package sun.security.pkcs11;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.x500.X500Principal;
import sun.security.ec.ECParameters;
import sun.security.pkcs11.Secmod;
import sun.security.pkcs11.wrapper.PKCS11Exception;
import sun.security.rsa.RSAKeyFactory;
import sun.security.util.Debug;
import sun.security.util.DerValue;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class p extends KeyStoreSpi {
    private static final sun.security.pkcs11.wrapper.b a = new sun.security.pkcs11.wrapper.b(0, 1);
    private static final sun.security.pkcs11.wrapper.b b = new sun.security.pkcs11.wrapper.b(0, 3);
    private static final sun.security.pkcs11.wrapper.b c = new sun.security.pkcs11.wrapper.b(0, 4);
    private static final sun.security.pkcs11.wrapper.b d = new sun.security.pkcs11.wrapper.b(128, 0);
    private static final sun.security.pkcs11.wrapper.b e = new sun.security.pkcs11.wrapper.b(1L, true);
    private static sun.security.pkcs11.wrapper.b f = e;
    private static final sun.security.pkcs11.wrapper.b g = new sun.security.pkcs11.wrapper.b(134L, true);
    private static final sun.security.pkcs11.wrapper.b h = new sun.security.pkcs11.wrapper.b(2L, true);
    private static final Debug i = Debug.getInstance("pkcs11keystore");
    private static boolean j = true;
    private static final long[] p = new long[0];
    private final ak k;
    private boolean l = false;
    private HashMap<String, a> m;
    private final boolean n;
    private Secmod.TrustType o;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class a {
        private sun.security.pkcs11.wrapper.b a;
        private String b;
        private byte[] c;
        private boolean d;
        private X509Certificate e;
        private X509Certificate[] f;
        private boolean g;

        public a(String str) {
            this.a = null;
            this.b = null;
            this.c = null;
            this.d = false;
            this.e = null;
            this.f = null;
            this.g = false;
            this.a = p.c;
            this.b = str;
        }

        public a(String str, byte[] bArr, boolean z, X509Certificate x509Certificate) {
            this.a = null;
            this.b = null;
            this.c = null;
            this.d = false;
            this.e = null;
            this.f = null;
            this.g = false;
            this.a = p.b;
            this.b = str;
            this.c = bArr;
            this.d = z;
            this.e = x509Certificate;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            if (this.a == p.b) {
                sb.append("\ttype=[private key]\n");
            } else if (this.a == p.c) {
                sb.append("\ttype=[secret key]\n");
            } else if (this.a == p.a) {
                sb.append("\ttype=[trusted cert]\n");
            }
            sb.append("\tlabel=[" + this.b + "]\n");
            if (this.c == null) {
                sb.append("\tid=[null]\n");
            } else {
                sb.append("\tid=" + p.e(this.c) + "\n");
            }
            sb.append("\ttrusted=[" + this.d + "]\n");
            sb.append("\tmatched=[" + this.g + "]\n");
            if (this.e == null) {
                sb.append("\tcert=[null]\n");
            } else {
                sb.append("\tcert=[\tsubject: " + this.e.getSubjectX500Principal() + "\n\t\tissuer: " + this.e.getIssuerX500Principal() + "\n\t\tserialNum: " + this.e.getSerialNumber().toString() + "]");
            }
            return sb.toString();
        }
    }

    /* loaded from: classes.dex */
    private static class b implements CallbackHandler {
        private char[] a;

        private b(char[] cArr) {
            if (cArr != null) {
                this.a = (char[]) cArr.clone();
            }
        }

        protected void finalize() {
            if (this.a != null) {
                Arrays.fill(this.a, ' ');
            }
            super.finalize();
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) {
            if (!(callbackArr[0] instanceof PasswordCallback)) {
                throw new UnsupportedCallbackException(callbackArr[0]);
            }
            ((PasswordCallback) callbackArr[0]).setPassword(this.a);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class c {
        private final long a;
        private final sun.security.pkcs11.wrapper.b b;

        private c(long j, sun.security.pkcs11.wrapper.b bVar) {
            this.a = j;
            this.b = bVar;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public p(ak akVar) {
        this.k = akVar;
        this.n = akVar.a.nssUseSecmodTrust;
    }

    private X509Certificate a(ac acVar, long j2) {
        sun.security.pkcs11.wrapper.b[] bVarArr = {new sun.security.pkcs11.wrapper.b(17L)};
        this.k.b.C_GetAttributeValue(acVar.a(), j2, bVarArr);
        byte[] d2 = bVarArr[0].d();
        if (d2 == null) {
            throw new CertificateException("unexpectedly retrieved null byte array");
        }
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(d2));
    }

    private ArrayList<a> a(ArrayList<byte[]> arrayList, HashMap<String, HashSet<a>> hashMap) {
        this.m = new HashMap<>();
        ArrayList<a> arrayList2 = new ArrayList<>();
        Iterator<byte[]> it = arrayList.iterator();
        while (it.hasNext()) {
            byte[] next = it.next();
            boolean z = false;
            Iterator<String> it2 = hashMap.keySet().iterator();
            while (true) {
                boolean z2 = z;
                if (!it2.hasNext()) {
                    z = z2;
                    break;
                }
                String next2 = it2.next();
                HashSet<a> hashSet = hashMap.get(next2);
                Iterator<a> it3 = hashSet.iterator();
                while (true) {
                    if (!it3.hasNext()) {
                        z = z2;
                        break;
                    }
                    a next3 = it3.next();
                    if (Arrays.equals(next, next3.c)) {
                        if (hashSet.size() == 1) {
                            next3.g = true;
                            this.m.put(next2, next3);
                        } else {
                            next3.g = true;
                            this.m.put(b(next2, next3.e), next3);
                        }
                        arrayList2.add(next3);
                        z = true;
                    }
                }
                if (z) {
                    break;
                }
            }
            if (!z && i != null) {
                i.println("did not find match for private key with CKA_ID [" + e(next) + "] (ignoring entry)");
            }
        }
        return arrayList2;
    }

    private c a(ac acVar, sun.security.pkcs11.wrapper.b bVar, byte[] bArr, String str) {
        long[] a2 = a(acVar, bVar == c ? new sun.security.pkcs11.wrapper.b[]{f, new sun.security.pkcs11.wrapper.b(3L, str), bVar} : new sun.security.pkcs11.wrapper.b[]{e, new sun.security.pkcs11.wrapper.b(258L, bArr), bVar});
        if (a2.length == 0) {
            if (i != null) {
                if (bVar == c) {
                    i.println("getTokenObject did not find secret key with CKA_LABEL [" + str + "]");
                } else if (bVar == a) {
                    i.println("getTokenObject did not find cert with CKA_ID [" + e(bArr) + "]");
                } else {
                    i.println("getTokenObject did not find private key with CKA_ID [" + e(bArr) + "]");
                }
            }
            return new c(-1L, null);
        }
        if (a2.length == 1) {
            return new c(a2[0], bVar);
        }
        if (bVar != c) {
            if (bVar == a) {
                throw new KeyStoreException("invalid KeyStore state: found " + a2.length + " certificates sharing CKA_ID " + e(bArr));
            }
            throw new KeyStoreException("invalid KeyStore state: found " + a2.length + " private keys sharing CKA_ID " + e(bArr));
        }
        ArrayList arrayList = new ArrayList(a2.length);
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 >= a2.length) {
                break;
            }
            sun.security.pkcs11.wrapper.b[] bVarArr = {new sun.security.pkcs11.wrapper.b(3L)};
            this.k.b.C_GetAttributeValue(acVar.a(), a2[i3], bVarArr);
            if (bVarArr[0].r != null && str.equals(new String(bVarArr[0].c()))) {
                arrayList.add(new c(a2[i3], c));
            }
            i2 = i3 + 1;
        }
        if (arrayList.size() == 1) {
            return (c) arrayList.get(0);
        }
        throw new KeyStoreException("invalid KeyStore state: found " + arrayList.size() + " secret keys sharing CKA_LABEL [" + str + "]");
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void a(String str, KeyStore.PrivateKeyEntry privateKeyEntry) {
        sun.security.pkcs11.wrapper.b[] a2;
        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
        if (privateKey instanceof k) {
            k kVar = (k) privateKey;
            if (kVar.f && kVar.b == this.k) {
                a(str, (sun.security.pkcs11.wrapper.b) null, kVar);
                a(str, (X509Certificate[]) privateKeyEntry.getCertificateChain());
                return;
            }
        }
        boolean t = this.k.c.t();
        PublicKey publicKey = privateKeyEntry.getCertificate().getPublicKey();
        if (privateKey instanceof RSAPrivateKey) {
            a2 = a(str, (RSAPrivateKey) privateKey, ((X509Certificate) privateKeyEntry.getCertificate()).getSubjectX500Principal());
        } else if (privateKey instanceof DSAPrivateKey) {
            DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) privateKey;
            sun.security.pkcs11.wrapper.b[] a3 = a(privateKey, publicKey, false, t);
            if (a3[0] == null) {
                a3[0] = new sun.security.pkcs11.wrapper.b(258L, str);
            }
            sun.security.pkcs11.wrapper.b[] bVarArr = {e, b, h, new sun.security.pkcs11.wrapper.b(256L, 1L), a3[0], new sun.security.pkcs11.wrapper.b(304L, dSAPrivateKey.getParams().getP()), new sun.security.pkcs11.wrapper.b(305L, dSAPrivateKey.getParams().getQ()), new sun.security.pkcs11.wrapper.b(306L, dSAPrivateKey.getParams().getG()), new sun.security.pkcs11.wrapper.b(17L, dSAPrivateKey.getX())};
            if (a3[1] != null) {
                bVarArr = a(bVarArr, a3[1]);
            }
            a2 = this.k.a("import", 3L, 1L, bVarArr);
            if (i != null) {
                i.println("storePkey created DSA template");
            }
        } else if (privateKey instanceof DHPrivateKey) {
            DHPrivateKey dHPrivateKey = (DHPrivateKey) privateKey;
            sun.security.pkcs11.wrapper.b[] a4 = a(privateKey, publicKey, false, t);
            if (a4[0] == null) {
                a4[0] = new sun.security.pkcs11.wrapper.b(258L, str);
            }
            sun.security.pkcs11.wrapper.b[] bVarArr2 = {e, b, h, new sun.security.pkcs11.wrapper.b(256L, 2L), a4[0], new sun.security.pkcs11.wrapper.b(304L, dHPrivateKey.getParams().getP()), new sun.security.pkcs11.wrapper.b(306L, dHPrivateKey.getParams().getG()), new sun.security.pkcs11.wrapper.b(17L, dHPrivateKey.getX())};
            if (a4[1] != null) {
                bVarArr2 = a(bVarArr2, a4[1]);
            }
            a2 = this.k.a("import", 3L, 2L, bVarArr2);
        } else {
            if (!(privateKey instanceof ECPrivateKey)) {
                if (!(privateKey instanceof k)) {
                    throw new KeyStoreException("unsupported key type: " + privateKey);
                }
                k kVar2 = (k) privateKey;
                if (kVar2.b != this.k) {
                    throw new KeyStoreException("Cannot move sensitive keys across tokens");
                }
                a(str, t ? a(privateKey, publicKey, false, true)[1] : null, kVar2);
                a(str, (X509Certificate[]) privateKeyEntry.getCertificateChain());
                return;
            }
            ECPrivateKey eCPrivateKey = (ECPrivateKey) privateKey;
            sun.security.pkcs11.wrapper.b[] a5 = a(privateKey, publicKey, false, t);
            if (a5[0] == null) {
                a5[0] = new sun.security.pkcs11.wrapper.b(258L, str);
            }
            sun.security.pkcs11.wrapper.b[] bVarArr3 = {e, b, h, new sun.security.pkcs11.wrapper.b(256L, 3L), a5[0], new sun.security.pkcs11.wrapper.b(17L, eCPrivateKey.getS()), new sun.security.pkcs11.wrapper.b(384L, ECParameters.encodeParameters(eCPrivateKey.getParams()))};
            if (a5[1] != null) {
                bVarArr3 = a(bVarArr3, a5[1]);
            }
            a2 = this.k.a("import", 3L, 3L, bVarArr3);
            if (i != null) {
                i.println("storePkey created EC template");
            }
        }
        ac acVar = null;
        try {
            acVar = this.k.f();
            this.k.b.C_CreateObject(acVar.a(), a2);
            if (i != null) {
                i.println("storePkey created token key for [" + str + "]");
            }
            this.k.d(acVar);
            a(str, (X509Certificate[]) privateKeyEntry.getCertificateChain());
        } catch (Throwable th) {
            this.k.d(acVar);
            throw th;
        }
    }

    private void a(String str, KeyStore.SecretKeyEntry secretKeyEntry) {
        try {
            t.a(this.k, secretKeyEntry.getSecretKey(), null, new sun.security.pkcs11.wrapper.b[]{f, h, new sun.security.pkcs11.wrapper.b(3L, str)});
            this.m.put(str, new a(str));
            if (i != null) {
                i.println("storeSkey created token secret key for [" + str + "]");
            }
        } catch (InvalidKeyException e2) {
            throw new KeyStoreException("Cannot convert to PKCS11 keys", e2);
        }
    }

    private void a(String str, X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(e);
        arrayList.add(a);
        arrayList.add(d);
        arrayList.add(new sun.security.pkcs11.wrapper.b(257L, x509Certificate.getSubjectX500Principal().getEncoded()));
        arrayList.add(new sun.security.pkcs11.wrapper.b(129L, x509Certificate.getIssuerX500Principal().getEncoded()));
        arrayList.add(new sun.security.pkcs11.wrapper.b(130L, x509Certificate.getSerialNumber().toByteArray()));
        arrayList.add(new sun.security.pkcs11.wrapper.b(17L, x509Certificate.getEncoded()));
        if (str != null) {
            arrayList.add(new sun.security.pkcs11.wrapper.b(3L, str));
            arrayList.add(new sun.security.pkcs11.wrapper.b(258L, str));
        } else {
            arrayList.add(new sun.security.pkcs11.wrapper.b(258L, b(x509Certificate.getSubjectX500Principal().getName("CANONICAL"), x509Certificate)));
        }
        ac acVar = null;
        try {
            acVar = this.k.f();
            this.k.b.C_CreateObject(acVar.a(), (sun.security.pkcs11.wrapper.b[]) arrayList.toArray(new sun.security.pkcs11.wrapper.b[arrayList.size()]));
        } finally {
            this.k.d(acVar);
        }
    }

    private void a(String str, sun.security.pkcs11.wrapper.b bVar, k kVar) {
        ac acVar = null;
        try {
            ac f2 = this.k.f();
            try {
                if (kVar.f) {
                    this.k.b.C_SetAttributeValue(f2.a(), kVar.d, new sun.security.pkcs11.wrapper.b[]{new sun.security.pkcs11.wrapper.b(258L, str)});
                    if (i != null) {
                        i.println("updateP11Pkey set new alias [" + str + "] for key entry");
                    }
                } else {
                    sun.security.pkcs11.wrapper.b[] bVarArr = {e, new sun.security.pkcs11.wrapper.b(258L, str)};
                    if (bVar != null) {
                        bVarArr = a(bVarArr, bVar);
                    }
                    this.k.b.C_CopyObject(f2.a(), kVar.d, bVarArr);
                    if (i != null) {
                        i.println("updateP11Pkey copied private session key for [" + str + "] to token entry");
                    }
                }
                this.k.d(f2);
            } catch (Throwable th) {
                th = th;
                acVar = f2;
                this.k.d(acVar);
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private void a(String str, byte[] bArr, X509Certificate[] x509CertificateArr, boolean z) {
        ac f2;
        ac acVar = null;
        try {
            f2 = this.k.f();
        } catch (Throwable th) {
            th = th;
        }
        try {
            c a2 = a(f2, b, bArr, (String) null);
            if (a2.b != b) {
                throw new KeyStoreException("expected but could not find private key with CKA_ID " + e(bArr));
            }
            long j2 = a2.a;
            if (a(f2, a, bArr, (String) null).b != a) {
                throw new KeyStoreException("expected but could not find certificate with CKA_ID " + e(bArr));
            }
            c(bArr);
            a(str, x509CertificateArr);
            this.k.b.C_SetAttributeValue(f2.a(), j2, new sun.security.pkcs11.wrapper.b[]{new sun.security.pkcs11.wrapper.b(258L, str)});
            if (i != null) {
                i.println("updatePkey set new alias [" + str + "] for private key entry");
            }
            this.k.d(f2);
        } catch (Throwable th2) {
            th = th2;
            acVar = f2;
            this.k.d(acVar);
            throw th;
        }
    }

    private void a(String str, X509Certificate[] x509CertificateArr) {
        a(str, x509CertificateArr[0]);
        a(x509CertificateArr, 1);
    }

    private void a(HashMap<String, a> hashMap) {
        for (String str : hashMap.keySet()) {
            if (this.m.containsKey(str)) {
                throw new KeyStoreException("invalid KeyStore state: found secret key sharing CKA_LABEL [" + str + "] with another token object");
            }
        }
        this.m.putAll(hashMap);
    }

    private void a(CallbackHandler callbackHandler) {
        if ((this.k.d.e & 256) == 0) {
            this.k.a.login(null, callbackHandler);
        } else {
            if (callbackHandler != null && !this.k.c.i()) {
                throw new LoginException("can not specify password if token supports protected authentication path");
            }
            this.k.a.login(null, null);
        }
    }

    private void a(X509Certificate[] x509CertificateArr, int i2) {
        ac acVar;
        HashSet hashSet = new HashSet();
        try {
            acVar = this.k.f();
        } catch (Throwable th) {
            th = th;
            acVar = null;
        }
        try {
            for (long j2 : a(acVar, new sun.security.pkcs11.wrapper.b[]{e, a})) {
                hashSet.add(a(acVar, j2));
            }
            this.k.d(acVar);
            while (i2 < x509CertificateArr.length) {
                if (!hashSet.contains(x509CertificateArr[i2])) {
                    a((String) null, x509CertificateArr[i2]);
                } else if (i != null) {
                    i.println("ignoring duplicate CA cert for [" + x509CertificateArr[i2].getSubjectX500Principal() + "]");
                }
                i2++;
            }
        } catch (Throwable th2) {
            th = th2;
            this.k.d(acVar);
            throw th;
        }
    }

    private boolean a(String str) {
        a aVar = this.m.get(str);
        if (aVar == null) {
            return false;
        }
        this.m.remove(str);
        try {
            if (aVar.a == a) {
                return b(aVar.c);
            }
            if (aVar.a == b) {
                return d(aVar.c) && c(aVar.c);
            }
            if (aVar.a == c) {
                return b(str);
            }
            throw new KeyStoreException("unexpected entry type");
        } catch (CertificateException e2) {
            throw new KeyStoreException(e2);
        } catch (PKCS11Exception e3) {
            throw new KeyStoreException(e3);
        }
    }

    private boolean a(String str, a aVar, HashSet<a> hashSet) {
        aVar.a = a;
        aVar.d = true;
        if (hashSet.size() == 1) {
            this.m.put(str, aVar);
            return false;
        }
        this.m.put(b(str, aVar.e), aVar);
        return true;
    }

    private static long[] a(ac acVar, sun.security.pkcs11.wrapper.b[] bVarArr) {
        ak akVar = acVar.a;
        long[] jArr = p;
        akVar.b.C_FindObjectsInit(acVar.a(), bVarArr);
        while (true) {
            long[] C_FindObjects = akVar.b.C_FindObjects(acVar.a(), 100L);
            if (C_FindObjects.length == 0) {
                akVar.b.C_FindObjectsFinal(acVar.a());
                return jArr;
            }
            jArr = ab.a(jArr, C_FindObjects);
        }
    }

    private X509Certificate[] a(ac acVar, X509Certificate x509Certificate) {
        if (x509Certificate.getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal())) {
            return new X509Certificate[]{x509Certificate};
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        do {
            long[] a2 = a(acVar, new sun.security.pkcs11.wrapper.b[]{e, a, new sun.security.pkcs11.wrapper.b(257L, x509Certificate.getIssuerX500Principal().getEncoded())});
            if (a2 == null || a2.length == 0) {
                break;
            }
            if (i != null && a2.length > 1) {
                i.println("engineGetEntry found " + a2.length + " certificate entries for subject [" + x509Certificate.getIssuerX500Principal().toString() + "] in token - using first entry");
            }
            x509Certificate = a(acVar, a2[0]);
            arrayList.add(x509Certificate);
        } while (!x509Certificate.getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal()));
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    private sun.security.pkcs11.wrapper.b[] a(String str, RSAPrivateKey rSAPrivateKey, X500Principal x500Principal) {
        if (!(rSAPrivateKey instanceof RSAPrivateCrtKey)) {
            if (i != null) {
                i.println("creating RSAPrivateKey attrs");
            }
            return this.k.a("import", 3L, 0L, new sun.security.pkcs11.wrapper.b[]{e, b, h, new sun.security.pkcs11.wrapper.b(256L, 0L), new sun.security.pkcs11.wrapper.b(258L, str), new sun.security.pkcs11.wrapper.b(288L, rSAPrivateKey.getModulus()), new sun.security.pkcs11.wrapper.b(291L, rSAPrivateKey.getPrivateExponent())});
        }
        if (i != null) {
            i.println("creating RSAPrivateCrtKey attrs");
        }
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) rSAPrivateKey;
        return this.k.a("import", 3L, 0L, new sun.security.pkcs11.wrapper.b[]{e, b, h, new sun.security.pkcs11.wrapper.b(256L, 0L), new sun.security.pkcs11.wrapper.b(258L, str), new sun.security.pkcs11.wrapper.b(288L, rSAPrivateCrtKey.getModulus()), new sun.security.pkcs11.wrapper.b(291L, rSAPrivateCrtKey.getPrivateExponent()), new sun.security.pkcs11.wrapper.b(290L, rSAPrivateCrtKey.getPublicExponent()), new sun.security.pkcs11.wrapper.b(292L, rSAPrivateCrtKey.getPrimeP()), new sun.security.pkcs11.wrapper.b(293L, rSAPrivateCrtKey.getPrimeQ()), new sun.security.pkcs11.wrapper.b(294L, rSAPrivateCrtKey.getPrimeExponentP()), new sun.security.pkcs11.wrapper.b(295L, rSAPrivateCrtKey.getPrimeExponentQ()), new sun.security.pkcs11.wrapper.b(296L, rSAPrivateCrtKey.getCrtCoefficient())});
    }

    private sun.security.pkcs11.wrapper.b[] a(PrivateKey privateKey, PublicKey publicKey, boolean z, boolean z2) {
        sun.security.pkcs11.wrapper.b[] bVarArr = new sun.security.pkcs11.wrapper.b[2];
        if (z || z2) {
            String algorithm = privateKey.getAlgorithm();
            if (z && algorithm.equals("RSA") && (publicKey instanceof RSAPublicKey)) {
                bVarArr[0] = new sun.security.pkcs11.wrapper.b(258L, ab.b(ab.a(((RSAPublicKey) publicKey).getModulus())));
            } else if (algorithm.equals("DSA") && (publicKey instanceof DSAPublicKey)) {
                BigInteger y = ((DSAPublicKey) publicKey).getY();
                if (z) {
                    bVarArr[0] = new sun.security.pkcs11.wrapper.b(258L, ab.b(ab.a(y)));
                }
                if (z2) {
                    bVarArr[1] = new sun.security.pkcs11.wrapper.b(3584088832L, y);
                }
            } else if (algorithm.equals("DH") && (publicKey instanceof DHPublicKey)) {
                BigInteger y2 = ((DHPublicKey) publicKey).getY();
                if (z) {
                    bVarArr[0] = new sun.security.pkcs11.wrapper.b(258L, ab.b(ab.a(y2)));
                }
                if (z2) {
                    bVarArr[1] = new sun.security.pkcs11.wrapper.b(3584088832L, y2);
                }
            } else {
                if (!algorithm.equals("EC") || !(publicKey instanceof ECPublicKey)) {
                    throw new RuntimeException("Unknown key algorithm " + algorithm);
                }
                ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
                byte[] encodePoint = ECParameters.encodePoint(eCPublicKey.getW(), eCPublicKey.getParams().getCurve());
                if (z) {
                    bVarArr[0] = new sun.security.pkcs11.wrapper.b(258L, ab.b(encodePoint));
                }
                if (z2) {
                    bVarArr[1] = new sun.security.pkcs11.wrapper.b(3584088832L, encodePoint);
                }
            }
        }
        return bVarArr;
    }

    private static sun.security.pkcs11.wrapper.b[] a(sun.security.pkcs11.wrapper.b[] bVarArr, sun.security.pkcs11.wrapper.b bVar) {
        int length = bVarArr.length;
        sun.security.pkcs11.wrapper.b[] bVarArr2 = new sun.security.pkcs11.wrapper.b[length + 1];
        System.arraycopy(bVarArr, 0, bVarArr2, 0, length);
        bVarArr2[length] = bVar;
        return bVarArr2;
    }

    private String b(String str, X509Certificate x509Certificate) {
        return str + "/" + x509Certificate.getIssuerX500Principal().getName("CANONICAL") + "/" + x509Certificate.getSerialNumber().toString();
    }

    private SecretKey b(ac acVar, long j2) {
        String str;
        sun.security.pkcs11.wrapper.b[] bVarArr = {new sun.security.pkcs11.wrapper.b(256L)};
        this.k.b.C_GetAttributeValue(acVar.a(), j2, bVarArr);
        long e2 = bVarArr[0].e();
        String str2 = null;
        int i2 = -1;
        if (e2 != 19 && e2 != 21) {
            if (e2 == 31) {
                str = "AES";
            } else if (e2 == 32) {
                str = "Blowfish";
            } else if (e2 == 18) {
                str = "ARCFOUR";
            } else {
                if (i != null) {
                    i.println("unknown key type [" + e2 + "] - using 'Generic Secret'");
                }
                str = "Generic Secret";
            }
            sun.security.pkcs11.wrapper.b[] bVarArr2 = {new sun.security.pkcs11.wrapper.b(353L)};
            this.k.b.C_GetAttributeValue(acVar.a(), j2, bVarArr2);
            i2 = (int) bVarArr2[0].e();
            str2 = str;
        } else if (e2 == 19) {
            str2 = "DES";
            i2 = 64;
        } else if (e2 == 21) {
            str2 = "DESede";
            i2 = 192;
        }
        return k.a(acVar, j2, str2, i2, null);
    }

    private boolean b(String str) {
        try {
            ac f2 = this.k.f();
            c a2 = a(f2, c, (byte[]) null, str);
            if (a2.b == c) {
                this.k.b.C_DestroyObject(f2.a(), a2.a);
                this.k.d(f2);
                return true;
            }
            if (i != null) {
                i.println("destroySkey did not find secret key with CKA_LABEL [" + str + "]");
            }
            this.k.d(f2);
            return false;
        } catch (Throwable th) {
            this.k.d(null);
            throw th;
        }
    }

    private boolean b(ArrayList<a> arrayList, HashMap<String, HashSet<a>> hashMap) {
        Iterator<a> it = arrayList.iterator();
        while (it.hasNext()) {
            a next = it.next();
            ac acVar = null;
            try {
                acVar = this.k.f();
                next.f = a(acVar, next.e);
            } finally {
                this.k.d(acVar);
            }
        }
        boolean z = false;
        for (String str : hashMap.keySet()) {
            HashSet<a> hashSet = hashMap.get(str);
            Iterator<a> it2 = hashSet.iterator();
            boolean z2 = z;
            while (it2.hasNext()) {
                a next2 = it2.next();
                if (next2.g) {
                    next2.d = false;
                } else if (j && next2.d && a(str, next2, hashSet)) {
                    z2 = true;
                }
            }
            z = z2;
        }
        return z;
    }

    private boolean b(byte[] bArr) {
        ak akVar;
        ac acVar = null;
        try {
            acVar = this.k.f();
            c a2 = a(acVar, a, bArr, (String) null);
            if (a2.b != a) {
                return false;
            }
            this.k.b.C_DestroyObject(acVar.a(), a2.a);
            if (i != null) {
                i.println("destroyCert destroyed cert with CKA_ID [" + e(bArr) + "]");
            }
            return true;
        } finally {
            this.k.d(acVar);
        }
    }

    private PrivateKey c(ac acVar, long j2) {
        sun.security.pkcs11.wrapper.b[] bVarArr = {new sun.security.pkcs11.wrapper.b(256L)};
        this.k.b.C_GetAttributeValue(acVar.a(), j2, bVarArr);
        long e2 = bVarArr[0].e();
        if (e2 == 0) {
            sun.security.pkcs11.wrapper.b[] bVarArr2 = {new sun.security.pkcs11.wrapper.b(288L)};
            this.k.b.C_GetAttributeValue(acVar.a(), j2, bVarArr2);
            int bitLength = bVarArr2[0].a().bitLength();
            try {
                RSAKeyFactory.checkKeyLengths(bitLength, (BigInteger) null, -1, Integer.MAX_VALUE);
                return k.c(acVar, j2, "RSA", bitLength, null);
            } catch (InvalidKeyException e3) {
                throw new KeyStoreException(e3.getMessage());
            }
        }
        if (e2 == 1) {
            sun.security.pkcs11.wrapper.b[] bVarArr3 = {new sun.security.pkcs11.wrapper.b(304L)};
            this.k.b.C_GetAttributeValue(acVar.a(), j2, bVarArr3);
            return k.c(acVar, j2, "DSA", bVarArr3[0].a().bitLength(), null);
        }
        if (e2 == 2) {
            sun.security.pkcs11.wrapper.b[] bVarArr4 = {new sun.security.pkcs11.wrapper.b(304L)};
            this.k.b.C_GetAttributeValue(acVar.a(), j2, bVarArr4);
            return k.c(acVar, j2, "DH", bVarArr4[0].a().bitLength(), null);
        }
        if (e2 != 3) {
            if (i != null) {
                i.println("unknown key type [" + e2 + "]");
            }
            throw new KeyStoreException("unknown key type");
        }
        sun.security.pkcs11.wrapper.b[] bVarArr5 = {new sun.security.pkcs11.wrapper.b(384L)};
        this.k.b.C_GetAttributeValue(acVar.a(), j2, bVarArr5);
        try {
            return k.c(acVar, j2, "EC", ECParameters.decodeParameters(bVarArr5[0].d()).getCurve().getField().getFieldSize(), null);
        } catch (IOException e4) {
            throw new KeyStoreException("Unsupported parameters", e4);
        }
    }

    private boolean c(byte[] bArr) {
        ac acVar;
        long[] a2;
        try {
            ac f2 = this.k.f();
            try {
                c a3 = a(f2, a, bArr, (String) null);
                if (a3.b != a) {
                    if (i != null) {
                        i.println("destroyChain could not find end entity cert with CKA_ID [0x" + sun.security.pkcs11.wrapper.s.a(bArr) + "]");
                    }
                    this.k.d(f2);
                    return false;
                }
                X509Certificate a4 = a(f2, a3.a);
                this.k.b.C_DestroyObject(f2.a(), a3.a);
                if (i != null) {
                    i.println("destroyChain destroyed end entity cert with CKA_ID [" + e(bArr) + "]");
                }
                while (!a4.getSubjectX500Principal().equals(a4.getIssuerX500Principal()) && (a2 = a(f2, new sun.security.pkcs11.wrapper.b[]{e, a, new sun.security.pkcs11.wrapper.b(257L, a4.getIssuerX500Principal().getEncoded())})) != null && a2.length != 0) {
                    if (i != null && a2.length > 1) {
                        i.println("destroyChain found " + a2.length + " certificate entries for subject [" + a4.getIssuerX500Principal() + "] in token - using first entry");
                    }
                    X509Certificate a5 = a(f2, a2[0]);
                    long[] a6 = a(f2, new sun.security.pkcs11.wrapper.b[]{e, a, new sun.security.pkcs11.wrapper.b(129L, a5.getSubjectX500Principal().getEncoded())});
                    if ((a6 == null || a6.length == 0) ? true : a6.length == 1 && a5.equals(a(f2, a6[0]))) {
                        this.k.b.C_DestroyObject(f2.a(), a2[0]);
                        if (i != null) {
                            i.println("destroyChain destroyed cert in chain with subject [" + a5.getSubjectX500Principal() + "]");
                        }
                    } else if (i != null) {
                        i.println("destroyChain did not destroy shared cert in chain with subject [" + a5.getSubjectX500Principal() + "]");
                    }
                    a4 = a5;
                }
                this.k.d(f2);
                return true;
            } catch (Throwable th) {
                th = th;
                acVar = f2;
                this.k.d(acVar);
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
            acVar = null;
        }
    }

    private boolean d() {
        String str;
        boolean b2;
        sun.security.pkcs11.wrapper.b[] bVarArr = {new sun.security.pkcs11.wrapper.b(134L)};
        ac acVar = null;
        try {
            ac f2 = this.k.f();
            try {
                ArrayList<byte[]> arrayList = new ArrayList<>();
                for (long j2 : a(f2, new sun.security.pkcs11.wrapper.b[]{e, b})) {
                    sun.security.pkcs11.wrapper.b[] bVarArr2 = {new sun.security.pkcs11.wrapper.b(258L)};
                    this.k.b.C_GetAttributeValue(f2.a(), j2, bVarArr2);
                    if (bVarArr2[0].r != null) {
                        arrayList.add(bVarArr2[0].d());
                    }
                }
                HashMap<String, HashSet<a>> hashMap = new HashMap<>();
                for (long j3 : a(f2, new sun.security.pkcs11.wrapper.b[]{e, a})) {
                    sun.security.pkcs11.wrapper.b[] bVarArr3 = {new sun.security.pkcs11.wrapper.b(3L)};
                    String str2 = null;
                    byte[] bArr = null;
                    try {
                        this.k.b.C_GetAttributeValue(f2.a(), j3, bVarArr3);
                        str2 = bVarArr3[0].r != null ? new String(bVarArr3[0].c()) : null;
                    } catch (PKCS11Exception e2) {
                        if (e2.getErrorCode() != 18) {
                            throw e2;
                        }
                    }
                    sun.security.pkcs11.wrapper.b[] bVarArr4 = {new sun.security.pkcs11.wrapper.b(258L)};
                    this.k.b.C_GetAttributeValue(f2.a(), j3, bVarArr4);
                    if (bVarArr4[0].r != null) {
                        String e3 = str2 == null ? e(bVarArr4[0].d()) : str2;
                        bArr = bVarArr4[0].d();
                        str = e3;
                    } else if (str2 != null) {
                        str = str2;
                    }
                    X509Certificate a2 = a(f2, j3);
                    if (this.n) {
                        b2 = Secmod.a().a(a2, this.o);
                    } else {
                        if (j) {
                            try {
                                this.k.b.C_GetAttributeValue(f2.a(), j3, bVarArr);
                                b2 = bVarArr[0].b();
                            } catch (PKCS11Exception e4) {
                                if (e4.getErrorCode() == 18) {
                                    j = false;
                                    if (i != null) {
                                        i.println("CKA_TRUSTED attribute not supported");
                                    }
                                }
                            }
                        }
                        b2 = false;
                    }
                    HashSet<a> hashSet = hashMap.get(str);
                    if (hashSet == null) {
                        hashSet = new HashSet<>(2);
                        hashMap.put(str, hashSet);
                    }
                    hashSet.add(new a(str, bArr, b2, a2));
                }
                HashMap<String, a> hashMap2 = new HashMap<>();
                for (long j4 : a(f2, new sun.security.pkcs11.wrapper.b[]{f, c})) {
                    sun.security.pkcs11.wrapper.b[] bVarArr5 = {new sun.security.pkcs11.wrapper.b(3L)};
                    this.k.b.C_GetAttributeValue(f2.a(), j4, bVarArr5);
                    if (bVarArr5[0].r != null) {
                        String str3 = new String(bVarArr5[0].c());
                        if (hashMap2.get(str3) != null) {
                            throw new KeyStoreException("invalid KeyStore state: found multiple secret keys sharing same CKA_LABEL [" + str3 + "]");
                        }
                        hashMap2.put(str3, new a(str3));
                    }
                }
                boolean b3 = b(a(arrayList, hashMap), hashMap);
                a(hashMap2);
                this.k.d(f2);
                return b3;
            } catch (Throwable th) {
                th = th;
                acVar = f2;
                this.k.d(acVar);
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private boolean d(byte[] bArr) {
        try {
            ac f2 = this.k.f();
            c a2 = a(f2, b, bArr, (String) null);
            if (a2.b == b) {
                this.k.b.C_DestroyObject(f2.a(), a2.a);
                this.k.d(f2);
                return true;
            }
            if (i != null) {
                i.println("destroyPkey did not find private key with CKA_ID [" + e(bArr) + "]");
            }
            this.k.d(f2);
            return false;
        } catch (Throwable th) {
            this.k.d(null);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String e(byte[] bArr) {
        boolean z = false;
        int i2 = 0;
        while (true) {
            if (i2 >= bArr.length) {
                z = true;
                break;
            }
            if (!DerValue.isPrintableStringChar((char) bArr[i2])) {
                break;
            }
            i2++;
        }
        if (!z) {
            return "0x" + sun.security.pkcs11.wrapper.s.a(bArr);
        }
        try {
            return new String(bArr, "UTF-8");
        } catch (UnsupportedEncodingException e2) {
            return "0x" + sun.security.pkcs11.wrapper.s.a(bArr);
        }
    }

    private void e() {
        Set<String> keySet = this.m.keySet();
        System.out.println("Token Alias Map:");
        if (keySet.size() == 0) {
            System.out.println("  [empty]");
            return;
        }
        for (String str : keySet) {
            System.out.println("  " + str + this.m.get(str));
        }
    }

    private void f() {
        if (this.l) {
            throw new KeyStoreException("This PKCS11KeyStore does not support write capabilities");
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Enumeration<String> engineAliases() {
        this.k.c();
        return Collections.enumeration(new HashSet(this.m.keySet()));
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineContainsAlias(String str) {
        this.k.c();
        return this.m.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineDeleteEntry(String str) {
        this.k.c();
        if (this.k.a()) {
            throw new KeyStoreException("token write-protected");
        }
        f();
        a(str);
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineEntryInstanceOf(String str, Class<? extends KeyStore.Entry> cls) {
        this.k.c();
        return super.engineEntryInstanceOf(str, cls);
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Certificate engineGetCertificate(String str) {
        a aVar;
        this.k.c();
        aVar = this.m.get(str);
        return aVar == null ? null : aVar.e;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized String engineGetCertificateAlias(Certificate certificate) {
        String str;
        this.k.c();
        Enumeration<String> engineAliases = engineAliases();
        while (true) {
            if (!engineAliases.hasMoreElements()) {
                str = null;
                break;
            }
            str = engineAliases.nextElement();
            Certificate engineGetCertificate = engineGetCertificate(str);
            if (engineGetCertificate != null && engineGetCertificate.equals(certificate)) {
                break;
            }
        }
        return str;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Certificate[] engineGetCertificateChain(String str) {
        a aVar;
        this.k.c();
        aVar = this.m.get(str);
        return (aVar == null || aVar.a != b) ? null : aVar.f;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        this.k.c();
        throw new ProviderException(new UnsupportedOperationException());
    }

    @Override // java.security.KeyStoreSpi
    public synchronized KeyStore.Entry engineGetEntry(String str, KeyStore.ProtectionParameter protectionParameter) {
        ac acVar;
        KeyStore.Entry entry;
        ac acVar2 = null;
        synchronized (this) {
            this.k.c();
            if (protectionParameter != null && (protectionParameter instanceof KeyStore.PasswordProtection) && ((KeyStore.PasswordProtection) protectionParameter).getPassword() != null && !this.k.c.i()) {
                throw new KeyStoreException("ProtectionParameter must be null");
            }
            a aVar = this.m.get(str);
            if (aVar == null) {
                if (i != null) {
                    i.println("engineGetEntry did not find alias [" + str + "] in map");
                }
                entry = null;
            } else {
                try {
                    acVar = this.k.f();
                } catch (PKCS11Exception e2) {
                    e = e2;
                } catch (Throwable th) {
                    th = th;
                    acVar = null;
                }
                try {
                    if (aVar.a == a) {
                        if (i != null) {
                            i.println("engineGetEntry found trusted cert entry");
                        }
                        KeyStore.TrustedCertificateEntry trustedCertificateEntry = new KeyStore.TrustedCertificateEntry(aVar.e);
                        this.k.d(acVar);
                        entry = trustedCertificateEntry;
                    } else if (aVar.a == c) {
                        if (i != null) {
                            i.println("engineGetEntry found secret key entry");
                        }
                        c a2 = a(acVar, c, (byte[]) null, aVar.b);
                        if (a2.b != c) {
                            throw new KeyStoreException("expected but could not find secret key");
                        }
                        entry = new KeyStore.SecretKeyEntry(b(acVar, a2.a));
                        this.k.d(acVar);
                    } else {
                        if (i != null) {
                            i.println("engineGetEntry found private key entry");
                        }
                        c a3 = a(acVar, b, aVar.c, (String) null);
                        if (a3.b != b) {
                            throw new KeyStoreException("expected but could not find private key");
                        }
                        PrivateKey c2 = c(acVar, a3.a);
                        X509Certificate[] x509CertificateArr = aVar.f;
                        if (c2 == null || x509CertificateArr == null) {
                            if (i != null) {
                                i.println("engineGetEntry got null cert chain or private key");
                            }
                            this.k.d(acVar);
                            entry = null;
                        } else {
                            entry = new KeyStore.PrivateKeyEntry(c2, x509CertificateArr);
                            this.k.d(acVar);
                        }
                    }
                } catch (PKCS11Exception e3) {
                    e = e3;
                    acVar2 = acVar;
                    try {
                        throw new KeyStoreException(e);
                    } catch (Throwable th2) {
                        th = th2;
                        acVar = acVar2;
                        this.k.d(acVar);
                        throw th;
                    }
                } catch (Throwable th3) {
                    th = th3;
                    this.k.d(acVar);
                    throw th;
                }
            }
        }
        return entry;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v0, types: [sun.security.pkcs11.wrapper.b] */
    /* JADX WARN: Type inference failed for: r2v2 */
    /* JADX WARN: Type inference failed for: r2v4 */
    @Override // java.security.KeyStoreSpi
    public synchronized Key engineGetKey(String str, char[] cArr) {
        Key key;
        ac acVar = null;
        synchronized (this) {
            this.k.c();
            if (cArr != null && !this.k.c.i()) {
                throw new NoSuchAlgorithmException("password must be null");
            }
            a aVar = this.m.get(str);
            if (aVar != null) {
                ac acVar2 = aVar.a;
                try {
                    if (acVar2 != a) {
                        try {
                            ac f2 = this.k.f();
                            try {
                                if (aVar.a == b) {
                                    c a2 = a(f2, aVar.a, aVar.c, (String) null);
                                    if (a2.b == b) {
                                        key = c(f2, a2.a);
                                        this.k.d(f2);
                                    }
                                    this.k.d(f2);
                                    key = null;
                                } else {
                                    c a3 = a(f2, c, (byte[]) null, str);
                                    if (a3.b == c) {
                                        key = b(f2, a3.a);
                                        this.k.d(f2);
                                    }
                                    this.k.d(f2);
                                    key = null;
                                }
                            } catch (KeyStoreException e2) {
                                e = e2;
                                throw new ProviderException(e);
                            } catch (PKCS11Exception e3) {
                                e = e3;
                                acVar = f2;
                                try {
                                    throw new ProviderException(e);
                                } catch (Throwable th) {
                                    th = th;
                                    acVar2 = acVar;
                                    this.k.d(acVar2);
                                    throw th;
                                }
                            }
                        } catch (KeyStoreException e4) {
                            e = e4;
                        } catch (PKCS11Exception e5) {
                            e = e5;
                        } catch (Throwable th2) {
                            th = th2;
                            acVar2 = 0;
                            this.k.d(acVar2);
                            throw th;
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                }
            }
            key = null;
        }
        return key;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineIsCertificateEntry(String str) {
        boolean z;
        this.k.c();
        a aVar = this.m.get(str);
        if (aVar != null) {
            z = aVar.a == a;
        }
        return z;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineIsKeyEntry(String str) {
        boolean z;
        this.k.c();
        a aVar = this.m.get(str);
        if (aVar != null) {
            z = aVar.a != a;
        }
        return z;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineLoad(InputStream inputStream, char[] cArr) {
        this.k.c();
        if (inputStream != null && !this.k.c.i()) {
            throw new IOException("input stream must be null");
        }
        if (this.n) {
            this.o = Secmod.TrustType.ALL;
        }
        try {
            if (cArr == null) {
                a((CallbackHandler) null);
            } else {
                a(new b(cArr));
            }
            if (d()) {
                this.l = true;
            }
            if (i != null) {
                e();
            }
        } catch (KeyStoreException e2) {
            IOException iOException = new IOException("load failed");
            iOException.initCause(e2);
            throw iOException;
        } catch (LoginException e3) {
            IOException iOException2 = new IOException("load failed");
            iOException2.initCause(e3);
            throw iOException2;
        } catch (PKCS11Exception e4) {
            IOException iOException3 = new IOException("load failed");
            iOException3.initCause(e4);
            throw iOException3;
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
        CallbackHandler callbackHandler;
        this.k.c();
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("invalid null LoadStoreParameter");
        }
        if (this.n) {
            if (loadStoreParameter instanceof Secmod.b) {
                this.o = ((Secmod.b) loadStoreParameter).a();
            } else {
                this.o = Secmod.TrustType.ALL;
            }
        }
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            char[] password = ((KeyStore.PasswordProtection) protectionParameter).getPassword();
            callbackHandler = password == null ? null : new b(password);
        } else {
            if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
                throw new IllegalArgumentException("ProtectionParameter must be either PasswordProtection or CallbackHandlerProtection");
            }
            callbackHandler = ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        }
        try {
            try {
                try {
                    a(callbackHandler);
                    if (d()) {
                        this.l = true;
                    }
                    if (i != null) {
                        e();
                    }
                } catch (PKCS11Exception e2) {
                    throw new IOException("load failed", e2);
                }
            } catch (KeyStoreException e3) {
                throw new IOException("load failed", e3);
            }
        } catch (LoginException e4) {
            throw new IOException("load failed", e4);
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetCertificateEntry(String str, Certificate certificate) {
        this.k.c();
        f();
        if (certificate == null) {
            throw new KeyStoreException("invalid null certificate");
        }
        engineSetEntry(str, new KeyStore.TrustedCertificateEntry(certificate), null);
    }

    /* JADX WARN: Removed duplicated region for block: B:42:0x00a2 A[Catch: all -> 0x0030, TRY_LEAVE, TryCatch #0 {, blocks: (B:4:0x0003, B:6:0x000d, B:8:0x0011, B:10:0x0019, B:12:0x0023, B:13:0x002f, B:15:0x0033, B:17:0x003b, B:18:0x0042, B:19:0x0043, B:21:0x0047, B:23:0x004b, B:24:0x0057, B:25:0x0058, B:27:0x0064, B:29:0x006a, B:30:0x0071, B:31:0x0072, B:33:0x007c, B:34:0x0083, B:35:0x0084, B:37:0x0090, B:39:0x0093, B:40:0x009e, B:42:0x00a2, B:50:0x00c3, B:51:0x00c8, B:47:0x00ca, B:48:0x00cf, B:52:0x00d0, B:54:0x00d4, B:56:0x00e0, B:58:0x00e4, B:60:0x00e8, B:62:0x00ec, B:64:0x00f0, B:65:0x0110, B:66:0x0111, B:68:0x011d, B:69:0x0142, B:71:0x0143, B:72:0x014d, B:74:0x0153, B:77:0x0169, B:80:0x017e, B:83:0x0196, B:85:0x019c, B:88:0x01a4, B:90:0x01ab, B:96:0x01b1, B:97:0x01b6, B:93:0x020d, B:94:0x0212, B:107:0x01b8, B:108:0x01bd, B:104:0x01bf, B:105:0x01c4, B:109:0x01c5, B:111:0x01c9, B:113:0x01ce, B:115:0x01d8, B:116:0x01db, B:119:0x01e0, B:120:0x01e5, B:121:0x01e6, B:122:0x020b), top: B:3:0x0003, inners: #1, #2, #3, #4, #5, #6, #7 }] */
    /* JADX WARN: Removed duplicated region for block: B:90:0x01ab A[Catch: all -> 0x0030, PKCS11Exception -> 0x01b0, CertificateException -> 0x020c, TRY_LEAVE, TryCatch #3 {CertificateException -> 0x020c, blocks: (B:88:0x01a4, B:90:0x01ab), top: B:87:0x01a4, outer: #0 }] */
    @Override // java.security.KeyStoreSpi
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized void engineSetEntry(java.lang.String r9, java.security.KeyStore.Entry r10, java.security.KeyStore.ProtectionParameter r11) {
        /*
            Method dump skipped, instructions count: 533
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.pkcs11.p.engineSetEntry(java.lang.String, java.security.KeyStore$Entry, java.security.KeyStore$ProtectionParameter):void");
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
        this.k.c();
        f();
        if (!(key instanceof PrivateKey) && !(key instanceof SecretKey)) {
            throw new KeyStoreException("key must be PrivateKey or SecretKey");
        }
        if ((key instanceof PrivateKey) && certificateArr == null) {
            throw new KeyStoreException("PrivateKey must be accompanied by non-null chain");
        }
        if ((key instanceof SecretKey) && certificateArr != null) {
            throw new KeyStoreException("SecretKey must be accompanied by null chain");
        }
        if (cArr != null && !this.k.c.i()) {
            throw new KeyStoreException("Password must be null");
        }
        KeyStore.Entry entry = null;
        try {
            if (key instanceof PrivateKey) {
                entry = new KeyStore.PrivateKeyEntry((PrivateKey) key, certificateArr);
            } else if (key instanceof SecretKey) {
                entry = new KeyStore.SecretKeyEntry((SecretKey) key);
            }
            engineSetEntry(str, entry, new KeyStore.PasswordProtection(cArr));
        } catch (IllegalArgumentException e2) {
            throw new KeyStoreException(e2);
        } catch (NullPointerException e3) {
            throw new KeyStoreException(e3);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        this.k.c();
        throw new ProviderException(new UnsupportedOperationException());
    }

    @Override // java.security.KeyStoreSpi
    public synchronized int engineSize() {
        this.k.c();
        return this.m.size();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineStore(OutputStream outputStream, char[] cArr) {
        this.k.c();
        if (outputStream != null && !this.k.c.i()) {
            throw new IOException("output stream must be null");
        }
        if (cArr != null && !this.k.c.i()) {
            throw new IOException("password must be null");
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
        this.k.c();
        if (loadStoreParameter != null) {
            throw new IllegalArgumentException("LoadStoreParameter must be null");
        }
    }
}
