package android.security.keystore;

import android.security.Credentials;
import android.security.KeyStore;
import android.security.KeyStoreParameter;
import android.security.keymaster.KeyCharacteristics;
import android.security.keymaster.KeymasterArguments;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.KeyProperties;
import android.security.keystore.KeyProtection;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.crypto.SecretKey;
import libcore.util.EmptyArray;

/* loaded from: classes.dex */
public class AndroidKeyStoreSpi extends KeyStoreSpi {
    public static final String NAME = "AndroidKeyStore";
    private KeyStore mKeyStore;
    private int mUid = -1;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class KeyStoreX509Certificate extends DelegatingX509Certificate {
        private final String mPrivateKeyAlias;
        private final int mPrivateKeyUid;

        KeyStoreX509Certificate(String str, int i, X509Certificate x509Certificate) {
            super(x509Certificate);
            this.mPrivateKeyAlias = str;
            this.mPrivateKeyUid = i;
        }

        @Override // android.security.keystore.DelegatingX509Certificate, java.security.cert.Certificate
        public PublicKey getPublicKey() {
            PublicKey publicKey = super.getPublicKey();
            return AndroidKeyStoreProvider.getAndroidKeyStorePublicKey(this.mPrivateKeyAlias, this.mPrivateKeyUid, publicKey.getAlgorithm(), publicKey.getEncoded());
        }
    }

    private Certificate getCertificateForPrivateKeyEntry(String str, byte[] bArr) {
        X509Certificate certificate = toCertificate(bArr);
        if (certificate == null) {
            return null;
        }
        String str2 = Credentials.USER_PRIVATE_KEY + str;
        return this.mKeyStore.contains(str2, this.mUid) ? wrapIntoKeyStoreCertificate(str2, this.mUid, certificate) : certificate;
    }

    private Certificate getCertificateForTrustedCertificateEntry(byte[] bArr) {
        return toCertificate(bArr);
    }

    private static KeyProtection getLegacyKeyProtectionParameter(PrivateKey privateKey) throws KeyStoreException {
        KeyProtection.Builder builder;
        String algorithm = privateKey.getAlgorithm();
        if (KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(algorithm)) {
            builder = new KeyProtection.Builder(12);
            builder.setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, "SHA-256", KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512);
        } else {
            if (!KeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(algorithm)) {
                throw new KeyStoreException("Unsupported key algorithm: " + algorithm);
            }
            builder = new KeyProtection.Builder(15);
            builder.setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, "SHA-256", KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512);
            builder.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE, KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1, KeyProperties.ENCRYPTION_PADDING_RSA_OAEP);
            builder.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1, KeyProperties.SIGNATURE_PADDING_RSA_PSS);
            builder.setRandomizedEncryptionRequired(false);
        }
        builder.setUserAuthenticationRequired(false);
        return builder.build();
    }

    private Date getModificationDate(String str) {
        long j = this.mKeyStore.getmtime(str, this.mUid);
        if (j == -1) {
            return null;
        }
        return new Date(j);
    }

    private Set<String> getUniqueAliases() {
        String[] list = this.mKeyStore.list("", this.mUid);
        if (list == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet(list.length);
        for (String str : list) {
            int indexOf = str.indexOf(95);
            if (indexOf == -1 || str.length() <= indexOf) {
                Log.e("AndroidKeyStore", "invalid alias: " + str);
            } else {
                hashSet.add(new String(str.substring(indexOf + 1)));
            }
        }
        return hashSet;
    }

    private boolean isCertificateEntry(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        return this.mKeyStore.contains(Credentials.CA_CERTIFICATE + str, this.mUid);
    }

    private boolean isKeyEntry(String str) {
        return isPrivateKeyEntry(str) || isSecretKeyEntry(str);
    }

    private boolean isPrivateKeyEntry(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        return this.mKeyStore.contains(Credentials.USER_PRIVATE_KEY + str, this.mUid);
    }

    private boolean isSecretKeyEntry(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        return this.mKeyStore.contains(Credentials.USER_SECRET_KEY + str, this.mUid);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v22, types: [android.security.KeyStore] */
    /* JADX WARN: Type inference failed for: r0v25, types: [android.security.KeyStore] */
    /* JADX WARN: Type inference failed for: r14v0 */
    /* JADX WARN: Type inference failed for: r14v1, types: [int] */
    /* JADX WARN: Type inference failed for: r14v2 */
    /* JADX WARN: Type inference failed for: r17v0, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r18v0, types: [java.security.PrivateKey] */
    private void setPrivateKeyEntry(String str, PrivateKey privateKey, Certificate[] certificateArr, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        KeyProtection keyProtection;
        int isEncryptionRequired;
        byte[] bArr;
        byte[] bArr2;
        int i;
        int i2 = 0;
        if (protectionParameter == null) {
            keyProtection = getLegacyKeyProtectionParameter(privateKey);
        } else {
            if (protectionParameter instanceof KeyStoreParameter) {
                KeyProtection legacyKeyProtectionParameter = getLegacyKeyProtectionParameter(privateKey);
                isEncryptionRequired = ((KeyStoreParameter) protectionParameter).isEncryptionRequired();
                keyProtection = legacyKeyProtectionParameter;
                if (certificateArr != null || certificateArr.length == 0) {
                    throw new KeyStoreException("Must supply at least one Certificate with PrivateKey");
                }
                int length = certificateArr.length;
                X509Certificate[] x509CertificateArr = new X509Certificate[length];
                for (int i3 = 0; i3 < certificateArr.length; i3++) {
                    if (!"X.509".equals(certificateArr[i3].getType())) {
                        throw new KeyStoreException("Certificates must be in X.509 format: invalid cert #" + i3);
                    }
                    if (!(certificateArr[i3] instanceof X509Certificate)) {
                        throw new KeyStoreException("Certificates must be in X.509 format: invalid cert #" + i3);
                    }
                    x509CertificateArr[i3] = (X509Certificate) certificateArr[i3];
                }
                try {
                    byte[] encoded = x509CertificateArr[0].getEncoded();
                    KeymasterArguments keymasterArguments = null;
                    if (certificateArr.length > 1) {
                        int i4 = length - 1;
                        byte[][] bArr3 = new byte[i4];
                        int i5 = 0;
                        int i6 = 0;
                        while (i5 < i4) {
                            int i7 = i5 + 1;
                            try {
                                bArr3[i5] = x509CertificateArr[i7].getEncoded();
                                i6 += bArr3[i5].length;
                                i5 = i7;
                            } catch (CertificateEncodingException e) {
                                throw new KeyStoreException("Failed to encode certificate #" + i5, e);
                            }
                        }
                        byte[] bArr4 = new byte[i6];
                        int i8 = 0;
                        for (int i9 = 0; i9 < i4; i9++) {
                            int length2 = bArr3[i9].length;
                            System.arraycopy(bArr3[i9], 0, bArr4, i8, length2);
                            i8 += length2;
                            bArr3[i9] = null;
                        }
                        bArr = bArr4;
                    } else {
                        bArr = null;
                    }
                    String alias = privateKey instanceof AndroidKeyStorePrivateKey ? ((AndroidKeyStoreKey) privateKey).getAlias() : null;
                    if (alias == null || !alias.startsWith(Credentials.USER_PRIVATE_KEY)) {
                        String format = privateKey.getFormat();
                        if (format == null || !"PKCS#8".equals(format)) {
                            throw new KeyStoreException("Unsupported private key export format: " + format + ". Only private keys which export their key material in PKCS#8 format are supported.");
                        }
                        byte[] encoded2 = privateKey.getEncoded();
                        if (encoded2 == null) {
                            throw new KeyStoreException("Private key did not export any key material");
                        }
                        keymasterArguments = new KeymasterArguments();
                        try {
                            keymasterArguments.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeyProperties.KeyAlgorithm.toKeymasterAsymmetricKeyAlgorithm(privateKey.getAlgorithm()));
                            int purposes = keyProtection.getPurposes();
                            keymasterArguments.addEnums(KeymasterDefs.KM_TAG_PURPOSE, KeyProperties.Purpose.allToKeymaster(purposes));
                            if (keyProtection.isDigestsSpecified()) {
                                keymasterArguments.addEnums(KeymasterDefs.KM_TAG_DIGEST, KeyProperties.Digest.allToKeymaster(keyProtection.getDigests()));
                            }
                            keymasterArguments.addEnums(KeymasterDefs.KM_TAG_BLOCK_MODE, KeyProperties.BlockMode.allToKeymaster(keyProtection.getBlockModes()));
                            int[] allToKeymaster = KeyProperties.EncryptionPadding.allToKeymaster(keyProtection.getEncryptionPaddings());
                            if ((purposes & 1) != 0 && keyProtection.isRandomizedEncryptionRequired()) {
                                int length3 = allToKeymaster.length;
                                while (i2 < length3) {
                                    int i10 = allToKeymaster[i2];
                                    if (!KeymasterUtils.isKeymasterPaddingSchemeIndCpaCompatibleWithAsymmetricCrypto(i10)) {
                                        throw new KeyStoreException("Randomized encryption (IND-CPA) required but is violated by encryption padding mode: " + KeyProperties.EncryptionPadding.fromKeymaster(i10) + ". See KeyProtection documentation.");
                                    }
                                    i2++;
                                }
                            }
                            keymasterArguments.addEnums(KeymasterDefs.KM_TAG_PADDING, allToKeymaster);
                            keymasterArguments.addEnums(KeymasterDefs.KM_TAG_PADDING, KeyProperties.SignaturePadding.allToKeymaster(keyProtection.getSignaturePaddings()));
                            KeymasterUtils.addUserAuthArgs(keymasterArguments, keyProtection.isUserAuthenticationRequired(), keyProtection.getUserAuthenticationValidityDurationSeconds(), keyProtection.isUserAuthenticationValidWhileOnBody(), keyProtection.isInvalidatedByBiometricEnrollment());
                            keymasterArguments.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, keyProtection.getKeyValidityStart());
                            keymasterArguments.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, keyProtection.getKeyValidityForOriginationEnd());
                            keymasterArguments.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, keyProtection.getKeyValidityForConsumptionEnd());
                            bArr2 = encoded2;
                            i2 = 1;
                        } catch (IllegalArgumentException | IllegalStateException e2) {
                            throw new KeyStoreException(e2);
                        }
                    } else {
                        String substring = alias.substring(8);
                        if (!str.equals(substring)) {
                            throw new KeyStoreException("Can only replace keys with same alias: " + ((String) str) + " != " + substring);
                        }
                        bArr2 = null;
                    }
                    try {
                        if (i2 != 0) {
                            Credentials.deleteAllTypesForAlias(this.mKeyStore, str, this.mUid);
                            KeyCharacteristics keyCharacteristics = new KeyCharacteristics();
                            i = 1;
                            int importKey = this.mKeyStore.importKey(Credentials.USER_PRIVATE_KEY + ((String) str), keymasterArguments, 1, bArr2, this.mUid, isEncryptionRequired, keyCharacteristics);
                            if (importKey != 1) {
                                throw new KeyStoreException("Failed to store private key", android.security.KeyStore.getKeyStoreException(importKey));
                            }
                        } else {
                            i = 1;
                            Credentials.deleteCertificateTypesForAlias(this.mKeyStore, str, this.mUid);
                            Credentials.deleteSecretKeyTypeForAlias(this.mKeyStore, str, this.mUid);
                        }
                        int insert = this.mKeyStore.insert(Credentials.USER_CERTIFICATE + ((String) str), encoded, this.mUid, isEncryptionRequired);
                        if (insert != i) {
                            throw new KeyStoreException("Failed to store certificate #0", android.security.KeyStore.getKeyStoreException(insert));
                        }
                        int insert2 = this.mKeyStore.insert(Credentials.CA_CERTIFICATE + ((String) str), bArr, this.mUid, isEncryptionRequired);
                        if (insert2 != i) {
                            throw new KeyStoreException("Failed to store certificate chain", android.security.KeyStore.getKeyStoreException(insert2));
                        }
                        return;
                    } catch (Throwable th) {
                        if (i2 != 0) {
                            Credentials.deleteAllTypesForAlias(this.mKeyStore, str, this.mUid);
                        } else {
                            Credentials.deleteCertificateTypesForAlias(this.mKeyStore, str, this.mUid);
                            Credentials.deleteSecretKeyTypeForAlias(this.mKeyStore, str, this.mUid);
                        }
                        throw th;
                    }
                } catch (CertificateEncodingException e3) {
                    throw new KeyStoreException("Failed to encode certificate #0", e3);
                }
            }
            if (!(protectionParameter instanceof KeyProtection)) {
                throw new KeyStoreException("Unsupported protection parameter class:" + protectionParameter.getClass().getName() + ". Supported: " + KeyProtection.class.getName() + ", " + KeyStoreParameter.class.getName());
            }
            keyProtection = (KeyProtection) protectionParameter;
        }
        isEncryptionRequired = 0;
        if (certificateArr != null) {
        }
        throw new KeyStoreException("Must supply at least one Certificate with PrivateKey");
    }

    private void setSecretKeyEntry(String str, SecretKey secretKey, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        int[] allToKeymaster;
        if (protectionParameter != null && !(protectionParameter instanceof KeyProtection)) {
            throw new KeyStoreException("Unsupported protection parameter class: " + protectionParameter.getClass().getName() + ". Supported: " + KeyProtection.class.getName());
        }
        KeyProtection keyProtection = (KeyProtection) protectionParameter;
        if (secretKey instanceof AndroidKeyStoreSecretKey) {
            String alias = ((AndroidKeyStoreSecretKey) secretKey).getAlias();
            if (alias == null) {
                throw new KeyStoreException("KeyStore-backed secret key does not have an alias");
            }
            if (!alias.startsWith(Credentials.USER_SECRET_KEY)) {
                throw new KeyStoreException("KeyStore-backed secret key has invalid alias: " + alias);
            }
            String substring = alias.substring(8);
            if (str.equals(substring)) {
                if (keyProtection != null) {
                    throw new KeyStoreException("Modifying KeyStore-backed key using protection parameters not supported");
                }
                return;
            }
            throw new KeyStoreException("Can only replace KeyStore-backed keys with same alias: " + str + " != " + substring);
        }
        if (keyProtection == null) {
            throw new KeyStoreException("Protection parameters must be specified when importing a symmetric key");
        }
        String format = secretKey.getFormat();
        if (format == null) {
            throw new KeyStoreException("Only secret keys that export their key material are supported");
        }
        if (!"RAW".equals(format)) {
            throw new KeyStoreException("Unsupported secret key material export format: " + format);
        }
        byte[] encoded = secretKey.getEncoded();
        if (encoded == null) {
            throw new KeyStoreException("Key did not export its key material despite supporting RAW format export");
        }
        KeymasterArguments keymasterArguments = new KeymasterArguments();
        try {
            int keymasterSecretKeyAlgorithm = KeyProperties.KeyAlgorithm.toKeymasterSecretKeyAlgorithm(secretKey.getAlgorithm());
            keymasterArguments.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, keymasterSecretKeyAlgorithm);
            if (keymasterSecretKeyAlgorithm == 128) {
                int keymasterDigest = KeyProperties.KeyAlgorithm.toKeymasterDigest(secretKey.getAlgorithm());
                if (keymasterDigest == -1) {
                    throw new ProviderException("HMAC key algorithm digest unknown for key algorithm " + secretKey.getAlgorithm());
                }
                allToKeymaster = new int[]{keymasterDigest};
                if (keyProtection.isDigestsSpecified()) {
                    int[] allToKeymaster2 = KeyProperties.Digest.allToKeymaster(keyProtection.getDigests());
                    if (allToKeymaster2.length != 1 || allToKeymaster2[0] != keymasterDigest) {
                        throw new KeyStoreException("Unsupported digests specification: " + Arrays.asList(keyProtection.getDigests()) + ". Only " + KeyProperties.Digest.fromKeymaster(keymasterDigest) + " supported for HMAC key algorithm " + secretKey.getAlgorithm());
                    }
                }
            } else {
                allToKeymaster = keyProtection.isDigestsSpecified() ? KeyProperties.Digest.allToKeymaster(keyProtection.getDigests()) : EmptyArray.INT;
            }
            keymasterArguments.addEnums(KeymasterDefs.KM_TAG_DIGEST, allToKeymaster);
            int purposes = keyProtection.getPurposes();
            int[] allToKeymaster3 = KeyProperties.BlockMode.allToKeymaster(keyProtection.getBlockModes());
            int i = purposes & 1;
            if (i != 0 && keyProtection.isRandomizedEncryptionRequired()) {
                for (int i2 : allToKeymaster3) {
                    if (!KeymasterUtils.isKeymasterBlockModeIndCpaCompatibleWithSymmetricCrypto(i2)) {
                        throw new KeyStoreException("Randomized encryption (IND-CPA) required but may be violated by block mode: " + KeyProperties.BlockMode.fromKeymaster(i2) + ". See KeyProtection documentation.");
                    }
                }
            }
            keymasterArguments.addEnums(KeymasterDefs.KM_TAG_PURPOSE, KeyProperties.Purpose.allToKeymaster(purposes));
            keymasterArguments.addEnums(KeymasterDefs.KM_TAG_BLOCK_MODE, allToKeymaster3);
            if (keyProtection.getSignaturePaddings().length > 0) {
                throw new KeyStoreException("Signature paddings not supported for symmetric keys");
            }
            keymasterArguments.addEnums(KeymasterDefs.KM_TAG_PADDING, KeyProperties.EncryptionPadding.allToKeymaster(keyProtection.getEncryptionPaddings()));
            KeymasterUtils.addUserAuthArgs(keymasterArguments, keyProtection.isUserAuthenticationRequired(), keyProtection.getUserAuthenticationValidityDurationSeconds(), keyProtection.isUserAuthenticationValidWhileOnBody(), keyProtection.isInvalidatedByBiometricEnrollment());
            KeymasterUtils.addMinMacLengthAuthorizationIfNecessary(keymasterArguments, keymasterSecretKeyAlgorithm, allToKeymaster3, allToKeymaster);
            keymasterArguments.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, keyProtection.getKeyValidityStart());
            keymasterArguments.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, keyProtection.getKeyValidityForOriginationEnd());
            keymasterArguments.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, keyProtection.getKeyValidityForConsumptionEnd());
            if (i != 0 && !keyProtection.isRandomizedEncryptionRequired()) {
                keymasterArguments.addBoolean(KeymasterDefs.KM_TAG_CALLER_NONCE);
            }
            Credentials.deleteAllTypesForAlias(this.mKeyStore, str, this.mUid);
            int importKey = this.mKeyStore.importKey(Credentials.USER_SECRET_KEY + str, keymasterArguments, 3, encoded, this.mUid, 0, new KeyCharacteristics());
            if (importKey == 1) {
                return;
            }
            throw new KeyStoreException("Failed to import secret key. Keystore error code: " + importKey);
        } catch (IllegalArgumentException | IllegalStateException e) {
            throw new KeyStoreException(e);
        }
    }

    private static X509Certificate toCertificate(byte[] bArr) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            Log.w("AndroidKeyStore", "Couldn't parse certificate in keystore", e);
            return null;
        }
    }

    private static Collection<X509Certificate> toCertificates(byte[] bArr) {
        try {
            return CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            Log.w("AndroidKeyStore", "Couldn't parse certificates in keystore", e);
            return new ArrayList();
        }
    }

    private static KeyStoreX509Certificate wrapIntoKeyStoreCertificate(String str, int i, X509Certificate x509Certificate) {
        if (x509Certificate != null) {
            return new KeyStoreX509Certificate(str, i, x509Certificate);
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return Collections.enumeration(getUniqueAliases());
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        if (!this.mKeyStore.contains(Credentials.USER_PRIVATE_KEY + str, this.mUid)) {
            if (!this.mKeyStore.contains(Credentials.USER_SECRET_KEY + str, this.mUid)) {
                if (!this.mKeyStore.contains(Credentials.USER_CERTIFICATE + str, this.mUid)) {
                    if (!this.mKeyStore.contains(Credentials.CA_CERTIFICATE + str, this.mUid)) {
                        return false;
                    }
                }
            }
        }
        return true;
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (Credentials.deleteAllTypesForAlias(this.mKeyStore, str, this.mUid)) {
            return;
        }
        throw new KeyStoreException("Failed to delete entry: " + str);
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        byte[] bArr = this.mKeyStore.get(Credentials.USER_CERTIFICATE + str, this.mUid);
        if (bArr != null) {
            return getCertificateForPrivateKeyEntry(str, bArr);
        }
        byte[] bArr2 = this.mKeyStore.get(Credentials.CA_CERTIFICATE + str, this.mUid);
        if (bArr2 != null) {
            return getCertificateForTrustedCertificateEntry(bArr2);
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        byte[] encoded;
        if (certificate == null || !"X.509".equalsIgnoreCase(certificate.getType())) {
            return null;
        }
        try {
            encoded = certificate.getEncoded();
        } catch (CertificateEncodingException unused) {
        }
        if (encoded == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        String[] list = this.mKeyStore.list(Credentials.USER_CERTIFICATE, this.mUid);
        if (list != null) {
            for (String str : list) {
                byte[] bArr = this.mKeyStore.get(Credentials.USER_CERTIFICATE + str, this.mUid);
                if (bArr != null) {
                    hashSet.add(str);
                    if (Arrays.equals(bArr, encoded)) {
                        return str;
                    }
                }
            }
        }
        String[] list2 = this.mKeyStore.list(Credentials.CA_CERTIFICATE, this.mUid);
        if (list != null) {
            for (String str2 : list2) {
                if (!hashSet.contains(str2)) {
                    byte[] bArr2 = this.mKeyStore.get(Credentials.CA_CERTIFICATE + str2, this.mUid);
                    if (bArr2 != null && Arrays.equals(bArr2, encoded)) {
                        return str2;
                    }
                }
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        Certificate[] certificateArr;
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        X509Certificate x509Certificate = (X509Certificate) engineGetCertificate(str);
        if (x509Certificate == null) {
            return null;
        }
        byte[] bArr = this.mKeyStore.get(Credentials.CA_CERTIFICATE + str, this.mUid);
        int i = 1;
        if (bArr != null) {
            Collection<X509Certificate> certificates = toCertificates(bArr);
            certificateArr = new Certificate[certificates.size() + 1];
            Iterator<X509Certificate> it = certificates.iterator();
            while (it.hasNext()) {
                certificateArr[i] = it.next();
                i++;
            }
        } else {
            certificateArr = new Certificate[1];
        }
        certificateArr[0] = x509Certificate;
        return certificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        Date modificationDate = getModificationDate(Credentials.USER_PRIVATE_KEY + str);
        if (modificationDate != null) {
            return modificationDate;
        }
        Date modificationDate2 = getModificationDate(Credentials.USER_SECRET_KEY + str);
        if (modificationDate2 != null) {
            return modificationDate2;
        }
        Date modificationDate3 = getModificationDate(Credentials.USER_CERTIFICATE + str);
        if (modificationDate3 != null) {
            return modificationDate3;
        }
        return getModificationDate(Credentials.CA_CERTIFICATE + str);
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        if (isPrivateKeyEntry(str)) {
            return AndroidKeyStoreProvider.loadAndroidKeyStorePrivateKeyFromKeystore(this.mKeyStore, Credentials.USER_PRIVATE_KEY + str, this.mUid);
        }
        if (!isSecretKeyEntry(str)) {
            return null;
        }
        return AndroidKeyStoreProvider.loadAndroidKeyStoreSecretKeyFromKeystore(this.mKeyStore, Credentials.USER_SECRET_KEY + str, this.mUid);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return !isKeyEntry(str) && isCertificateEntry(str);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return isKeyEntry(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (inputStream != null) {
            throw new IllegalArgumentException("InputStream not supported");
        }
        if (cArr != null) {
            throw new IllegalArgumentException("password not supported");
        }
        this.mKeyStore = android.security.KeyStore.getInstance();
        this.mUid = -1;
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
        int i;
        if (loadStoreParameter == null) {
            i = -1;
        } else {
            if (!(loadStoreParameter instanceof AndroidKeyStoreLoadStoreParameter)) {
                throw new IllegalArgumentException("Unsupported param type: " + loadStoreParameter.getClass());
            }
            i = ((AndroidKeyStoreLoadStoreParameter) loadStoreParameter).getUid();
        }
        this.mKeyStore = android.security.KeyStore.getInstance();
        this.mUid = i;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        if (isKeyEntry(str)) {
            throw new KeyStoreException("Entry exists and is not a trusted certificate");
        }
        if (certificate == null) {
            throw new NullPointerException("cert == null");
        }
        try {
            byte[] encoded = certificate.getEncoded();
            if (!this.mKeyStore.put(Credentials.CA_CERTIFICATE + str, encoded, this.mUid, 0)) {
                throw new KeyStoreException("Couldn't insert certificate; is KeyStore initialized?");
            }
        } catch (CertificateEncodingException e) {
            throw new KeyStoreException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        if (entry == null) {
            throw new KeyStoreException("entry == null");
        }
        Credentials.deleteAllTypesForAlias(this.mKeyStore, str, this.mUid);
        if (entry instanceof KeyStore.TrustedCertificateEntry) {
            engineSetCertificateEntry(str, ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate());
            return;
        }
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            setPrivateKeyEntry(str, privateKeyEntry.getPrivateKey(), privateKeyEntry.getCertificateChain(), protectionParameter);
        } else {
            if (entry instanceof KeyStore.SecretKeyEntry) {
                setSecretKeyEntry(str, ((KeyStore.SecretKeyEntry) entry).getSecretKey(), protectionParameter);
                return;
            }
            throw new KeyStoreException("Entry must be a PrivateKeyEntry, SecretKeyEntry or TrustedCertificateEntry; was " + entry);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if (cArr != null && cArr.length > 0) {
            throw new KeyStoreException("entries cannot be protected with passwords");
        }
        if (key instanceof PrivateKey) {
            setPrivateKeyEntry(str, (PrivateKey) key, certificateArr, null);
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("Only PrivateKey and SecretKey are supported");
            }
            setSecretKeyEntry(str, (SecretKey) key, null);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("Operation not supported because key encoding is unknown");
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return getUniqueAliases().size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        throw new UnsupportedOperationException("Can not serialize AndroidKeyStore to OutputStream");
    }
}
