData encryptedData = EncryptedData.getInstance(contentInfo[i].getContent());
                        ASN1Sequence aSN1Sequence3 = (ASN1Sequence) ASN1Primitive.fromByteArray(cryptData(false, encryptedData.getEncryptionAlgorithm(), cArr, encryptedData.getContent().getOctets()));
                        for (int i3 = 0; i3 != aSN1Sequence3.size(); i3++) {
                            SafeBag safeBag2 = SafeBag.getInstance(aSN1Sequence3.getObjectAt(i3));
                            if (safeBag2.getBagId().equals(certBag)) {
                                vector.addElement(safeBag2);
                            } else if (safeBag2.getBagId().equals(pkcs8ShroudedKeyBag)) {
                                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo2 = EncryptedPrivateKeyInfo.getInstance(safeBag2.getBagValue());
                                PrivateKey unwrapKey2 = unwrapKey(encryptedPrivateKeyInfo2.getEncryptionAlgorithm(), encryptedPrivateKeyInfo2.getEncryptedData(), cArr);
                                String str2 = null;
                                ASN1OctetString aSN1OctetString2 = null;
                                Enumeration objects2 = safeBag2.getBagAttributes().getObjects();
                                while (objects2.hasMoreElements()) {
                                    ASN1Sequence aSN1Sequence4 = (ASN1Sequence) objects2.nextElement();
                                    ASN1ObjectIdentifier aSN1ObjectIdentifier2 = (ASN1ObjectIdentifier) aSN1Sequence4.getObjectAt(0);
                                    ASN1Set aSN1Set2 = (ASN1Set) aSN1Sequence4.getObjectAt(1);
                                    if (aSN1Set2.size() > 0) {
                                        ASN1Primitive aSN1Primitive2 = (ASN1Primitive) aSN1Set2.getObjectAt(0);
                                        if (aSN1ObjectIdentifier2.equals(pkcs_9_at_friendlyName)) {
                                            if (str2 != null && !str2.equals(DERBMPString.getInstance(aSN1Primitive2).getString())) {
                                                throw new IOException("attempt to add existing attribute with different value");
                                            }
                                            str2 = DERBMPString.getInstance(aSN1Primitive2).getString();
                                            this.keys.put(str2, unwrapKey2);
                                        } else if (!aSN1ObjectIdentifier2.equals(pkcs_9_at_localKeyId)) {
                                            continue;
                                        } else {
                                            if (aSN1OctetString2 != null && !aSN1OctetString2.equals(aSN1Primitive2)) {
                                                throw new IOException("attempt to add existing attribute with different value");
                                            }
                                            aSN1OctetString2 = ASN1OctetString.getInstance(aSN1Primitive2);
                                        }
                                    }
                                }
                                String fromByteArray2 = Strings.fromByteArray(Hex.encode(aSN1OctetString2.getOctets()));
                                if (str2 == null) {
                                    this.keys.put(fromByteArray2, unwrapKey2);
                                } else {
                                    this.localIds.put(str2, fromByteArray2);
                                }
                            } else if (safeBag2.getBagId().equals(keyBag)) {
                                PrivateKey privateKey = this.fipsProvider.getPrivateKey(PrivateKeyInfo.getInstance(safeBag2.getBagValue()));
                                String str3 = null;
                                ASN1OctetString aSN1OctetString3 = null;
                                Enumeration objects3 = safeBag2.getBagAttributes().getObjects();
                                while (objects3.hasMoreElements()) {
                                    ASN1Sequence aSN1Sequence5 = (ASN1Sequence) objects3.nextElement();
                                    ASN1ObjectIdentifier aSN1ObjectIdentifier3 = (ASN1ObjectIdentifier) aSN1Sequence5.getObjectAt(0);
                                    ASN1Set aSN1Set3 = (ASN1Set) aSN1Sequence5.getObjectAt(1);
                                    if (aSN1Set3.size() > 0) {
                                        ASN1Primitive aSN1Primitive3 = (ASN1Primitive) aSN1Set3.getObjectAt(0);
                                        if (aSN1ObjectIdentifier3.equals(pkcs_9_at_friendlyName)) {
                                            if (str3 != null && !str3.equals(DERBMPString.getInstance(aSN1Primitive3).getString())) {
                                                throw new IOException("attempt to add existing attribute with different value");
                                            }
                                            str3 = DERBMPString.getInstance(aSN1Primitive3).getString();
                                            this.keys.put(str3, privateKey);
                                        } else if (!aSN1ObjectIdentifier3.equals(pkcs_9_at_localKeyId)) {
                                            continue;
                                        } else {
                                            if (aSN1OctetString3 != null && !aSN1OctetString3.equals(aSN1Primitive3)) {
                                                throw new IOException("attempt to add existing attribute with different value");
                                            }
                                            aSN1OctetString3 = ASN1OctetString.getInstance(aSN1Primitive3);
                                        }
                                    }
                                }
                                String fromByteArray3 = Strings.fromByteArray(Hex.encode(aSN1OctetString3.getOctets()));
                                if (str3 == null) {
                                    this.keys.put(fromByteArray3, privateKey);
                                } else {
                                    this.localIds.put(str3, fromByteArray3);
                                }
                            } else {
                                ProvPKCS12.LOG.info("extra in encryptedData " + safeBag2.getBagId());
                                ProvPKCS12.LOG.fine(ASN1Dump.dumpAsString(safeBag2));
                            }
                        }
                    } else {
                        ProvPKCS12.LOG.info("extra " + contentInfo[i].getContentType().getId());
                        ProvPKCS12.LOG.fine("extra " + ASN1Dump.dumpAsString(contentInfo[i].getContent()));
                    }
                }
            }
            this.certs = new IgnoresCaseHashtable();
            this.chainCerts = new Hashtable();
            this.keyCerts = new Hashtable();
            for (int i4 = 0; i4 != vector.size(); i4++) {
                SafeBag safeBag3 = (SafeBag) vector.elementAt(i4);
                CertBag certBag = CertBag.getInstance(safeBag3.getBagValue());
                if (!certBag.getCertId().equals(x509Certificate)) {
                    throw new IOException("Unsupported certificate type: " + certBag.getCertId());
                }
                try {
                    Certificate generateCertificate = this.certFact.generateCertificate(new ByteArrayInputStream(((ASN1OctetString) certBag.getCertValue()).getOctets()));
                    ASN1OctetString aSN1OctetString4 = null;
                    String str4 = null;
                    if (safeBag3.getBagAttributes() != null) {
                        Enumeration objects4 = safeBag3.getBagAttributes().getObjects();
                        while (objects4.hasMoreElements()) {
                            ASN1Sequence aSN1Sequence6 = (ASN1Sequence) objects4.nextElement();
                            ASN1ObjectIdentifier aSN1ObjectIdentifier4 = (ASN1ObjectIdentifier) aSN1Sequence6.getObjectAt(0);
                            ASN1Primitive aSN1Primitive4 = (ASN1Primitive) ((ASN1Set) aSN1Sequence6.getObjectAt(1)).getObjectAt(0);
                            if (aSN1ObjectIdentifier4.equals(pkcs_9_at_friendlyName)) {
                                if (str4 != null && !str4.equals(DERBMPString.getInstance(aSN1Primitive4).getString())) {
                                    throw new IOException("attempt to add existing attribute with different value");
                                }
                                str4 = DERBMPString.getInstance(aSN1Primitive4).getString();
                            } else if (!aSN1ObjectIdentifier4.equals(pkcs_9_at_localKeyId)) {
                                continue;
                            } else {
                                if (aSN1OctetString4 != null && !aSN1OctetString4.equals(aSN1Primitive4)) {
                                    throw new IOException("attempt to add existing attribute with different value");
                                }
                                aSN1OctetString4 = ASN1OctetString.getInstance(aSN1Primitive4);
                            }
                        }
                    }
                    this.chainCerts.put(new CertId(generateCertificate.getPublicKey()), generateCertificate);
                    if (!z) {
                        if (aSN1OctetString4 != null) {
                            this.keyCerts.put(Strings.fromByteArray(Hex.encode(aSN1OctetString4.getOctets())), generateCertificate);
                        }
                        if (str4 != null) {
                            this.certs.put(str4, generateCertificate);
                        }
                    } else if (this.keyCerts.isEmpty()) {
                        String fromByteArray4 = Strings.fromByteArray(Hex.encode(createSubjectKeyId(generateCertificate.getPublicKey()).getKeyIdentifier()));
                        this.keyCerts.put(fromByteArray4, generateCertificate);
                        this.keys.put(fromByteArray4, this.keys.remove("unmarked"));
                    }
                } catch (Exception e3) {
                    throw new ProvIOException(e3.toString(), e3);
                }
            }
        }

        @Override // java.security.KeyStoreSpi
        public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
            if (loadStoreParameter == null) {
                throw new IllegalArgumentException("'param' arg cannot be null");
            }
            if (loadStoreParameter instanceof BCLoadStoreParameter) {
                engineLoad(((BCLoadStoreParameter) loadStoreParameter).getInputStream(), Utils.extractPassword(loadStoreParameter));
            } else {
                if (!(loadStoreParameter instanceof PKCS12StoreParameter)) {
                    throw new IllegalArgumentException("no support for 'param' of type " + loadStoreParameter.getClass().getName());
                }
                PKCS12StoreParameter pKCS12StoreParameter = (PKCS12StoreParameter) loadStoreParameter;
                doStore(pKCS12StoreParameter.getOutputStream(), Utils.extractPassword(loadStoreParameter), pKCS12StoreParameter.isForDEREncoding());
            }
        }

        @Override // java.security.KeyStoreSpi
        public void engineStore(OutputStream outputStream, char[] cArr) throws IOException {
            doStore(outputStream, cArr, false);
        }

        private void doStore(OutputStream outputStream, char[] cArr, boolean z) throws IOException {
            if (cArr == null) {
                throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
            }
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            Enumeration keys = this.keys.keys();
            while (keys.hasMoreElements()) {
                byte[] bArr = new byte[20];
                this.random.nextBytes(bArr);
                String str = (String) keys.nextElement();
                PrivateKey privateKey = (PrivateKey) this.keys.get(str);
                AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(this.keyAlgorithm, new PKCS12PBEParams(bArr, 1024));
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(algorithmIdentifier, wrapKey(algorithmIdentifier, privateKey, cArr));
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
                Certificate engineGetCertificate = engineGetCertificate(str);
                aSN1EncodableVector3.add(pkcs_9_at_localKeyId);
                aSN1EncodableVector3.add(new DERSet(createSubjectKeyId(engineGetCertificate.getPublicKey())));
                aSN1EncodableVector2.add(new DERSequence(aSN1EncodableVector3));
                ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
                aSN1EncodableVector4.add(pkcs_9_at_friendlyName);
                aSN1EncodableVector4.add(new DERSet(new DERBMPString(str)));
                aSN1EncodableVector2.add(new DERSequence(aSN1EncodableVector4));
                aSN1EncodableVector.add(new SafeBag(pkcs8ShroudedKeyBag, encryptedPrivateKeyInfo.toASN1Primitive(), new DERSet(aSN1EncodableVector2)));
            }
            BEROctetString bEROctetString = new BEROctetString(new DERSequence(aSN1EncodableVector).getEncoded(ASN1Encoding.DER));
            byte[] bArr2 = new byte[20];
            this.random.nextBytes(bArr2);
            ASN1EncodableVector aSN1EncodableVector5 = new ASN1EncodableVector();
            AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(this.certAlgorithm, new PKCS12PBEParams(bArr2, 1024).toASN1Primitive());
            Hashtable hashtable = new Hashtable();
            Enumeration keys2 = this.keys.keys();
            while (keys2.hasMoreElements()) {
                try {
                    String str2 = (String) keys2.nextElement();
                    Certificate engineGetCertificate2 = engineGetCertificate(str2);
                    CertBag certBag = new CertBag(x509Certificate, new DEROctetString(engineGetCertificate2.getEncoded()));
                    ASN1EncodableVector aSN1EncodableVector6 = new ASN1EncodableVector();
                    ASN1EncodableVector aSN1EncodableVector7 = new ASN1EncodableVector();
                    aSN1EncodableVector7.add(pkcs_9_at_localKeyId);
                    aSN1EncodableVector7.add(new DERSet(createSubjectKeyId(engineGetCertificate2.getPublicKey())));
                    aSN1EncodableVector6.add(new DERSequence(aSN1EncodableVector7));
                    ASN1EncodableVector aSN1EncodableVector8 = new ASN1EncodableVector();
                    aSN1EncodableVector8.add(pkcs_9_at_friendlyName);
                    aSN1EncodableVector8.add(new DERSet(new DERBMPString(str2)));
                    aSN1EncodableVector6.add(new DERSequence(aSN1EncodableVector8));
                    aSN1EncodableVector5.add(new SafeBag(certBag, certBag.toASN1Primitive(), new DERSet(aSN1EncodableVector6)));
                    hashtable.put(engineGetCertificate2, engineGetCertificate2);
                } catch (CertificateEncodingException e) {
                    throw new IOException("Error encoding certificate: " + e.toString());
                }
            }
            Enumeration keys3 = this.certs.keys();
            while (keys3.hasMoreElements()) {
                try {
                    String str3 = (String) keys3.nextElement();
                    Certificate certificate = (Certificate) this.certs.get(str3);
                    if (this.keys.get(str3) == null) {
                        CertBag certBag2 = new CertBag(x509Certificate, new DEROctetString(certificate.getEncoded()));
                        ASN1EncodableVector aSN1EncodableVector9 = new ASN1EncodableVector();
                        ASN1EncodableVector aSN1EncodableVector10 = new ASN1EncodableVector();
                        aSN1EncodableVector10.add(pkcs_9_at_friendlyName);
                        aSN1EncodableVector10.add(new DERSet(new DERBMPString(str3)));
                        aSN1EncodableVector9.add(new DERSequence(aSN1EncodableVector10));
                        aSN1EncodableVector5.add(new SafeBag(certBag, certBag2.toASN1Primitive(), new DERSet(aSN1EncodableVector9)));
                        hashtable.put(certificate, certificate);
                    }
                } catch (CertificateEncodingException e2) {
                    throw new IOException("Error encoding certificate: " + e2.toString());
                }
            }
            Set usedCertificateSet = getUsedCertificateSet();
            Enumeration keys4 = this.chainCerts.keys();
            while (keys4.hasMoreElements()) {
                try {
                    Certificate certificate2 = (Certificate) this.chainCerts.get((CertId) keys4.nextElement());
                    if (usedCertificateSet.contains(certificate2) && hashtable.get(certificate2) == null) {
                        aSN1EncodableVector5.add(new SafeBag(certBag, new CertBag(x509Certificate, new DEROctetString(certificate2.getEncoded())).toASN1Primitive(), new DERSet(new ASN1EncodableVector())));
                    }
                } catch (CertificateEncodingException e3) {
                    throw new IOException("Error encoding certificate: " + e3.toString());
                }
            }
            ASN1Encodable authenticatedSafe = new AuthenticatedSafe(new ContentInfo[]{new ContentInfo(data, bEROctetString), new ContentInfo(encryptedData, new EncryptedData(data, algorithmIdentifier2, new BEROctetString(cryptData(true, algorithmIdentifier2, cArr, new DERSequence(aSN1EncodableVector5).getEncoded(ASN1Encoding.DER)))).toASN1Primitive())});
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            (z ? new DEROutputStream(byteArrayOutputStream) : new BEROutputStream(byteArrayOutputStream)).writeObject(authenticatedSafe);
            ContentInfo contentInfo = new ContentInfo(data, new BEROctetString(byteArrayOutputStream.toByteArray()));
            byte[] bArr3 = new byte[20];
            this.random.nextBytes(bArr3);
            byte[] octets = ((ASN1OctetString) contentInfo.getContent()).getOctets();
            try {
                AlgorithmIdentifier algorithmIdentifier3 = new AlgorithmIdentifier(id_SHA1, DERNull.INSTANCE);
                (z ? new DEROutputStream(outputStream) : new BEROutputStream(outputStream)).writeObject(new Pfx(contentInfo, new MacData(new DigestInfo(algorithmIdentifier3, calculatePbeMac(algorithmIdentifier3, bArr3, 1024, cArr, octets)), bArr3, 1024)));
            } catch (Exception e4) {
                throw new IOException("error constructing MAC: " + e4.toString());
            }
        }

        private byte[] calculatePbeMacWrongZero(AlgorithmIdentifier algorithmIdentifier, byte[] bArr, int i, byte[] bArr2) throws Exception {
            byte[] derivedMacKey = getDerivedMacKey(algorithmIdentifier, new byte[2], bArr, i);
            String id = algorithmIdentifier.getAlgorithm().getId();
            Mac mac = Mac.getInstance(id, this.fipsProvider);
            mac.init(new SecretKeySpec(derivedMacKey, id));
            mac.update(bArr2);
            return mac.doFinal();
        }

        private byte[] calculatePbeMac(AlgorithmIdentifier algorithmIdentifier, byte[] bArr, int i, char[] cArr, byte[] bArr2) throws Exception {
            byte[] derivedMacKey = getDerivedMacKey(algorithmIdentifier, PasswordConverter.PKCS12.convert(cArr), bArr, i);
            String id = algorithmIdentifier.getAlgorithm().getId();
            Mac mac = Mac.getInstance(id, this.fipsProvider);
            mac.init(new SecretKeySpec(derivedMacKey, id));
            mac.update(bArr2);
            return mac.doFinal();
        }

        private byte[] getDerivedMacKey(AlgorithmIdentifier algorithmIdentifier, byte[] bArr, byte[] bArr2, int i) {
            PasswordBasedDeriver<PBKD.Parameters> createDeriver;
            int i2;
            if (algorithmIdentifier.getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3411)) {
                createDeriver = new PBKD.DeriverFactory().createDeriver(PBKD.PKCS12.using(SecureHash.Algorithm.GOST3411, bArr).withSalt(bArr2).withIterationCount(i));
                i2 = 32;
            } else if (algorithmIdentifier.getAlgorithm().equals(NISTObjectIdentifiers.id_sha224)) {
                createDeriver = new PBKD.DeriverFactory().createDeriver(PBKD.PKCS12.using(FipsSHS.Algorithm.SHA224, bArr).withSalt(bArr2).withIterationCount(i));
                i2 = 28;
            } else if (algorithmIdentifier.getAlgorithm().equals(NISTObjectIdentifiers.id_sha256)) {
                createDeriver = new PBKD.DeriverFactory().createDeriver(PBKD.PKCS12.using(FipsSHS.Algorithm.SHA256, bArr).withSalt(bArr2).withIterationCount(i));
                i2 = 32;
            } else {
                createDeriver = new PBKD.DeriverFactory().createDeriver(PBKD.PKCS12.using(FipsSHS.Algorithm.SHA1, bArr).withSalt(bArr2).withIterationCount(i));
                i2 = 20;
            }
            return createDeriver.deriveKey(PasswordBasedDeriver.KeyType.MAC, i2);
        }

        private Set getUsedCertificateSet() {
            HashSet hashSet = new HashSet();
            Enumeration keys = this.keys.keys();
            while (keys.hasMoreElements()) {
                Certificate[] engineGetCertificateChain = engineGetCertificateChain((String) keys.nextElement());
                for (int i = 0; i != engineGetCertificateChain.length; i++) {
                    hashSet.add(engineGetCertificateChain[i]);
                }
            }
            Enumeration keys2 = this.certs.keys();
            while (keys2.hasMoreElements()) {
                hashSet.add(engineGetCertificate((String) keys2.nextElement()));
            }
            return hashSet;
        }
    }

    static SecretKey getSecretKey(DigestAlgorithm digestAlgorithm, String str, PBEKeySpec pBEKeySpec, PasswordBasedDeriver.KeyType keyType, int i) {
        return new PBKDFPBEKey(new PBKD.DeriverFactory().createDeriver(PBKD.PKCS12.using(digestAlgorithm, PasswordConverter.PKCS12, pBEKeySpec.getPassword()).withIterationCount(pBEKeySpec.getIterationCount()).withSalt(pBEKeySpec.getSalt())).deriveKey(keyType, (i + 7) / 8), str, pBEKeySpec);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] getSecretKey(SecretKey secretKey, PBEParameterSpec pBEParameterSpec, PasswordBasedDeriver.KeyType keyType, int i) {
        return new PBKD.DeriverFactory().createDeriver(PBKD.PKCS12.using(FipsSHS.Algorithm.SHA1, secretKey.getEncoded()).withIterationCount(pBEParameterSpec.getIterationCount()).withSalt(pBEParameterSpec.getSalt())).deriveKey(keyType, (i + 7) / 8);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] getSecretKey(SecretKey secretKey, DigestAlgorithm digestAlgorithm, PBEParameterSpec pBEParameterSpec, PasswordBasedDeriver.KeyType keyType, int i) {
        return new PBKD.DeriverFactory().createDeriver(PBKD.PKCS12.using(digestAlgorithm, secretKey.getEncoded()).withIterationCount(pBEParameterSpec.getIterationCount()).withSalt(pBEParameterSpec.getSalt())).deriveKey(keyType, (i + 7) / 8);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[][] getSecretKeyAndIV(SecretKey secretKey, DigestAlgorithm digestAlgorithm, PBEParameterSpec pBEParameterSpec, PasswordBasedDeriver.KeyType keyType, int i, int i2) {
        return new PBKD.DeriverFactory().createDeriver(PBKD.PKCS12.using(digestAlgorithm, secretKey.getEncoded()).withIterationCount(pBEParameterSpec.getIterationCount()).withSalt(pBEParameterSpec.getSalt())).deriveKeyAndIV(keyType, (i + 7) / 8, (i2 + 7) / 8);
    }

    @Override // org.bouncycastle.jcajce.provider.AlgorithmProvider
    public void configure(final BouncyCastleFipsProvider bouncyCastleFipsProvider) {
        bouncyCastleFipsProvider.addAlgorithmImplementation("KeyStore.PKCS12", "org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPKCS12.1
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BCPKCS12KeyStore3DES(true, bouncyCastleFipsProvider);
            }
        });
        bouncyCastleFipsProvider.addAlias("Alg.Alias.KeyStore.BCPKCS12", "PKCS12");
        bouncyCastleFipsProvider.addAlias("Alg.Alias.KeyStore.PKCS12-3DES-3DES", "PKCS12");
        bouncyCastleFipsProvider.addAlgorithmImplementation("KeyStore.PKCS12-DEF", "org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPKCS12.2
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new DefPKCS12KeyStore3DES(bouncyCastleFipsProvider);
            }
        });
        bouncyCastleFipsProvider.addAlias("Alg.Alias.KeyStore.PKCS12-DEF-3DES-3DES", "PKCS12-DEF");
        bouncyCastleFipsProvider.addAlgorithmImplementation("KeyStore.PKCS12-3DES-40RC2", "org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi$BCPKCS12KeyStore", new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPKCS12.3
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BCPKCS12KeyStore3DES40BitRC2(bouncyCastleFipsProvider);
            }
        }));
        bouncyCastleFipsProvider.addAlgorithmImplementation("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi$DefPKCS12KeyStore", new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPKCS12.4
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new DefPKCS12KeyStore3DES40BitRC2(bouncyCastleFipsProvider);
            }
        }));
        bouncyCastleFipsProvider.addAlgorithmImplementation("AlgorithmParameters.PBKDF-PKCS12", "org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12AlgParams", new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPKCS12.5
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new AlgParams();
            }
        }));
        bouncyCastleFipsProvider.addAlgorithmImplementation("AlgorithmParameters.PBKDF-PKCS12WITHSHA256", "org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12SHA256AlgParams", new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPKCS12.6
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new AlgParams();
            }
        }));
        bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.PBKDF-PKCS12", "org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12SecKeyFact", new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPKCS12.7
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new GeneralKeyFactory("PBKDF-PKCS12withSHA1", FipsSHS.Algorithm.SHA1, PasswordBasedDeriver.KeyType.CIPHER);
            }
        }));
        bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.PBKDF-PKCS12WITHSHA256", "org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12SHA256SecKeyFact", new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPKCS12.8
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new GeneralKeyFactory("PBKDF-PKCS12withSHA256", FipsSHS.Algorithm.SHA256, PasswordBasedDeriver.KeyType.CIPHER);
            }
        }));
    }
}
