package xch.bouncycastle.cms.jcajce;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import xch.bouncycastle.asn1.ASN1EncodableVector;
import xch.bouncycastle.asn1.ASN1Encoding;
import xch.bouncycastle.asn1.ASN1ObjectIdentifier;
import xch.bouncycastle.asn1.ASN1Sequence;
import xch.bouncycastle.asn1.DEROctetString;
import xch.bouncycastle.asn1.DERSequence;
import xch.bouncycastle.asn1.cms.KeyAgreeRecipientIdentifier;
import xch.bouncycastle.asn1.cms.OriginatorPublicKey;
import xch.bouncycastle.asn1.cms.RecipientEncryptedKey;
import xch.bouncycastle.asn1.cms.RecipientKeyIdentifier;
import xch.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
import xch.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import xch.bouncycastle.asn1.cryptopro.Gost2814789EncryptedKey;
import xch.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import xch.bouncycastle.asn1.x509.AlgorithmIdentifier;
import xch.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import xch.bouncycastle.cms.CMSException;
import xch.bouncycastle.cms.KeyAgreeRecipientInfoGenerator;
import xch.bouncycastle.jcajce.spec.GOST28147WrapParameterSpec;
import xch.bouncycastle.jcajce.spec.MQVParameterSpec;
import xch.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
import xch.bouncycastle.operator.DefaultSecretKeySizeProvider;
import xch.bouncycastle.operator.GenericKey;
import xch.bouncycastle.operator.SecretKeySizeProvider;
import xch.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
public class JceKeyAgreeRecipientInfoGenerator extends KeyAgreeRecipientInfoGenerator {
    private static j0 m = new m0();

    /* renamed from: d, reason: collision with root package name */
    private SecretKeySizeProvider f1171d;
    private List e;
    private List f;
    private PublicKey g;
    private PrivateKey h;
    private EnvelopedDataHelper i;
    private SecureRandom j;
    private KeyPair k;
    private byte[] l;

    public JceKeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier aSN1ObjectIdentifier, PrivateKey privateKey, PublicKey publicKey, ASN1ObjectIdentifier aSN1ObjectIdentifier2) {
        super(aSN1ObjectIdentifier, SubjectPublicKeyInfo.a(publicKey.getEncoded()), aSN1ObjectIdentifier2);
        this.f1171d = new DefaultSecretKeySizeProvider();
        this.e = new ArrayList();
        this.f = new ArrayList();
        this.i = new EnvelopedDataHelper(new b());
        this.g = publicKey;
        this.h = a.a(privateKey);
    }

    private void a(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        if (this.j == null) {
            this.j = new SecureRandom();
        }
        if (a.c(aSN1ObjectIdentifier) && this.k == null) {
            try {
                SubjectPublicKeyInfo a2 = SubjectPublicKeyInfo.a(this.g.getEncoded());
                AlgorithmParameters b2 = this.i.b(aSN1ObjectIdentifier);
                b2.init(a2.h().i().d().getEncoded());
                KeyPairGenerator g = this.i.g(aSN1ObjectIdentifier);
                g.initialize(b2.getParameterSpec(AlgorithmParameterSpec.class), this.j);
                this.k = g.generateKeyPair();
            } catch (Exception e) {
                throw new CMSException(a.a.a.a.a.a("cannot determine MQV ephemeral key pair parameters from public key: ", e), e);
            }
        }
    }

    @Override // xch.bouncycastle.cms.KeyAgreeRecipientInfoGenerator
    public ASN1Sequence a(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, GenericKey genericKey) {
        AlgorithmParameterSpec userKeyingMaterialSpec;
        DEROctetString dEROctetString;
        if (this.e.isEmpty()) {
            throw new CMSException("No recipients associated with generator - use addRecipient()");
        }
        a(algorithmIdentifier.h());
        PrivateKey privateKey = this.h;
        ASN1ObjectIdentifier h = algorithmIdentifier.h();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i = 0; i != this.e.size(); i++) {
            PublicKey publicKey = (PublicKey) this.f.get(i);
            KeyAgreeRecipientIdentifier keyAgreeRecipientIdentifier = (KeyAgreeRecipientIdentifier) this.e.get(i);
            try {
                ASN1ObjectIdentifier h2 = algorithmIdentifier2.h();
                if (a.c(h)) {
                    userKeyingMaterialSpec = new MQVParameterSpec(this.k, publicKey, this.l);
                } else if (a.a(h)) {
                    userKeyingMaterialSpec = new UserKeyingMaterialSpec(m.a(algorithmIdentifier2, this.f1171d.a(h2), this.l));
                } else if (!a.d(h)) {
                    if (!a.b(h)) {
                        throw new CMSException("Unknown key agreement algorithm: " + h);
                    }
                    if (this.l == null) {
                        throw new CMSException("User keying material must be set for static keys.");
                    }
                    userKeyingMaterialSpec = new UserKeyingMaterialSpec(this.l);
                } else if (this.l != null) {
                    userKeyingMaterialSpec = new UserKeyingMaterialSpec(this.l);
                } else {
                    if (h.b(PKCSObjectIdentifiers.Y2)) {
                        throw new CMSException("User keying material must be set for static keys.");
                    }
                    userKeyingMaterialSpec = null;
                }
                KeyAgreement d2 = this.i.d(h);
                d2.init(privateKey, userKeyingMaterialSpec, this.j);
                d2.doPhase(publicKey, true);
                SecretKey generateSecret = d2.generateSecret(h2.l());
                Cipher c2 = this.i.c(h2);
                if (!h2.b(CryptoProObjectIdentifiers.f588d) && !h2.b(CryptoProObjectIdentifiers.e)) {
                    c2.init(3, generateSecret, this.j);
                    dEROctetString = new DEROctetString(c2.wrap(this.i.a(genericKey)));
                    aSN1EncodableVector.a(new RecipientEncryptedKey(keyAgreeRecipientIdentifier, dEROctetString));
                }
                c2.init(3, generateSecret, new GOST28147WrapParameterSpec(CryptoProObjectIdentifiers.h, this.l));
                byte[] wrap = c2.wrap(this.i.a(genericKey));
                dEROctetString = new DEROctetString(new Gost2814789EncryptedKey(Arrays.b(wrap, 0, wrap.length - 4), Arrays.b(wrap, wrap.length - 4, wrap.length)).b(ASN1Encoding.f485a));
                aSN1EncodableVector.a(new RecipientEncryptedKey(keyAgreeRecipientIdentifier, dEROctetString));
            } catch (IOException e) {
                throw new CMSException(a.a.a.a.a.a(e, a.a.a.a.a.a("unable to encode wrapped key: ")), e);
            } catch (GeneralSecurityException e2) {
                throw new CMSException(a.a.a.a.a.a(e2, a.a.a.a.a.a("cannot perform agreement step: ")), e2);
            }
        }
        return new DERSequence(aSN1EncodableVector);
    }

    public JceKeyAgreeRecipientInfoGenerator a(String str) {
        this.i = new EnvelopedDataHelper(new k0(str));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator a(Provider provider) {
        this.i = new EnvelopedDataHelper(new l0(provider));
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator a(SecureRandom secureRandom) {
        this.j = secureRandom;
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator a(X509Certificate x509Certificate) {
        this.e.add(new KeyAgreeRecipientIdentifier(a.a(x509Certificate)));
        this.f.add(x509Certificate.getPublicKey());
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator a(byte[] bArr) {
        this.l = Arrays.b(bArr);
        return this;
    }

    public JceKeyAgreeRecipientInfoGenerator a(byte[] bArr, PublicKey publicKey) {
        this.e.add(new KeyAgreeRecipientIdentifier(new RecipientKeyIdentifier(bArr)));
        this.f.add(publicKey);
        return this;
    }

    @Override // xch.bouncycastle.cms.KeyAgreeRecipientInfoGenerator
    protected byte[] a(AlgorithmIdentifier algorithmIdentifier) {
        a(algorithmIdentifier.h());
        KeyPair keyPair = this.k;
        if (keyPair == null) {
            return this.l;
        }
        OriginatorPublicKey a2 = a(SubjectPublicKeyInfo.a(keyPair.getPublic().getEncoded()));
        try {
            return this.l != null ? new MQVuserKeyingMaterial(a2, new DEROctetString(this.l)).getEncoded() : new MQVuserKeyingMaterial(a2, null).getEncoded();
        } catch (IOException e) {
            throw new CMSException(a.a.a.a.a.a(e, a.a.a.a.a.a("unable to encode user keying material: ")), e);
        }
    }
}
