package org.bouncycastle.cms;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.RC2ParameterSpec;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BERConstructedOctetString;
import org.bouncycastle.asn1.DERGeneralizedTime;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KEKIdentifier;
import org.bouncycastle.asn1.cms.KEKRecipientInfo;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.OriginatorInfo;
import org.bouncycastle.asn1.cms.OtherKeyAttribute;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;

/* loaded from: input_file:org/bouncycastle/cms/CMSEnvelopedDataGenerator.class */
public class CMSEnvelopedDataGenerator {
    public static final String DES_EDE3_CBC = "1.2.840.113549.3.7";
    public static final String RC2_CBC = "1.2.840.113549.3.2";
    public static final String IDEA_CBC = "1.3.6.1.4.1.188.7.1.1.2";
    public static final String CAST5_CBC = "1.2.840.113533.7.66.10";
    public static final String AES128_CBC = "2.16.840.1.101.3.4.2";
    public static final String AES192_CBC = "2.16.840.1.101.3.4.22";
    public static final String AES256_CBC = "2.16.840.1.101.3.4.42";
    ArrayList recipientInfs = new ArrayList();
    SecureRandom rand = new SecureRandom();

    /* loaded from: input_file:org/bouncycastle/cms/CMSEnvelopedDataGenerator$RecipientInf.class */
    private class RecipientInf {
        X509Certificate cert;
        AlgorithmIdentifier keyEncAlg;
        PublicKey pubKey;
        ASN1OctetString subKeyId;
        SecretKey secKey;
        KEKIdentifier secKeyId;
        private final CMSEnvelopedDataGenerator this$0;

        RecipientInf(CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator, X509Certificate x509Certificate) {
            this.this$0 = cMSEnvelopedDataGenerator;
            this.cert = x509Certificate;
            this.pubKey = x509Certificate.getPublicKey();
            try {
                this.keyEncAlg = TBSCertificateStructure.getInstance(new ASN1InputStream(new ByteArrayInputStream(x509Certificate.getTBSCertificate())).readObject()).getSubjectPublicKeyInfo().getAlgorithmId();
            } catch (IOException e) {
                throw new IllegalArgumentException("can't extract key algorithm from this cert");
            } catch (CertificateEncodingException e2) {
                throw new IllegalArgumentException("can't extract tbs structure from this cert");
            }
        }

        RecipientInf(CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator, PublicKey publicKey, ASN1OctetString aSN1OctetString) {
            this.this$0 = cMSEnvelopedDataGenerator;
            this.pubKey = publicKey;
            this.subKeyId = aSN1OctetString;
            try {
                this.keyEncAlg = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject()).getAlgorithmId();
            } catch (IOException e) {
                throw new IllegalArgumentException("can't extract key algorithm from this key");
            }
        }

        RecipientInf(CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator, SecretKey secretKey, KEKIdentifier kEKIdentifier) {
            this.this$0 = cMSEnvelopedDataGenerator;
            this.secKey = secretKey;
            this.secKeyId = kEKIdentifier;
            if (secretKey.getAlgorithm().startsWith("DES")) {
                this.keyEncAlg = new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.9.16.3.6"), new DERNull());
            } else {
                if (!secretKey.getAlgorithm().startsWith("RC2")) {
                    throw new IllegalArgumentException("unknown algorithm");
                }
                this.keyEncAlg = new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.9.16.3.7"), new DERInteger(58));
            }
        }

        RecipientInfo toRecipientInfo(SecretKey secretKey, String str) throws IOException, GeneralSecurityException {
            Cipher cipher = Cipher.getInstance(this.keyEncAlg.getObjectId().getId(), str);
            if (this.pubKey == null) {
                cipher.init(3, this.secKey);
                return new RecipientInfo(new KEKRecipientInfo(this.secKeyId, this.keyEncAlg, new DEROctetString(cipher.wrap(secretKey))));
            }
            byte[] encoded = secretKey.getEncoded();
            cipher.init(1, this.pubKey);
            DEROctetString dEROctetString = new DEROctetString(cipher.doFinal(encoded));
            return this.cert != null ? new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier(new IssuerAndSerialNumber(TBSCertificateStructure.getInstance(new ASN1InputStream(new ByteArrayInputStream(this.cert.getTBSCertificate())).readObject()).getIssuer(), this.cert.getSerialNumber())), this.keyEncAlg, dEROctetString)) : new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier(this.subKeyId), this.keyEncAlg, dEROctetString));
        }
    }

    public void addKeyTransRecipient(X509Certificate x509Certificate) throws IllegalArgumentException {
        this.recipientInfs.add(new RecipientInf(this, x509Certificate));
    }

    public void addKeyTransRecipient(PublicKey publicKey, byte[] bArr) throws IllegalArgumentException {
        this.recipientInfs.add(new RecipientInf(this, publicKey, (ASN1OctetString) new DEROctetString(bArr)));
    }

    public void addKEKRecipient(SecretKey secretKey, byte[] bArr) {
        this.recipientInfs.add(new RecipientInf(this, secretKey, new KEKIdentifier(bArr, (DERGeneralizedTime) null, (OtherKeyAttribute) null)));
    }

    private DERObject makeObj(byte[] bArr) throws IOException {
        if (bArr == null) {
            return null;
        }
        return new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
    }

    private AlgorithmIdentifier makeAlgId(String str, byte[] bArr) throws IOException {
        return bArr != null ? new AlgorithmIdentifier(new DERObjectIdentifier(str), makeObj(bArr)) : new AlgorithmIdentifier(new DERObjectIdentifier(str), new DERNull());
    }

    public CMSEnvelopedData generate(CMSProcessable cMSProcessable, String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str, str2);
            Cipher cipher = Cipher.getInstance(str, str2);
            AlgorithmParameters generateParameters = AlgorithmParameterGenerator.getInstance(str, str2).generateParameters();
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(str), new ASN1InputStream(new ByteArrayInputStream(generateParameters.getEncoded("ASN.1"))).readObject());
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cMSProcessable.write(cipherOutputStream);
            cipherOutputStream.close();
            BERConstructedOctetString bERConstructedOctetString = new BERConstructedOctetString(byteArrayOutputStream.toByteArray());
            Iterator it = this.recipientInfs.iterator();
            while (it.hasNext()) {
                try {
                    aSN1EncodableVector.add(((RecipientInf) it.next()).toRecipientInfo(generateKey, str2));
                } catch (IOException e) {
                    throw new CMSException("encoding error.", e);
                } catch (InvalidKeyException e2) {
                    throw new CMSException("key inappropriate for algorithm.", e2);
                } catch (GeneralSecurityException e3) {
                    throw new CMSException("error making encrypted content.", e3);
                }
            }
            return new CMSEnvelopedData(new ContentInfo(PKCSObjectIdentifiers.envelopedData, new EnvelopedData((OriginatorInfo) null, new DERSet(aSN1EncodableVector), new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmIdentifier, bERConstructedOctetString), (ASN1Set) null)));
        } catch (IOException e4) {
            throw new CMSException("exception decoding algorithm parameters.", e4);
        } catch (InvalidAlgorithmParameterException e5) {
            throw new CMSException("algorithm parameters invalid.", e5);
        } catch (InvalidKeyException e6) {
            throw new CMSException("key invalid in message.", e6);
        } catch (NoSuchAlgorithmException e7) {
            throw new CMSException("can't find algorithm.", e7);
        } catch (NoSuchPaddingException e8) {
            throw new CMSException("required padding not supported.", e8);
        }
    }

    public CMSEnvelopedData generate(CMSProcessable cMSProcessable, String str, int i, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str, str2);
            Cipher cipher = Cipher.getInstance(str, str2);
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(str, str2);
            keyGenerator.init(i);
            if (str.equals("1.2.840.113549.3.2")) {
                byte[] bArr = new byte[8];
                this.rand.setSeed(System.currentTimeMillis());
                this.rand.nextBytes(bArr);
                algorithmParameterGenerator.init(new RC2ParameterSpec(i, bArr));
            }
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(str), new ASN1InputStream(new ByteArrayInputStream(generateParameters.getEncoded("ASN.1"))).readObject());
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cMSProcessable.write(cipherOutputStream);
            cipherOutputStream.close();
            BERConstructedOctetString bERConstructedOctetString = new BERConstructedOctetString(byteArrayOutputStream.toByteArray());
            Iterator it = this.recipientInfs.iterator();
            while (it.hasNext()) {
                try {
                    aSN1EncodableVector.add(((RecipientInf) it.next()).toRecipientInfo(generateKey, str2));
                } catch (IOException e) {
                    throw new CMSException("encoding error.", e);
                } catch (InvalidKeyException e2) {
                    throw new CMSException("key inappropriate for algorithm.", e2);
                } catch (GeneralSecurityException e3) {
                    throw new CMSException("error making encrypted content.", e3);
                }
            }
            return new CMSEnvelopedData(new ContentInfo(PKCSObjectIdentifiers.envelopedData, new EnvelopedData((OriginatorInfo) null, new DERSet(aSN1EncodableVector), new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmIdentifier, bERConstructedOctetString), (ASN1Set) null)));
        } catch (IOException e4) {
            throw new CMSException("exception decoding algorithm parameters.", e4);
        } catch (InvalidAlgorithmParameterException e5) {
            throw new CMSException("algorithm parameters invalid.", e5);
        } catch (InvalidKeyException e6) {
            throw new CMSException("key invalid in message.", e6);
        } catch (NoSuchAlgorithmException e7) {
            throw new CMSException("can't find algorithm.", e7);
        } catch (NoSuchPaddingException e8) {
            throw new CMSException("required padding not supported.", e8);
        }
    }
}
