package com.rsa.cryptoj.o;

import com.rsa.jsafe.cms.CMSException;
import com.rsa.jsafe.cms.InfoObjectFactory;
import com.rsa.jsafe.cms.KeyContainer;
import com.rsa.jsafe.cms.KeyTransRecipientInfo;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:META-INF/lib/cryptojcommon-6.0.0.jar:com/rsa/cryptoj/o/ju.class */
public class ju implements ln, KeyTransRecipientInfo {
    private final byte[] a;
    private final X500Principal b;
    private final BigInteger e;
    private final String f;
    private PublicKey g;
    private byte[] h;
    private gc i;
    private ks j;
    private nj k;
    private static final String l = "RecipientIdentifier";
    private static final String m = "IssuerAndSerialNumber";
    private static final String n = "Name";

    public ju(X509Certificate x509Certificate, String str) throws CMSException {
        this.b = x509Certificate.getIssuerX500Principal();
        this.e = x509Certificate.getSerialNumber();
        this.f = str;
        String upperCase = this.f.toUpperCase();
        this.j = ax.a(str);
        if (this.j == null) {
            throw new CMSException("Asymmetric algorithm " + this.f + " not supported");
        }
        if (!this.j.equals(ks.bs) || upperCase.equals(InfoObjectFactory.ENCRYPTION_RSAOAEP.toUpperCase())) {
            this.k = ax.a(this.j, null, null);
        } else {
            this.k = a(a(upperCase));
        }
        this.g = x509Certificate.getPublicKey();
        this.a = null;
    }

    private ks a(String str) throws CMSException {
        if (str.equals(InfoObjectFactory.ENCRYPTION_RSAOAEP_SHA256.toUpperCase())) {
            return ks.bl;
        }
        if (str.equals(InfoObjectFactory.ENCRYPTION_RSAOAEP_SHA512.toUpperCase())) {
            return ks.bn;
        }
        throw new CMSException("Encryption Algorithm is not supported: " + str);
    }

    public ju(nj njVar, gc gcVar) throws dt {
        this.i = gcVar;
        nj a = njVar.a("rid");
        if (ir.f(a.g().g()) == 0) {
            this.a = ((mw) a.a("subjectKeyIdentifier")).b();
            this.b = null;
            this.e = null;
        } else {
            this.b = new X500Principal(ir.a(a.a("issuer")));
            this.e = ((mx) a.a("serialNumber")).b();
            this.a = null;
        }
        ai aiVar = new ai(njVar.a("keyEncryptionAlgorithm"));
        this.f = fi.a(aiVar.d(), aiVar.b());
        if (this.f == null) {
            throw new dt("Key Encryption algorithm with OID " + aiVar.d() + " not supported");
        }
        this.h = ((mw) njVar.a("encryptedKey")).b();
    }

    private nj a(ks ksVar) {
        return ir.a("AlgorithmIdentifier", new Object[]{ks.bs.c(), ir.a("RSAES-OAEP-params", new Object[]{new Object[]{ksVar.c(), new fh()}, null, null})});
    }

    @Override // com.rsa.cryptoj.o.ln
    public nj a(SecretKey secretKey, String str, int i, SecureRandom secureRandom, gc gcVar) throws IOException {
        nj a;
        if (this.b == null || this.e == null) {
            mw mwVar = new mw(this.a);
            mwVar.d(0);
            a = ir.a(l, mwVar);
        } else {
            a = ir.a(l, ir.a(m, new Object[]{ir.a(n, this.b.getEncoded(), 0), this.e}));
        }
        try {
            ki kiVar = (ki) da.a(this.f, gcVar, ak.a);
            kiVar.engineInit(1, this.g, secureRandom);
            byte[] encoded = secretKey.getEncoded();
            return ir.a(ln.c, ir.a(ln.d, new Object[]{this.a != null ? new mx(eh.V2.a()) : new mx(eh.V0.a()), a, this.k, new mw(kiVar.engineDoFinal(encoded, 0, encoded.length))}));
        } catch (Exception e) {
            throw new CMSException("Unable to create a cipher for algorithm " + this.f);
        }
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public X500Principal getIssuer() {
        return this.b;
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public BigInteger getSerialNumber() {
        return this.e;
    }

    @Override // com.rsa.jsafe.cms.KeyTransRecipientInfo
    public byte[] getSubjectKeyIdentifier() {
        return this.a;
    }

    public byte[] a(PrivateKey privateKey, Provider provider) throws CMSException {
        return provider == null ? a(privateKey) : b(privateKey, provider);
    }

    private byte[] a(PrivateKey privateKey) throws CMSException {
        ki kiVar = null;
        try {
            try {
                try {
                    kiVar = (ki) da.a(this.f, this.i, ak.a);
                    kiVar.engineInit(2, privateKey, null);
                    byte[] engineDoFinal = kiVar.engineDoFinal(this.h, 0, this.h.length);
                    if (kiVar != null) {
                        kiVar.c();
                    }
                    return engineDoFinal;
                } catch (Exception e) {
                    throw new CMSException(e);
                }
            } catch (InvalidKeyException e2) {
                throw new CMSException("Unable to create a cipher for algorithm " + this.f);
            } catch (NoSuchAlgorithmException e3) {
                throw new CMSException("Unable to create a cipher for algorithm " + this.f);
            }
        } catch (Throwable th) {
            if (kiVar != null) {
                kiVar.c();
            }
            throw th;
        }
    }

    private byte[] b(PrivateKey privateKey, Provider provider) throws CMSException {
        String str = this.f.equalsIgnoreCase("RSA") ? "RSA/ECB/PKCS1Padding" : this.f;
        try {
            Cipher cipher = Cipher.getInstance(str, provider);
            cipher.init(2, privateKey);
            return cipher.doFinal(this.h);
        } catch (InvalidKeyException e) {
            throw new CMSException("Invalid key for cipher operation using JCE provider: " + provider.getName());
        } catch (NoSuchAlgorithmException e2) {
            throw new CMSException("NoSuchAlgorithmException creating " + str + " cipher using JCE provider: " + provider.getName());
        } catch (BadPaddingException e3) {
            throw new CMSException("BadPaddingException creating cipher " + str + " using JCE provider: " + provider.getName());
        } catch (IllegalBlockSizeException e4) {
            throw new CMSException("IllegalBlockSizeException creating cipher " + str + " using JCE provider: " + provider.getName());
        } catch (NoSuchPaddingException e5) {
            throw new CMSException("Invalid cipher padding " + str + " for JCE provider: " + provider.getName());
        }
    }

    @Override // com.rsa.cryptoj.o.ln
    public byte[] a(KeyContainer keyContainer) throws CMSException {
        PrivateKey privateKey = keyContainer.getPrivateKey();
        Provider cipherJceProvider = keyContainer.getCipherJceProvider();
        if (privateKey != null) {
            return a(privateKey, cipherJceProvider);
        }
        throw new CMSException("Invalid decryptionKey for KeyTransRecipientInfoImpl, expected PrivateKey.");
    }
}
