package org.spongycastle.cms.jcajce;

import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.cms.KeyAgreeRecipientIdentifier;
import org.spongycastle.asn1.cms.RecipientEncryptedKey;
import org.spongycastle.asn1.cms.RecipientKeyIdentifier;
import org.spongycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cms.CMSAlgorithm;
import org.spongycastle.cms.CMSEnvelopedGenerator;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.KeyAgreeRecipientInfoGenerator;
import org.spongycastle.jce.spec.MQVPrivateKeySpec;
import org.spongycastle.jce.spec.MQVPublicKeySpec;
import org.spongycastle.operator.GenericKey;

/* loaded from: classes3.dex */
public class JceKeyAgreeRecipientInfoGenerator extends KeyAgreeRecipientInfoGenerator {

    /* renamed from: d, reason: collision with root package name */
    private List f26757d;

    /* renamed from: e, reason: collision with root package name */
    private List f26758e;

    /* renamed from: f, reason: collision with root package name */
    private PublicKey f26759f;

    /* renamed from: g, reason: collision with root package name */
    private PrivateKey f26760g;

    /* renamed from: h, reason: collision with root package name */
    private EnvelopedDataHelper f26761h;

    /* renamed from: i, reason: collision with root package name */
    private SecureRandom f26762i;

    /* renamed from: j, reason: collision with root package name */
    private KeyPair f26763j;

    public JceKeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier aSN1ObjectIdentifier, PrivateKey privateKey, PublicKey publicKey, ASN1ObjectIdentifier aSN1ObjectIdentifier2) {
        super(aSN1ObjectIdentifier, SubjectPublicKeyInfo.l(publicKey.getEncoded()), aSN1ObjectIdentifier2);
        this.f26757d = new ArrayList();
        this.f26758e = new ArrayList();
        this.f26761h = new EnvelopedDataHelper(new DefaultJcaJceExtHelper());
        this.f26759f = publicKey;
        this.f26760g = privateKey;
    }

    private void g(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws CMSException {
        if (this.f26762i == null) {
            this.f26762i = new SecureRandom();
        }
        if (aSN1ObjectIdentifier.equals(CMSAlgorithm.f26389v) && this.f26763j == null) {
            try {
                ECParameterSpec params = ((ECPublicKey) this.f26759f).getParams();
                KeyPairGenerator j4 = this.f26761h.j(aSN1ObjectIdentifier);
                j4.initialize(params, this.f26762i);
                this.f26763j = j4.generateKeyPair();
            } catch (InvalidAlgorithmParameterException e4) {
                throw new CMSException("cannot determine MQV ephemeral key pair parameters from public key: " + e4);
            }
        }
    }

    @Override // org.spongycastle.cms.KeyAgreeRecipientInfoGenerator
    public ASN1Sequence c(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, GenericKey genericKey) throws CMSException {
        g(algorithmIdentifier.j());
        PrivateKey privateKey = this.f26760g;
        ASN1ObjectIdentifier j4 = algorithmIdentifier.j();
        if (j4.u().equals(CMSEnvelopedGenerator.f26485y)) {
            privateKey = new MQVPrivateKeySpec(privateKey, this.f26763j.getPrivate(), this.f26763j.getPublic());
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i4 = 0; i4 != this.f26757d.size(); i4++) {
            PublicKey publicKey = (PublicKey) this.f26758e.get(i4);
            KeyAgreeRecipientIdentifier keyAgreeRecipientIdentifier = (KeyAgreeRecipientIdentifier) this.f26757d.get(i4);
            if (j4.u().equals(CMSEnvelopedGenerator.f26485y)) {
                publicKey = new MQVPublicKeySpec(publicKey, publicKey);
            }
            try {
                KeyAgreement g4 = this.f26761h.g(j4);
                g4.init(privateKey, this.f26762i);
                g4.doPhase(publicKey, true);
                SecretKey generateSecret = g4.generateSecret(algorithmIdentifier2.j().u());
                Cipher d4 = this.f26761h.d(algorithmIdentifier2.j());
                d4.init(3, generateSecret, this.f26762i);
                aSN1EncodableVector.a(new RecipientEncryptedKey(keyAgreeRecipientIdentifier, new DEROctetString(d4.wrap(this.f26761h.t(genericKey)))));
            } catch (GeneralSecurityException e4) {
                throw new CMSException("cannot perform agreement step: " + e4.getMessage(), e4);
            }
        }
        return new DERSequence(aSN1EncodableVector);
    }

    @Override // org.spongycastle.cms.KeyAgreeRecipientInfoGenerator
    protected ASN1Encodable d(AlgorithmIdentifier algorithmIdentifier) throws CMSException {
        g(algorithmIdentifier.j());
        KeyPair keyPair = this.f26763j;
        if (keyPair != null) {
            return new MQVuserKeyingMaterial(b(SubjectPublicKeyInfo.l(keyPair.getPublic().getEncoded())), null);
        }
        return null;
    }

    public JceKeyAgreeRecipientInfoGenerator e(X509Certificate x509Certificate) throws CertificateEncodingException {
        this.f26757d.add(new KeyAgreeRecipientIdentifier(CMSUtils.d(x509Certificate)));
        this.f26758e.add(x509Certificate.getPublicKey());
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator f(byte[] bArr, PublicKey publicKey) throws CertificateEncodingException {
        this.f26757d.add(new KeyAgreeRecipientIdentifier(new RecipientKeyIdentifier(bArr)));
        this.f26758e.add(publicKey);
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator h(String str) {
        this.f26761h = new EnvelopedDataHelper(new NamedJcaJceExtHelper(str));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator i(Provider provider) {
        this.f26761h = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator j(SecureRandom secureRandom) {
        this.f26762i = secureRandom;
        return this;
    }
}
