package com.rsa.cryptoj.o;

import com.rsa.crypto.AlgorithmStrings;
import com.rsa.crypto.CryptoException;
import com.rsa.crypto.CryptoModule;
import com.rsa.crypto.PrivateKey;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public class lr extends KeyStoreSpi {
    private static final Charset a = Charset.forName("UTF-8");
    private final cf b;

    /* renamed from: c, reason: collision with root package name */
    private final List<ca> f180c;
    private final CryptoModule d;
    private final com.rsa.crypto.ncm.key.l e;
    private final Map<String, a> f = new LinkedHashMap();
    private final List<byte[]> g = new ArrayList();
    private boolean h = false;
    private boolean i = false;
    private boolean j = false;
    private boolean k = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class a {
        private List<byte[]> a = new ArrayList();
        private List<X509Certificate> b = new ArrayList();

        /* renamed from: c, reason: collision with root package name */
        private String f181c;

        public a(byte[] bArr, X509Certificate x509Certificate) {
            this.a.add(bArr);
            this.b.add(x509Certificate);
        }

        public a(byte[][] bArr, X509Certificate[] x509CertificateArr) {
            for (byte[] bArr2 : bArr) {
                this.a.add(bArr2);
            }
            for (X509Certificate x509Certificate : x509CertificateArr) {
                this.b.add(x509Certificate);
            }
        }

        public void a(String str) {
            this.f181c = str;
        }

        public void a(List<byte[]> list, List<X509Certificate> list2) {
            this.a.addAll(list);
            this.b.addAll(list2);
        }

        public byte[] a() {
            return this.a.get(0);
        }

        public X509Certificate b() {
            return this.b.get(0);
        }

        public X509Certificate[] c() {
            List<X509Certificate> list = this.b;
            return (X509Certificate[]) list.toArray(new X509Certificate[list.size()]);
        }

        public byte[][] d() {
            List<byte[]> list = this.a;
            return (byte[][]) list.toArray(new byte[list.size()]);
        }

        public String e() {
            return this.f181c;
        }
    }

    public lr(cf cfVar, List<ca> list, CryptoModule cryptoModule) {
        this.b = cfVar;
        this.f180c = list;
        this.d = cryptoModule;
        this.e = (com.rsa.crypto.ncm.key.l) (cryptoModule instanceof cj ? ((cj) cryptoModule).c() : cryptoModule).getKeyBuilder();
    }

    private com.rsa.crypto.ncm.key.j a(a aVar) {
        if (aVar == null) {
            return null;
        }
        byte[] a2 = aVar.a();
        String e = aVar.e();
        if (e == null) {
            return null;
        }
        try {
            if ("RSA".equals(e)) {
                return this.e.c(a2);
            }
            if (AlgorithmStrings.DSA.equals(e)) {
                return this.e.e(a2);
            }
            if (AlgorithmStrings.EC.equals(e)) {
                return this.e.g(a2);
            }
            throw new SecurityException("Unknown key algorithm: " + e);
        } catch (CryptoException e2) {
            throw new SecurityException("Error loading PKCS11 key", e2);
        }
    }

    private a a(byte[] bArr, boolean z) {
        if (bArr == null) {
            return null;
        }
        for (a aVar : this.f.values()) {
            if (z) {
                for (byte[] bArr2 : aVar.d()) {
                    if (Arrays.equals(bArr2, bArr)) {
                        return aVar;
                    }
                }
            } else if (Arrays.equals(aVar.a(), bArr)) {
                return aVar;
            }
        }
        return null;
    }

    private String a(String str, X509Certificate x509Certificate) {
        return str + "/" + x509Certificate.getIssuerX500Principal().getName("CANONICAL") + "/" + x509Certificate.getSerialNumber().toString();
    }

    private void a() {
        this.f.clear();
        this.h = false;
        this.i = false;
        this.j = false;
        this.k = false;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        try {
            com.rsa.crypto.ncm.cert.b a2 = this.e.a(null, null);
            while (a2.hasNext()) {
                com.rsa.crypto.ncm.cert.c next = a2.next();
                byte[] certID = next.getCertID();
                String certLabel = next.getCertLabel();
                byte[] encoded = next.getEncoded();
                next.clearSensitiveData();
                try {
                    pp a3 = pm.a(this.b, ka.b, ByteBuffer.wrap(encoded));
                    if (certLabel == null) {
                        if (certID != null) {
                            certLabel = b(certID);
                        }
                    }
                    if (certID != null) {
                        Iterator it = linkedHashMap.values().iterator();
                        boolean z = false;
                        while (it.hasNext()) {
                            Iterator it2 = ((List) it.next()).iterator();
                            while (true) {
                                if (!it2.hasNext()) {
                                    break;
                                }
                                byte[] a4 = ((a) it2.next()).a();
                                if (a4 != null && Arrays.equals(a4, certID)) {
                                    z = true;
                                    break;
                                }
                            }
                            if (z) {
                                break;
                            }
                        }
                        if (z) {
                            this.j = true;
                        } else {
                            List list = (List) linkedHashMap.get(certLabel);
                            if (list == null) {
                                list = new ArrayList();
                                linkedHashMap.put(certLabel, list);
                            }
                            list.add(new a(certID, a3));
                        }
                    }
                } catch (CertificateException unused) {
                    throw new SecurityException("Failed to decode a certificate.");
                }
            }
            a2.clearSensitiveData();
            HashMap hashMap = new HashMap();
            for (Map.Entry entry : linkedHashMap.entrySet()) {
                String str = (String) entry.getKey();
                List<a> list2 = (List) entry.getValue();
                if (list2.size() == 1) {
                    a aVar = (a) list2.get(0);
                    this.f.put(str, aVar);
                    X500Principal subjectX500Principal = aVar.b().getSubjectX500Principal();
                    if (!hashMap.containsKey(subjectX500Principal)) {
                        hashMap.put(subjectX500Principal, str);
                    }
                } else {
                    for (a aVar2 : list2) {
                        X509Certificate b = aVar2.b();
                        str = a(str, b);
                        if (!linkedHashMap.containsKey(str) && !this.f.containsKey(str)) {
                            this.f.put(str, aVar2);
                            X500Principal subjectX500Principal2 = b.getSubjectX500Principal();
                            if (!hashMap.containsKey(subjectX500Principal2)) {
                                hashMap.put(subjectX500Principal2, str);
                            }
                        }
                    }
                    this.i = true;
                }
            }
            a("RSA", hashMap);
            a(AlgorithmStrings.DSA, hashMap);
            a(AlgorithmStrings.EC, hashMap);
            this.h = true;
        } catch (CryptoException e) {
            throw new SecurityException("Error searching for PKCS11 certificates", e);
        }
    }

    private void a(a aVar, Map<X500Principal, String> map) {
        X509Certificate b = aVar.b();
        X500Principal issuerX500Principal = b.getIssuerX500Principal();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        while (issuerX500Principal != null && !issuerX500Principal.equals(b.getSubjectX500Principal())) {
            String str = map.get(issuerX500Principal);
            if (str != null) {
                a aVar2 = this.f.get(str);
                X509Certificate b2 = aVar2.b();
                arrayList.add(aVar2.a());
                arrayList2.add(b2);
                this.f.remove(str);
                map.remove(issuerX500Principal);
                issuerX500Principal = b2.getIssuerX500Principal();
                b = b2;
            } else {
                issuerX500Principal = null;
            }
        }
        aVar.a(arrayList, arrayList2);
    }

    private void a(String str) {
        a aVar = this.f.get(str);
        if (aVar != null) {
            this.f.remove(str);
            if (aVar.e() != null) {
                try {
                    byte[][] d = aVar.d();
                    for (int length = d.length - 1; length > 0; length--) {
                        com.rsa.crypto.ncm.cert.c c2 = c(d[length]);
                        c2.deleteCertFromDevice();
                        c2.clearSensitiveData();
                    }
                    try {
                        com.rsa.crypto.ncm.key.j a2 = a(aVar);
                        a2.deleteKeyFromDevice();
                        ((PrivateKey) a2).clearSensitiveData();
                    } catch (CryptoException e) {
                        throw new SecurityException("Error deleting private key", e);
                    }
                } catch (CryptoException e2) {
                    throw new SecurityException("Error deleting certificate chain", e2);
                }
            }
            try {
                com.rsa.crypto.ncm.cert.c c3 = c(aVar.a());
                c3.deleteCertFromDevice();
                c3.clearSensitiveData();
            } catch (CryptoException e3) {
                throw new SecurityException("Error deleting certificate", e3);
            }
        }
    }

    private void a(String str, Map<X500Principal, String> map) {
        try {
            com.rsa.crypto.ncm.key.o a2 = this.e.a(str, (byte[]) null, (String) null);
            while (a2.hasNext()) {
                com.rsa.crypto.ncm.key.j next = a2.next();
                byte[] keyID = next.getKeyID();
                ((PrivateKey) next).clearSensitiveData();
                if (keyID != null) {
                    a a3 = a(keyID, false);
                    if (a3 != null) {
                        if (a3.e() == null) {
                            a3.a(str);
                            map.remove(a3.b().getSubjectX500Principal());
                            a(a3, map);
                        } else {
                            this.k = true;
                        }
                    } else if (!a(keyID)) {
                        this.g.add(keyID);
                    }
                }
            }
            a2.clearSensitiveData();
        } catch (CryptoException e) {
            throw new SecurityException("Error searching for PKCS11 keys or certs", e);
        }
    }

    private void a(byte[] bArr, String str) throws KeyStoreException {
        a aVar = this.f.get(str);
        if ((aVar == null || !Arrays.equals(aVar.a(), bArr)) && a(bArr, true) != null) {
            throw new KeyStoreException("Unable to set entry. An existing certificate has the same PKCS #11 ID but a different label");
        }
    }

    private void a(byte[] bArr, String str, byte[] bArr2) throws CryptoException {
        com.rsa.crypto.ncm.cert.c a2 = this.e.a(bArr2, 0, bArr2.length);
        a2.setCertID(bArr);
        if (str != null) {
            a2.setCertLabel(str);
        }
        a2.store();
        a2.clearSensitiveData();
    }

    private boolean a(byte[] bArr) {
        Iterator<byte[]> it = this.g.iterator();
        while (it.hasNext()) {
            if (Arrays.equals(it.next(), bArr)) {
                return true;
            }
        }
        return false;
    }

    private fm b(a aVar) {
        com.rsa.crypto.ncm.key.j a2 = a(aVar);
        if (a2 != null) {
            return ff.a(aVar.e(), (PrivateKey) a2, this.d);
        }
        return null;
    }

    private String b(byte[] bArr) {
        int length = bArr.length;
        boolean z = false;
        int i = 0;
        while (true) {
            if (i < length) {
                char c2 = (char) bArr[i];
                if (c2 < ' ' || c2 > '~') {
                    break;
                }
                i++;
            } else {
                z = true;
                break;
            }
        }
        if (z) {
            return new String(bArr, a);
        }
        return "0x" + dp.a(bArr);
    }

    private void b() {
        if (!this.h) {
            throw new SecurityException("Not loaded");
        }
    }

    private com.rsa.crypto.ncm.cert.c c(byte[] bArr) {
        try {
            return this.e.h(bArr);
        } catch (CryptoException e) {
            throw new SecurityException("Error loading PKCS11 certificate", e);
        }
    }

    private void c() throws KeyStoreException {
        if (this.i) {
            throw new KeyStoreException("This KeyStore is readonly: duplicate PKCS #11 certificate label.");
        }
        if (this.j) {
            throw new KeyStoreException("This KeyStore is readonly: duplicate PKCS #11 certificate id.");
        }
        if (this.k) {
            throw new KeyStoreException("This KeyStore is readonly: duplicate PKCS #11 key id.");
        }
    }

    private void d(byte[] bArr) throws KeyStoreException {
        if (a(bArr)) {
            throw new KeyStoreException("Unable to set entry. An existing private key without a certificate chain has same PKCS #11 ID");
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Enumeration<String> engineAliases() {
        b();
        return Collections.enumeration(this.f.keySet());
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineContainsAlias(String str) {
        b();
        return this.f.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineDeleteEntry(String str) throws KeyStoreException {
        b();
        c();
        a(str);
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Certificate engineGetCertificate(String str) {
        b();
        a aVar = this.f.get(str);
        if (aVar == null) {
            return null;
        }
        return aVar.b();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized String engineGetCertificateAlias(Certificate certificate) {
        b();
        for (Map.Entry<String, a> entry : this.f.entrySet()) {
            if (entry.getValue().b().equals(certificate)) {
                return entry.getKey();
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Certificate[] engineGetCertificateChain(String str) {
        b();
        a aVar = this.f.get(str);
        if (aVar == null || aVar.e() == null) {
            return null;
        }
        return aVar.c();
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized KeyStore.Entry engineGetEntry(String str, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        b();
        if (protectionParameter != null) {
            throw new KeyStoreException("ProtectionParameter must be null");
        }
        a aVar = this.f.get(str);
        if (aVar == null) {
            return null;
        }
        if (aVar.e() == null) {
            return new KeyStore.TrustedCertificateEntry(aVar.b());
        }
        return new KeyStore.PrivateKeyEntry(b(aVar), aVar.c());
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        b();
        if (cArr != null) {
            throw new NoSuchAlgorithmException("Password must be null");
        }
        return b(this.f.get(str));
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineIsCertificateEntry(String str) {
        b();
        a aVar = this.f.get(str);
        if (aVar != null) {
            return aVar.e() == null;
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineIsKeyEntry(String str) {
        b();
        a aVar = this.f.get(str);
        if (aVar != null) {
            return aVar.e() != null;
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (inputStream != null) {
            throw new IOException("stream must be null");
        }
        if (cArr != null) {
            throw new IOException("password must be null");
        }
        try {
            a();
        } catch (SecurityException e) {
            throw new IOException("Error initializing KeyStore", e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        b();
        c();
        byte[] bytes = str.getBytes(a);
        a(bytes, str);
        d(bytes);
        try {
            byte[] encoded = certificate.getEncoded();
            pp a2 = pm.a(this.b, this.f180c, ByteBuffer.wrap(encoded));
            try {
                a(str);
                try {
                    a(bytes, str, encoded);
                    this.f.put(str, new a(bytes, a2));
                } catch (CryptoException e) {
                    throw new KeyStoreException("Error saving certificate", e);
                }
            } catch (SecurityException e2) {
                throw new KeyStoreException("Error while deleting current entry", e2);
            }
        } catch (CertificateException e3) {
            throw new KeyStoreException("Bad certificate", e3);
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        b();
        c();
        if (protectionParameter != null) {
            throw new KeyStoreException("ProtectionParameter must be null");
        }
        if (entry instanceof KeyStore.TrustedCertificateEntry) {
            engineSetCertificateEntry(str, ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate());
        } else {
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new KeyStoreException("Unsupported entry type");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            engineSetKeyEntry(str, privateKeyEntry.getPrivateKey(), null, privateKeyEntry.getCertificateChain());
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:66:0x01ee A[Catch: all -> 0x0214, TRY_ENTER, TryCatch #6 {, blocks: (B:4:0x0009, B:7:0x0015, B:10:0x001b, B:11:0x0032, B:13:0x0035, B:16:0x003b, B:18:0x0053, B:21:0x0074, B:29:0x0082, B:30:0x00a2, B:25:0x007a, B:26:0x0081, B:32:0x00a3, B:43:0x01a6, B:45:0x01a9, B:46:0x01ae, B:48:0x01b1, B:51:0x01bb, B:56:0x01cb, B:57:0x01d2, B:66:0x01ee, B:67:0x01f1, B:94:0x01f3, B:95:0x01fb, B:96:0x01fc, B:97:0x0203, B:98:0x0204, B:99:0x020b, B:100:0x020c, B:101:0x0213), top: B:3:0x0009, inners: #1, #2, #5 }] */
    @Override // java.security.KeyStoreSpi
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized void engineSetKeyEntry(java.lang.String r23, java.security.Key r24, char[] r25, java.security.cert.Certificate[] r26) throws java.security.KeyStoreException {
        /*
            Method dump skipped, instructions count: 535
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.rsa.cryptoj.o.lr.engineSetKeyEntry(java.lang.String, java.security.Key, char[], java.security.cert.Certificate[]):void");
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized int engineSize() {
        b();
        return this.f.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        throw new UnsupportedOperationException();
    }
}
