package kh;

import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.OctetStringContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.crypto.AlgorithmStrings;
import com.rsa.cryptoj.o.ew;
import com.rsa.jsafe.FIPS140Context;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_InvalidKeyException;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_SecretKey;
import com.rsa.jsafe.JSAFE_SymmetricCipher;
import com.rsa.jsafe.JSAFE_UnimplementedException;
import com.rsa.jsafe.provider.JsafeJCE;
import com.rsa.jsafe.provider.PKCS11KeySpec;
import com.rsa.ssl.SSLException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;

/* loaded from: classes.dex */
public final class b5 {

    /* renamed from: g, reason: collision with root package name */
    public static final char[] f39896g = {'A', 'L', 'L'};

    /* renamed from: a, reason: collision with root package name */
    public KeyStore f39897a = c();

    /* renamed from: b, reason: collision with root package name */
    public c5 f39898b;

    /* renamed from: c, reason: collision with root package name */
    public x3 f39899c;

    /* renamed from: d, reason: collision with root package name */
    public JsafeJCE f39900d;

    /* renamed from: e, reason: collision with root package name */
    public CertificateFactory f39901e;

    /* renamed from: f, reason: collision with root package name */
    public FIPS140Context f39902f;

    public b5(x3 x3Var, JsafeJCE jsafeJCE, FIPS140Context fIPS140Context, w3 w3Var) {
        this.f39899c = x3Var;
        this.f39898b = new c5(jsafeJCE, w3Var, x3Var.f40706p);
        this.f39900d = jsafeJCE;
        this.f39902f = fIPS140Context;
        try {
            this.f39901e = CertificateFactory.getInstance("X.509", this.f39900d);
        } catch (CertificateException e10) {
            throw new RuntimeException(e10);
        }
    }

    public final JSAFE_PrivateKey a(byte[] bArr, char[] cArr) throws JSAFE_Exception {
        JSAFE_SymmetricCipher jSAFE_SymmetricCipher = null;
        try {
            FIPS140Context fIPS140Context = this.f39902f;
            jSAFE_SymmetricCipher = fIPS140Context != null ? JSAFE_SymmetricCipher.getInstance(bArr, 0, "Java", fIPS140Context) : JSAFE_SymmetricCipher.getInstance(bArr, 0, "Java");
            JSAFE_SecretKey blankKey = jSAFE_SymmetricCipher.getBlankKey();
            blankKey.setPassword(cArr, 0, cArr.length);
            jSAFE_SymmetricCipher.decryptInit(blankKey);
            JSAFE_PrivateKey unwrapPrivateKey = jSAFE_SymmetricCipher.unwrapPrivateKey(bArr, 0, bArr.length, true);
            jSAFE_SymmetricCipher.clearSensitiveData();
            return unwrapPrivateKey;
        } catch (Throwable th2) {
            if (jSAFE_SymmetricCipher != null) {
                jSAFE_SymmetricCipher.clearSensitiveData();
            }
            throw th2;
        }
    }

    public final String b(String str) {
        if (str.equals(AlgorithmStrings.DSA)) {
            return ew.f20554q;
        }
        return str + JSAFE_SymmetricCipher.f22654h;
    }

    public KeyStore c() {
        try {
            KeyStore keyStore = this.f39900d.getVersion() >= 4.01d ? KeyStore.getInstance("PKCS12", this.f39900d) : KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            return keyStore;
        } catch (Exception unused) {
            throw new AssertionError("Failure to create in-memory keystore");
        }
    }

    public final void d(PrivateKey privateKey, X509Certificate[] x509CertificateArr) throws KeyStoreException {
        this.f39897a.setKeyEntry(d4.a(x509CertificateArr[0]), privateKey, f39896g, x509CertificateArr);
        this.f39899c.i();
    }

    public void e(com.rsa.certj.cert.X509Certificate[] x509CertificateArr, JSAFE_PrivateKey jSAFE_PrivateKey) throws SSLException {
        byte[][] h10 = e4.h(x509CertificateArr);
        if (jSAFE_PrivateKey.getDevice().equals("PKCS11")) {
            g(h10, jSAFE_PrivateKey, null);
            return;
        }
        try {
            h(h10, jSAFE_PrivateKey.getKeyData(b(jSAFE_PrivateKey.getAlgorithm()))[0], null);
        } catch (JSAFE_UnimplementedException e10) {
            throw new SSLException(e10);
        }
    }

    public void f(com.rsa.certj.cert.X509Certificate[] x509CertificateArr, byte[] bArr, char[] cArr) throws SSLException {
        h(e4.h(x509CertificateArr), bArr, cArr);
    }

    public void g(byte[][] bArr, JSAFE_PrivateKey jSAFE_PrivateKey, char[] cArr) throws SSLException {
        try {
            X509Certificate[] g10 = e4.g(bArr, this.f39901e);
            String algorithm = g10[0].getPublicKey().getAlgorithm();
            mg.l.a(algorithm);
            KeyFactory keyFactory = KeyFactory.getInstance(algorithm, this.f39900d);
            String str = jSAFE_PrivateKey.getSupportedGetFormats()[0];
            byte[] bArr2 = jSAFE_PrivateKey.getKeyData(str)[0];
            byte[] bArr3 = jSAFE_PrivateKey.getKeyData(str)[1];
            mg.l.a(new String(bArr2));
            mg.l.d(bArr3);
            PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS11KeySpec(bArr2, bArr3));
            this.f39898b.c(g10, generatePrivate, true);
            d(generatePrivate, g10);
        } catch (Exception e10) {
            throw new SSLException(e10);
        }
    }

    public void h(byte[][] bArr, byte[] bArr2, char[] cArr) throws SSLException {
        PrivateKey generatePrivate;
        try {
            X509Certificate[] g10 = e4.g(bArr, this.f39901e);
            KeyFactory keyFactory = KeyFactory.getInstance(g10[0].getPublicKey().getAlgorithm(), this.f39900d);
            try {
                generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr2));
            } catch (InvalidKeySpecException unused) {
                if (cArr == null) {
                    throw new SSLException("Could not read private key.");
                }
                try {
                    try {
                        JSAFE_PrivateKey a10 = a(bArr2, cArr);
                        generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(a10.getKeyData(b(a10.getAlgorithm()))[0]));
                    } catch (InvalidKeySpecException unused2) {
                        throw new SSLException("Could not read private key.");
                    }
                } catch (JSAFE_Exception e10) {
                    throw new SSLException("Could not read private key.", e10);
                }
            }
            this.f39898b.c(g10, generatePrivate, false);
            d(generatePrivate, g10);
        } catch (Exception e11) {
            throw new SSLException(e11);
        }
    }

    public final int[] i(byte[] bArr, int i10) throws JSAFE_Exception {
        SequenceContainer sequenceContainer = new SequenceContainer(0);
        EndContainer endContainer = new EndContainer();
        EncodedContainer encodedContainer = new EncodedContainer(ASN1.SEQUENCE);
        OctetStringContainer octetStringContainer = new OctetStringContainer(0);
        try {
            ASN1.berDecode(bArr, i10, new ASN1Container[]{sequenceContainer, encodedContainer, octetStringContainer, endContainer});
            return new int[]{octetStringContainer.dataOffset, octetStringContainer.dataLen};
        } catch (ASN_Exception e10) {
            throw new JSAFE_InvalidKeyException("Cannot build the PKCS #8 encrypted key. (" + e10.getMessage() + ")");
        }
    }

    public KeyStore j() {
        return this.f39897a;
    }
}
