package com.rsa.cryptoj.c;

import com.rsa.crypto.AlgorithmStrings;
import com.rsa.jsafe.cms.CMSException;
import com.rsa.jsafe.cms.KeyAgreeRecipientInfo;
import com.rsa.jsafe.cms.KeyContainer;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.List;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/rsa/cryptoj/c/jc.class */
public class jc implements jo, KeyAgreeRecipientInfo {
    private static final int a = 16;
    private static final int b = 32;
    private static final int e = 24;
    private static final int f = 16;
    private byte[] g;
    private X500Principal h;
    private BigInteger i;
    private PrivateKey j;
    private PublicKey k;
    private PublicKey l;
    private X500Principal m;
    private BigInteger n;
    private ow o;
    private cf p;
    private byte[] q;
    private String r;
    private ow s;
    private jn t;
    private int u;
    private String v;
    private byte[] w;
    private ow x;
    private static final String y = "IssuerAndSerialNumber";
    private static final String z = "Name";
    private static final String A = "OriginatorIdentifierOrKey";
    private static final String B = "OriginatorPublicKey";
    private static final int C = 64;
    private static final ow D = ow.bI;
    private static final String E = "ECDH";
    private static final int F = 1;
    private static final int G = 2;

    public jc(X509Certificate x509Certificate, PrivateKey privateKey, X509Certificate x509Certificate2) throws CMSException {
        this.h = x509Certificate.getIssuerX500Principal();
        this.i = x509Certificate.getSerialNumber();
        this.j = privateKey;
        this.l = x509Certificate2.getPublicKey();
        this.m = x509Certificate2.getIssuerX500Principal();
        this.n = x509Certificate2.getSerialNumber();
        a(2);
    }

    public jc(X509Certificate x509Certificate) throws CMSException {
        this.l = x509Certificate.getPublicKey();
        this.m = x509Certificate.getIssuerX500Principal();
        this.n = x509Certificate.getSerialNumber();
        a(1);
    }

    public jc(PublicKey publicKey, PrivateKey privateKey, X509Certificate x509Certificate) throws CMSException {
        this.k = publicKey;
        this.j = privateKey;
        this.l = x509Certificate.getPublicKey();
        this.m = x509Certificate.getIssuerX500Principal();
        this.n = x509Certificate.getSerialNumber();
        a(1);
    }

    public jc(d dVar, String str, byte[] bArr, ow owVar, String str2, ow owVar2, int i, d dVar2, cf cfVar) throws CMSException {
        this.v = str;
        this.r = str2;
        this.s = owVar2;
        this.p = cfVar;
        this.u = i;
        this.w = bArr;
        this.x = owVar;
        b(dVar);
        c(dVar2);
    }

    @Override // com.rsa.cryptoj.c.jo
    public d a(SecretKey secretKey, String str, int i, SecureRandom secureRandom, cf cfVar) throws IOException {
        int i2;
        byte[] a2;
        try {
            if (this.j == null) {
                a(this.l, cfVar, ka.a);
            }
            kj g = ke.g(this.v, cfVar, ka.a);
            d c = a().c(a.c(0));
            byte[] bArr = new byte[64];
            secureRandom.nextBytes(bArr);
            d c2 = new ad(bArr).c(a.c(1));
            g.engineInit(this.j, secureRandom);
            g.engineDoPhase(this.l, true);
            this.q = g.engineGenerateSecret();
            int length = secretKey.getEncoded().length;
            int length2 = this.q.length;
            if (length < 16 || length % 8 != 0) {
                this.r = AlgorithmStrings.RC2;
                i2 = 16;
            } else {
                this.r = AlgorithmStrings.AES;
                i2 = length2 <= 16 ? 16 : length2 <= 24 ? 24 : 32;
            }
            ow a3 = ov.a(this.r, i2);
            byte[] bArr2 = null;
            if (this.v.equalsIgnoreCase("ECDH")) {
                bArr2 = a(a3, bArr, i2, ow.bt, cfVar);
            } else if (this.v.equalsIgnoreCase("DH")) {
                bArr2 = a(a3, bArr, i2, ow.bp, cfVar);
            }
            d a4 = a.a("AlgorithmIdentifier", new Object[]{this.o.c(), a.a("AlgorithmIdentifier", new Object[]{a3.c(), a3 == ow.aY ? new v(58L) : new y()})});
            if (this.r.equals(AlgorithmStrings.AES)) {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, this.r);
                ga gaVar = (ga) ke.a(a3.toString(), cfVar, ka.a);
                gaVar.engineInit(3, secretKeySpec, secureRandom);
                a2 = gaVar.engineWrap(secretKey);
            } else {
                a2 = jm.a(bArr2, secretKey.getEncoded(), secureRandom, cfVar);
            }
            return a.a("KeyAgreeRecipientInfo", new Object[]{new v(jx.V3.a()), c, c2, a4, a(new ad(a2))}).d(a.c(1));
        } catch (Exception e2) {
            throw new CMSException(e2);
        }
    }

    @Override // com.rsa.jsafe.cms.KeyAgreeRecipientInfo
    public X500Principal getOrigIssuer() {
        return this.h;
    }

    @Override // com.rsa.jsafe.cms.KeyAgreeRecipientInfo
    public BigInteger getOrigSerialNumber() {
        return this.i;
    }

    @Override // com.rsa.jsafe.cms.KeyAgreeRecipientInfo
    public byte[] getOrigSubjectKeyIdentifier() {
        return this.g;
    }

    @Override // com.rsa.jsafe.cms.KeyAgreeRecipientInfo
    public PublicKey getOrigPublicKey() {
        return this.k;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] a(PublicKey publicKey, PrivateKey privateKey, byte[] bArr) throws CMSException {
        try {
            kj g = ke.g(this.v, this.p, ka.a);
            g.engineInit(privateKey, null);
            g.engineDoPhase(publicKey, true);
            this.q = g.engineGenerateSecret();
            byte[] a2 = a(this.s, this.w, ie.b(this.s) / 8, this.x, this.p);
            if (this.r.equals(AlgorithmStrings.AES)) {
                SecretKeySpec secretKeySpec = new SecretKeySpec(a2, this.r);
                ga gaVar = (ga) ke.a(this.s.toString(), this.p, ka.a);
                gaVar.engineInit(4, secretKeySpec, null);
                return gaVar.engineDoFinal(bArr, 0, bArr.length);
            }
            if (this.s == ow.aY) {
                return jm.a(bArr, a2, this.u, this.p);
            }
            if (this.s != ow.aZ) {
                throw new CMSException("Unknown wrapping algorithm used.");
            }
            try {
                return jm.a(bArr, a2, this.p);
            } catch (CMSException e2) {
                System.arraycopy(a2, 0, a2, 16, 8);
                return jm.a(bArr, a2, this.p);
            }
        } catch (Exception e3) {
            throw new CMSException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] a(PrivateKey privateKey, byte[] bArr) throws CMSException {
        if (this.k == null) {
            throw new CMSException("The originator's public key is not available to create the pairwise key");
        }
        return a(this.k, privateKey, bArr);
    }

    private void a(int i) throws CMSException {
        String algorithm = this.l.getAlgorithm();
        if (algorithm.toUpperCase().startsWith(AlgorithmStrings.EC)) {
            this.o = D;
            this.v = "ECDH";
        } else {
            if (!algorithm.equalsIgnoreCase("DH") && !algorithm.equalsIgnoreCase("DiffieHellman")) {
                throw new CMSException("The key agreement algorithm " + algorithm + " is not supported");
            }
            this.v = "DH";
            if (i == 1) {
                this.o = ow.bO;
            } else if (i == 2) {
                this.o = ow.bP;
            }
        }
    }

    private d a() {
        return a.a(A, (this.h == null || this.i == null) ? a.a(B, new Object[]{a.a("AlgorithmIdentifier", new Object[]{ov.c(this.k.getAlgorithm()).c(), new y()}), a.a((c) j.a, (Object) this.k.getEncoded())}).d(a.c(1)) : a.a(y, new Object[]{a.a(z, this.h.getEncoded(), 0), this.i}));
    }

    private d a(d dVar) {
        return a.a("RecipientEncryptedKeys", new Object[]{a.a("RecipientEncryptedKey", new Object[]{a.a("KeyAgreeRecipientIdentifier", a.a(y, new Object[]{a.a(z, this.m.getEncoded(), 0), this.n})), dVar})});
    }

    private void b(d dVar) throws CMSException {
        int f2 = a.f(dVar.b().e());
        if (f2 == 0) {
            this.g = ((ad) dVar.a("subjectKeyIdentifier")).g();
        } else if (f2 == 1) {
            this.k = a(new oj(dVar.a("algorithm")).c(), ((k) dVar.a("publicKey")).g());
        } else {
            this.h = new X500Principal(a.a(dVar.a("issuer")));
            this.i = ((v) dVar.a("serialNumber")).g();
        }
    }

    private void c(d dVar) throws CMSException {
        ad adVar = (ad) dVar.a("encryptedKey");
        if (adVar == null) {
            throw new CMSException("The encryption key is not part of the RecipientInfo");
        }
        byte[] g = adVar.g();
        d a2 = dVar.a("rid");
        byte[] bArr = null;
        X500Principal x500Principal = null;
        BigInteger bigInteger = null;
        if (a.f(a2.b().e()) == 0) {
            bArr = ((ad) a2.a("subjectKeyIdentifier")).g();
        } else {
            x500Principal = new X500Principal(a.a(a2.a("issuer")));
            bigInteger = ((v) a2.a("serialNumber")).g();
        }
        this.t = new jn(this, g, x500Principal, bigInteger, bArr);
    }

    private PublicKey a(String str, byte[] bArr) throws CMSException {
        try {
            return ke.a(str, this.p, ka.a, null).engineGeneratePublic(new X509EncodedKeySpec(bArr));
        } catch (Exception e2) {
            throw new hq("Key agreement recipient info: The key specification is invalid");
        }
    }

    @Override // com.rsa.cryptoj.c.jo
    public byte[] a(KeyContainer keyContainer) throws CMSException {
        PrivateKey privateKey = keyContainer.getPrivateKey();
        PublicKey publicKey = keyContainer.getPublicKey();
        if (privateKey != null) {
            return publicKey == null ? this.t.a(privateKey) : this.t.a(publicKey, privateKey);
        }
        throw new CMSException("Invalid decryptionKey for KeyAgreeRecipientInfo, expected PrivateKey (and originator PublicKey if contained in a certificate).");
    }

    @Override // com.rsa.jsafe.cms.KeyAgreeRecipientInfo
    public X500Principal getRecipientIssuer() {
        return this.t.a();
    }

    @Override // com.rsa.jsafe.cms.KeyAgreeRecipientInfo
    public BigInteger getRecipientSerialNumber() {
        return this.t.b();
    }

    @Override // com.rsa.jsafe.cms.KeyAgreeRecipientInfo
    public byte[] getRecipientSubjectKeyIdentifier() {
        return this.t.c();
    }

    private byte[] a(ow owVar, byte[] bArr, int i, ow owVar2, cf cfVar) throws CMSException {
        byte[] bArr2 = null;
        if (this.v.equalsIgnoreCase("ECDH")) {
            bArr2 = hp.a(this.q, a(owVar, bArr, i), i, owVar2, cfVar);
        } else if (this.v.equalsIgnoreCase("DH")) {
            bArr2 = io.a(owVar, bArr, this.q, i, owVar2, cfVar);
        }
        return bArr2;
    }

    private byte[] a(ow owVar, byte[] bArr, int i) {
        d a2 = a.a("AlgorithmIdentifier", new Object[]{owVar.c(), null});
        ad adVar = new ad(bArr);
        byte[] bArr2 = new byte[4];
        int i2 = i * 8;
        if (i2 < 256) {
            bArr2[3] = (byte) i2;
        } else {
            bArr2[2] = 1;
        }
        return a.c(a.a("ECC-CMS-SharedInfo", new Object[]{a2, adVar.c(a.c(0)), new ad(bArr2).c(a.c(2))}));
    }

    private void a(PublicKey publicKey, cf cfVar, List<ca> list) throws CMSException {
        ECGenParameterSpec eCGenParameterSpec;
        KeyPair generateKeyPair;
        String algorithm = publicKey.getAlgorithm();
        try {
            if (algorithm.equalsIgnoreCase(AlgorithmStrings.EC) || algorithm.equalsIgnoreCase("ECDH") || algorithm.equalsIgnoreCase(AlgorithmStrings.ECDSA)) {
                byte[] d = new po(publicKey, cfVar, list).d();
                if (d == null) {
                    throw new CMSException("Key Parameters not present in recipient certificate.");
                }
                try {
                    aa aaVar = (aa) a.a((c) z.a, d);
                    if (aaVar.equals(ow.dB.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("p192");
                    } else if (aaVar.equals(ow.dC.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("p224");
                    } else if (aaVar.equals(ow.dr.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("p256");
                    } else if (aaVar.equals(ow.ds.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("p384");
                    } else if (aaVar.equals(ow.dD.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("p521");
                    } else if (aaVar.equals(ow.dF.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("b163");
                    } else if (aaVar.equals(ow.dH.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("b233");
                    } else if (aaVar.equals(ow.dJ.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("b283");
                    } else if (aaVar.equals(ow.dL.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("b409");
                    } else if (aaVar.equals(ow.dN.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("b571");
                    } else if (aaVar.equals(ow.dE.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("k163");
                    } else if (aaVar.equals(ow.dG.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("k233");
                    } else if (aaVar.equals(ow.dI.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("k283");
                    } else if (aaVar.equals(ow.dK.c())) {
                        eCGenParameterSpec = new ECGenParameterSpec("k409");
                    } else {
                        if (!aaVar.equals(ow.dM.c())) {
                            throw new CMSException("Unknown EC Curve OID " + aaVar + " in the recipient certificate.");
                        }
                        eCGenParameterSpec = new ECGenParameterSpec("k571");
                    }
                    ks ksVar = new ks(cfVar, list);
                    ksVar.initialize(eCGenParameterSpec);
                    generateKeyPair = ksVar.generateKeyPair();
                } catch (Exception e2) {
                    ECParameterSpec params = ((ECKey) publicKey).getParams();
                    if (params == null) {
                        throw new CMSException("EC Parameters not present in recipient certificate.");
                    }
                    ks ksVar2 = new ks(cfVar, list);
                    ksVar2.initialize(params);
                    KeyPair generateKeyPair2 = ksVar2.generateKeyPair();
                    this.k = generateKeyPair2.getPublic();
                    this.j = generateKeyPair2.getPrivate();
                    return;
                }
            } else {
                if (!algorithm.equalsIgnoreCase("DH") && !algorithm.equalsIgnoreCase("DiffieHellman")) {
                    throw new CMSException("Key algorithm " + algorithm + " not supported in this operation.");
                }
                DHParameterSpec params2 = ((DHKey) publicKey).getParams();
                kq kqVar = new kq(cfVar, list);
                kqVar.initialize(params2);
                generateKeyPair = kqVar.generateKeyPair();
            }
            this.k = generateKeyPair.getPublic();
            this.j = generateKeyPair.getPrivate();
        } catch (InvalidAlgorithmParameterException e3) {
            throw new CMSException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new CMSException(e4);
        } catch (InvalidKeySpecException e5) {
            throw new CMSException(e5);
        }
    }
}
