package org.spongycastle.cms.jcajce;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.cms.KeyAgreeRecipientIdentifier;
import org.spongycastle.asn1.cms.OriginatorPublicKey;
import org.spongycastle.asn1.cms.RecipientEncryptedKey;
import org.spongycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
import org.spongycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.spongycastle.asn1.cryptopro.Gost2814789EncryptedKey;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.KeyAgreeRecipientInfoGenerator;
import org.spongycastle.jcajce.spec.GOST28147WrapParameterSpec;
import org.spongycastle.jcajce.spec.MQVParameterSpec;
import org.spongycastle.jcajce.spec.UserKeyingMaterialSpec;
import org.spongycastle.operator.GenericKey;
import org.spongycastle.operator.SecretKeySizeProvider;
import org.spongycastle.util.Arrays;

/* loaded from: classes3.dex */
public class JceKeyAgreeRecipientInfoGenerator extends KeyAgreeRecipientInfoGenerator {

    /* renamed from: m, reason: collision with root package name */
    public static KeyMaterialGenerator f53699m = new RFC5753KeyMaterialGenerator();

    /* renamed from: d, reason: collision with root package name */
    public SecretKeySizeProvider f53700d;

    /* renamed from: e, reason: collision with root package name */
    public List f53701e;

    /* renamed from: f, reason: collision with root package name */
    public List f53702f;

    /* renamed from: g, reason: collision with root package name */
    public PublicKey f53703g;

    /* renamed from: h, reason: collision with root package name */
    public PrivateKey f53704h;

    /* renamed from: i, reason: collision with root package name */
    public EnvelopedDataHelper f53705i;

    /* renamed from: j, reason: collision with root package name */
    public SecureRandom f53706j;

    /* renamed from: k, reason: collision with root package name */
    public KeyPair f53707k;

    /* renamed from: l, reason: collision with root package name */
    public byte[] f53708l;

    @Override // org.spongycastle.cms.KeyAgreeRecipientInfoGenerator
    public ASN1Sequence c(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, GenericKey genericKey) {
        UserKeyingMaterialSpec userKeyingMaterialSpec;
        AlgorithmParameterSpec algorithmParameterSpec;
        DEROctetString dEROctetString;
        if (this.f53701e.isEmpty()) {
            throw new CMSException("No recipients associated with generator - use addRecipient()");
        }
        e(algorithmIdentifier.p());
        PrivateKey privateKey = this.f53704h;
        ASN1ObjectIdentifier p10 = algorithmIdentifier.p();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i10 = 0; i10 != this.f53701e.size(); i10++) {
            PublicKey publicKey = (PublicKey) this.f53702f.get(i10);
            KeyAgreeRecipientIdentifier keyAgreeRecipientIdentifier = (KeyAgreeRecipientIdentifier) this.f53701e.get(i10);
            try {
                ASN1ObjectIdentifier p11 = algorithmIdentifier2.p();
                if (CMSUtils.d(p10)) {
                    algorithmParameterSpec = new MQVParameterSpec(this.f53707k, publicKey, this.f53708l);
                } else {
                    if (CMSUtils.b(p10)) {
                        userKeyingMaterialSpec = new UserKeyingMaterialSpec(f53699m.a(algorithmIdentifier2, this.f53700d.a(p11), this.f53708l));
                    } else if (CMSUtils.e(p10)) {
                        byte[] bArr = this.f53708l;
                        if (bArr != null) {
                            userKeyingMaterialSpec = new UserKeyingMaterialSpec(bArr);
                        } else {
                            if (p10.equals(PKCSObjectIdentifiers.f52188C2)) {
                                throw new CMSException("User keying material must be set for static keys.");
                            }
                            algorithmParameterSpec = null;
                        }
                    } else {
                        if (!CMSUtils.c(p10)) {
                            throw new CMSException("Unknown key agreement algorithm: " + p10);
                        }
                        byte[] bArr2 = this.f53708l;
                        if (bArr2 == null) {
                            throw new CMSException("User keying material must be set for static keys.");
                        }
                        userKeyingMaterialSpec = new UserKeyingMaterialSpec(bArr2);
                    }
                    algorithmParameterSpec = userKeyingMaterialSpec;
                }
                KeyAgreement e10 = this.f53705i.e(p10);
                e10.init(privateKey, algorithmParameterSpec, this.f53706j);
                e10.doPhase(publicKey, true);
                SecretKey generateSecret = e10.generateSecret(p11.F());
                Cipher d10 = this.f53705i.d(p11);
                if (!p11.equals(CryptoProObjectIdentifiers.f51495d) && !p11.equals(CryptoProObjectIdentifiers.f51496e)) {
                    d10.init(3, generateSecret, this.f53706j);
                    dEROctetString = new DEROctetString(d10.wrap(this.f53705i.k(genericKey)));
                    aSN1EncodableVector.a(new RecipientEncryptedKey(keyAgreeRecipientIdentifier, dEROctetString));
                }
                d10.init(3, generateSecret, new GOST28147WrapParameterSpec(CryptoProObjectIdentifiers.f51499h, this.f53708l));
                byte[] wrap = d10.wrap(this.f53705i.k(genericKey));
                dEROctetString = new DEROctetString(new Gost2814789EncryptedKey(Arrays.B(wrap, 0, wrap.length - 4), Arrays.B(wrap, wrap.length - 4, wrap.length)).m("DER"));
                aSN1EncodableVector.a(new RecipientEncryptedKey(keyAgreeRecipientIdentifier, dEROctetString));
            } catch (IOException e11) {
                throw new CMSException("unable to encode wrapped key: " + e11.getMessage(), e11);
            } catch (GeneralSecurityException e12) {
                throw new CMSException("cannot perform agreement step: " + e12.getMessage(), e12);
            }
        }
        return new DERSequence(aSN1EncodableVector);
    }

    @Override // org.spongycastle.cms.KeyAgreeRecipientInfoGenerator
    public byte[] d(AlgorithmIdentifier algorithmIdentifier) {
        e(algorithmIdentifier.p());
        KeyPair keyPair = this.f53707k;
        if (keyPair == null) {
            return this.f53708l;
        }
        OriginatorPublicKey b10 = b(SubjectPublicKeyInfo.t(keyPair.getPublic().getEncoded()));
        try {
            byte[] bArr = this.f53708l;
            return bArr != null ? new MQVuserKeyingMaterial(b10, new DEROctetString(bArr)).l() : new MQVuserKeyingMaterial(b10, null).l();
        } catch (IOException e10) {
            throw new CMSException("unable to encode user keying material: " + e10.getMessage(), e10);
        }
    }

    public final void e(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        if (this.f53706j == null) {
            this.f53706j = new SecureRandom();
        }
        if (CMSUtils.d(aSN1ObjectIdentifier) && this.f53707k == null) {
            try {
                SubjectPublicKeyInfo t10 = SubjectPublicKeyInfo.t(this.f53703g.getEncoded());
                AlgorithmParameters c10 = this.f53705i.c(aSN1ObjectIdentifier);
                c10.init(t10.p().u().h().l());
                KeyPairGenerator g10 = this.f53705i.g(aSN1ObjectIdentifier);
                g10.initialize(c10.getParameterSpec(AlgorithmParameterSpec.class), this.f53706j);
                this.f53707k = g10.generateKeyPair();
            } catch (Exception e10) {
                throw new CMSException("cannot determine MQV ephemeral key pair parameters from public key: " + e10, e10);
            }
        }
    }
}
