package xch.bouncycastle.cms.jcajce;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import xch.bouncycastle.asn1.ASN1EncodableVector;
import xch.bouncycastle.asn1.ASN1Encoding;
import xch.bouncycastle.asn1.ASN1GeneralizedTime;
import xch.bouncycastle.asn1.ASN1ObjectIdentifier;
import xch.bouncycastle.asn1.ASN1Sequence;
import xch.bouncycastle.asn1.DEROctetString;
import xch.bouncycastle.asn1.DERSequence;
import xch.bouncycastle.asn1.cms.KeyAgreeRecipientIdentifier;
import xch.bouncycastle.asn1.cms.OriginatorPublicKey;
import xch.bouncycastle.asn1.cms.OtherKeyAttribute;
import xch.bouncycastle.asn1.cms.RecipientEncryptedKey;
import xch.bouncycastle.asn1.cms.RecipientKeyIdentifier;
import xch.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
import xch.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import xch.bouncycastle.asn1.cryptopro.Gost2814789EncryptedKey;
import xch.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import xch.bouncycastle.asn1.x509.AlgorithmIdentifier;
import xch.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import xch.bouncycastle.cms.CMSException;
import xch.bouncycastle.cms.KeyAgreeRecipientInfoGenerator;
import xch.bouncycastle.jcajce.spec.GOST28147WrapParameterSpec;
import xch.bouncycastle.jcajce.spec.MQVParameterSpec;
import xch.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
import xch.bouncycastle.operator.DefaultSecretKeySizeProvider;
import xch.bouncycastle.operator.GenericKey;
import xch.bouncycastle.operator.SecretKeySizeProvider;
import xch.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
public class JceKeyAgreeRecipientInfoGenerator extends KeyAgreeRecipientInfoGenerator {

    /* renamed from: m, reason: collision with root package name */
    private static k0 f2293m = new n0();

    /* renamed from: d, reason: collision with root package name */
    private SecretKeySizeProvider f2294d;

    /* renamed from: e, reason: collision with root package name */
    private List f2295e;

    /* renamed from: f, reason: collision with root package name */
    private List f2296f;

    /* renamed from: g, reason: collision with root package name */
    private PublicKey f2297g;

    /* renamed from: h, reason: collision with root package name */
    private PrivateKey f2298h;

    /* renamed from: i, reason: collision with root package name */
    private EnvelopedDataHelper f2299i;

    /* renamed from: j, reason: collision with root package name */
    private SecureRandom f2300j;

    /* renamed from: k, reason: collision with root package name */
    private KeyPair f2301k;

    /* renamed from: l, reason: collision with root package name */
    private byte[] f2302l;

    public JceKeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier aSN1ObjectIdentifier, PrivateKey privateKey, PublicKey publicKey, ASN1ObjectIdentifier aSN1ObjectIdentifier2) {
        super(aSN1ObjectIdentifier, SubjectPublicKeyInfo.q(publicKey.getEncoded()), aSN1ObjectIdentifier2);
        this.f2294d = new DefaultSecretKeySizeProvider();
        this.f2295e = new ArrayList();
        this.f2296f = new ArrayList();
        this.f2299i = new EnvelopedDataHelper(new b());
        this.f2297g = publicKey;
        this.f2298h = a.a(privateKey);
    }

    private void g(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws CMSException {
        if (this.f2300j == null) {
            this.f2300j = new SecureRandom();
        }
        if (a.i(aSN1ObjectIdentifier) && this.f2301k == null) {
            try {
                SubjectPublicKeyInfo q = SubjectPublicKeyInfo.q(this.f2297g.getEncoded());
                AlgorithmParameters c2 = this.f2299i.c(aSN1ObjectIdentifier);
                c2.init(q.o().r().d().getEncoded());
                KeyPairGenerator l2 = this.f2299i.l(aSN1ObjectIdentifier);
                l2.initialize(c2.getParameterSpec(AlgorithmParameterSpec.class), this.f2300j);
                this.f2301k = l2.generateKeyPair();
            } catch (Exception e2) {
                throw new CMSException(xch.bouncycastle.cert.ocsp.a.a("cannot determine MQV ephemeral key pair parameters from public key: ", e2), e2);
            }
        }
    }

    @Override // xch.bouncycastle.cms.KeyAgreeRecipientInfoGenerator
    public ASN1Sequence c(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, GenericKey genericKey) throws CMSException {
        UserKeyingMaterialSpec userKeyingMaterialSpec;
        AlgorithmParameterSpec algorithmParameterSpec;
        DEROctetString dEROctetString;
        if (this.f2295e.isEmpty()) {
            throw new CMSException("No recipients associated with generator - use addRecipient()");
        }
        g(algorithmIdentifier.o());
        PrivateKey privateKey = this.f2298h;
        ASN1ObjectIdentifier o2 = algorithmIdentifier.o();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i2 = 0; i2 != this.f2295e.size(); i2++) {
            PublicKey publicKey = (PublicKey) this.f2296f.get(i2);
            KeyAgreeRecipientIdentifier keyAgreeRecipientIdentifier = (KeyAgreeRecipientIdentifier) this.f2295e.get(i2);
            try {
                ASN1ObjectIdentifier o3 = algorithmIdentifier2.o();
                if (a.i(o2)) {
                    algorithmParameterSpec = new MQVParameterSpec(this.f2301k, publicKey, this.f2302l);
                } else {
                    if (a.g(o2)) {
                        userKeyingMaterialSpec = new UserKeyingMaterialSpec(f2293m.a(algorithmIdentifier2, this.f2294d.b(o3), this.f2302l));
                    } else if (a.j(o2)) {
                        byte[] bArr = this.f2302l;
                        if (bArr != null) {
                            userKeyingMaterialSpec = new UserKeyingMaterialSpec(bArr);
                        } else {
                            if (o2.s(PKCSObjectIdentifiers.Y2)) {
                                throw new CMSException("User keying material must be set for static keys.");
                            }
                            algorithmParameterSpec = null;
                        }
                    } else {
                        if (!a.h(o2)) {
                            throw new CMSException("Unknown key agreement algorithm: " + o2);
                        }
                        byte[] bArr2 = this.f2302l;
                        if (bArr2 == null) {
                            throw new CMSException("User keying material must be set for static keys.");
                        }
                        userKeyingMaterialSpec = new UserKeyingMaterialSpec(bArr2);
                    }
                    algorithmParameterSpec = userKeyingMaterialSpec;
                }
                KeyAgreement i3 = this.f2299i.i(o2);
                i3.init(privateKey, algorithmParameterSpec, this.f2300j);
                i3.doPhase(publicKey, true);
                SecretKey generateSecret = i3.generateSecret(o3.B());
                Cipher f2 = this.f2299i.f(o3);
                if (!o3.s(CryptoProObjectIdentifiers.f1209d) && !o3.s(CryptoProObjectIdentifiers.f1210e)) {
                    f2.init(3, generateSecret, this.f2300j);
                    dEROctetString = new DEROctetString(f2.wrap(this.f2299i.w(genericKey)));
                    aSN1EncodableVector.a(new RecipientEncryptedKey(keyAgreeRecipientIdentifier, dEROctetString));
                }
                f2.init(3, generateSecret, new GOST28147WrapParameterSpec(CryptoProObjectIdentifiers.f1213h, this.f2302l));
                byte[] wrap = f2.wrap(this.f2299i.w(genericKey));
                dEROctetString = new DEROctetString(new Gost2814789EncryptedKey(Arrays.V(wrap, 0, wrap.length - 4), null, Arrays.V(wrap, wrap.length - 4, wrap.length)).k(ASN1Encoding.f1032a));
                aSN1EncodableVector.a(new RecipientEncryptedKey(keyAgreeRecipientIdentifier, dEROctetString));
            } catch (IOException e2) {
                throw new CMSException(xch.bouncycastle.asn1.a.a(e2, new StringBuilder("unable to encode wrapped key: ")), e2);
            } catch (GeneralSecurityException e3) {
                throw new CMSException(xch.bouncycastle.cert.crmf.jcajce.a.a(e3, new StringBuilder("cannot perform agreement step: ")), e3);
            }
        }
        return new DERSequence(aSN1EncodableVector);
    }

    @Override // xch.bouncycastle.cms.KeyAgreeRecipientInfoGenerator
    protected byte[] d(AlgorithmIdentifier algorithmIdentifier) throws CMSException {
        g(algorithmIdentifier.o());
        KeyPair keyPair = this.f2301k;
        if (keyPair == null) {
            return this.f2302l;
        }
        OriginatorPublicKey b2 = b(SubjectPublicKeyInfo.q(keyPair.getPublic().getEncoded()));
        try {
            byte[] bArr = this.f2302l;
            return bArr != null ? new MQVuserKeyingMaterial(b2, new DEROctetString(bArr)).getEncoded() : new MQVuserKeyingMaterial(b2, null).getEncoded();
        } catch (IOException e2) {
            throw new CMSException(xch.bouncycastle.asn1.a.a(e2, new StringBuilder("unable to encode user keying material: ")), e2);
        }
    }

    public JceKeyAgreeRecipientInfoGenerator e(X509Certificate x509Certificate) throws CertificateEncodingException {
        this.f2295e.add(new KeyAgreeRecipientIdentifier(a.e(x509Certificate)));
        this.f2296f.add(x509Certificate.getPublicKey());
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator f(byte[] bArr, PublicKey publicKey) throws CertificateEncodingException {
        this.f2295e.add(new KeyAgreeRecipientIdentifier(new RecipientKeyIdentifier(bArr, (ASN1GeneralizedTime) null, (OtherKeyAttribute) null)));
        this.f2296f.add(publicKey);
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator h(String str) {
        this.f2299i = new EnvelopedDataHelper(new l0(str));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator i(Provider provider) {
        this.f2299i = new EnvelopedDataHelper(new m0(provider));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator j(SecureRandom secureRandom) {
        this.f2300j = secureRandom;
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator k(byte[] bArr) {
        this.f2302l = Arrays.p(bArr);
        return this;
    }
}
