package fe;

import ae.b;
import com.microsoft.identity.common.java.platform.AbstractDevicePopManager;
import com.yubico.yubikit.core.application.BadResponseException;
import com.yubico.yubikit.core.smartcard.ApduException;
import com.yubico.yubikit.piv.KeyType;
import com.yubico.yubikit.piv.PinPolicy;
import com.yubico.yubikit.piv.Slot;
import com.yubico.yubikit.piv.TouchPolicy;
import com.yubico.yubikit.piv.jca.PivPrivateKey;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.Callable;

/* compiled from: PivKeyStoreSpi.java */
/* loaded from: classes2.dex */
public final class o extends KeyStoreSpi {

    /* renamed from: a, reason: collision with root package name */
    public final de.a<de.a<de.d<com.yubico.yubikit.piv.a, Exception>>> f24501a;

    public o(de.a<de.a<de.d<com.yubico.yubikit.piv.a, Exception>>> aVar) {
        this.f24501a = aVar;
    }

    public final void a(final Slot slot, final PrivateKey privateKey, final PinPolicy pinPolicy, final TouchPolicy touchPolicy, final X509Certificate x509Certificate) throws Exception {
        final ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(1);
        this.f24501a.invoke(new de.a() { // from class: fe.f
            @Override // de.a
            public final void invoke(Object obj) {
                final PrivateKey privateKey2 = privateKey;
                final Slot slot2 = slot;
                final PinPolicy pinPolicy2 = pinPolicy;
                final TouchPolicy touchPolicy2 = touchPolicy;
                final X509Certificate x509Certificate2 = x509Certificate;
                final de.d dVar = (de.d) obj;
                arrayBlockingQueue.add(de.d.b(new Callable() { // from class: fe.k
                    /* JADX WARN: Multi-variable type inference failed */
                    /* JADX WARN: Type inference failed for: r2v20, types: [java.util.List] */
                    @Override // java.util.concurrent.Callable
                    public final Object call() {
                        ArrayList arrayList;
                        com.yubico.yubikit.piv.a aVar = (com.yubico.yubikit.piv.a) de.d.this.a();
                        PrivateKey privateKey3 = privateKey2;
                        Slot slot3 = slot2;
                        if (privateKey3 != null) {
                            aVar.getClass();
                            KeyType a10 = KeyType.a(privateKey3);
                            PinPolicy pinPolicy3 = pinPolicy2;
                            TouchPolicy touchPolicy3 = touchPolicy2;
                            aVar.c(a10, pinPolicy3, touchPolicy3, false);
                            LinkedHashMap linkedHashMap = new LinkedHashMap();
                            KeyType.b bVar = a10.f23482e;
                            int ordinal = bVar.f23488a.ordinal();
                            int i10 = bVar.f23489b;
                            if (ordinal == 0) {
                                if (privateKey3 instanceof RSAPrivateCrtKey) {
                                    RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey3;
                                    arrayList = Arrays.asList(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient());
                                } else {
                                    if (!"PKCS#8".equals(privateKey3.getFormat())) {
                                        throw new UnsupportedEncodingException("Unsupported private key encoding");
                                    }
                                    try {
                                        ByteBuffer wrap = ByteBuffer.wrap((byte[]) de.f.a((byte[]) de.f.a(de.f.c(privateKey3.getEncoded(), 48)).get(4)).get(48));
                                        ArrayList arrayList2 = new ArrayList();
                                        while (wrap.hasRemaining()) {
                                            arrayList2.add(de.e.a(wrap));
                                        }
                                        ArrayList arrayList3 = new ArrayList();
                                        Iterator it = arrayList2.iterator();
                                        while (it.hasNext()) {
                                            de.e eVar = (de.e) it.next();
                                            int i11 = eVar.f23895b;
                                            int i12 = eVar.f23897d;
                                            arrayList3.add(new BigInteger(Arrays.copyOfRange(eVar.f23896c, i12, i11 + i12)));
                                        }
                                        int intValue = ((BigInteger) arrayList3.remove(0)).intValue();
                                        arrayList = arrayList3;
                                        if (intValue != 0) {
                                            throw new UnsupportedEncodingException("Expected value 0");
                                        }
                                    } catch (BadResponseException e10) {
                                        throw new UnsupportedEncodingException(e10.getMessage());
                                    }
                                }
                                if (((BigInteger) arrayList.get(1)).intValue() != 65537) {
                                    throw new UnsupportedEncodingException("Unsupported RSA public exponent");
                                }
                                int i13 = (i10 / 8) / 2;
                                linkedHashMap.put(1, com.yubico.yubikit.piv.a.b(i13, (BigInteger) arrayList.get(3)));
                                linkedHashMap.put(2, com.yubico.yubikit.piv.a.b(i13, (BigInteger) arrayList.get(4)));
                                linkedHashMap.put(3, com.yubico.yubikit.piv.a.b(i13, (BigInteger) arrayList.get(5)));
                                linkedHashMap.put(4, com.yubico.yubikit.piv.a.b(i13, (BigInteger) arrayList.get(6)));
                                linkedHashMap.put(5, com.yubico.yubikit.piv.a.b(i13, (BigInteger) arrayList.get(7)));
                            } else if (ordinal == 1) {
                                linkedHashMap.put(6, com.yubico.yubikit.piv.a.b(i10 / 8, ((ECPrivateKey) privateKey3).getS()));
                            }
                            if (pinPolicy3 != PinPolicy.DEFAULT) {
                                linkedHashMap.put(170, new byte[]{(byte) pinPolicy3.f23493d});
                            }
                            if (touchPolicy3 != TouchPolicy.DEFAULT) {
                                linkedHashMap.put(171, new byte[]{(byte) touchPolicy3.f23504d});
                            }
                            aVar.f23513d.b(new ce.a(-2, a10.f23481d, slot3.f23499d, de.f.b(linkedHashMap)));
                        }
                        X509Certificate x509Certificate3 = x509Certificate2;
                        if (x509Certificate3 != null) {
                            aVar.getClass();
                            try {
                                byte[] encoded = x509Certificate3.getEncoded();
                                LinkedHashMap linkedHashMap2 = new LinkedHashMap();
                                linkedHashMap2.put(112, encoded);
                                linkedHashMap2.put(113, new byte[1]);
                                linkedHashMap2.put(254, null);
                                aVar.J(de.f.b(linkedHashMap2), slot3.f23500e);
                            } catch (CertificateEncodingException e11) {
                                throw new IllegalArgumentException("Failed to get encoded version of certificate", e11);
                            }
                        }
                        return Boolean.TRUE;
                    }
                }));
            }
        });
        ((de.d) arrayBlockingQueue.take()).a();
    }

    @Override // java.security.KeyStoreSpi
    public final Enumeration<String> engineAliases() {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineContainsAlias(String str) {
        try {
            Slot.a(str);
            return true;
        } catch (IllegalArgumentException unused) {
            return false;
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineDeleteEntry(String str) throws KeyStoreException {
        final Slot a10 = Slot.a(str);
        final ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(1);
        this.f24501a.invoke(new de.a() { // from class: fe.g
            @Override // de.a
            public final void invoke(Object obj) {
                final de.d dVar = (de.d) obj;
                final Slot slot = a10;
                arrayBlockingQueue.add(de.d.b(new Callable() { // from class: fe.m
                    @Override // java.util.concurrent.Callable
                    public final Object call() {
                        com.yubico.yubikit.piv.a aVar = (com.yubico.yubikit.piv.a) de.d.this.a();
                        aVar.getClass();
                        aVar.J(null, slot.f23500e);
                        return Boolean.TRUE;
                    }
                }));
            }
        });
        try {
            ((de.d) arrayBlockingQueue.take()).a();
        } catch (Exception e10) {
            throw new KeyStoreException(e10);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final Certificate engineGetCertificate(String str) {
        final Slot a10 = Slot.a(str);
        final ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(1);
        this.f24501a.invoke(new de.a() { // from class: fe.h
            @Override // de.a
            public final void invoke(Object obj) {
                final de.d dVar = (de.d) obj;
                final Slot slot = a10;
                arrayBlockingQueue.add(de.d.b(new Callable() { // from class: fe.n
                    @Override // java.util.concurrent.Callable
                    public final Object call() {
                        return ((com.yubico.yubikit.piv.a) de.d.this.a()).d(slot);
                    }
                }));
            }
        });
        try {
            return (Certificate) ((de.d) arrayBlockingQueue.take()).a();
        } catch (BadResponseException unused) {
            return null;
        } catch (ApduException e10) {
            if (e10.f23473d == 27266) {
                return null;
            }
            throw new RuntimeException(e10);
        } catch (Exception e11) {
            throw new RuntimeException(e11);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final String engineGetCertificateAlias(Certificate certificate) {
        for (Slot slot : Slot.values()) {
            String num = Integer.toString(slot.f23499d, 16);
            if (certificate.equals(engineGetCertificate(num))) {
                return num;
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public final Certificate[] engineGetCertificateChain(String str) {
        return new Certificate[]{engineGetCertificate(str)};
    }

    @Override // java.security.KeyStoreSpi
    public final Date engineGetCreationDate(String str) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public final KeyStore.Entry engineGetEntry(String str, final KeyStore.ProtectionParameter protectionParameter) throws UnrecoverableEntryException {
        final Slot a10 = Slot.a(str);
        try {
            final ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(1);
            this.f24501a.invoke(new de.a() { // from class: fe.e
                @Override // de.a
                public final void invoke(Object obj) {
                    final de.d dVar = (de.d) obj;
                    final Slot slot = a10;
                    final KeyStore.ProtectionParameter protectionParameter2 = protectionParameter;
                    arrayBlockingQueue.add(de.d.b(new Callable() { // from class: fe.l
                        @Override // java.util.concurrent.Callable
                        public final Object call() {
                            PivPrivateKey a11;
                            com.yubico.yubikit.piv.a aVar = (com.yubico.yubikit.piv.a) de.d.this.a();
                            Slot slot2 = slot;
                            X509Certificate d10 = aVar.d(slot2);
                            KeyStore.ProtectionParameter protectionParameter3 = protectionParameter2;
                            char[] password = protectionParameter3 instanceof KeyStore.PasswordProtection ? ((KeyStore.PasswordProtection) protectionParameter3).getPassword() : null;
                            if (com.yubico.yubikit.piv.a.f23508j.b(aVar.f23514e)) {
                                ee.a g10 = aVar.g(slot2);
                                KeyType keyType = g10.f24201a;
                                LinkedHashMap a12 = de.f.a(g10.f24202b);
                                try {
                                    a11 = PivPrivateKey.a(keyType.f23482e.f23488a == KeyType.Algorithm.RSA ? KeyFactory.getInstance(AbstractDevicePopManager.KeyPairGeneratorAlgorithms.RSA).generatePublic(new RSAPublicKeySpec(new BigInteger(1, (byte[]) a12.get(129)), new BigInteger(1, (byte[]) a12.get(130)))) : com.yubico.yubikit.piv.a.E(keyType, (byte[]) a12.get(134)), slot2, password);
                                } catch (NoSuchAlgorithmException | InvalidKeySpecException e10) {
                                    throw new RuntimeException(e10);
                                }
                            } else {
                                a11 = PivPrivateKey.a(d10.getPublicKey(), slot2, password);
                            }
                            return new KeyStore.PrivateKeyEntry(a11, new Certificate[]{d10});
                        }
                    }));
                }
            });
            return (KeyStore.Entry) ((de.d) arrayBlockingQueue.take()).a();
        } catch (BadResponseException unused) {
            throw new UnrecoverableEntryException("Make sure the matching certificate is stored");
        } catch (ApduException e10) {
            if (e10.f23473d == 27266) {
                return null;
            }
            throw new RuntimeException(e10);
        } catch (Exception e11) {
            throw new RuntimeException(e11);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final Key engineGetKey(String str, final char[] cArr) throws UnrecoverableKeyException {
        final Slot a10 = Slot.a(str);
        try {
            final ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(1);
            this.f24501a.invoke(new de.a() { // from class: fe.i
                @Override // de.a
                public final void invoke(Object obj) {
                    final de.d dVar = (de.d) obj;
                    final Slot slot = a10;
                    final char[] cArr2 = cArr;
                    arrayBlockingQueue.add(de.d.b(new Callable() { // from class: fe.j
                        @Override // java.util.concurrent.Callable
                        public final Object call() {
                            PublicKey E;
                            com.yubico.yubikit.piv.a aVar = (com.yubico.yubikit.piv.a) de.d.this.a();
                            b.a aVar2 = com.yubico.yubikit.piv.a.f23508j;
                            aVar.getClass();
                            boolean b10 = aVar2.b(aVar.f23514e);
                            Slot slot2 = slot;
                            char[] cArr3 = cArr2;
                            if (!b10) {
                                return PivPrivateKey.a(aVar.d(slot2).getPublicKey(), slot2, cArr3);
                            }
                            ee.a g10 = aVar.g(slot2);
                            KeyType keyType = g10.f24201a;
                            LinkedHashMap a11 = de.f.a(g10.f24202b);
                            try {
                                if (keyType.f23482e.f23488a == KeyType.Algorithm.RSA) {
                                    E = KeyFactory.getInstance(AbstractDevicePopManager.KeyPairGeneratorAlgorithms.RSA).generatePublic(new RSAPublicKeySpec(new BigInteger(1, (byte[]) a11.get(129)), new BigInteger(1, (byte[]) a11.get(130))));
                                } else {
                                    E = com.yubico.yubikit.piv.a.E(keyType, (byte[]) a11.get(134));
                                }
                                return PivPrivateKey.a(E, slot2, cArr3);
                            } catch (NoSuchAlgorithmException | InvalidKeySpecException e10) {
                                throw new RuntimeException(e10);
                            }
                        }
                    }));
                }
            });
            return (Key) ((de.d) arrayBlockingQueue.take()).a();
        } catch (BadResponseException unused) {
            throw new UnrecoverableKeyException("No way to infer KeyType, make sure the matching certificate is stored");
        } catch (ApduException e10) {
            if (e10.f23473d == 27266) {
                return null;
            }
            throw new RuntimeException(e10);
        } catch (Exception e11) {
            throw new RuntimeException(e11);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineIsCertificateEntry(String str) {
        return engineGetCertificate(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineIsKeyEntry(String str) {
        return engineContainsAlias(str);
    }

    @Override // java.security.KeyStoreSpi
    public final void engineLoad(InputStream inputStream, char[] cArr) {
        throw new InvalidParameterException("KeyStore must be loaded with a null LoadStoreParameter");
    }

    @Override // java.security.KeyStoreSpi
    public final void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
        if (loadStoreParameter != null) {
            throw new InvalidParameterException("KeyStore must be loaded with null");
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Slot a10 = Slot.a(str);
        if (!(certificate instanceof X509Certificate)) {
            throw new KeyStoreException("Certificate must be X509Certificate");
        }
        try {
            a(a10, null, PinPolicy.DEFAULT, TouchPolicy.DEFAULT, (X509Certificate) certificate);
        } catch (Exception e10) {
            throw new KeyStoreException(e10);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        Object certificate;
        PrivateKey privateKey;
        TouchPolicy touchPolicy;
        PinPolicy pinPolicy;
        Slot a10 = Slot.a(str);
        if (entry instanceof KeyStore.TrustedCertificateEntry) {
            if (protectionParameter != null) {
                throw new KeyStoreException("Certificate cannot use protParam");
            }
            certificate = ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate();
            privateKey = null;
        } else {
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new KeyStoreException("Unsupported KeyStore entry.");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            certificate = privateKeyEntry.getCertificate();
            privateKey = privateKeyEntry.getPrivateKey();
        }
        if (certificate != null && !(certificate instanceof X509Certificate)) {
            throw new KeyStoreException("Certificate must be X509Certificate");
        }
        PinPolicy pinPolicy2 = PinPolicy.DEFAULT;
        TouchPolicy touchPolicy2 = TouchPolicy.DEFAULT;
        if (privateKey == null || protectionParameter == null) {
            touchPolicy = touchPolicy2;
            pinPolicy = pinPolicy2;
        } else {
            if (!(protectionParameter instanceof d)) {
                throw new KeyStoreException("protParam must be an instance of PivKeyStoreKeyParameters");
            }
            pinPolicy = null;
            touchPolicy = null;
        }
        try {
            a(a10, privateKey, pinPolicy, touchPolicy, (X509Certificate) certificate);
        } catch (Exception e10) {
            throw new KeyStoreException(e10);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        Slot a10 = Slot.a(str);
        if (cArr != null) {
            throw new KeyStoreException("Password can not be set");
        }
        if (certificateArr.length != 1) {
            throw new KeyStoreException("Certificate chain must be a single certificate, or empty");
        }
        Certificate certificate = certificateArr[0];
        if (!(certificate instanceof X509Certificate)) {
            throw new KeyStoreException("Certificate must be X509Certificate");
        }
        try {
            a(a10, (PrivateKey) key, PinPolicy.DEFAULT, TouchPolicy.DEFAULT, (X509Certificate) certificate);
        } catch (Exception e10) {
            throw new KeyStoreException(e10);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("Use setKeyEntry with a PrivateKey instance instead of byte[]");
    }

    @Override // java.security.KeyStoreSpi
    public final int engineSize() {
        return Slot.values().length;
    }

    @Override // java.security.KeyStoreSpi
    public final void engineStore(OutputStream outputStream, char[] cArr) {
        throw new UnsupportedOperationException();
    }
}
