package by.avest.crypto.conscrypt;

import by.avest.crypto.conscrypt.util.PersonalStoreIndex;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class AvKeyStoreNoCache extends KeyStoreSpi {
    private static final String OPERATION_NOT_SUPPORTED = "Operation not supported";
    private static final String READ_ONLY_MSG = "Read only token";
    private static final String UNABLE_TO_READ_PRIVATE_KEY_MSG = "Unable to read private key from smart card";
    private List<String> certEntries = new ArrayList();
    private List<String> keyEntries = new ArrayList();
    private Set<String> allEntries = new HashSet();

    private String addNoCacheSuffix(String str) {
        return str == null ? str : str + ",nocache=true";
    }

    private OpenSSLKey loadPrivateKey(String str, char[] cArr) throws UnrecoverableKeyException {
        OpenSSLEngine pKCS11Engine = AvProvider.getPKCS11Engine();
        long j = 0;
        try {
            j = NativeCrypto.ENGINE_stb_load_private_key(pKCS11Engine.getContext(), str, cArr);
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        }
        if (j != 0) {
            return new OpenSSLKey(j, pKCS11Engine, str);
        }
        throw new UnrecoverableKeyException(UNABLE_TO_READ_PRIVATE_KEY_MSG);
    }

    private Key loadSecretKey(String str, char[] cArr) throws UnrecoverableKeyException {
        try {
            byte[] ENGINE_stb_load_secret_key = NativeCrypto.ENGINE_stb_load_secret_key(AvProvider.getPKCS11Engine().getContext(), str, cArr);
            if (ENGINE_stb_load_secret_key == null) {
                return null;
            }
            return new SecretKeySpec(ENGINE_stb_load_secret_key, 0, ENGINE_stb_load_secret_key.length, "DES");
        } catch (Exception e) {
            UnrecoverableKeyException unrecoverableKeyException = new UnrecoverableKeyException("unable to load secret key, alias: " + str);
            unrecoverableKeyException.initCause(e);
            throw unrecoverableKeyException;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return Collections.enumeration(this.allEntries);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return this.allEntries.contains(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        throw new UnsupportedOperationException(READ_ONLY_MSG);
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        CertificateFactory certificateFactory;
        byte[] i2d_X509;
        String addNoCacheSuffix = addNoCacheSuffix(str);
        long ENGINE_stb_load_cert_ctrl = NativeCrypto.ENGINE_stb_load_cert_ctrl(AvProvider.getPKCS11Engine().getContext(), addNoCacheSuffix);
        if (ENGINE_stb_load_cert_ctrl == 0) {
            return null;
        }
        Certificate certificate = null;
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
            i2d_X509 = NativeCrypto.i2d_X509(ENGINE_stb_load_cert_ctrl);
            NativeCrypto.X509_free(ENGINE_stb_load_cert_ctrl);
        } catch (CertificateException e) {
            e.printStackTrace();
        }
        if (i2d_X509 != null && i2d_X509.length != 0) {
            certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(i2d_X509));
            if (!this.certEntries.contains(addNoCacheSuffix)) {
                this.certEntries.add(addNoCacheSuffix);
            }
            if (!this.allEntries.contains(addNoCacheSuffix)) {
                this.allEntries.add(addNoCacheSuffix);
            }
            return certificate;
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        throw new UnsupportedOperationException(OPERATION_NOT_SUPPORTED);
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        return new X509Certificate[]{(X509Certificate) engineGetCertificate(str)};
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        throw new UnsupportedOperationException(OPERATION_NOT_SUPPORTED);
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        String addNoCacheSuffix = addNoCacheSuffix(str);
        synchronized (this) {
            if (addNoCacheSuffix.startsWith("secret,")) {
                return loadSecretKey(addNoCacheSuffix.substring("secret,".length()), cArr);
            }
            OpenSSLKey loadPrivateKey = loadPrivateKey(addNoCacheSuffix, cArr);
            if (loadPrivateKey == null) {
                return null;
            }
            if (!this.keyEntries.contains(addNoCacheSuffix)) {
                this.keyEntries.add(addNoCacheSuffix);
            }
            if (!this.allEntries.contains(addNoCacheSuffix)) {
                this.allEntries.add(addNoCacheSuffix);
            }
            return loadPrivateKey.getPrivateKey();
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return engineContainsAlias(str);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return engineContainsAlias(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        AvProvider.getPKCS11Engine().getContext();
        PersonalStoreIndex personalStoreIndex = new PersonalStoreIndex();
        personalStoreIndex.load(PersonalStoreIndex.getIndexFile());
        Iterator<String> it = personalStoreIndex.getEntries().iterator();
        while (it.hasNext()) {
            this.allEntries.add(it.next());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        throw new UnsupportedOperationException(READ_ONLY_MSG);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new UnsupportedOperationException(READ_ONLY_MSG);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new UnsupportedOperationException(READ_ONLY_MSG);
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.allEntries.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        throw new UnsupportedOperationException();
    }
}
