package com.rsa.cryptoj.o;

import com.rsa.crypto.CryptoException;
import com.rsa.crypto.CryptoModule;
import com.rsa.crypto.KeyBuilder;
import com.rsa.crypto.PrivateKey;
import com.rsa.jsafe.provider.HardwareIterator;
import com.rsa.jsafe.provider.HardwareStore;
import com.rsa.jsafe.provider.HardwareStoreException;
import com.rsa.jsafe.provider.HardwareStoreSpi;
import com.rsa.jsafe.provider.PKCS11CertIteratorParameters;
import com.rsa.jsafe.provider.PKCS11KeyIteratorParameters;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.List;
import java.util.NoSuchElementException;

/* loaded from: classes.dex */
public class nn extends HardwareStoreSpi {

    /* renamed from: a, reason: collision with root package name */
    private final ch f2394a;

    /* renamed from: b, reason: collision with root package name */
    private final List<cc> f2395b;

    /* renamed from: c, reason: collision with root package name */
    private final CryptoModule f2396c;

    /* renamed from: d, reason: collision with root package name */
    private final com.rsa.crypto.ncm.key.l f2397d;

    /* loaded from: classes.dex */
    private class a implements HardwareIterator<Certificate> {

        /* renamed from: b, reason: collision with root package name */
        private com.rsa.crypto.ncm.cert.b f2399b;

        /* renamed from: c, reason: collision with root package name */
        private com.rsa.crypto.ncm.cert.c f2400c = null;

        public a(com.rsa.crypto.ncm.cert.b bVar) {
            this.f2399b = bVar;
        }

        @Override // java.util.Iterator
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public synchronized Certificate next() {
            try {
                if (this.f2400c != null) {
                    this.f2400c.clearSensitiveData();
                    this.f2400c = null;
                }
                if (this.f2399b == null) {
                    throw new NoSuchElementException();
                }
                this.f2400c = this.f2399b.next();
            } catch (CryptoException e) {
                throw new SecurityException("Failed to get next certificate.", e);
            } catch (CertificateException e2) {
                throw new SecurityException("Failed to decode the found certificate.", e2);
            }
            return qa.a(nn.this.f2394a, kf.f2172b, ByteBuffer.wrap(this.f2400c.getEncoded()));
        }

        @Override // com.rsa.jsafe.provider.HardwareIterator
        public synchronized byte[] getId() {
            if (this.f2400c == null) {
                throw new IllegalStateException("No certificate available.");
            }
            try {
            } catch (CryptoException e) {
                throw new SecurityException("Failed to retrieve the PKCS #11 certificate ID.", e);
            }
            return this.f2400c.getCertID();
        }

        @Override // com.rsa.jsafe.provider.HardwareIterator
        public synchronized String getLabel() {
            if (this.f2400c == null) {
                throw new IllegalStateException("No certificate available.");
            }
            try {
            } catch (CryptoException e) {
                throw new SecurityException("Failed to retrieve the PKCS #11 certificate label.", e);
            }
            return this.f2400c.getCertLabel();
        }

        @Override // java.util.Iterator
        public synchronized boolean hasNext() {
            if (this.f2399b == null) {
                return false;
            }
            try {
                boolean hasNext = this.f2399b.hasNext();
                if (!hasNext) {
                    this.f2399b.clearSensitiveData();
                    this.f2399b = null;
                }
                return hasNext;
            } catch (CryptoException e) {
                throw new SecurityException("Failed to check for next certificate.", e);
            }
        }

        @Override // java.util.Iterator
        public synchronized void remove() {
            if (this.f2400c == null) {
                throw new IllegalStateException("No certificate to remove.");
            }
            try {
                this.f2400c.deleteCertFromDevice();
                this.f2400c.clearSensitiveData();
                this.f2400c = null;
            } catch (CryptoException e) {
                throw new SecurityException("Failed to remove certificate from the device.", e);
            }
        }

        @Override // com.rsa.jsafe.provider.HardwareIterator
        public synchronized void removeNext() {
            try {
                if (this.f2400c != null) {
                    this.f2400c.clearSensitiveData();
                    this.f2400c = null;
                }
                if (this.f2399b == null) {
                    throw new NoSuchElementException();
                }
                com.rsa.crypto.ncm.cert.c next = this.f2399b.next();
                next.deleteCertFromDevice();
                next.clearSensitiveData();
            } catch (CryptoException e) {
                throw new SecurityException("Failed to remove next certificate.", e);
            }
        }

        @Override // com.rsa.jsafe.provider.HardwareIterator
        public synchronized void stop() {
            if (this.f2400c != null) {
                this.f2400c.clearSensitiveData();
                this.f2400c = null;
            }
            if (this.f2399b != null) {
                this.f2399b.clearSensitiveData();
                this.f2399b = null;
            }
        }
    }

    /* loaded from: classes.dex */
    private class b implements HardwareIterator<Key> {

        /* renamed from: b, reason: collision with root package name */
        private com.rsa.crypto.ncm.key.o f2402b;

        /* renamed from: c, reason: collision with root package name */
        private final String f2403c;

        /* renamed from: d, reason: collision with root package name */
        private com.rsa.crypto.ncm.key.j f2404d = null;

        public b(com.rsa.crypto.ncm.key.o oVar, String str) {
            this.f2402b = oVar;
            this.f2403c = str;
        }

        @Override // java.util.Iterator
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public synchronized Key next() {
            try {
                this.f2404d = null;
                if (this.f2402b == null) {
                    throw new NoSuchElementException();
                }
                this.f2404d = this.f2402b.next();
            } catch (CryptoException e) {
                throw new SecurityException("Failed to get next key.", e);
            }
            return fj.a(this.f2403c, (PrivateKey) this.f2404d, nn.this.f2396c);
        }

        @Override // com.rsa.jsafe.provider.HardwareIterator
        public synchronized byte[] getId() {
            if (this.f2404d == null) {
                throw new IllegalStateException("No key available.");
            }
            try {
            } catch (CryptoException e) {
                throw new SecurityException("Failed to retrieve the PKCS #11 key ID.", e);
            }
            return this.f2404d.getKeyID();
        }

        @Override // com.rsa.jsafe.provider.HardwareIterator
        public synchronized String getLabel() {
            if (this.f2404d == null) {
                throw new IllegalStateException("No key available.");
            }
            try {
            } catch (CryptoException e) {
                throw new SecurityException("Failed to retrieve the PKCS #11 key label.", e);
            }
            return this.f2404d.getKeyLabel();
        }

        @Override // java.util.Iterator
        public synchronized boolean hasNext() {
            if (this.f2402b == null) {
                return false;
            }
            try {
                boolean hasNext = this.f2402b.hasNext();
                if (!hasNext) {
                    this.f2402b.clearSensitiveData();
                    this.f2402b = null;
                }
                return hasNext;
            } catch (CryptoException e) {
                throw new SecurityException("Failed to check for next key.", e);
            }
        }

        @Override // java.util.Iterator
        public synchronized void remove() {
            if (this.f2404d == null) {
                throw new IllegalStateException("No key to remove.");
            }
            try {
                this.f2404d.deleteKeyFromDevice();
                this.f2404d = null;
            } catch (CryptoException e) {
                throw new SecurityException("Failed to remove key from the device.", e);
            }
        }

        @Override // com.rsa.jsafe.provider.HardwareIterator
        public synchronized void removeNext() {
            try {
                this.f2404d = null;
                if (this.f2402b == null) {
                    throw new NoSuchElementException();
                }
                com.rsa.crypto.ncm.key.j next = this.f2402b.next();
                next.deleteKeyFromDevice();
                ((PrivateKey) next).clearSensitiveData();
            } catch (CryptoException e) {
                throw new SecurityException("Failed to remove next key.", e);
            }
        }

        @Override // com.rsa.jsafe.provider.HardwareIterator
        public synchronized void stop() {
            this.f2404d = null;
            if (this.f2402b != null) {
                this.f2402b.clearSensitiveData();
                this.f2402b = null;
            }
        }
    }

    public nn(ch chVar, List<cc> list, CryptoModule cryptoModule) {
        this.f2394a = chVar;
        this.f2395b = list;
        this.f2396c = cryptoModule;
        this.f2397d = (com.rsa.crypto.ncm.key.l) (cryptoModule instanceof cl ? ((cl) cryptoModule).c() : cryptoModule).getKeyBuilder();
    }

    @Override // com.rsa.jsafe.provider.HardwareStoreSpi
    public synchronized HardwareIterator<Certificate> engineCertificateIterator(HardwareStore.CertIteratorParameters certIteratorParameters) {
        PKCS11CertIteratorParameters pKCS11CertIteratorParameters;
        if (!(certIteratorParameters instanceof PKCS11CertIteratorParameters)) {
            throw new IllegalArgumentException("Unknown parameter type");
        }
        pKCS11CertIteratorParameters = (PKCS11CertIteratorParameters) certIteratorParameters;
        try {
        } catch (CryptoException e) {
            throw new HardwareStoreException("Failed to initialize key iterator.", e);
        }
        return new a(this.f2397d.a(pKCS11CertIteratorParameters.getId(), pKCS11CertIteratorParameters.getLabel()));
    }

    @Override // com.rsa.jsafe.provider.HardwareStoreSpi
    public synchronized HardwareIterator<Key> engineKeyIterator(HardwareStore.KeyIteratorParameters keyIteratorParameters) {
        PKCS11KeyIteratorParameters pKCS11KeyIteratorParameters;
        if (!(keyIteratorParameters instanceof PKCS11KeyIteratorParameters)) {
            throw new IllegalArgumentException("Unknown parameter type");
        }
        pKCS11KeyIteratorParameters = (PKCS11KeyIteratorParameters) keyIteratorParameters;
        try {
        } catch (CryptoException e) {
            throw new HardwareStoreException("Failed to initialize key iterator.", e);
        }
        return new b(this.f2397d.a(pKCS11KeyIteratorParameters.getAlg(), pKCS11KeyIteratorParameters.getId(), pKCS11KeyIteratorParameters.getLabel()), pKCS11KeyIteratorParameters.getAlg());
    }

    @Override // com.rsa.jsafe.provider.HardwareStoreSpi
    public synchronized void setCertificate(byte[] bArr, String str, Certificate certificate) {
        try {
            try {
                byte[] encoded = certificate.getEncoded();
                com.rsa.crypto.ncm.cert.c cVar = null;
                try {
                    try {
                        cVar = this.f2397d.a(encoded, 0, encoded.length);
                        if (bArr != null) {
                            cVar.setCertID(bArr);
                        }
                        if (str != null) {
                            cVar.setCertLabel(str);
                        }
                        cVar.store();
                        cVar.clearSensitiveData();
                    } catch (Throwable th) {
                        if (cVar != null) {
                            cVar.clearSensitiveData();
                        }
                        throw th;
                    }
                } catch (CryptoException e) {
                    throw new HardwareStoreException("Failed to store cert to the device.", e);
                }
            } catch (CertificateEncodingException e2) {
                throw new HardwareStoreException("Failed to encode certificate.", e2);
            }
        } catch (Throwable th2) {
            throw th2;
        }
    }

    @Override // com.rsa.jsafe.provider.HardwareStoreSpi
    public synchronized void setKey(byte[] bArr, String str, Key key) {
        PrivateKey newECPrivateKey;
        if (!(key instanceof java.security.PrivateKey)) {
            throw new HardwareStoreException("Must be a private key.");
        }
        PrivateKey privateKey = null;
        try {
            try {
                KeyBuilder keyBuilder = this.f2396c.getKeyBuilder();
                if (key instanceof fq) {
                    PrivateKey b2 = ((fq) key).b();
                    PrivateKey privateKey2 = (PrivateKey) dv.a(b2, this.f2396c);
                    if (privateKey2 == null) {
                        try {
                            newECPrivateKey = (PrivateKey) b2.clone();
                        } catch (CryptoException e) {
                            e = e;
                            throw new HardwareStoreException("Failed to save key.", e);
                        } catch (Throwable th) {
                            th = th;
                            privateKey = privateKey2;
                            if (privateKey != null) {
                                privateKey.clearSensitiveData();
                            }
                            throw th;
                        }
                    } else {
                        newECPrivateKey = privateKey2;
                    }
                } else if (key instanceof RSAPrivateKey) {
                    if (key instanceof RSAPrivateCrtKey) {
                        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) key;
                        newECPrivateKey = keyBuilder.newRSAPrivateKey(dk.a(rSAPrivateCrtKey.getModulus()), dk.a(rSAPrivateCrtKey.getPublicExponent()), dk.a(rSAPrivateCrtKey.getPrivateExponent()), dk.a(rSAPrivateCrtKey.getPrimeP()), dk.a(rSAPrivateCrtKey.getPrimeQ()), dk.a(rSAPrivateCrtKey.getPrimeExponentP()), dk.a(rSAPrivateCrtKey.getPrimeExponentQ()), dk.a(rSAPrivateCrtKey.getCrtCoefficient()), null);
                    } else {
                        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) key;
                        newECPrivateKey = keyBuilder.newRSAPrivateKey(dk.a(rSAPrivateKey.getModulus()), dk.a(rSAPrivateKey.getPrivateExponent()));
                    }
                } else if (key instanceof DSAPrivateKey) {
                    DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) key;
                    newECPrivateKey = keyBuilder.newDSAPrivateKey(dk.a(dSAPrivateKey.getX()), keyBuilder.newPQGParams(dk.a(dSAPrivateKey.getParams().getP()), dk.a(dSAPrivateKey.getParams().getQ()), dk.a(dSAPrivateKey.getParams().getG())));
                } else {
                    if (!(key instanceof ECPrivateKey)) {
                        throw new HardwareStoreException("Unknown key type.");
                    }
                    ECPrivateKey eCPrivateKey = (ECPrivateKey) key;
                    newECPrivateKey = keyBuilder.newECPrivateKey(dk.a(eCPrivateKey.getS()), kr.a(eCPrivateKey.getParams(), keyBuilder));
                }
                PrivateKey privateKey3 = newECPrivateKey;
                com.rsa.crypto.ncm.key.j jVar = (com.rsa.crypto.ncm.key.j) privateKey3;
                if (bArr != null) {
                    jVar.setKeyID(bArr);
                }
                if (str != null) {
                    jVar.setKeyLabel(str);
                }
                jVar.a();
                if (privateKey3 != null) {
                    privateKey3.clearSensitiveData();
                }
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (CryptoException e2) {
            e = e2;
        }
    }
}
