package com.rsa.cryptoj.o;

import com.rsa.crypto.AlgorithmStrings;
import com.rsa.crypto.CryptoException;
import com.rsa.crypto.CryptoModule;
import com.rsa.crypto.PrivateKey;
import com.rsa.securidlib.android.TokenImportDataParser;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class lr extends KeyStoreSpi {
    private static final Charset a = Charset.forName(TokenImportDataParser.UTF8);
    private final cf b;
    private final List<ca> c;
    private final CryptoModule d;
    private final com.rsa.crypto.ncm.key.l e;
    private final Map<String, a> f = new LinkedHashMap();
    private final List<byte[]> g = new ArrayList();
    private boolean h = false;
    private boolean i = false;
    private boolean j = false;
    private boolean k = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class a {
        private List<byte[]> a = new ArrayList();
        private List<X509Certificate> b = new ArrayList();
        private String c;

        public a(byte[] bArr, X509Certificate x509Certificate) {
            this.a.add(bArr);
            this.b.add(x509Certificate);
        }

        public a(byte[][] bArr, X509Certificate[] x509CertificateArr) {
            for (byte[] bArr2 : bArr) {
                this.a.add(bArr2);
            }
            for (X509Certificate x509Certificate : x509CertificateArr) {
                this.b.add(x509Certificate);
            }
        }

        public void a(String str) {
            this.c = str;
        }

        public void a(List<byte[]> list, List<X509Certificate> list2) {
            this.a.addAll(list);
            this.b.addAll(list2);
        }

        public byte[] a() {
            return this.a.get(0);
        }

        public X509Certificate b() {
            return this.b.get(0);
        }

        public X509Certificate[] c() {
            return (X509Certificate[]) this.b.toArray(new X509Certificate[this.b.size()]);
        }

        public byte[][] d() {
            return (byte[][]) this.a.toArray(new byte[this.a.size()]);
        }

        public String e() {
            return this.c;
        }
    }

    public lr(cf cfVar, List<ca> list, CryptoModule cryptoModule) {
        this.b = cfVar;
        this.c = list;
        this.d = cryptoModule;
        this.e = (com.rsa.crypto.ncm.key.l) (cryptoModule instanceof cj ? ((cj) cryptoModule).c() : cryptoModule).getKeyBuilder();
    }

    private com.rsa.crypto.ncm.key.j a(a aVar) {
        com.rsa.crypto.ncm.key.j jVar = null;
        if (aVar != null) {
            byte[] a2 = aVar.a();
            String e = aVar.e();
            if (e != null) {
                try {
                    if ("RSA".equals(e)) {
                        jVar = this.e.c(a2);
                    } else if (AlgorithmStrings.DSA.equals(e)) {
                        jVar = this.e.e(a2);
                    } else {
                        if (!AlgorithmStrings.EC.equals(e)) {
                            throw new SecurityException("Unknown key algorithm: " + e);
                        }
                        jVar = this.e.g(a2);
                    }
                } catch (CryptoException e2) {
                    throw new SecurityException("Error loading PKCS11 key", e2);
                }
            }
        }
        return jVar;
    }

    private a a(byte[] bArr, boolean z) {
        if (bArr == null) {
            return null;
        }
        for (a aVar : this.f.values()) {
            if (z) {
                for (byte[] bArr2 : aVar.d()) {
                    if (Arrays.equals(bArr2, bArr)) {
                        return aVar;
                    }
                }
            } else if (Arrays.equals(aVar.a(), bArr)) {
                return aVar;
            }
        }
        return null;
    }

    private String a(String str, X509Certificate x509Certificate) {
        return str + com.vmware.view.client.android.appshift.a.SEPERATOR + x509Certificate.getIssuerX500Principal().getName("CANONICAL") + com.vmware.view.client.android.appshift.a.SEPERATOR + x509Certificate.getSerialNumber().toString();
    }

    private void a() {
        String str;
        boolean z;
        this.f.clear();
        this.h = false;
        this.i = false;
        this.j = false;
        this.k = false;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        try {
            com.rsa.crypto.ncm.cert.b a2 = this.e.a(null, null);
            while (a2.hasNext()) {
                com.rsa.crypto.ncm.cert.c next = a2.next();
                byte[] certID = next.getCertID();
                String certLabel = next.getCertLabel();
                byte[] encoded = next.getEncoded();
                next.clearSensitiveData();
                try {
                    pp a3 = pm.a(this.b, ka.b, ByteBuffer.wrap(encoded));
                    if (certLabel != null) {
                        str = certLabel;
                    } else if (certID != null) {
                        str = b(certID);
                    }
                    if (certID != null) {
                        Iterator it = linkedHashMap.values().iterator();
                        boolean z2 = false;
                        while (true) {
                            if (!it.hasNext()) {
                                z = z2;
                                break;
                            }
                            Iterator it2 = ((List) it.next()).iterator();
                            while (true) {
                                if (!it2.hasNext()) {
                                    z = z2;
                                    break;
                                }
                                byte[] a4 = ((a) it2.next()).a();
                                if (a4 != null && Arrays.equals(a4, certID)) {
                                    z = true;
                                    break;
                                }
                            }
                            if (z) {
                                break;
                            } else {
                                z2 = z;
                            }
                        }
                        if (z) {
                            this.j = true;
                        } else {
                            List list = (List) linkedHashMap.get(str);
                            if (list == null) {
                                list = new ArrayList();
                                linkedHashMap.put(str, list);
                            }
                            list.add(new a(certID, a3));
                        }
                    }
                } catch (CertificateException e) {
                    throw new SecurityException("Failed to decode a certificate.");
                }
            }
            a2.clearSensitiveData();
            HashMap hashMap = new HashMap();
            for (Map.Entry entry : linkedHashMap.entrySet()) {
                String str2 = (String) entry.getKey();
                List<a> list2 = (List) entry.getValue();
                if (list2.size() == 1) {
                    a aVar = (a) list2.get(0);
                    this.f.put(str2, aVar);
                    X500Principal subjectX500Principal = aVar.b().getSubjectX500Principal();
                    if (!hashMap.containsKey(subjectX500Principal)) {
                        hashMap.put(subjectX500Principal, str2);
                    }
                } else {
                    for (a aVar2 : list2) {
                        X509Certificate b = aVar2.b();
                        str2 = a(str2, b);
                        if (!linkedHashMap.containsKey(str2) && !this.f.containsKey(str2)) {
                            this.f.put(str2, aVar2);
                            X500Principal subjectX500Principal2 = b.getSubjectX500Principal();
                            if (!hashMap.containsKey(subjectX500Principal2)) {
                                hashMap.put(subjectX500Principal2, str2);
                            }
                        }
                    }
                    this.i = true;
                }
            }
            a("RSA", hashMap);
            a(AlgorithmStrings.DSA, hashMap);
            a(AlgorithmStrings.EC, hashMap);
            this.h = true;
        } catch (CryptoException e2) {
            throw new SecurityException("Error searching for PKCS11 certificates", e2);
        }
    }

    private void a(a aVar, Map<X500Principal, String> map) {
        X500Principal x500Principal;
        X509Certificate b = aVar.b();
        X500Principal issuerX500Principal = b.getIssuerX500Principal();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        X500Principal x500Principal2 = issuerX500Principal;
        while (x500Principal2 != null && !x500Principal2.equals(b.getSubjectX500Principal())) {
            String str = map.get(x500Principal2);
            if (str != null) {
                a aVar2 = this.f.get(str);
                X509Certificate b2 = aVar2.b();
                arrayList.add(aVar2.a());
                arrayList2.add(b2);
                this.f.remove(str);
                map.remove(x500Principal2);
                x500Principal = b2.getIssuerX500Principal();
                b = b2;
            } else {
                x500Principal = null;
            }
            x500Principal2 = x500Principal;
        }
        aVar.a(arrayList, arrayList2);
    }

    private void a(String str) {
        a aVar = this.f.get(str);
        if (aVar != null) {
            this.f.remove(str);
            if (aVar.e() != null) {
                try {
                    byte[][] d = aVar.d();
                    for (int length = d.length - 1; length > 0; length--) {
                        com.rsa.crypto.ncm.cert.c c = c(d[length]);
                        c.deleteCertFromDevice();
                        c.clearSensitiveData();
                    }
                    try {
                        com.rsa.crypto.ncm.key.j a2 = a(aVar);
                        a2.deleteKeyFromDevice();
                        ((PrivateKey) a2).clearSensitiveData();
                    } catch (CryptoException e) {
                        throw new SecurityException("Error deleting private key", e);
                    }
                } catch (CryptoException e2) {
                    throw new SecurityException("Error deleting certificate chain", e2);
                }
            }
            try {
                com.rsa.crypto.ncm.cert.c c2 = c(aVar.a());
                c2.deleteCertFromDevice();
                c2.clearSensitiveData();
            } catch (CryptoException e3) {
                throw new SecurityException("Error deleting certificate", e3);
            }
        }
    }

    private void a(String str, Map<X500Principal, String> map) {
        try {
            com.rsa.crypto.ncm.key.o a2 = this.e.a(str, (byte[]) null, (String) null);
            while (a2.hasNext()) {
                com.rsa.crypto.ncm.key.j next = a2.next();
                byte[] keyID = next.getKeyID();
                ((PrivateKey) next).clearSensitiveData();
                if (keyID != null) {
                    a a3 = a(keyID, false);
                    if (a3 != null) {
                        if (a3.e() == null) {
                            a3.a(str);
                            map.remove(a3.b().getSubjectX500Principal());
                            a(a3, map);
                        } else {
                            this.k = true;
                        }
                    } else if (!a(keyID)) {
                        this.g.add(keyID);
                    }
                }
            }
            a2.clearSensitiveData();
        } catch (CryptoException e) {
            throw new SecurityException("Error searching for PKCS11 keys or certs", e);
        }
    }

    private void a(byte[] bArr, String str) throws KeyStoreException {
        a aVar = this.f.get(str);
        if ((aVar == null || !Arrays.equals(aVar.a(), bArr)) && a(bArr, true) != null) {
            throw new KeyStoreException("Unable to set entry. An existing certificate has the same PKCS #11 ID but a different label");
        }
    }

    private void a(byte[] bArr, String str, byte[] bArr2) throws CryptoException {
        com.rsa.crypto.ncm.cert.c a2 = this.e.a(bArr2, 0, bArr2.length);
        a2.setCertID(bArr);
        if (str != null) {
            a2.setCertLabel(str);
        }
        a2.store();
        a2.clearSensitiveData();
    }

    private boolean a(byte[] bArr) {
        Iterator<byte[]> it = this.g.iterator();
        while (it.hasNext()) {
            if (Arrays.equals(it.next(), bArr)) {
                return true;
            }
        }
        return false;
    }

    private fm b(a aVar) {
        com.rsa.crypto.ncm.key.j a2 = a(aVar);
        if (a2 != null) {
            return ff.a(aVar.e(), (PrivateKey) a2, this.d);
        }
        return null;
    }

    private String b(byte[] bArr) {
        boolean z = false;
        int length = bArr.length;
        int i = 0;
        while (true) {
            if (i < length) {
                char c = (char) bArr[i];
                if (c < ' ' || c > '~') {
                    break;
                }
                i++;
            } else {
                z = true;
                break;
            }
        }
        return z ? new String(bArr, a) : "0x" + dp.a(bArr);
    }

    private void b() {
        if (!this.h) {
            throw new SecurityException("Not loaded");
        }
    }

    private com.rsa.crypto.ncm.cert.c c(byte[] bArr) {
        try {
            return this.e.h(bArr);
        } catch (CryptoException e) {
            throw new SecurityException("Error loading PKCS11 certificate", e);
        }
    }

    private void c() throws KeyStoreException {
        if (this.i) {
            throw new KeyStoreException("This KeyStore is readonly: duplicate PKCS #11 certificate label.");
        }
        if (this.j) {
            throw new KeyStoreException("This KeyStore is readonly: duplicate PKCS #11 certificate id.");
        }
        if (this.k) {
            throw new KeyStoreException("This KeyStore is readonly: duplicate PKCS #11 key id.");
        }
    }

    private void d(byte[] bArr) throws KeyStoreException {
        if (a(bArr)) {
            throw new KeyStoreException("Unable to set entry. An existing private key without a certificate chain has same PKCS #11 ID");
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Enumeration<String> engineAliases() {
        b();
        return Collections.enumeration(this.f.keySet());
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineContainsAlias(String str) {
        b();
        return this.f.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineDeleteEntry(String str) throws KeyStoreException {
        b();
        c();
        a(str);
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Certificate engineGetCertificate(String str) {
        a aVar;
        b();
        aVar = this.f.get(str);
        return aVar != null ? aVar.b() : null;
    }

    /* JADX WARN: Code restructure failed: missing block: B:9:0x002a, code lost:
    
        r0 = r0.getKey();
     */
    @Override // java.security.KeyStoreSpi
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized java.lang.String engineGetCertificateAlias(java.security.cert.Certificate r4) {
        /*
            r3 = this;
            monitor-enter(r3)
            r3.b()     // Catch: java.lang.Throwable -> L34
            java.util.Map<java.lang.String, com.rsa.cryptoj.o.lr$a> r0 = r3.f     // Catch: java.lang.Throwable -> L34
            java.util.Set r0 = r0.entrySet()     // Catch: java.lang.Throwable -> L34
            java.util.Iterator r2 = r0.iterator()     // Catch: java.lang.Throwable -> L34
        Le:
            boolean r0 = r2.hasNext()     // Catch: java.lang.Throwable -> L34
            if (r0 == 0) goto L32
            java.lang.Object r0 = r2.next()     // Catch: java.lang.Throwable -> L34
            java.util.Map$Entry r0 = (java.util.Map.Entry) r0     // Catch: java.lang.Throwable -> L34
            java.lang.Object r1 = r0.getValue()     // Catch: java.lang.Throwable -> L34
            com.rsa.cryptoj.o.lr$a r1 = (com.rsa.cryptoj.o.lr.a) r1     // Catch: java.lang.Throwable -> L34
            java.security.cert.X509Certificate r1 = r1.b()     // Catch: java.lang.Throwable -> L34
            boolean r1 = r1.equals(r4)     // Catch: java.lang.Throwable -> L34
            if (r1 == 0) goto Le
            java.lang.Object r0 = r0.getKey()     // Catch: java.lang.Throwable -> L34
            java.lang.String r0 = (java.lang.String) r0     // Catch: java.lang.Throwable -> L34
        L30:
            monitor-exit(r3)
            return r0
        L32:
            r0 = 0
            goto L30
        L34:
            r0 = move-exception
            monitor-exit(r3)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.rsa.cryptoj.o.lr.engineGetCertificateAlias(java.security.cert.Certificate):java.lang.String");
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Certificate[] engineGetCertificateChain(String str) {
        a aVar;
        b();
        aVar = this.f.get(str);
        return (aVar == null || aVar.e() == null) ? null : aVar.c();
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized KeyStore.Entry engineGetEntry(String str, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        a aVar;
        b();
        if (protectionParameter != null) {
            throw new KeyStoreException("ProtectionParameter must be null");
        }
        aVar = this.f.get(str);
        return aVar != null ? aVar.e() == null ? new KeyStore.TrustedCertificateEntry(aVar.b()) : new KeyStore.PrivateKeyEntry(b(aVar), aVar.c()) : null;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        b();
        if (cArr != null) {
            throw new NoSuchAlgorithmException("Password must be null");
        }
        return b(this.f.get(str));
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineIsCertificateEntry(String str) {
        a aVar;
        b();
        aVar = this.f.get(str);
        return aVar != null ? aVar.e() == null : false;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineIsKeyEntry(String str) {
        a aVar;
        b();
        aVar = this.f.get(str);
        return aVar != null ? aVar.e() != null : false;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (inputStream != null) {
            throw new IOException("stream must be null");
        }
        if (cArr != null) {
            throw new IOException("password must be null");
        }
        try {
            a();
        } catch (SecurityException e) {
            throw new IOException("Error initializing KeyStore", e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        b();
        c();
        byte[] bytes = str.getBytes(a);
        a(bytes, str);
        d(bytes);
        try {
            byte[] encoded = certificate.getEncoded();
            pp a2 = pm.a(this.b, this.c, ByteBuffer.wrap(encoded));
            try {
                a(str);
                try {
                    a(bytes, str, encoded);
                    this.f.put(str, new a(bytes, a2));
                } catch (CryptoException e) {
                    throw new KeyStoreException("Error saving certificate", e);
                }
            } catch (SecurityException e2) {
                throw new KeyStoreException("Error while deleting current entry", e2);
            }
        } catch (CertificateException e3) {
            throw new KeyStoreException("Bad certificate", e3);
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        b();
        c();
        if (protectionParameter != null) {
            throw new KeyStoreException("ProtectionParameter must be null");
        }
        if (entry instanceof KeyStore.TrustedCertificateEntry) {
            engineSetCertificateEntry(str, ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate());
        } else {
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new KeyStoreException("Unsupported entry type");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            engineSetKeyEntry(str, privateKeyEntry.getPrivateKey(), null, privateKeyEntry.getCertificateChain());
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:72:0x022d A[Catch: all -> 0x0015, TRY_ENTER, TryCatch #4 {, blocks: (B:3:0x0001, B:5:0x000d, B:6:0x0014, B:9:0x001a, B:12:0x002a, B:13:0x0031, B:14:0x0032, B:15:0x005a, B:17:0x005f, B:32:0x0065, B:33:0x0087, B:20:0x0088, B:22:0x00a5, B:24:0x00cd, B:25:0x00d0, B:29:0x00d4, B:30:0x00db, B:35:0x00dc, B:46:0x0119, B:49:0x011d, B:50:0x0127, B:52:0x012c, B:55:0x023a, B:60:0x0232, B:61:0x0239, B:72:0x022d, B:73:0x0230, B:104:0x013a, B:105:0x0141, B:106:0x0020, B:107:0x0027), top: B:2:0x0001, inners: #2, #9, #10 }] */
    /* JADX WARN: Removed duplicated region for block: B:74:? A[Catch: all -> 0x0015, SYNTHETIC, TryCatch #4 {, blocks: (B:3:0x0001, B:5:0x000d, B:6:0x0014, B:9:0x001a, B:12:0x002a, B:13:0x0031, B:14:0x0032, B:15:0x005a, B:17:0x005f, B:32:0x0065, B:33:0x0087, B:20:0x0088, B:22:0x00a5, B:24:0x00cd, B:25:0x00d0, B:29:0x00d4, B:30:0x00db, B:35:0x00dc, B:46:0x0119, B:49:0x011d, B:50:0x0127, B:52:0x012c, B:55:0x023a, B:60:0x0232, B:61:0x0239, B:72:0x022d, B:73:0x0230, B:104:0x013a, B:105:0x0141, B:106:0x0020, B:107:0x0027), top: B:2:0x0001, inners: #2, #9, #10 }] */
    @Override // java.security.KeyStoreSpi
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized void engineSetKeyEntry(java.lang.String r19, java.security.Key r20, char[] r21, java.security.cert.Certificate[] r22) throws java.security.KeyStoreException {
        /*
            Method dump skipped, instructions count: 612
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.rsa.cryptoj.o.lr.engineSetKeyEntry(java.lang.String, java.security.Key, char[], java.security.cert.Certificate[]):void");
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized int engineSize() {
        b();
        return this.f.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        throw new UnsupportedOperationException();
    }
}
