package com.rsa.cryptoj.o;

import com.rsa.crypto.AlgorithmStrings;
import com.rsa.jsafe.cms.CMSException;
import com.rsa.jsafe.cms.KekRecipientInfo;
import com.rsa.jsafe.cms.KeyContainer;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Date;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/rsa/cryptoj/o/ql.class */
public class ql implements ln, KekRecipientInfo {
    private String a;
    private ks b;
    private byte[] e;
    private byte[] f;
    private byte[] g;
    private gc h;
    private byte[] i;
    private ks j;
    private int k;
    private Date l;
    private pt m;
    private oo n;
    private Date o;
    private byte[] p;
    private ks q;

    public ql(byte[] bArr, SecretKey secretKey) throws CMSException {
        this.a = secretKey.getAlgorithm();
        a(bArr, secretKey);
        this.e = secretKey.getEncoded();
        this.f = nd.a(bArr);
        this.b = jn.a(this.a, this.e.length);
        if (this.b == null) {
            throw new dt("KEK recipient info: The encryption algorithm, " + this.a + ", is not supported.");
        }
    }

    public ql(byte[] bArr, SecretKey secretKey, Date date) throws CMSException {
        this.a = secretKey.getAlgorithm();
        a(bArr, secretKey);
        this.e = secretKey.getEncoded();
        this.f = nd.a(bArr);
        this.o = date;
        this.b = jn.a(this.a, this.e.length);
        if (this.b == null) {
            throw new dt("The encryption algorithm " + this.a + " not supported.");
        }
    }

    public ql(byte[] bArr, SecretKey secretKey, Date date, String str, byte[] bArr2) throws CMSException {
        this.a = secretKey.getAlgorithm();
        a(bArr, secretKey);
        this.e = secretKey.getEncoded();
        this.f = nd.a(bArr);
        this.o = date;
        this.q = str == null ? null : new ks(str);
        this.p = nd.a(bArr2);
        this.b = jn.a(this.a, this.e.length);
        if (this.b == null) {
            throw new dt("The encryption algorithm " + this.a + " not supported.");
        }
    }

    public ql(nj njVar, gc gcVar) throws CMSException {
        this.h = gcVar;
        a(njVar.a("kekid"));
        ai aiVar = new ai(njVar.a("keyEncryptionAlgorithm"));
        this.j = aiVar.d();
        if (aiVar.c() == null) {
            throw new dt("The algorithm OID, " + this.j.toString() + ", is not supported");
        }
        if (this.j == ks.aU) {
            this.k = hb.b(((mx) ir.a((pp) ek.a, aiVar.b())).e());
        }
        mw mwVar = (mw) njVar.a("encryptedKey");
        if (mwVar == null) {
            throw new CMSException("The encryption key is not part of the PasswordRecipientInfoInternal ASN1Value passed in as input");
        }
        this.i = mwVar.b();
    }

    @Override // com.rsa.cryptoj.o.ln
    public nj a(SecretKey secretKey, String str, int i, SecureRandom secureRandom, gc gcVar) throws IOException {
        mx mxVar = new mx(eh.V4.a());
        byte[] a = a(secretKey, gcVar, secureRandom);
        ai aiVar = new ai(this.b);
        mw mwVar = new mw(a);
        du duVar = null;
        if (this.o != null) {
            duVar = new du(this.o);
        }
        nj njVar = null;
        if (this.q != null && this.p != null) {
            njVar = ir.a("OtherKeyAttribute", new Object[]{this.q.c(), new oo(this.p)});
        }
        return ir.a("KEKRecipientInfo", new Object[]{mxVar, ir.a("KEKIdentifier", new Object[]{new mw(this.f), duVar, njVar}), aiVar.a(), mwVar}).e(ir.c(2));
    }

    public byte[] a(SecretKey secretKey) throws CMSException {
        ob obVar = null;
        try {
            try {
                String a = jn.a(this.j, (byte[]) null);
                if (a == null) {
                    throw new CMSException("Unsupported Key Encryption Algorithm used.");
                }
                if (a.equals(AlgorithmStrings.AES)) {
                    at atVar = (at) da.a(this.j.toString(), this.h, ak.a);
                    atVar.engineInit(4, secretKey, null);
                    byte[] engineDoFinal = atVar.engineDoFinal(this.i, 0, this.i.length);
                    if (atVar != null) {
                        atVar.b();
                    }
                    return engineDoFinal;
                }
                if (a.equals(AlgorithmStrings.RC2)) {
                    byte[] a2 = dp.a(this.i, secretKey.getEncoded(), this.k, this.h);
                    if (0 != 0) {
                        obVar.b();
                    }
                    return a2;
                }
                if (!a.equals("DESEDE")) {
                    throw new CMSException("Unsupported Key Encryption Algorithm used.");
                }
                byte[] a3 = dp.a(this.i, secretKey.getEncoded(), this.h);
                if (0 != 0) {
                    obVar.b();
                }
                return a3;
            } catch (Exception e) {
                throw new CMSException(e);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                obVar.b();
            }
            throw th;
        }
    }

    @Override // com.rsa.jsafe.cms.KekRecipientInfo
    public byte[] getKekId() {
        return nd.a(this.g);
    }

    @Override // com.rsa.jsafe.cms.KekRecipientInfo
    public Date getKekIdDate() {
        return this.l;
    }

    @Override // com.rsa.jsafe.cms.KekRecipientInfo
    public byte[] getKekIdOtherAttr() {
        return nd.a(this.n.e());
    }

    @Override // com.rsa.jsafe.cms.KekRecipientInfo
    public String getKekIdOtherAttrOId() {
        return this.m.toString();
    }

    private void a(byte[] bArr, SecretKey secretKey) throws CMSException {
        if (bArr == null || bArr.length == 0 || secretKey == null) {
            throw new CMSException("KEK Id and secret key cannot be empty.");
        }
    }

    private byte[] a(SecretKey secretKey, gc gcVar, SecureRandom secureRandom) throws CMSException {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.e, this.a);
            if (this.a.equalsIgnoreCase(AlgorithmStrings.AES)) {
                at atVar = (at) da.a(this.b.toString(), gcVar, ak.a);
                atVar.engineInit(3, secretKeySpec, secureRandom);
                return atVar.engineWrap(secretKey);
            }
            if (this.a.equalsIgnoreCase(AlgorithmStrings.RC2)) {
                return dp.a(this.e, secretKey.getEncoded(), secureRandom, gcVar);
            }
            if (!this.a.equalsIgnoreCase("DESEDE")) {
                throw new CMSException("Unsupported Key Encryption Algorithm used.");
            }
            if (secretKey.getAlgorithm().equals(AlgorithmStrings.DESEDE)) {
                return dp.b(this.e, secretKey.getEncoded(), secureRandom, gcVar);
            }
            throw new CMSException("DESede key wrapping can only be used for DESede keys");
        } catch (Exception e) {
            throw new CMSException(e);
        }
    }

    private void a(nj njVar) {
        this.g = ((mw) njVar.a("keyIdentifier")).b();
        nj a = njVar.a("date");
        if (a != null) {
            this.l = ((du) a).d();
        }
        nj a2 = njVar.a("other");
        if (a2 != null) {
            this.m = (pt) a2.a("keyAttrId");
            this.n = (oo) a2.a("keyAttr");
        }
    }

    @Override // com.rsa.cryptoj.o.ln
    public byte[] a(KeyContainer keyContainer) throws CMSException {
        SecretKey secretKey = keyContainer.getSecretKey();
        if (secretKey != null) {
            return a(secretKey);
        }
        throw new CMSException("Invalid decryption key for KekRecipientInfo, expected byte[].");
    }
}
