package org.bouncycastle.cms;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.RC2ParameterSpec;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DERGeneralizedTime;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KEKIdentifier;
import org.bouncycastle.asn1.cms.KEKRecipientInfo;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.OtherKeyAttribute;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.sasn1.Asn1Integer;
import org.bouncycastle.sasn1.Asn1ObjectIdentifier;
import org.bouncycastle.sasn1.BerOctetStringGenerator;
import org.bouncycastle.sasn1.BerSequenceGenerator;

/* loaded from: input_file:org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.class */
public class CMSEnvelopedDataStreamGenerator {
    public static final String DES_EDE3_CBC = "1.2.840.113549.3.7";
    public static final String RC2_CBC = "1.2.840.113549.3.2";
    public static final String IDEA_CBC = "1.3.6.1.4.1.188.7.1.1.2";
    public static final String CAST5_CBC = "1.2.840.113533.7.66.10";
    public static final String AES128_CBC = NISTObjectIdentifiers.id_aes128_CBC.getId();
    public static final String AES192_CBC = NISTObjectIdentifiers.id_aes192_CBC.getId();
    public static final String AES256_CBC = NISTObjectIdentifiers.id_aes256_CBC.getId();
    SecureRandom rand = new SecureRandom();
    ArrayList recipientInfs = new ArrayList();
    private Object _originatorInfo = null;
    private Object _unprotectedAttributes = null;
    private int _bufferSize;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator$CmsEnvelopedDataOutputStream.class */
    public class CmsEnvelopedDataOutputStream extends OutputStream {
        private CipherOutputStream _out;
        private BerSequenceGenerator _cGen;
        private BerSequenceGenerator _envGen;
        private BerSequenceGenerator _eiGen;
        private final CMSEnvelopedDataStreamGenerator this$0;

        public CmsEnvelopedDataOutputStream(CMSEnvelopedDataStreamGenerator cMSEnvelopedDataStreamGenerator, CipherOutputStream cipherOutputStream, BerSequenceGenerator berSequenceGenerator, BerSequenceGenerator berSequenceGenerator2, BerSequenceGenerator berSequenceGenerator3) {
            this.this$0 = cMSEnvelopedDataStreamGenerator;
            this._out = cipherOutputStream;
            this._cGen = berSequenceGenerator;
            this._envGen = berSequenceGenerator2;
            this._eiGen = berSequenceGenerator3;
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            this._out.write(i);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            this._out.write(bArr, i, i2);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            this._out.write(bArr);
        }

        @Override // java.io.OutputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            this._out.close();
            this._eiGen.close();
            this._envGen.close();
            this._cGen.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator$RecipientInf.class */
    public class RecipientInf {
        X509Certificate cert;
        AlgorithmIdentifier keyEncAlg;
        PublicKey pubKey;
        ASN1OctetString subKeyId;
        SecretKey secKey;
        KEKIdentifier secKeyId;
        private final CMSEnvelopedDataStreamGenerator this$0;

        RecipientInf(CMSEnvelopedDataStreamGenerator cMSEnvelopedDataStreamGenerator, X509Certificate x509Certificate) {
            this.this$0 = cMSEnvelopedDataStreamGenerator;
            this.cert = x509Certificate;
            this.pubKey = x509Certificate.getPublicKey();
            try {
                this.keyEncAlg = TBSCertificateStructure.getInstance(new ASN1InputStream(new ByteArrayInputStream(x509Certificate.getTBSCertificate())).readObject()).getSubjectPublicKeyInfo().getAlgorithmId();
            } catch (IOException e) {
                throw new IllegalArgumentException("can't extract key algorithm from this cert");
            } catch (CertificateEncodingException e2) {
                throw new IllegalArgumentException("can't extract tbs structure from this cert");
            }
        }

        RecipientInf(CMSEnvelopedDataStreamGenerator cMSEnvelopedDataStreamGenerator, PublicKey publicKey, ASN1OctetString aSN1OctetString) {
            this.this$0 = cMSEnvelopedDataStreamGenerator;
            this.pubKey = publicKey;
            this.subKeyId = aSN1OctetString;
            try {
                this.keyEncAlg = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject()).getAlgorithmId();
            } catch (IOException e) {
                throw new IllegalArgumentException("can't extract key algorithm from this key");
            }
        }

        RecipientInf(CMSEnvelopedDataStreamGenerator cMSEnvelopedDataStreamGenerator, SecretKey secretKey, KEKIdentifier kEKIdentifier) {
            DERObjectIdentifier dERObjectIdentifier;
            this.this$0 = cMSEnvelopedDataStreamGenerator;
            this.secKey = secretKey;
            this.secKeyId = kEKIdentifier;
            if (secretKey.getAlgorithm().startsWith("DES")) {
                this.keyEncAlg = new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.9.16.3.6"), new DERNull());
                return;
            }
            if (secretKey.getAlgorithm().startsWith("RC2")) {
                this.keyEncAlg = new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.9.16.3.7"), new DERInteger(58));
                return;
            }
            if (!secretKey.getAlgorithm().startsWith("AES")) {
                throw new IllegalArgumentException("unknown algorithm");
            }
            int length = secretKey.getEncoded().length * 8;
            if (length == 128) {
                dERObjectIdentifier = NISTObjectIdentifiers.id_aes128_wrap;
            } else if (length == 192) {
                dERObjectIdentifier = NISTObjectIdentifiers.id_aes192_wrap;
            } else {
                if (length != 256) {
                    throw new IllegalArgumentException("illegal keysize in AES");
                }
                dERObjectIdentifier = NISTObjectIdentifiers.id_aes256_wrap;
            }
            this.keyEncAlg = new AlgorithmIdentifier(dERObjectIdentifier, new DERNull());
        }

        RecipientInfo toRecipientInfo(SecretKey secretKey, String str) throws IOException, GeneralSecurityException {
            Cipher cipher = Cipher.getInstance(this.keyEncAlg.getObjectId().getId(), str);
            if (this.pubKey == null) {
                cipher.init(3, this.secKey);
                return new RecipientInfo(new KEKRecipientInfo(this.secKeyId, this.keyEncAlg, new DEROctetString(cipher.wrap(secretKey))));
            }
            byte[] encoded = secretKey.getEncoded();
            cipher.init(1, this.pubKey);
            DEROctetString dEROctetString = new DEROctetString(cipher.doFinal(encoded));
            if (this.cert == null) {
                return new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier(this.subKeyId), this.keyEncAlg, dEROctetString));
            }
            TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(new ASN1InputStream(new ByteArrayInputStream(this.cert.getTBSCertificate())).readObject());
            return new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier(new IssuerAndSerialNumber(tBSCertificateStructure.getIssuer(), tBSCertificateStructure.getSerialNumber().getValue())), this.keyEncAlg, dEROctetString));
        }
    }

    public void setBufferSize(int i) {
        this._bufferSize = i;
    }

    public void addKeyTransRecipient(X509Certificate x509Certificate) throws IllegalArgumentException {
        this.recipientInfs.add(new RecipientInf(this, x509Certificate));
    }

    public void addKeyTransRecipient(PublicKey publicKey, byte[] bArr) throws IllegalArgumentException {
        this.recipientInfs.add(new RecipientInf(this, publicKey, (ASN1OctetString) new DEROctetString(bArr)));
    }

    public void addKEKRecipient(SecretKey secretKey, byte[] bArr) throws IllegalArgumentException {
        this.recipientInfs.add(new RecipientInf(this, secretKey, new KEKIdentifier(bArr, (DERGeneralizedTime) null, (OtherKeyAttribute) null)));
    }

    private Asn1Integer getVersion() {
        return (this._originatorInfo == null && this._unprotectedAttributes == null) ? new Asn1Integer(0L) : new Asn1Integer(2L);
    }

    private OutputStream open(OutputStream outputStream, String str, KeyGenerator keyGenerator, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        AlgorithmParameters algorithmParameters;
        DERObject dERNull;
        try {
            BerSequenceGenerator berSequenceGenerator = new BerSequenceGenerator(outputStream);
            berSequenceGenerator.addObject(new Asn1ObjectIdentifier(CMSObjectIdentifiers.envelopedData.getId()));
            BerSequenceGenerator berSequenceGenerator2 = new BerSequenceGenerator(berSequenceGenerator.getRawOutputStream(), 0, true);
            berSequenceGenerator2.addObject(getVersion());
            Cipher cipher = Cipher.getInstance(str, str2);
            SecretKey generateKey = keyGenerator.generateKey();
            Iterator it = this.recipientInfs.iterator();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            while (it.hasNext()) {
                try {
                    aSN1EncodableVector.add(((RecipientInf) it.next()).toRecipientInfo(generateKey, str2));
                } catch (IOException e) {
                    throw new CMSException("encoding error.", e);
                } catch (InvalidKeyException e2) {
                    throw new CMSException("key inappropriate for algorithm.", e2);
                } catch (GeneralSecurityException e3) {
                    throw new CMSException("error making encrypted content.", e3);
                }
            }
            berSequenceGenerator2.getRawOutputStream().write(new DERSet(aSN1EncodableVector).getEncoded());
            try {
                AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(str, str2);
                if (str.equals("1.2.840.113549.3.2")) {
                    byte[] bArr = new byte[8];
                    this.rand.setSeed(System.currentTimeMillis());
                    this.rand.nextBytes(bArr);
                    algorithmParameterGenerator.init(new RC2ParameterSpec(generateKey.getEncoded().length * 8, bArr));
                }
                algorithmParameters = algorithmParameterGenerator.generateParameters();
                dERNull = new ASN1InputStream(new ByteArrayInputStream(algorithmParameters.getEncoded("ASN.1"))).readObject();
            } catch (NoSuchAlgorithmException e4) {
                algorithmParameters = null;
                dERNull = new DERNull();
            }
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(str), dERNull);
            cipher.init(1, generateKey, algorithmParameters);
            BerSequenceGenerator berSequenceGenerator3 = new BerSequenceGenerator(berSequenceGenerator2.getRawOutputStream());
            berSequenceGenerator3.addObject(new Asn1ObjectIdentifier(PKCSObjectIdentifiers.data.getId()));
            berSequenceGenerator3.getRawOutputStream().write(algorithmIdentifier.getEncoded());
            BerOctetStringGenerator berOctetStringGenerator = new BerOctetStringGenerator(berSequenceGenerator3.getRawOutputStream(), 0, true);
            return new CmsEnvelopedDataOutputStream(this, this._bufferSize != 0 ? new CipherOutputStream(berOctetStringGenerator.getOctetOutputStream(new byte[this._bufferSize]), cipher) : new CipherOutputStream(berOctetStringGenerator.getOctetOutputStream(), cipher), berSequenceGenerator, berSequenceGenerator2, berSequenceGenerator3);
        } catch (IOException e5) {
            throw new CMSException("exception decoding algorithm parameters.", e5);
        } catch (InvalidAlgorithmParameterException e6) {
            throw new CMSException("algorithm parameters invalid.", e6);
        } catch (InvalidKeyException e7) {
            throw new CMSException("key invalid in message.", e7);
        } catch (NoSuchAlgorithmException e8) {
            throw new CMSException("can't find algorithm.", e8);
        } catch (NoSuchPaddingException e9) {
            throw new CMSException("required padding not supported.", e9);
        }
    }

    public OutputStream open(OutputStream outputStream, String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException {
        try {
            return open(outputStream, str, KeyGenerator.getInstance(str, str2), str2);
        } catch (NoSuchAlgorithmException e) {
            throw new CMSException("can't find key generation algorithm.", e);
        }
    }

    public OutputStream open(OutputStream outputStream, String str, int i, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str, str2);
            keyGenerator.init(i);
            return open(outputStream, str, keyGenerator, str2);
        } catch (NoSuchAlgorithmException e) {
            throw new CMSException("can't find key generation algorithm.", e);
        }
    }
}
