package com.rsa.cryptoj.e;

import com.rsa.jsafe.cms.CMSException;
import com.rsa.jsafe.cms.InfoObjectFactory;
import com.rsa.jsafe.cms.KeyContainer;
import com.rsa.jsafe.cms.KeyTransRecipientInfo;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/rsa/cryptoj/e/jj.class */
public class jj implements jt, KeyTransRecipientInfo {
    private final byte[] a;
    private final X500Principal b;
    private final BigInteger e;
    private final String f;
    private PublicKey g;
    private byte[] h;
    private ch i;
    private pj j;
    private d k;
    private AlgorithmParameterSpec l;
    private static final String m = "RecipientIdentifier";
    private static final String n = "IssuerAndSerialNumber";
    private static final String o = "Name";

    public jj(X509Certificate x509Certificate, String str, AlgorithmParameterSpec algorithmParameterSpec) throws CMSException {
        this(x509Certificate, str, algorithmParameterSpec, 128);
    }

    public jj(X509Certificate x509Certificate, String str, AlgorithmParameterSpec algorithmParameterSpec, int i) throws CMSException {
        this.b = x509Certificate.getIssuerX500Principal();
        this.e = x509Certificate.getSerialNumber();
        this.f = str;
        String upperCase = this.f.toUpperCase();
        this.j = ij.a(str);
        this.l = algorithmParameterSpec;
        if (this.j == null) {
            throw new CMSException("Asymmetric algorithm " + this.f + " not supported");
        }
        if (this.f.contains("RSA-KEM-KWS")) {
            this.k = a(this.f, i, a(upperCase));
        } else if (!this.j.equals(pj.bA) || upperCase.equals(InfoObjectFactory.ENCRYPTION_RSAOAEP.toUpperCase())) {
            this.k = ij.a(this.j, null, null);
        } else {
            this.k = a(a(upperCase));
        }
        this.g = x509Certificate.getPublicKey();
        this.a = null;
    }

    private pj a(String str) throws CMSException {
        pj digestAlgoForKeyTransportAlgo = InfoObjectFactory.getDigestAlgoForKeyTransportAlgo(str);
        if (digestAlgoForKeyTransportAlgo == null) {
            throw new CMSException("Encryption Algorithm is not supported: " + str);
        }
        return digestAlgoForKeyTransportAlgo;
    }

    public jj(d dVar, ch chVar) throws hv {
        this.i = chVar;
        d a = dVar.a("rid");
        if (a.f(a.b().e()) == 0) {
            this.a = ((ad) a.a("subjectKeyIdentifier")).g();
            this.b = null;
            this.e = null;
        } else {
            this.b = new X500Principal(a.a(a.a("issuer")));
            this.e = ((v) a.a("serialNumber")).g();
            this.a = null;
        }
        ow owVar = new ow(dVar.a("keyEncryptionAlgorithm"));
        this.f = ov.a(owVar.d(), owVar.b());
        if (this.f == null) {
            throw new hv("Key Encryption algorithm with OID " + owVar.d() + " not supported");
        }
        this.h = ((ad) dVar.a("encryptedKey")).g();
    }

    private d a(pj pjVar) {
        return a.a("AlgorithmIdentifier", new Object[]{pj.bA.c(), a.a("RSAES-OAEP-params", new Object[]{new Object[]{pjVar.c(), new y()}, null, null})});
    }

    private d a(String str, int i, pj pjVar) throws CMSException {
        return a.a("AlgorithmIdentifier", new Object[]{pj.bQ.c(), a.a("RsaKem", new Object[]{a.a("KeyEncapsulationMechanism", new Object[]{a.a("RsaKemParameters", new Object[]{a.a("KeyDerivationFunction", new Object[]{a.a("AlgorithmIdentifier", new Object[]{pj.bR.c(), null}), a.a("AlgorithmIdentifier", new Object[]{pjVar.c(), null})}).c(a.c(0)), new v(i).c(a.c(1))})}), a.a("AlgorithmIdentifier", new Object[]{a(str, i).c(), null})})});
    }

    private pj a(String str, int i) throws CMSException {
        pj pjVar = null;
        if (str.contains("RSA-KEM-KWS/AES-KWP")) {
            if (i == 128) {
                pjVar = pj.aV;
            } else if (i == 192) {
                pjVar = pj.aW;
            } else if (i == 256) {
                pjVar = pj.aX;
            }
        } else if (str.contains("RSA-KEM-KWS/AES-KW")) {
            if (i == 128) {
                pjVar = pj.aS;
            } else if (i == 192) {
                pjVar = pj.aT;
            } else if (i == 256) {
                pjVar = pj.aU;
            }
        }
        if (pjVar == null) {
            throw new CMSException("Key-length " + i + " is not supported for " + str);
        }
        return pjVar;
    }

    @Override // com.rsa.cryptoj.e.jt
    public d a(SecretKey secretKey, String str, int i, SecureRandom secureRandom, ch chVar) throws IOException {
        d a;
        if (this.b == null || this.e == null) {
            ad adVar = new ad(this.a);
            adVar.c(0);
            a = a.a(m, adVar);
        } else {
            a = a.a(m, a.a(n, new Object[]{a.a(o, this.b.getEncoded(), 0), this.e}));
        }
        try {
            ga gaVar = (ga) kj.a(this.f, chVar, kf.a);
            gaVar.engineInit(1, this.g, this.l, secureRandom);
            byte[] encoded = secretKey.getEncoded();
            return a.a(jt.c, a.a(jt.d, new Object[]{this.a != null ? new v(kc.V2.a()) : new v(kc.V0.a()), a, this.k, new ad(gaVar.engineDoFinal(encoded, 0, encoded.length))}));
        } catch (Exception e) {
            throw new CMSException("Unable to create a cipher for algorithm " + this.f);
        }
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public X500Principal getIssuer() {
        return this.b;
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public BigInteger getSerialNumber() {
        return this.e;
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public byte[] getSubjectKeyIdentifier() {
        return this.a;
    }

    public byte[] a(PrivateKey privateKey, Provider provider) throws CMSException {
        return provider == null ? a(privateKey) : b(privateKey, provider);
    }

    private byte[] a(PrivateKey privateKey) throws CMSException {
        ga gaVar = null;
        try {
            try {
                try {
                    try {
                        gaVar = (ga) kj.a(this.f, this.i, kf.a);
                        gaVar.engineInit(2, privateKey, this.l, (SecureRandom) null);
                        byte[] engineDoFinal = gaVar.engineDoFinal(this.h, 0, this.h.length);
                        if (gaVar != null) {
                            gaVar.c();
                        }
                        return engineDoFinal;
                    } catch (InvalidKeyException e) {
                        throw new CMSException("Unable to create a cipher for algorithm " + this.f);
                    }
                } catch (NoSuchAlgorithmException e2) {
                    throw new CMSException("Unable to create a cipher for algorithm " + this.f);
                }
            } catch (Exception e3) {
                throw new CMSException(e3);
            }
        } catch (Throwable th) {
            if (gaVar != null) {
                gaVar.c();
            }
            throw th;
        }
    }

    private byte[] b(PrivateKey privateKey, Provider provider) throws CMSException {
        String str = this.f.equalsIgnoreCase("RSA") ? "RSA/ECB/PKCS1Padding" : this.f;
        try {
            Cipher cipher = Cipher.getInstance(str, provider);
            cipher.init(2, privateKey);
            return cipher.doFinal(this.h);
        } catch (InvalidKeyException e) {
            throw new CMSException("Invalid key for cipher operation using JCE provider: " + provider.getName());
        } catch (NoSuchAlgorithmException e2) {
            throw new CMSException("NoSuchAlgorithmException creating " + str + " cipher using JCE provider: " + provider.getName());
        } catch (BadPaddingException e3) {
            throw new CMSException("BadPaddingException creating cipher " + str + " using JCE provider: " + provider.getName());
        } catch (IllegalBlockSizeException e4) {
            throw new CMSException("IllegalBlockSizeException creating cipher " + str + " using JCE provider: " + provider.getName());
        } catch (NoSuchPaddingException e5) {
            throw new CMSException("Invalid cipher padding " + str + " for JCE provider: " + provider.getName());
        }
    }

    @Override // com.rsa.cryptoj.e.jt
    public byte[] a(KeyContainer keyContainer) throws CMSException {
        PrivateKey privateKey = keyContainer.getPrivateKey();
        Provider cipherJceProvider = keyContainer.getCipherJceProvider();
        if (privateKey != null) {
            return a(privateKey, cipherJceProvider);
        }
        throw new CMSException("Invalid decryptionKey for KeyTransRecipientInfoImpl, expected PrivateKey.");
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public void setParamSpec(AlgorithmParameterSpec algorithmParameterSpec) {
        this.l = algorithmParameterSpec;
    }
}
