package sun1.security.provider;

import java.io.IOException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import sun1.security.pkcs.EncryptedPrivateKeyInfo;
import sun1.security.pkcs.PKCS8Key;
import sun1.security.util.DerValue;
import sun1.security.util.ObjectIdentifier;
import sun1.security.x509.AlgorithmId;

/* loaded from: classes.dex */
final class KeyProtector {
    private static final String DIGEST_ALG = "SHA";
    private static final int DIGEST_LEN = 20;
    private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
    private static final int SALT_LEN = 20;
    private MessageDigest md;
    private byte[] passwdBytes;

    public KeyProtector(char[] cArr) {
        if (cArr == null) {
            throw new IllegalArgumentException("password can't be null");
        }
        this.md = MessageDigest.getInstance(DIGEST_ALG);
        this.passwdBytes = new byte[cArr.length * 2];
        int i2 = 0;
        for (char c2 : cArr) {
            byte[] bArr = this.passwdBytes;
            int i4 = i2 + 1;
            bArr[i2] = (byte) (c2 >> '\b');
            i2 += 2;
            bArr[i4] = (byte) c2;
        }
    }

    protected void finalize() {
        byte[] bArr = this.passwdBytes;
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
            this.passwdBytes = null;
        }
    }

    public byte[] protect(Key key) {
        if (key == null) {
            throw new IllegalArgumentException("plaintext key can't be null");
        }
        if (!"PKCS#8".equalsIgnoreCase(key.getFormat())) {
            throw new KeyStoreException("Cannot get key bytes, not PKCS#8 encoded");
        }
        byte[] encoded = key.getEncoded();
        if (encoded == null) {
            throw new KeyStoreException("Cannot get key bytes, encoding not supported");
        }
        int length = encoded.length / 20;
        if (encoded.length % 20 != 0) {
            length++;
        }
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        int length2 = encoded.length;
        byte[] bArr2 = new byte[length2];
        byte[] bArr3 = bArr;
        int i2 = 0;
        int i4 = 0;
        while (i2 < length) {
            this.md.update(this.passwdBytes);
            this.md.update(bArr3);
            bArr3 = this.md.digest();
            this.md.reset();
            System.arraycopy(bArr3, 0, bArr2, i4, i2 < length + (-1) ? bArr3.length : length2 - i4);
            i2++;
            i4 += 20;
        }
        int length3 = encoded.length;
        byte[] bArr4 = new byte[length3];
        for (int i5 = 0; i5 < length3; i5++) {
            bArr4[i5] = (byte) (encoded[i5] ^ bArr2[i5]);
        }
        byte[] bArr5 = new byte[length3 + 40];
        System.arraycopy(bArr, 0, bArr5, 0, 20);
        System.arraycopy(bArr4, 0, bArr5, 20, length3);
        this.md.update(this.passwdBytes);
        Arrays.fill(this.passwdBytes, (byte) 0);
        this.passwdBytes = null;
        this.md.update(encoded);
        byte[] digest = this.md.digest();
        this.md.reset();
        System.arraycopy(digest, 0, bArr5, 20 + length3, digest.length);
        try {
            return new EncryptedPrivateKeyInfo(new AlgorithmId(new ObjectIdentifier(KEY_PROTECTOR_OID)), bArr5).getEncoded();
        } catch (IOException e2) {
            throw new KeyStoreException(e2.getMessage());
        }
    }

    public Key recover(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) {
        if (!encryptedPrivateKeyInfo.getAlgorithm().getOID().toString().equals(KEY_PROTECTOR_OID)) {
            throw new UnrecoverableKeyException("Unsupported key protection algorithm");
        }
        byte[] encryptedData = encryptedPrivateKeyInfo.getEncryptedData();
        byte[] bArr = new byte[20];
        System.arraycopy(encryptedData, 0, bArr, 0, 20);
        int length = encryptedData.length;
        int i2 = length - 40;
        int i4 = i2 / 20;
        if (i2 % 20 != 0) {
            i4++;
        }
        byte[] bArr2 = new byte[i2];
        System.arraycopy(encryptedData, 20, bArr2, 0, i2);
        byte[] bArr3 = new byte[i2];
        int i5 = 0;
        int i6 = 0;
        while (i5 < i4) {
            this.md.update(this.passwdBytes);
            this.md.update(bArr);
            bArr = this.md.digest();
            this.md.reset();
            System.arraycopy(bArr, 0, bArr3, i6, i5 < i4 + (-1) ? bArr.length : i2 - i6);
            i5++;
            i6 += 20;
        }
        byte[] bArr4 = new byte[i2];
        for (int i7 = 0; i7 < i2; i7++) {
            bArr4[i7] = (byte) (bArr2[i7] ^ bArr3[i7]);
        }
        this.md.update(this.passwdBytes);
        Arrays.fill(this.passwdBytes, (byte) 0);
        this.passwdBytes = null;
        this.md.update(bArr4);
        byte[] digest = this.md.digest();
        this.md.reset();
        for (int i8 = 0; i8 < digest.length; i8++) {
            if (digest[i8] != encryptedData[(length - 20) + i8]) {
                throw new UnrecoverableKeyException("Cannot recover key");
            }
        }
        try {
            return PKCS8Key.parseKey(new DerValue(bArr4));
        } catch (IOException e2) {
            throw new UnrecoverableKeyException(e2.getMessage());
        }
    }
}
