package com.rsa.cryptoj.e;

import com.rsa.cryptoj.e.du;
import com.rsa.jsafe.cert.Attribute;
import com.rsa.jsafe.cms.CMSException;
import com.rsa.jsafe.cms.ContentType;
import com.rsa.jsafe.cms.EncoderWithCEK;
import com.rsa.jsafe.cms.PasswordRecipientInfo;
import com.rsa.jsafe.cms.RecipientInfo;
import java.io.Closeable;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509CRLSelector;
import java.util.Collection;
import javax.crypto.SecretKey;

/* loaded from: input_file:META-INF/lib/cryptoj-6.2.5.jar:com/rsa/cryptoj/e/je.class */
public class je extends EncoderWithCEK {
    private final String f;
    private final int g;
    private final SecureRandom h;
    private final Collection<? extends Certificate> i;
    private final Collection<? extends CRL> j;
    private final RecipientInfo[] k;
    private final Attribute[] l;
    private ip m;
    private aa n;

    public je(OutputStream outputStream, OutputStream outputStream2, jf jfVar, ch chVar) throws CMSException {
        super(outputStream, outputStream2, chVar);
        this.g = jfVar.c();
        if (this.g != 0 && this.g < 40) {
            throw new CMSException("The minimum key size is 40 bits");
        }
        this.k = jfVar.a();
        this.f = jfVar.b();
        this.l = jfVar.d();
        this.h = im.a(jfVar.e(), chVar);
        CertStore f = jfVar.f();
        if (f == null) {
            this.i = null;
            this.j = null;
        } else {
            try {
                this.i = f.getCertificates(null);
                this.j = f.getCRLs(new X509CRLSelector());
            } catch (CertStoreException e) {
                throw new IllegalArgumentException("Could not read certificate store: " + e.getMessage());
            }
        }
    }

    @Override // com.rsa.jsafe.cms.Encoder
    public ContentType getType() {
        return ContentType.ENVELOPED_DATA;
    }

    @Override // com.rsa.jsafe.cms.Encoder
    protected OutputStream a(aa aaVar) throws IOException {
        if (this.m != null) {
            if (aaVar.equals(this.n)) {
                return this.m;
            }
            throw new CMSException("Content stream was already retrieved for contentType " + this.n.toString());
        }
        this.n = aaVar;
        this.m = new ip(this.f, this.g, this.d != null ? a() : null, this.h, this.c);
        this.b.a(16, -1L);
        d().c(this.b);
        d a = hw.a(this.i, this.j);
        if (a != null) {
            a.d(a.c(0)).c(this.b);
        }
        SecretKey d = this.m.d();
        this.e = d.getEncoded();
        d a2 = hw.a(this.k, d, this.f, this.g, this.h, this.c);
        a(a2, this.g);
        a2.c(this.b);
        this.b.a(16, -1L);
        aaVar.c(this.b);
        c().c(this.b);
        this.m.a(this.d != null ? this.d : aaVar.equals(im.b) ? new ab(a.c(0), 4, this.b, a()) : new n(a.c(0), 4, this.b, a()));
        return this.m;
    }

    private Closeable a() {
        return new Closeable() { // from class: com.rsa.cryptoj.e.je.1
            @Override // java.io.Closeable, java.lang.AutoCloseable
            public void close() throws IOException {
                je.this.b();
            }
        };
    }

    private void a(d dVar, int i) throws IOException {
        for (int i2 = 0; i2 < dVar.c(); i2++) {
            try {
                d a = dVar.a(i2).a(2).a(1);
                if (a != null) {
                    d a2 = a.a("dataEncapsulationMechanism");
                    String dVar2 = a2 != null ? a2.a("algorithm").toString() : null;
                    if (dVar2 != null) {
                        if (i == 128 && (pj.aV.toString().equals(dVar2) || pj.aS.toString().equals(dVar2) || pj.aE.toString().equals(dVar2))) {
                            return;
                        }
                        if (i == 192 && (pj.aW.toString().equals(dVar2) || pj.aT.toString().equals(dVar2) || pj.aF.toString().equals(dVar2))) {
                            return;
                        }
                        if (i == 256 && (pj.aX.toString().equals(dVar2) || pj.aU.toString().equals(dVar2) || pj.aG.toString().equals(dVar2))) {
                            return;
                        } else {
                            throw new IOException("Invalid key length supplied for key wrapping algorithm " + dVar2);
                        }
                    }
                }
            } catch (b e) {
                return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void b() throws IOException {
        try {
            this.b.a();
            if (this.l != null) {
                a(this.l).d(a.c(1)).c(this.b);
            }
            this.b.a();
            this.a.close();
            if (this.d != null) {
                this.d.close();
            }
        } finally {
            du.a.a(this.e);
            this.e = null;
        }
    }

    private d c() {
        return ij.a(this.m.a(), this.m.b(), null);
    }

    private v d() {
        for (RecipientInfo recipientInfo : this.k) {
            if (recipientInfo instanceof PasswordRecipientInfo) {
                return new v(kc.V3.a());
            }
        }
        return ((this.i == null && this.j == null) || this.l == null) ? new v(kc.V0.a()) : new v(kc.V2.a());
    }

    private d a(Attribute[] attributeArr) {
        if (attributeArr == null) {
            return null;
        }
        return a.a("AuthAttributes", iq.a(attributeArr));
    }
}
